From patchwork Mon Aug 15 08:44:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miroslav Vadkerti X-Patchwork-Id: 9280435 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5CE69607FD for ; Mon, 15 Aug 2016 08:46:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 40F0928BD0 for ; Mon, 15 Aug 2016 08:46:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3341A28BD9; Mon, 15 Aug 2016 08:46:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6076428BD0 for ; Mon, 15 Aug 2016 08:46:03 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,524,1464652800"; d="scan'208";a="18459715" IronPort-PHdr: =?us-ascii?q?9a23=3A4G+OSRUE965GI93HTL7BjOaRax/V8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhOGt8tkgFKBZ4jH8fUM07OQ6PG5HzVdqdbZ6TZZIcQKD0dEwe?= =?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?= =?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7OO46bE3v616A7o9O2coqA51y4yOBmmFPde?= =?us-ascii?q?VSyDEgDnOotDG42P2N+oV++T9bofMr+p0Ie6z7e6MlUe4QV2x+YCgI/smjiT3v?= =?us-ascii?q?BUvKvyNdAS0qlU9TDgzE6gzqdovguSv98Oxm0W+VOtOlY6ozXGGH7r1sUxvhlm?= =?us-ascii?q?85PjI6/XvLi4QkibxSrBGsvQBX2YPYYIiJcvF5e/WOLpshWWNdU5MJBGR6CYSm?= =?us-ascii?q?Yt5KVrIM?= X-IPAS-Result: =?us-ascii?q?A2GwCgDyf7FX/wHyM5BeHQGDJ1Z8pzQBig+JaSADgXaFSEw?= =?us-ascii?q?BAQEBAQEBAgECWyeCMgQDEX1bRAI3FCAOAwkCFykICAMBKQQVHwsFGASIEMF8J?= =?us-ascii?q?YYqhheCSBEBhXcFiCiFc4sjhh6IeAKCN4czhVeQL1SDfGyFWYE2AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 15 Aug 2016 08:46:01 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7F8jEMu019371; Mon, 15 Aug 2016 04:45:29 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7F8j8Fo191299 for ; Mon, 15 Aug 2016 04:45:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7F8j85I019368 for ; Mon, 15 Aug 2016 04:45:08 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DtAADUf7FXhhy3hNFeHYN+fKYMggMBiTSFZIQMFAiGAYE9TAEBAQEBAQECEwEBAQoJCwkZhg2BDkOIMcIfhiqGF4hRBYgohXOLI4YeiHgCgjeNCpAvghVigVk6MocPAQEB X-IPAS-Result: A1DtAADUf7FXhhy3hNFeHYN+fKYMggMBiTSFZIQMFAiGAYE9TAEBAQEBAQECEwEBAQoJCwkZhg2BDkOIMcIfhiqGF4hRBYgohXOLI4YeiHgCgjeNCpAvghVigVk6MocPAQEB X-IronPort-AV: E=Sophos;i="5.28,524,1464667200"; d="scan'208";a="5644615" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 15 Aug 2016 04:45:07 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AzPuiRh/9vtI8Gv9uRHKM819IXTAuvvDOBiVQ1KB9?= =?us-ascii?q?1uwcTK2v8tzYMVDF4r011RmSDNydsq8My7KP9fuxASpYudfJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/mjqbrptWTO1wO32vlJ+sqbV2flkb4joEum4xsK6I8mFPig0BjXK?= =?us-ascii?q?Bo/15uPk+ZhB3m5829r9ZJ+iVUvO89pYYbCf2pN/dwcbsNFzkiMmYo9OX3pBLD?= =?us-ascii?q?Sk2J/XJaXWIIwTRSBA2QyRDgWYz1uzWyiONx2ySAIcy+GbUqUDih4r13YAXlhC?= =?us-ascii?q?cOK3gy92SB2Z84t75SvB/0/083+IXTeozAbPc=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HJAQDyf7FXhhy3hNFeHYN+fKYMgSlaA?= =?us-ascii?q?Yk0hWSEDBQIgXaEC4E9TAEBAQEBAQECAQIQAQEBCgkLCRkvgjIWf1uBPIEOQ4g?= =?us-ascii?q?xwiGGKoYXiFEFiCiFc4sjhh6IeAKCN40KkC+Cd4FZOjKHDwEBAQ?= X-IPAS-Result: =?us-ascii?q?A0HJAQDyf7FXhhy3hNFeHYN+fKYMgSlaAYk0hWSEDBQIgXa?= =?us-ascii?q?EC4E9TAEBAQEBAQECAQIQAQEBCgkLCRkvgjIWf1uBPIEOQ4gxwiGGKoYXiFEFi?= =?us-ascii?q?CiFc4sjhh6IeAKCN40KkC+Cd4FZOjKHDwEBAQ?= X-IronPort-AV: E=Sophos;i="5.28,524,1464652800"; d="scan'208";a="16582976" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Aug 2016 08:45:03 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8E9DD3B716 for ; Mon, 15 Aug 2016 08:45:02 +0000 (UTC) Received: from crude.brq.redhat.com (crude.brq.redhat.com [10.34.24.82]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u7F8j0db007009; Mon, 15 Aug 2016 04:45:01 -0400 From: Miroslav Vadkerti To: selinux@tycho.nsa.gov Subject: [PATCH 1/2] semanage: use socket.getprotobyname for protocol Date: Mon, 15 Aug 2016 10:44:57 +0200 Message-Id: <1471250698-16573-1-git-send-email-mvadkert@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 15 Aug 2016 08:45:02 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP This patch removes proto_to_audit dictionary and uses standard socket.getprotobyname(protocol) to resolve protocol number from given protocol name. Signed-off-by: Miroslav Vadkerti --- policycoreutils/semanage/seobject.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index 8d3088c..538ff0a 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -28,6 +28,7 @@ import os import re import sys import stat +import socket from semanage import * PROGNAME = "policycoreutils" import sepolicy @@ -88,11 +89,6 @@ file_type_str_to_option = {"all files": "a", "symbolic link": "l", "named pipe": "p"} -proto_to_audit = {"tcp": 6, - "udp": 17, - "ipv4": 4, - "ipv6": 41} - ftype_to_audit = {"": "any", "b": "block", "c": "char", @@ -1134,7 +1130,7 @@ class portRecords(semanageRecords): semanage_port_key_free(k) semanage_port_free(p) - self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", type, serange)) + self.mylog.log_change("resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", type, serange)) def add(self, port, proto, serange, type): self.begin() @@ -1177,7 +1173,7 @@ class portRecords(semanageRecords): semanage_port_key_free(k) semanage_port_free(p) - self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, proto_to_audit[proto], "system_u", "object_r", setype, serange)) + self.mylog.log_change("resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%s" % (port, socket.getprotobyname(proto), "system_u", "object_r", setype, serange)) def modify(self, port, proto, serange, setype): self.begin() @@ -1210,7 +1206,7 @@ class portRecords(semanageRecords): if low == high: port_str = low - self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, proto_to_audit[proto_str])) + self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port_str, socket.getprotobyname(proto_str))) self.commit() @@ -1234,7 +1230,7 @@ class portRecords(semanageRecords): semanage_port_key_free(k) - self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, proto_to_audit[proto])) + self.mylog.log_change("resrc=port op=delete lport=%s proto=%s" % (port, socket.getprotobyname(proto))) def delete(self, port, proto): self.begin() @@ -1414,7 +1410,7 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) semanage_node_free(node) - self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", ctype, serange)) + self.mylog.log_change("resrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", ctype, serange)) def add(self, addr, mask, proto, serange, ctype): self.begin() @@ -1457,7 +1453,7 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) semanage_node_free(node) - self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, proto_to_audit[self.protocol[proto]], "system_u", "object_r", setype, serange)) + self.mylog.log_change("resrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]), "system_u", "object_r", setype, serange)) def modify(self, addr, mask, proto, serange, setype): self.begin() @@ -1490,7 +1486,7 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) - self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, proto_to_audit[self.protocol[proto]])) + self.mylog.log_change("resrc=node op=delete laddr=%s netmask=%s proto=%s" % (addr, mask, socket.getprotobyname(self.protocol[proto]))) def delete(self, addr, mask, proto): self.begin()