@@ -407,10 +407,9 @@ class XpermSet():
# print single value without braces
if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
- return compl + str(self.ranges[0][0])
+ return compl + hex(self.ranges[0][0])
- vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
- self.ranges)
+ vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
return "%s{ %s }" % (compl, " ".join(vals))
@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
a.merge(b)
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
def text_merge_xperm2(self):
"""Test merging AV that does not contain xperms with AV that does"""
@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
a.merge(b)
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
def test_merge_xperm_diff_op(self):
"""Test merging two AVs that contain xperms with different operation"""
@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
a.merge(b)
self.assertEqual(list(a.perms), ["read"])
self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
- self.assertEqual(a.xperms["asdf"].to_string(), "23")
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+ self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
def test_merge_xperm_same_op(self):
"""Test merging two AVs that contain xperms with same operation"""
@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
a.merge(b)
self.assertEqual(list(a.perms), ["read"])
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
class TestUtilFunctions(unittest.TestCase):
def test_is_idparam(self):
@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
a.complement = True
self.assertEqual(a.to_string(), "")
a.add(1234)
- self.assertEqual(a.to_string(), "~ 1234")
+ self.assertEqual(a.to_string(), "~ 0x4d2")
a.complement = False
- self.assertEqual(a.to_string(), "1234")
+ self.assertEqual(a.to_string(), "0x4d2")
a.add(2345)
- self.assertEqual(a.to_string(), "{ 1234 2345 }")
+ self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
a.complement = True
- self.assertEqual(a.to_string(), "~ { 1234 2345 }")
+ self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
a.add(42,64)
- self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
+ self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
a.complement = False
- self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
+ self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
class TestSecurityContext(unittest.TestCase):
def test_init(self):
All tools like ausearch(8) or sesearch(1) and online documentation[1] use hexadecimal values for extended permissions. Hence use them, e.g. for audit2allow output, as well. [1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- python/sepolgen/src/sepolgen/refpolicy.py | 5 ++--- python/sepolgen/tests/test_access.py | 10 +++++----- python/sepolgen/tests/test_refpolicy.py | 12 ++++++------ 3 files changed, 13 insertions(+), 14 deletions(-)