@@ -43,7 +43,7 @@ __get_all_domains () {
seinfo -adomain -x 2>/dev/null | tail -n +2
}
__get_all_node_types () {
- seinfo -anode_type -x 2>/dev/null | tail -n +2
+ seinfo --nodecon -x 2>/dev/null | sed -n 's/^\s\+nodecon\s\+\S\+\s\+\S\+\s\+[^:]\+:[^:]\+:\([^:]\+\):\S\+$/\1/gp'
}
__get_all_file_types () {
seinfo -afile_type -x 2>/dev/null | tail -n +2
@@ -98,6 +98,11 @@ _semanage () {
COMPREPLY=( $(compgen -W "$( __get_all_modules ) " -- "$cur") )
return 0
fi
+ elif [ "$command" = "node" ]; then
+ if [ "$prev" = "-t" ] || [ "$prev" = "--type" ]; then
+ COMPREPLY=( $(compgen -W "$( __get_all_node_types ) " -- "$cur") )
+ return 0
+ fi
fi
if [ "$verb" = "" -a "$prev" = "semanage" ]; then
comps="${VERBS[*]}"
@@ -1848,7 +1848,7 @@ class nodeRecords(semanageRecords):
semanageRecords.__init__(self, args)
self.protocol = ["ipv4", "ipv6"]
try:
- self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"])
+ self.valid_types = list(list(sepolicy.info(sepolicy.NODE)))
except RuntimeError:
pass
@@ -13,6 +13,7 @@ import re
import gzip
from setools.boolquery import BoolQuery
+from setools.nodeconquery import NodeconQuery
from setools.portconquery import PortconQuery
from setools.policyrep import SELinuxPolicy
from setools.objclassquery import ObjClassQuery
@@ -49,6 +50,7 @@ PORT = 4
USER = 5
BOOLEAN = 6
TCLASS = 7
+NODE = 8
ALLOW = 'allow'
AUDITALLOW = 'auditallow'
@@ -299,6 +301,17 @@ def info(setype, name=None):
'permlist': list(x.perms),
} for x in q.results())
+ elif setype == NODE:
+ q = NodeconQuery(_pol)
+ if name:
+ q.name = name
+
+ return ({
+ 'address': re.fullmatch('nodecon (\S+) \S+ \S+', str(x)).group(1),
+ 'mask': re.fullmatch('nodecon \S+ (\S+) \S+', str(x)).group(1),
+ 'type': re.fullmatch('nodecon \S+ \S+ (\S+)', str(x)).group(1)
+ } for x in list(q.results()))
+
else:
raise ValueError("Invalid type")
For `semanage node -l`, show also nodes which are not attributed with `node_type`. Such nodes may exist in custom policies and even the attribute `node_type` may not be defined. Fix also bash completion to work with such policies and actually start using __get_all_node_types(). This fixes the following error with `semanage node -l`: Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 652, in handleNode OBJECT = object_dict['node'](args) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/seobject.py", line 1850, in __init__ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"]) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^ IndexError: list index out of range Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- python/semanage/semanage-bash-completion.sh | 7 ++++++- python/semanage/seobject.py | 2 +- python/sepolicy/sepolicy/__init__.py | 13 +++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-)