@@ -37,7 +37,7 @@ __get_all_types () {
seinfo -t 2> /dev/null | tail -n +3
}
__get_all_port_types () {
- seinfo -aport_type -x 2>/dev/null | tail -n +2
+ sepolicy network -l
}
__get_all_domains () {
seinfo -adomain -x 2>/dev/null | tail -n +2
@@ -1055,7 +1055,12 @@ class portRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
+ self.valid_types = set(next(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))["types"])
+ except (RuntimeError, StopIteration):
+ self.valid_types = set()
+ pass
+ try:
+ self.valid_types.update(set([x["type"] for x in sepolicy.info(sepolicy.PORT)]))
except RuntimeError:
pass
@@ -52,7 +52,7 @@ __get_all_classes () {
seinfo -c 2> /dev/null | tail -n +2
}
__get_all_port_types () {
- seinfo -aport_type -x 2> /dev/null | tail -n +2
+ sepolicy network -l
}
__get_all_domain_types () {
seinfo -adomain -x 2> /dev/null | tail -n +2
@@ -989,8 +989,13 @@ def get_all_port_types():
global port_types
if port_types:
return port_types
- port_types = list(sorted(info(ATTRIBUTE, "port_type"))[0]["types"])
- return port_types
+ try:
+ port_types = set(next(info(ATTRIBUTE, "port_type"))["types"])
+ except StopIteration:
+ port_types = set()
+ pass
+ port_types.update(set([x["type"] for x in info(PORT)]))
+ return sorted(port_types)
def get_all_bools():
For `semanage port -l` and `sepolicy network -t type`, show also ports which are not attributed with `port_type`. Such ports may exist in custom policies and even the attribute `port_type` may not be defined. This fixes the following error with `semanage port -l` (and similar error with `sepolicy network -t type`): Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 441, in handlePort OBJECT = object_dict['port'](args) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/seobject.py", line 1057, in __init__ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^ IndexError: list index out of range Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- v6: update to work with Fedora policy v5: fix from Petr Lautrbach v4: keep types found with attribute port_type for compatibility with types which are not portcons v3: use even better version, thanks to Petr Lautrbach v2: fix other cases and use better version courtesy of Petr Lautrbach --- python/semanage/semanage-bash-completion.sh | 2 +- python/semanage/seobject.py | 7 ++++++- python/sepolicy/sepolicy-bash-completion.sh | 2 +- python/sepolicy/sepolicy/__init__.py | 9 +++++++-- 4 files changed, 15 insertions(+), 5 deletions(-)