#! /usr/bin/python -Es
# Copyright (C) 2012 Red Hat 
# see file 'COPYING' for use and warranty information
#
# setrans is a tool for analyzing process transistions in SELinux policy
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of the GNU General Public License as
#    published by the Free Software Foundation; either version 2 of
#    the License, or (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
#                                        02111-1307  USA
#
#  
import seobject
import setools, sys
search=setools.sesearch
seinfo=setools.seinfo

portrecsbynum = seobject.portRecords().get_all()
portrecs = seobject.portRecords().get_all_by_type()
port_types =  setools.seinfo(setools.ATTRIBUTE,"port_type")[0]["types"]

def get_types(src, tclass, perm):
    allows=search([setools.ALLOW],{setools.SCONTEXT:src,setools.CLASS:tclass, setools.PERMS:perm})
    nlist=[]
    if allows:
        for i in map(lambda y: y[setools.TCONTEXT], filter(lambda x: set(perm).issubset(x[setools.PERMS]), allows)):
            if i not in nlist:
                nlist.append(i)
    return nlist
   

def get_network_connect(src, protocol, perm):
    tlist = get_types(sys.argv[1], "%s_socket" % protocol, [perm])
    if len(tlist) > 0:
        print src, protocol, perm
        for i in tlist:
            if i == "ephemeral_port_type":
                i = "ephemeral_port_t"
            if i == "port_t":
                print "\t%s: all ports with out defined types" % i
            elif i == "port_type":
                print "\t%s: all ports" % i
            elif i == "unreserved_port_type":
                print "\t%s: all ports > 1024" % i
            elif i == "reserved_port_type":
                print "\t%s: all ports < 1024" % i
            elif i == "rpc_port_type":
                print "\t%s: all ports > 500 and  < 1024" % i
            else:
                try:
                    print "\t%s: %s" % (i, ",".join(portrecs[(i, protocol)]))
                except KeyError:
                    pass
                

setype = sys.argv[1]
if setype.isdigit():
    port = int(setype)
    for i in portrecsbynum:
        if i[0] <= port and port <= i[1]:
            if i[0] == i[1]:
                range = i[0]
            else:
                range = "%s-%s" % (i[0], i[1])
            print "%s: %s %s %s" % (setype, i[2], portrecsbynum[i][0], range)
elif setype in port_types:
    if (setype,'tcp') in portrecs.keys():
        print "%s: tcp: %s" % (setype, ",".join(portrecs[setype,'tcp']))
    if (setype,'udp') in portrecs.keys():
        print "%s: udp: %s" % (setype, ",".join(portrecs[setype,'udp']))
else:
    get_network_connect(setype, "tcp", "name_connect")
    get_network_connect(setype, "udp", "name_bind")
    get_network_connect(setype, "tcp", "name_bind")