#! /usr/bin/python -Es # Copyright (C) 2011 Red Hat # see file 'COPYING' for use and warranty information # # setrans is a tool for analyzing process transistions in SELinux policy # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # 02111-1307 USA # # import setools, sys search=setools.sesearch seinfo=setools.seinfo failedlist = [] def get_trans(src, dest, slist, tlist = []): foundstr = "" trans=search([setools.ALLOW],{setools.SCONTEXT:src}) targets = map(lambda y: y[setools.TCONTEXT], filter(lambda x: "transition" in x[setools.PERMS], trans)) failedlist.append(src) if src in tlist: return False for f in failedlist: if f in targets: targets.remove(f) if len(targets) == 0: return False tlist.append(src) if dest in targets: slist.append(tlist + [ dest ]) return True for t in targets: get_trans(t,dest, slist, tlist) if t in tlist: tlist.remove(t) return True def verify_domain(domain): try: d = seinfo(setools.TYPE, domain)[0] if "domain" not in d["attributes"]: raise RuntimeError except RuntimeError: raise TypeError("Types must be process/domain types") def setrans(source, dest): slist=[] verify_domain(source) verify_domain(dest) get_trans(source,dest, slist) return slist def usage(msg=None): if msg: print msg print "%s SOURCE_PROCESS_TYPE DEST_PROCESS_TYPE" % sys.argv[0] try: for l in setrans(sys.argv[1], sys.argv[2]): print " --> ".join(l) except IndexError: usage() except TypeError, e: usage(e)