First crack at argparse parser for semanage.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Attached is my first crack at the argparse version of semanage. Right now it just parses the command line and spits out the dictionary raw. Please mess around with the command line and make sure that it behaves how you would expect. Some of the names in the dictionary are a bit weird and I'm having trouble getting sensible semantics for fcontext -e but it should be parsing the command lines properly. Also not all of the help text is in place yet. If you want to add some help text either send it to me in an email or send me a patch and I'll apply it to my repo. I still need to commit the latest changes to my github account but once I do you should be able to get the same file from my semanage-argparse repo on github. After we're sure that the parsing works as we'd like and the help messages are sensible to people I'll work on gluing this frontend back onto the seobject class that semanage uses to do that actual policy store manipulations.

Dave
#! /usr/bin/python -Es
import sys,argparse

class seParser(argparse.ArgumentParser):
    def error(self, message):
        if len(sys.argv) == 2:
            self.print_help()
            sys.exit(2)
        self.print_usage()
        self.exit(2, ('%s: error: %s\n') % (self.prog, message))

def setupLoginParser(subparsers, parents):
    loginParser = subparsers.add_parser('login', help='Manage login mappings between linux users and SELinux confined users', parents=parents)
    loginParser.add_argument('-s', '--seuser', nargs=1, required=True, help='SELinux user name')
    loginParser.add_argument('-r', '--range', nargs=1, help='''MLS/MCS Security Range (MLS/MCS Systems only) 
                                                                SELinux Range  for SELinux login mapping 
                                                                defaults to the SELinux user record range.
                                                                SELinux Range for SELinux user defaults to s0.''')
    loginParser.add_argument('login', help='login_name | %%groupname')
    

def setupUserParser(subparsers, parents):
    userParser = subparsers.add_parser('user', help='Manage SELinux confined users (Roles and levels for an SELinux user)', parents=parents)
    userParser.add_argument('-L', '--level', nargs=1, help='XXX:Add level text')
    userParser.add_argument('-r', '--range', nargs=1, help='XXX:Add range text')
    userParser.add_argument('-R', '--roles', nargs=1, help='XXX:Add roles text')
    userParser.add_argument('-P', '--prefix', nargs=1, help='XXX:Add prefix text')
    userParser.add_argument('selinux_name', help='selinux_name')
    
    
def setupPortParser(subparsers,parents):
    portParser = subparsers.add_parser('port', help='Manage network port type definiteions', parents=parents)
    portParser.add_argument('-t', '--type', nargs=1, help='XXX:Add type text')
    portParser.add_argument('-r', '--range', nargs=1, help='XXX:Add range text')
    portParser.add_argument('-p', '--proto', nargs=1, help='XXX:Add proto text')
    portParser.add_argument('port', help='port | port_range')
    
def setupInterfaceParser(subparsers,parents):
    interfaceParser = subparsers.add_parser('interface', help='Manage network interface type definitions', parents=parents)
    interfaceParser.add_argument('-t', '--type', nargs=1, help='XXX:Add type text')
    interfaceParser.add_argument('-r', '--range', nargs=1, help='XXX:Add range text')
    interfaceParser.add_argument('interface', help='interface_spec')
    
def setupModuleParser(subparsers,parents):
    moduleParser = subparsers.add_parser('module', help='Manage SELinux policy modules', parents=parents, conflict_handler='resolve')
    
    mgroup = moduleParser.add_mutually_exclusive_group(required=True)
    mgroup.add_argument('-a', '--add', dest='action', action='store_const', const='add', help='Add a record of the specified object type')
    mgroup.add_argument('-d', '--delete', dest='action', action='store_const', const='delete', help='Delete a record of the specified object type')
    mgroup.add_argument('-m', '--modify', dest='action', choices=['enable', 'disable'], help='Enable or Disable specified module')
    mgroup.add_argument('-l', '--list', dest='action', action='store_const', const='list', help='List records of the specified object type')
    moduleParser.add_argument('-N', '--noreload', action='store_true', help='Do not reload the policy after commit')
    moduleParser.add_argument('module_name', help='Name of the module to act on')
    
def setupNodeParser(subparsers,parents):
    nodeParser = subparsers.add_parser('node', help='Manage network node type definitions', parents=parents)
    nodeParser.add_argument('-M', '--mask', nargs=1, help='XXX:Add mask text')
    nodeParser.add_argument('-t', '--type', nargs=1, help='XXX:Add type text')
    nodeParser.add_argument('-r', '--range', nargs=1, help='XXX:Add range text')
    nodeParser.add_argument('-p', '--proto', nargs=1, help='XXX:Add proto text')
    nodeParser.add_argument('node', help='node')
    
def setupFcontextParser(subparsers,parents):
    fcontextParser = subparsers.add_parser('fcontext', help='Manage file context mapping definitions', parents=parents)
    fcontextParser.add_argument('-e', '--equal', nargs=1, help='''Substitute  target  path with sourcepath when generating default
                                                                  label.  This is used with fcontext. Requires source  and  target
                                                                  path  arguments.  The context labeling for the target subtree is
                                                                  made equivalent to that defined for the source.''')
    fcontextParser.add_argument('-f', '--ftype', nargs=1, help='''File Type.   This is used with fcontext.  Requires a  file  type
                                                                  as  shown  in  the  mode  field by ls, e.g. use -d to match only
                                                                  directories or -- to match only regular files.''')
    fcontextParser.add_argument('-s', '--seuser', nargs=1,help='SELinux user name')
    fcontextParser.add_argument('-t', '--type', nargs=1, help='SELinux Type for the object')
    fcontextParser.add_argument('-r', '--range', nargs=1, help='''MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range  for
                                                                  SELinux login mapping defaults to the SELinux user record range.
                                                                  SELinux Range for SELinux user defaults to s0.''')
    fcontextParser.add_argument('target', help='target')
    
def setupBooleanParser(subparsers,parents):
    booleanParser = subparsers.add_parser('boolean', help='Manage booleans to selectively enable functionality', parents=parents)
    boolGroup = booleanParser.add_mutually_exclusive_group(required=True)
    boolGroup.add_argument('-1', '--on', dest='state', action='store_const', const='on', help='XXX: Add text')
    boolGroup.add_argument('-0', '--off', dest='state', action='store_const', const='off', help='XXX: Add text')
    booleanParser.add_argument('-F', '--file', nargs=1, dest='filename', help="XXX: Add text")
    booleanParser.add_argument('boolean', help='boolean | boolean_file')

def setupPermissiveParser(subparsers):
    permissiveParser = subparsers.add_parser('permissive', help='Manage process type enforcement mode')
    pgroup = permissiveParser.add_mutually_exclusive_group(required=True)
    pgroup.add_argument('-a', '--add', dest='action', action='store_const', const='add', help='Add a record of the specified object type')
    pgroup.add_argument('-d', '--delete', dest='action', action='store_const', const='delete', help='Delete a record of the specified object type')
    pgroup.add_argument('-l', '--list', dest='action', action='store_const', const='list', help='List records of the specified object type')
    permissiveParser.add_argument('-n', '--noheading', action='store_true', help='Do not print heading when listing the speicied object type')
    permissiveParser.add_argument('-D', '--deleteall', action='store_true', help='Remove all local customizations for the specified object type')
    permissiveParser.add_argument('-N', '--noreload', action='store_true', help='Do not reload the policy after commit')
    permissiveParser.add_argument('type', help='type')
    
def setupDontauditParser(subparsers):
    dontauditParser = subparsers.add_parser('dontaudit', help='Disable/Enable dontaudit rules in policy')
    dontauditParser.add_argument('-S', '--store', nargs=1, help='Select an alternate SELinux Policy Store to manage')
    dontauditParser.add_argument('action', choices=["on", "off"])
    
def createCommandParser():
    commandParser = seParser(prog='semanage',
                                            formatter_class=argparse.ArgumentDefaultsHelpFormatter,
                                            description='''semanage is used to configure certain elements 
                                                            of SELinux policy with-out requiring modification 
                                                            to or recompilation from policy source.''')
    #Create the parent parser which is use to handle valid_everyone arguments
    everyoneParser = argparse.ArgumentParser(add_help=False)
    egroup = everyoneParser.add_mutually_exclusive_group(required=True)
    egroup.add_argument('-a', '--add', dest='action', action='store_const', const='add', help='Add a record of the specified object type')
    egroup.add_argument('-d', '--delete', dest='action', action='store_const', const='delete', help='Delete a record of the specified object type')
    egroup.add_argument('-m', '--modify', dest='action', action='store_const', const='modify', help='Modify a record of the specified object type')
    egroup.add_argument('-l', '--list', dest='action', action='store_const', const='list', help='List records of the specified object type')
    everyoneParser.add_argument('-n', '--noheading', action='store_true', help='Do not print heading when listing the speicied object type')
    everyoneParser.add_argument('-S', '--store', nargs=1, help='Select an alternate SELinux Policy Store to manage')
    
    #Create the parent parser for valid_local arguments
    localParser = argparse.ArgumentParser(add_help=False)
    lgroup = localParser.add_argument_group()
    lgroup.add_argument('-E', '--extract', action='store_true', help='XXX: Not exactly sure what this does ask Dan')
    lgroup.add_argument('-C', '--locallist', action='store_true', help='List only locally defined settings, not base policy settings')
    lgroup.add_argument('-D', '--deleteall', action='store_true', help='Remove all local customizations for the specified object type')
    lgroup.add_argument('-N', '--noreload', action='store_true', help='Do not reload the policy after commit')
    
    
    #To add a new subcommand define the parser for it in a function above and call it here.
    subparsers = commandParser.add_subparsers(dest='subcommand')
    setupLoginParser(subparsers, [everyoneParser,localParser])
    setupUserParser(subparsers, [everyoneParser,localParser])
    setupPortParser(subparsers, [everyoneParser,localParser])
    setupInterfaceParser(subparsers, [everyoneParser,localParser])
    setupModuleParser(subparsers, [])
    setupNodeParser(subparsers, [everyoneParser,localParser])
    setupFcontextParser(subparsers, [everyoneParser,localParser])
    setupBooleanParser(subparsers, [everyoneParser,localParser])
    setupPermissiveParser(subparsers)
    setupDontauditParser(subparsers)
    
    return commandParser

if __name__ == '__main__':
    
    commandParser = createCommandParser()
    if len(sys.argv) < 2:
        commandParser.print_help()
        exit(1)
    args = commandParser.parse_args()
    print args
    
	
    
   

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux