contrib/avc_snap

   1 #! /usr/bin/env python
   2 import os, string, select, struct, syslog
   3 import audit, avc, traceback
   4 import AuditMsg
   5 from setroubleshoot.signature import *
   6 from setroubleshoot.util import LoadPlugins
   7
   8 class avc_snap:
   9     def __init__(self):
  10         self.audit_list = []
  11         self.cur_sig = ""
  12         self.plugins = LoadPlugins()
  13         syslog.syslog( "Number of Plugins = %d" % len(self.plugins))
  14
  15     def is_avc(self):
  16         for i in self.audit_list:
  17             if i[0] == audit.AUDIT_AVC:
  18                 return True
  19         return False
  20
  21     def out(self):
  22         if self.is_avc():
  23             rules=avc.SERules()
  24             l=[]
  25             for ( type, data_list ) in self.audit_list:
  26                 l  += data_list
  27
  28             if "granted" in l:
  29                 self.audit_list = []
  30                 return
  31
  32             rules.translate(l)
  33             myavc = AVC(rules.AVCS[0])
  34             for plugin in self.plugins:
  35                 try:
  36                     if plugin.analyze(myavc):
  37                         plugin.report()
  38                         break;
  39
  40                 except TypeError, e:
  41                     syslog.syslog("Type exception %s: %s " % ( plugin.analysisID, e.args))
  42                 except:
  43                     syslog.syslog("Plugin Exception %s " % plugin.analysisID)
  44
  45         self.audit_list = []
  46
  47     def process(self, type, data):
  48         data_list=data.split()
  49         new_sig=data_list[0]
  50
  51         if len(self.audit_list) > 0 and new_sig != self.cur_sig:
  52             self.out()
  53             self.cur_sig = new_sig
  54
  55         self.audit_list.append((type, data_list[1:]))
  56
  57     def run(self):
  58         while 1:
  59             input,output, err = select.select([0],[], [], 5)
  60             try:
  61                 if 0 in input:
  62                     msg = AuditMsg.AuditMsg()
  63                     if not msg.read_from_fd(0):
  64                         syslog.syslog("Connection closing")
  65                         return
  66                     self.process(msg.get_type(), msg.get_body())
  67                 else:
  68                     self.out()
  69
  70             except struct.error, e:
  71                 syslog.syslog("struct exception %s " % e.args)
  72                 return
  73             except TypeError, e:
  74                 syslog.syslog("Type exception %s " % e.args)
  75
  76 try:
  77     syslog.openlog("avc_snap")
  78     snap=avc_snap()
  79     snap.run()
  80
  81 except IOError,e:
  82     syslog.syslog("IOError exception %s" % e.args)
  83
  84 except Exception, e:
  85     syslog.syslog("Unexpected exception %s " % e.args)
  86     syslog.syslog(traceback.format_exc())
  87
  88 except:
  89     syslog.syslog("Caught Exception")
  90     syslog.syslog(traceback.format_exc())