[Open-scap] [PATCH 1/2] [probes] add selinuxboolean probe
Petr Lautrbach
plautrba at redhat.com
Mon Jul 18 14:45:53 UTC 2011
---
configure.ac | 19 +++++
src/OVAL/oval_probe.c | 2 +
src/OVAL/oval_probe_ext.c | 1 +
src/OVAL/oval_probe_session.c | 1 +
src/OVAL/probes/Makefile.am | 7 ++
src/OVAL/probes/unix/linux/selinuxboolean.c | 108 +++++++++++++++++++++++++++
6 files changed, 138 insertions(+), 0 deletions(-)
create mode 100644 src/OVAL/probes/unix/linux/selinuxboolean.c
diff --git a/configure.ac b/configure.ac
index 4e772ce..da95fb1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -337,6 +337,20 @@ AC_CHECK_LIB(
]
)
+#
+# selinux
+#
+have_selinux=no
+AC_CHECK_LIB(
+ [selinux],
+ [is_selinux_enabled],
+ [selinux_cflags=`pkg-config libselinux --cflags`
+ selinux_libs=`pkg-config libselinux --libs`
+ have_selinux=yes
+ AC_DEFINE([ENABLE_PROBE_SELINUXBOOLEAN], [1], [Define if SELinux is available])
+ ]
+)
+
# Checks for header files.
AC_HEADER_STDC
@@ -422,6 +436,9 @@ AC_SUBST(libacl_libs)
AC_SUBST(libblkid_cflags)
AC_SUBST(libblkid_libs)
+AC_SUBST(selinux_cflags)
+AC_SUBST(selinux_libs)
+
# Checks for typedefs, structures, and compiler characteristics.
AC_HEADER_STDBOOL
AC_TYPE_SIZE_T
@@ -712,6 +729,7 @@ AM_CONDITIONAL([WANT_BINDINGS], test "$bindings" = yes)
AM_CONDITIONAL([ENABLE_VALGRIND_TESTS], test "$vgcheck" = yes)
AM_CONDITIONAL([HAVE_ODBX], test "$have_odbx" = yes)
AM_CONDITIONAL([ENABLE_PROBE_LDAP57], test "$probe_independent_ldap57" = yes)
+AM_CONDITIONAL(ENABLE_PROBE_SELINUXBOOLEAN, [test "$have_selinux" = "yes"])
AC_CONFIG_FILES([Makefile
lib/Makefile
@@ -809,6 +827,7 @@ echo " dpkginfo probe: $have_libapt_pkg"
echo " inetlisteningservers probe: $probes_linux"
echo " rpminfo probe: $have_librpm"
echo " partition probe: $probes_linux"
+echo " selinuxboolean probe: $have_selinux"
echo ""
echo " === solaris probes ==="
diff --git a/src/OVAL/oval_probe.c b/src/OVAL/oval_probe.c
index 184f434..84112ea 100644
--- a/src/OVAL/oval_probe.c
+++ b/src/OVAL/oval_probe.c
@@ -65,6 +65,7 @@ oval_subtypedsc_t __s2n_tbl[] = {
/* 9002 */ {OVAL_LINUX_INET_LISTENING_SERVERS, "inetlisteningservers"},
/* 9003 */ {OVAL_LINUX_RPM_INFO, "rpminfo" },
/* 9005 */ {OVAL_LINUX_PARTITION, "partition", },
+ /* 9008 */ {OVAL_LINUX_SELINUXBOOLEAN, "selinuxboolean" },
/* 12001 */ {OVAL_SOLARIS_ISAINFO, "isainfo" },
/* 13001 */ {OVAL_UNIX_FILE, "file" },
/* 13003 */ {OVAL_UNIX_INTERFACE, "interface" },
@@ -100,6 +101,7 @@ oval_subtypedsc_t __n2s_tbl[] = {
/* 13005 */ {OVAL_UNIX_PROCESS, "process" },
/* 9003 */ {OVAL_LINUX_RPM_INFO, "rpminfo" },
/* 13006 */ {OVAL_UNIX_RUNLEVEL, "runlevel" },
+ /* 9008 */ {OVAL_LINUX_SELINUXBOOLEAN, "selinuxboolean" },
/* 13008 */ {OVAL_UNIX_SHADOW, "shadow" },
/* 7005 */ {OVAL_INDEPENDENT_SQL, "sql" },
/* 7013 */ {OVAL_INDEPENDENT_SQL57, "sql57" },
diff --git a/src/OVAL/oval_probe_ext.c b/src/OVAL/oval_probe_ext.c
index 1a5869f..7b8406d 100644
--- a/src/OVAL/oval_probe_ext.c
+++ b/src/OVAL/oval_probe_ext.c
@@ -67,6 +67,7 @@ const oval_pdsc_t OSCAP_GSYM(default_pdsc)[] = {
{OVAL_LINUX_INET_LISTENING_SERVERS, "inetlisteningservers", "probe_inetlisteningservers"},
{OVAL_LINUX_RPM_INFO, "rpminfo", "probe_rpminfo"},
{OVAL_LINUX_PARTITION, "partition", "probe_partition"},
+ {OVAL_LINUX_SELINUXBOOLEAN, "selinuxboolean", "probe_selinuxboolean"},
{OVAL_SOLARIS_ISAINFO, "isainfo", "probe_isainfo"},
{OVAL_UNIX_FILE, "file", "probe_file"},
{OVAL_UNIX_INTERFACE, "interface", "probe_interface"},
diff --git a/src/OVAL/oval_probe_session.c b/src/OVAL/oval_probe_session.c
index 0a0ddab..2109b09 100644
--- a/src/OVAL/oval_probe_session.c
+++ b/src/OVAL/oval_probe_session.c
@@ -127,6 +127,7 @@ oval_probe_session_t *oval_probe_session_new(struct oval_syschar_model *model)
oval_probe_handler_set(sess->ph, OVAL_LINUX_DPKG_INFO, oval_probe_ext_handler, sess->pext);
oval_probe_handler_set(sess->ph, OVAL_LINUX_RPM_INFO, oval_probe_ext_handler, sess->pext);
oval_probe_handler_set(sess->ph, OVAL_LINUX_PARTITION, oval_probe_ext_handler, sess->pext);
+ oval_probe_handler_set(sess->ph, OVAL_LINUX_SELINUXBOOLEAN, oval_probe_ext_handler, sess->pext);
oval_probe_handler_set(sess->ph, OVAL_SOLARIS_ISAINFO, oval_probe_ext_handler, sess->pext);
oval_probe_handler_set(sess->ph, OVAL_UNIX_FILE, oval_probe_ext_handler, sess->pext);
oval_probe_handler_set(sess->ph, OVAL_UNIX_INTERFACE, oval_probe_ext_handler, sess->pext);
diff --git a/src/OVAL/probes/Makefile.am b/src/OVAL/probes/Makefile.am
index 36e701c..ca7d742 100644
--- a/src/OVAL/probes/Makefile.am
+++ b/src/OVAL/probes/Makefile.am
@@ -155,6 +155,13 @@ probe_inetlisteningservers_SOURCES= unix/linux/inetlisteningservers.c
probe_inetlisteningservers_CFLAGS=
probe_inetlisteningservers_LDFLAGS=
+if ENABLE_PROBE_SELINUXBOOLEAN
+pkglibexec_PROGRAMS += probe_selinuxboolean
+probe_selinuxboolean_SOURCES= unix/linux/selinuxboolean.c
+probe_selinuxboolean_CFLAGS= @selinux_cflags@
+probe_selinuxboolean_LDFLAGS= @selinux_libs@
+endif
+
if ENABLE_PROBE_RPMINFO
pkglibexec_PROGRAMS += probe_rpminfo
probe_rpminfo_SOURCES= unix/linux/rpminfo.c
diff --git a/src/OVAL/probes/unix/linux/selinuxboolean.c b/src/OVAL/probes/unix/linux/selinuxboolean.c
new file mode 100644
index 0000000..9497536
--- /dev/null
+++ b/src/OVAL/probes/unix/linux/selinuxboolean.c
@@ -0,0 +1,108 @@
+/**
+ * @file selinuxboolean.c
+ * @brief selinuxboolean probe
+ * @author "Petr Lautrbach" <plautrba at redhat.com>
+ *
+ * This probe is able to process a selinuxboolean_object as defined in OVAL 5.8.
+ *
+ */
+
+/*
+ * Copyright 2009-2011 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Petr Lautrbach <plautrba at redhat.com>
+ */
+
+/*
+ * selinuxboolean probe:
+ *
+ * name
+ * current_status
+ * pending_status
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "seap.h"
+#include "probe-api.h"
+#include "probe/entcmp.h"
+#include "alloc.h"
+
+#include <selinux/selinux.h>
+
+static int get_selinuxboolean(SEXP_t *ut_ent, probe_ctx *ctx)
+{
+ int err = 1, active, pending, len, i;
+ SEXP_t *boolean, *item;
+ char **booleans;
+
+ if ( ! is_selinux_enabled())
+ return err;
+
+ if (security_get_boolean_names(&booleans, &len) == -1)
+ return err;
+
+ for (i = 0; i < len; i++) {
+ boolean = SEXP_string_new(booleans[i], strlen(booleans[i]));
+ if (probe_entobj_cmp(ut_ent, boolean) == OVAL_RESULT_TRUE) {
+ active = security_get_boolean_active(booleans[i]);
+ pending = security_get_boolean_pending(booleans[i]);
+ item = probe_item_create(
+ OVAL_LINUX_SELINUXBOOLEAN, NULL,
+ "name", OVAL_DATATYPE_SEXP, boolean,
+ "current_status", OVAL_DATATYPE_BOOLEAN, active,
+ "pending_status", OVAL_DATATYPE_BOOLEAN, pending,
+ NULL);
+ probe_item_collect(ctx, item);
+ }
+ SEXP_free(boolean);
+ }
+
+ for (i = 0; i < len; i++)
+ free(booleans[i]);
+
+ return 0;
+}
+
+int probe_main(probe_ctx *ctx, void *arg)
+{
+ SEXP_t *probe_in, *name;
+ int err;
+
+ probe_in = probe_ctx_getobject(ctx);
+ name = probe_obj_getent(probe_in, "name", 1);
+
+ if (name == NULL) {
+ return PROBE_ENOVAL;
+ }
+
+ err = get_selinuxboolean(name, ctx);
+ SEXP_free(name);
+
+ return err;
+}
--
1.7.5.4
More information about the Open-scap-list
mailing list