aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/audit/contrib/avc_snap
blob: f4acba7d3fe1c6340af9b05875a0bc8039f5864c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

#! /usr/bin/env python
import os, string, select, struct, syslog
import audit, avc, traceback
import AuditMsg
from setroubleshoot.signature import *
from setroubleshoot.util import LoadPlugins

class avc_snap:
    def __init__(self):
        self.audit_list = []
        self.cur_sig = ""
        self.plugins = LoadPlugins()
        syslog.syslog( "Number of Plugins = %d" % len(self.plugins))

    def is_avc(self):
        for i in self.audit_list:
            if i[0] == audit.AUDIT_AVC:
                return True
        return False
        
    def out(self):
        if self.is_avc():
            rules=avc.SERules()
            l=[]
            for ( type, data_list ) in self.audit_list:
                l  += data_list

            if "granted" in l:
                self.audit_list = []
                return

            rules.translate(l)
            myavc = AVC(rules.AVCS[0])
            for plugin in self.plugins:
                try:
                    if plugin.analyze(myavc):
                        plugin.report()
                        break;
                    
                except TypeError, e:
                    syslog.syslog("Type exception %s: %s " % ( plugin.analysisID, e.args))
                except:
                    syslog.syslog("Plugin Exception %s " % plugin.analysisID) 
                
        self.audit_list = []

    def process(self, type, data):
        data_list=data.split()
        new_sig=data_list[0]

        if len(self.audit_list) > 0 and new_sig != self.cur_sig:
            self.out()
            self.cur_sig = new_sig

        self.audit_list.append((type, data_list[1:]))

    def run(self):
        while 1:
            input,output, err = select.select([0],[], [], 5)
            try:
                if 0 in input:
                    msg = AuditMsg.AuditMsg()
                    if not msg.read_from_fd(0):
                        syslog.syslog("Connection closing")
                        return
                    self.process(msg.get_type(), msg.get_body())
                else:
                    self.out()

            except struct.error, e:
                syslog.syslog("struct exception %s " % e.args)
                return
            except TypeError, e:
                syslog.syslog("Type exception %s " % e.args)

try:
    syslog.openlog("avc_snap")
    snap=avc_snap()
    snap.run()

except IOError,e:
    syslog.syslog("IOError exception %s" % e.args)

except Exception, e:
    syslog.syslog("Unexpected exception %s " % e.args)
    syslog.syslog(traceback.format_exc())
   
except:
    syslog.syslog("Caught Exception")
    syslog.syslog(traceback.format_exc())