Navigation

← Previous Changeset
Next Changeset →

Changeset 2049

Timestamp:

04/07/08 11:17:40 (8 months ago)

Author:

dsugar

Message:

work on generating iptables (secmark) network rules from CDS Framework policy.

Files:

branches/networking/resources/cdsframework.spt (modified) (1 diff)
branches/networking/resources/dictionary/dictionary.fdic (modified) (1 diff)
branches/networking/src/com/tresys/framework/compiler/Compiler.java (modified) (6 diffs)
branches/networking/src/com/tresys/framework/compiler/systemResources/IPTablesNetworkResource.java (modified) (1 diff)
branches/networking/src/com/tresys/framework/compiler/systemResources/NetworkInfo.java (modified) (2 diffs)
branches/networking/src/com/tresys/framework/compiler/translator/NetworkSecmark.java (added)
branches/networking/src/com/tresys/framework/compiler/translator/SELinuxPolicy.java (modified) (2 diffs)
branches/networking/src/com/tresys/framework/plugin/editor/policy/text/PolicyOutlinePage.java (modified) (1 diff)
branches/networking/src/com/tresys/framework/plugin/wizards/shape/ResourceShapePropertyPage.java (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/networking/resources/cdsframework.spt

r1978	r2049
51	51	')
52	52
	53	define(`SEFramework_secmark_resource',`
	54	ifdef(`corenet_client_packet',
	55	`corenet_client_packet($1)')
	56	')
	57
53	58	define(`SEFramework_read_boolean',`
54	59	allow $1 $2:file { read getattr };

branches/networking/resources/dictionary/dictionary.fdic

r2045	r2049
211	211
212	212	rdef secmark
213		[desc: "An IPTables (secmark} configured network connection"]
	213	[desc: "An IPTables (secmark) configured network connection"]
214	214	{
215	215	requires { secmark }

branches/networking/src/com/tresys/framework/compiler/Compiler.java

r2032	r2049
15	15	package com.tresys.framework.compiler;
16	16
	17	import java.io.ByteArrayOutputStream;
17	18	import java.io.FileOutputStream;
18	19	import java.io.FileNotFoundException;
…	…
34	35	import com.tresys.framework.compiler.policy.SystemResourceValidator;
35	36	import com.tresys.framework.compiler.systemResources.SystemResources;
	37	import com.tresys.framework.compiler.translator.NetworkSecmark;
36	38	import com.tresys.framework.compiler.translator.SELinuxDictionary;
37	39	import com.tresys.framework.compiler.translator.SELinuxPolicy;
…	…
76	78	private static String customPolicyFileName;
77	79
	80	static String secmarkFilename = null;
	81
	82	static String ipsecFilename = null;
	83
78	84	private static void getOpt (String[] args)
79	85	{
…	…
246	252	{
247	253	customPolicyFileName = args[x];
	254	}
	255	else
	256	{
	257	printUsage ();
	258	System.exit (1);
	259	}
	260	}
	261	else if ( args[x].equals ("-secmark"))
	262	{
	263	x++;
	264	if (x < args.length)
	265	{
	266	secmarkFilename = args[x];
	267	}
	268	else
	269	{
	270	printUsage ();
	271	System.exit (1);
	272	}
	273	}
	274	else if ( args[x].equals ("-ipsec"))
	275	{
	276	x++;
	277	if (x < args.length)
	278	{
	279	ipsecFilename = args[x];
248	280	}
249	281	else
…	…
339	371	System.out.println (" (defaults to stdout if not specified)");
340	372	System.out.println ();
	373	System.out.println ("Network arguments:");
	374	System.out.println (" -ipsec <output file> specify output file for generated ipsec ");
	375	System.out.println (" (Labeled Networking) Security Associations");
	376	System.out.println (" -secmark <output file> specify output file for generated secmark");
	377	System.out.println (" (IPTables Networking) rules");
	378	System.out.println ();
341	379	System.out.println ("Output arguments (repeated here for reference):");
342	380	System.out.println (" -do <dictionary output> specify destination for dictionary (spt) support file");
…	…
689	727	System.exit (1);
690	728	}
	729
	730	if (secmarkFilename != null)
	731	{
	732	NetworkSecmark networkInfo = new NetworkSecmark ();
	733	policy.Accept (networkInfo);
	734
	735	ByteArrayOutputStream networkData = networkInfo.GetConfiguration ();
	736	if (networkData != null && networkData.size () > 0)
	737	{
	738	try
	739	{
	740	File secmarkFile = new File (secmarkFilename);
	741	PrintStream secmarkStream = new PrintStream (secmarkFile);
	742	secmarkStream.print (networkData.toString ());
	743	secmarkStream.flush ();
	744	secmarkStream.close ();
	745	}
	746	catch (FileNotFoundException e)
	747	{
	748	e.printStackTrace();
	749	}
	750	}
	751	}
	752
691	753	// hopefully this will trigger the finalize() methods and save us memory
692	754	// and cpu cycles

branches/networking/src/com/tresys/framework/compiler/systemResources/IPTablesNetworkResource.java

r2045	r2049
39	39	m_sProtocol = i_sProtocol;
40	40	}
	41
	42	public NetworkInfo getLocalInfo ()
	43	{
	44	return m_netLocal;
	45	}
	46
	47	public NetworkInfo getRemoteInfo ()
	48	{
	49	return m_netRemote;
	50	}
	51
	52	public String getProtocol ()
	53	{
	54	return m_sProtocol;
	55	}
41	56	}

branches/networking/src/com/tresys/framework/compiler/systemResources/NetworkInfo.java

r2045	r2049
16	16	*
17	17	*/
18		class NetworkInfo
	18	public class NetworkInfo
19	19	{
20	20	protected final String m_sNode;
…	…
27	27	m_sIPAddr = i_sIP;
28	28	m_nPorts = i_aPorts;
	29	}
	30
	31	public String getNode ()
	32	{
	33	return m_sNode;
	34	}
	35
	36	public String getIPAddr ()
	37	{
	38	return m_sIPAddr;
	39	}
	40
	41	public int [] getPorts ()
	42	{
	43	return m_nPorts;
29	44	}
30	45

branches/networking/src/com/tresys/framework/compiler/translator/SELinuxPolicy.java

r2035	r2049
272	272	}
273	273	}
	274	else if (rdef.GetSysResourceState (SystemResourceTypes.secmark) != SysResourceState.No)
	275	{
	276	MakeSecmarkType (sType, outStream, sIndent);
	277	}
274	278	}
275	279
…	…
1929	1933
1930	1934	/**
	1935	* Assign a type to packet type.
	1936	*
	1937	* @param String type
	1938	* @return Assignment statement
	1939	*/
	1940	private void MakeSecmarkType (String sType, PrintStream ps, String i_sLinePrefix)
	1941	{
	1942	if (i_sLinePrefix != null)
	1943	ps.print (i_sLinePrefix);
	1944	ps.println ("SEFramework_secmark_resource(" + sType + ")");
	1945	}
	1946
	1947	/**
1931	1948	* Makes a file context entry for a directory
1932	1949	*

branches/networking/src/com/tresys/framework/plugin/editor/policy/text/PolicyOutlinePage.java

r2029	r2049
193	193	// }
194	194
195		theOutlineTree.setInput (m_editor.getSystem ().getPolicy ());
	195	Object input = null;
	196	if (m_editor != null && m_editor.getSystem () != null)
	197	input = m_editor.getSystem ().getPolicy ();
	198
	199	theOutlineTree.setInput (input);
196	200	}
197	201

branches/networking/src/com/tresys/framework/plugin/wizards/shape/ResourceShapePropertyPage.java

r2030	r2049
363	363	{
364	364	private boolean m_bShowControlRdef;
	365	private boolean m_bShowFile = true;
	366	private boolean m_bShowDir = true;
	367	private boolean m_bShowNetwork = false;
365	368
366	369	RDEFFilter (boolean i_bShowControlRdef)
…	…
373	376	if (element instanceof Rdef)
374	377	{
375		if (((Rdef) element).isControlRdef ())
	378	Rdef rdef = (Rdef) element;
	379
	380	if (rdef.isControlRdef ())
376	381	return m_bShowControlRdef;
	382
	383	if (rdef.GetSysResourceState (SystemResourceTypes.dir) != SysResourceState.No)
	384	return m_bShowDir;
	385
	386	if (rdef.GetSysResourceState (SystemResourceTypes.file) != SysResourceState.No)
	387	return m_bShowFile;
	388
	389	if (rdef.GetSysResourceState (SystemResourceTypes.ipsec) != SysResourceState.No)
	390	return m_bShowNetwork;
	391
	392	if (rdef.GetSysResourceState (SystemResourceTypes.secmark) != SysResourceState.No)
	393	return m_bShowNetwork;
	394
377	395	return true;
378	396	}

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.