summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-security/smacknet/files/smacknet
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-security/smacknet/files/smacknet')
-rw-r--r--meta-security/recipes-security/smacknet/files/smacknet184
1 files changed, 0 insertions, 184 deletions
diff --git a/meta-security/recipes-security/smacknet/files/smacknet b/meta-security/recipes-security/smacknet/files/smacknet
deleted file mode 100644
index 3818d30ae..000000000
--- a/meta-security/recipes-security/smacknet/files/smacknet
+++ /dev/null
@@ -1,184 +0,0 @@
-#!/usr/bin/python
-# Copyright (c) 2012, 2013, Intel Corporation
-# Copyright (c) 2009 David Wolinsky <davidiw@ufl.edu), University of Florida
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. The name of the author may not be used to endorse or promote products
-# derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-import socket,fcntl, struct, thread
-import os.path
-import sys
-
-SMACKFS_LOAD="/sys/fs/smackfs/load2"
-SMACKFS_NETLABEL="/sys/fs/smackfs/netlabel"
-SIOCGIFADDR = 0x8915
-SIOCGIFNETMASK = 0x891b
-
-def get_ip_address(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- return fcntl.ioctl(s.fileno(), SIOCGIFADDR,
- struct.pack('256s', ifname.encode("utf-8")))[20:24]
-
-def get_netmask(ifname):
- s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- return fcntl.ioctl(s.fileno(), SIOCGIFNETMASK,
- struct.pack('256s', ifname.encode("utf-8")))[20:24]
-
-def applynetlabeltags(interface, addr):
- if not interface.startswith("lo"):
- bmask = get_netmask(interface.encode("utf-8"))
- prefix = bin(struct.unpack(">L", bmask)[0]).count("1")
- tags = [
- addr+"/"+str(prefix)+" Network::Local\n",
- "0.0.0.0/0 Network::Cloud\n",
- "127.0.0.1/8 -CIPSO\n"]
- smackfs_netlabel(tags)
-
-def loadnetlabelrules():
- rulesSystem = [
- "System Network::Cloud w\n",
- "System Network::Local w\n",
- "Network::Cloud System w\n",
- "Network::Local System w\n"]
- smackfs_load2(rulesSystem)
-
-def smackfs_load2 (rules):
- with open(SMACKFS_LOAD, "w") as load2:
- for rule in rules:
- load2.write(rule)
-
-def smackfs_netlabel (tags):
- for tag in tags:
- with open(SMACKFS_NETLABEL, "w") as netlabel:
- netlabel.write(tag)
-
-"""
- Source of: Class ip monitor, and other functions named bellow.
- Original author: David Wolinsky <davidiw@ufl.edu
- Copied from: https://github.com/davidiw/Grid-Appliance/blob/master/scripts/ip_monitor.py
-
-"""
-
-"""4 byte alignment"""
-
-def align(inc):
- diff = inc % 4
- return inc + ((4 - diff) % 4)
-
-class ifaddr:
- """Parse an ifaddr packet"""
- LOCAL = 2
- LABEL = 3
-
- def __init__(self, packet):
- self.family, self.prefixlen, self.flags, self.scope, self.index = \
- struct.unpack("BBBBI", packet[:8])
-
-class rtattr:
- """Parse a rtattr packet"""
- GRP_IPV4_IFADDR = 0x10
-
- NEWADDR = 20
- DELADDR = 21
- GETADDR = 22
-
- def __init__(self, packet):
- self.len, self.type = struct.unpack("HH", packet[:4])
- if self.type == ifaddr.LOCAL:
- addr = struct.unpack("BBBB", packet[4:self.len])
- self.payload = "%s.%s.%s.%s" % (addr[0], addr[1], addr[2], addr[3])
- elif self.type == ifaddr.LABEL:
- self.payload = packet[4:self.len].strip("\0")
- else:
- self.payload = packet[4:self.len]
-
-class netlink:
- """Parse a netlink packet"""
- REQUEST = 1
- ROOT = 0x100
- MATCH = 0x200
- DONE = 3
-
- def __init__(self, packet):
- self.msglen, self.msgtype, self.flags, self.seq, self.pid = \
- struct.unpack("IHHII", packet[:16])
- self.ifa = None
- try:
- self.ifa = ifaddr(packet[16:24])
- except:
- return
-
- self.rtas = {}
- pos = 24
- while pos < self.msglen:
- try:
- rta = rtattr(packet[pos:])
- except:
- break
- pos += align(rta.len)
- self.rtas[rta.type] = rta.payload
-
-class ip_monitor:
- def __init__(self, callback = None):
- if callback == None:
- callback = self.print_cb
- self._callback = callback
-
- def print_cb(self, label, addr):
- print (label + " => " + addr)
-
- def request_addrs(self, sock):
- sock.send(struct.pack("IHHIIBBBBI", 24, rtattr.GETADDR, \
- netlink.REQUEST | netlink.ROOT | netlink.MATCH, 0, sock.getsockname()[0], \
- socket.AF_INET, 0, 0, 0, 0))
-
- def start_thread(self):
- thread.start_new_thread(self.run, ())
-
- def run(self):
- sock = socket.socket(socket.AF_NETLINK, socket.SOCK_RAW, socket.NETLINK_ROUTE)
- sock.bind((0, rtattr.GRP_IPV4_IFADDR))
- self.request_addrs(sock)
-
- while True:
- data = sock.recv(4096)
- pos = 0
- while pos < len(data):
- nl = netlink(data[pos:])
- if nl.msgtype == netlink.DONE:
- break
- pos += align(nl.msglen)
- if nl.msgtype != rtattr.NEWADDR:
- continue
- self._callback(nl.rtas[ifaddr.LABEL], nl.rtas[ifaddr.LOCAL])
-
-def main():
- if not os.path.isfile(SMACKFS_LOAD):
- print ("Smack not found.")
- return -1
- loadnetlabelrules()
-
- ip_monitor(applynetlabeltags).run()
-
-if __name__ == "__main__":
- main()