50beb4ffb5
Add a helper, `parse_config`, to parse a selinux configuration file, see selinux(8), and return a dictionary containing the configuration data in key, value pairs. This, in turn, can be fed into the other helper method, `config_get_policy`, to get the effective policy or `None` if SELinux is disabled or the policy type is not configured. Add a new test suite that checks the basic functionality of the helpers above.
29 lines
771 B
Python
29 lines
771 B
Python
"""SELinux utility functions"""
|
|
|
|
from typing import Dict, TextIO
|
|
|
|
|
|
def parse_config(config_file: TextIO):
|
|
"""Parse an SELinux configuration file"""
|
|
config = {}
|
|
for line in config_file:
|
|
line = line.strip()
|
|
if not line:
|
|
continue
|
|
if line.startswith('#'):
|
|
continue
|
|
k, v = line.split('=', 1)
|
|
config[k.strip()] = v.strip()
|
|
return config
|
|
|
|
|
|
def config_get_policy(config: Dict[str, str]):
|
|
"""Return the effective SELinux policy
|
|
|
|
Checks if SELinux is enabled and if so returns the
|
|
policy; otherwise `None` is returned.
|
|
"""
|
|
enabled = config.get('SELINUX', 'disabled')
|
|
if enabled not in ['enforcing', 'permissive']:
|
|
return None
|
|
return config.get('SELINUXTYPE', None)
|