smack-test: more py3 covertionkirkstone

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2023-09-26 09:49:22 +0200
committer: Armin Kuster <akuster808@gmail.com> 2023-10-04 17:26:33 -0700
commit: 1a3e42cedbd94ca73be45800d0e902fec35d0f0f (patch)
tree: 0659690affe978f405320d06c60b8594cda19464
parent: f99844d793573fb67432cf287963f180b475d62f (diff)
download: meta-security-kirkstone.tar.gz
2 files changed, 11 insertions, 11 deletions
diff --git a/recipes-mac/smack/smack-test/notroot.py b/recipes-mac/smack/smack-test/notroot.py
index f0eb0b5..89f83f4 100644
--- a/recipes-mac/smack/smack-test/notroot.py
+++ b/recipes-mac/smack/smack-test/notroot.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 #
 # Script used for running executables with custom labels, as well as custom uid/gid
 # Process label is changed by writing to /proc/self/attr/curent
@@ -9,8 +9,8 @@
 # """By  default,  each  user  in Debian GNU/Linux is given a corresponding group 
 # with the same name. """
 #
-# Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
+# Usage: root@desk:~# python3 notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
-# eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
+# eg: python3 notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
 #
 # Author: Alexandru Cornea <alexandru.cornea@intel.com>
 import os
@@ -28,6 +28,6 @@ try:
        os.setuid(uid)  
        os.execv(path,sys.argv)
-except Exception,e:
+except Exception as e:
-        print e.message
+        print(e.strerror)
-        sys.exit(1)
+        sys.exit(-1)
diff --git a/recipes-mac/smack/smack-test/smack_test_file_access.sh b/recipes-mac/smack/smack-test/smack_test_file_access.sh
index 5a0ce84..598f1df 100644
--- a/recipes-mac/smack/smack-test/smack_test_file_access.sh
+++ b/recipes-mac/smack/smack-test/smack_test_file_access.sh
@@ -8,7 +8,7 @@ CAT=`which cat`
 ECHO=`which echo`
 uid=1000
 initial_label=`cat /proc/self/attr/current`
-python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
+python3 $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
 chsmack -a "TheOther" $test_file
 #        12345678901234567890123456789012345678901234567890123456
@@ -17,7 +17,7 @@ rule_ro="TheOne                  TheOther                r----"
 # Remove pre-existent rules for "TheOne TheOther <access>"
 echo -n "$delrule" > $SMACK_PATH/load
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$?
 if [ $RC -ne 0 ]; then
        echo "Process with different label than the test file and no read access on it can read it"
        exit $RC
@@ -25,7 +25,7 @@ fi
 # adding read access
 echo -n "$rule_ro" > $SMACK_PATH/load
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
 if [ $RC -ne 0 ]; then
        echo "Process with different label than the test file but with read access on it cannot read it"
        exit $RC
@@ -36,7 +36,7 @@ echo -n "$delrule" > $SMACK_PATH/load
 # changing label of test file to *
 # according to SMACK documentation, read access on a * object is always permitted
 chsmack -a '*' $test_file
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
 if [ $RC -ne 0 ]; then
        echo  "Process cannot read file with * label"
        exit $RC
@@ -45,7 +45,7 @@ fi
 # changing subject label to *
 # according to SMACK documentation, every access requested by a star labeled subject is rejected
 TOUCH=`which touch`
-python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
+python3 $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
 ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$?
 if [ $RC -ne 0 ];then
        echo "Process with label '*' should not have any access"
author	Armin Kuster <akuster808@gmail.com>	2023-09-26 09:49:22 +0200
committer	Armin Kuster <akuster808@gmail.com>	2023-10-04 17:26:33 -0700
commit	1a3e42cedbd94ca73be45800d0e902fec35d0f0f (patch)
tree	0659690affe978f405320d06c60b8594cda19464
parent	f99844d793573fb67432cf287963f180b475d62f (diff)
download	meta-security-kirkstone.tar.gz

diff --git a/recipes-mac/smack/smack-test/notroot.py b/recipes-mac/smack/smack-test/notroot.py index f0eb0b5..89f83f4 100644 --- a/recipes-mac/smack/smack-test/notroot.py +++ b/recipes-mac/smack/smack-test/notroot.py
@@ -1,4 +1,4 @@
1	#!/usr/bin/env python	1	#!/usr/bin/env python3
2	#	2	#
3	# Script used for running executables with custom labels, as well as custom uid/gid	3	# Script used for running executables with custom labels, as well as custom uid/gid
4	# Process label is changed by writing to /proc/self/attr/curent	4	# Process label is changed by writing to /proc/self/attr/curent
@@ -9,8 +9,8 @@
9	# """By default, each user in Debian GNU/Linux is given a corresponding group	9	# """By default, each user in Debian GNU/Linux is given a corresponding group
10	# with the same name. """	10	# with the same name. """
11	#	11	#
12	# Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..]	12	# Usage: root@desk:~# python3 notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
13	# eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1	13	# eg: python3 notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
14	#	14	#
15	# Author: Alexandru Cornea <alexandru.cornea@intel.com>	15	# Author: Alexandru Cornea <alexandru.cornea@intel.com>
16	import os	16	import os
@@ -28,6 +28,6 @@ try:
28	os.setuid(uid)	28	os.setuid(uid)
29	os.execv(path,sys.argv)	29	os.execv(path,sys.argv)
30		30
31	except Exception,e:	31	except Exception as e:
32	print e.message	32	print(e.strerror)
33	sys.exit(1)	33	sys.exit(-1)


diff --git a/recipes-mac/smack/smack-test/smack_test_file_access.sh b/recipes-mac/smack/smack-test/smack_test_file_access.sh index 5a0ce84..598f1df 100644 --- a/recipes-mac/smack/smack-test/smack_test_file_access.sh +++ b/recipes-mac/smack/smack-test/smack_test_file_access.sh
@@ -8,7 +8,7 @@ CAT=`which cat`
8	ECHO=`which echo`	8	ECHO=`which echo`
9	uid=1000	9	uid=1000
10	initial_label=`cat /proc/self/attr/current`	10	initial_label=`cat /proc/self/attr/current`
11	python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file	11	python3 $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
12	chsmack -a "TheOther" $test_file	12	chsmack -a "TheOther" $test_file
13		13
14	# 12345678901234567890123456789012345678901234567890123456	14	# 12345678901234567890123456789012345678901234567890123456
@@ -17,7 +17,7 @@ rule_ro="TheOne TheOther r----"
17		17
18	# Remove pre-existent rules for "TheOne TheOther <access>"	18	# Remove pre-existent rules for "TheOne TheOther <access>"
19	echo -n "$delrule" > $SMACK_PATH/load	19	echo -n "$delrule" > $SMACK_PATH/load
20	python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null \| grep -q "Permission denied" \|\| RC=$?	20	python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null \| grep -q "Permission denied" \|\| RC=$?
21	if [ $RC -ne 0 ]; then	21	if [ $RC -ne 0 ]; then
22	echo "Process with different label than the test file and no read access on it can read it"	22	echo "Process with different label than the test file and no read access on it can read it"
23	exit $RC	23	exit $RC
@@ -25,7 +25,7 @@ fi
25		25
26	# adding read access	26	# adding read access
27	echo -n "$rule_ro" > $SMACK_PATH/load	27	echo -n "$rule_ro" > $SMACK_PATH/load
28	python $TMP/notroot.py $uid "TheOne" $CAT $test_file \| grep -q "TEST" \|\| RC=$?	28	python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file \| grep -q "TEST" \|\| RC=$?
29	if [ $RC -ne 0 ]; then	29	if [ $RC -ne 0 ]; then
30	echo "Process with different label than the test file but with read access on it cannot read it"	30	echo "Process with different label than the test file but with read access on it cannot read it"
31	exit $RC	31	exit $RC
@@ -36,7 +36,7 @@ echo -n "$delrule" > $SMACK_PATH/load
36	# changing label of test file to *	36	# changing label of test file to *
37	# according to SMACK documentation, read access on a * object is always permitted	37	# according to SMACK documentation, read access on a * object is always permitted
38	chsmack -a '*' $test_file	38	chsmack -a '*' $test_file
39	python $TMP/notroot.py $uid "TheOne" $CAT $test_file \| grep -q "TEST" \|\| RC=$?	39	python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file \| grep -q "TEST" \|\| RC=$?
40	if [ $RC -ne 0 ]; then	40	if [ $RC -ne 0 ]; then
41	echo "Process cannot read file with * label"	41	echo "Process cannot read file with * label"
42	exit $RC	42	exit $RC
@@ -45,7 +45,7 @@ fi
45	# changing subject label to *	45	# changing subject label to *
46	# according to SMACK documentation, every access requested by a star labeled subject is rejected	46	# according to SMACK documentation, every access requested by a star labeled subject is rejected
47	TOUCH=`which touch`	47	TOUCH=`which touch`
48	python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2	48	python3 $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
49	ls -la $TMP/test_file_2 2>&1 \| grep -q 'No such file or directory' \|\| RC=$?	49	ls -la $TMP/test_file_2 2>&1 \| grep -q 'No such file or directory' \|\| RC=$?
50	if [ $RC -ne 0 ];then	50	if [ $RC -ne 0 ];then
51	echo "Process with label '*' should not have any access"	51	echo "Process with label '*' should not have any access"