From eafe62886f8941e249d8eceaee732d3b35e19616 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Thu, 29 Nov 2018 11:22:28 +0100
Subject: [PATCH] New lens: Semanage (#594)

Introduce a new lens to parse /etc/selinux/semanage.conf instead of
using Simplevars: the latter cannot handle the more complex syntax of
groups introduced in newer versions of libsemanage.
---
 lenses/semanage.aug            | 37 ++++++++++++++++
 lenses/simplevars.aug          |  1 -
 lenses/tests/test_semanage.aug | 81 ++++++++++++++++++++++++++++++++++
 tests/Makefile.am              |  1 +
 4 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 lenses/semanage.aug
 create mode 100644 lenses/tests/test_semanage.aug

diff --git a/lenses/semanage.aug b/lenses/semanage.aug
new file mode 100644
index 00000000..46f93b32
--- /dev/null
+++ b/lenses/semanage.aug
@@ -0,0 +1,37 @@
+(*
+Module: Semanage
+   Parses /etc/selinux/semanage.conf
+
+Author:
+   Pino Toscano <ptoscano@redhat.com>
+
+About: License
+   This file is licenced under the LGPL v2+, like the rest of Augeas.
+
+About: Configuration files
+   This lens applies to /etc/selinux/semanage.conf. See <filter>.
+
+About: Examples
+   The <Test_Semanage> file contains various examples and tests.
+*)
+
+module Semanage =
+  autoload xfm
+
+let comment = IniFile.comment "#" "#"
+let sep = IniFile.sep "=" "="
+let empty = IniFile.empty
+let eol = IniFile.eol
+
+let entry = IniFile.entry IniFile.entry_re sep comment
+          | empty
+
+let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/)
+let record = [ title . entry+ . Util.del_str "[end]" . eol ]
+
+let lns = (entry | record)*
+
+(* Variable: filter *)
+let filter = incl "/etc/selinux/semanage.conf"
+
+let xfm = transform lns filter
diff --git a/lenses/simplevars.aug b/lenses/simplevars.aug
index ad9795f0..6e6547cc 100644
--- a/lenses/simplevars.aug
+++ b/lenses/simplevars.aug
@@ -46,6 +46,5 @@ let filter = incl "/etc/kernel-img.conf"
            . incl "/etc/audit/auditd.conf"
            . incl "/etc/mixerctl.conf"
            . incl "/etc/wsconsctlctl.conf"
-           . incl "/etc/selinux/semanage.conf"
 
 let xfm = transform lns filter
diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug
new file mode 100644
index 00000000..a6ceaca0
--- /dev/null
+++ b/lenses/tests/test_semanage.aug
@@ -0,0 +1,81 @@
+(*
+Module: Test_Semanage
+  Provides unit tests and examples for the <Semanage> lens.
+*)
+
+module Test_Semanage =
+
+(* Variable: phony_conf *)
+let phony_conf = "# this is a comment
+
+mykey = myvalue # eol comment
+anotherkey = another value
+"
+
+(* Test: Semanage.lns *)
+test Semanage.lns get phony_conf =
+   { "#comment" = "this is a comment" }
+   { }
+   { "mykey" = "myvalue"
+     { "#comment" = "eol comment" } }
+   { "anotherkey" = "another value" }
+
+(* Test: Semanage.lns
+   Quotes are OK in variables that do not begin with a quote *)
+test Semanage.lns get "UserParameter=custom.vfs.dev.read.ops[*],cat /proc/diskstats | grep $1 | head -1 | awk '{print $$4}'\n" =
+     { "UserParameter" = "custom.vfs.dev.read.ops[*],cat /proc/diskstats | grep $1 | head -1 | awk '{print $$4}'" }
+
+(* Test: Semanage.lns
+     Support empty values *)
+test Semanage.lns get "foo =\n" =
+  { "foo" }
+
+(* Variable: conf *)
+let conf = "module-store = direct
+module-store = \"source\"
+
+#policy-version = 19
+
+expand-check=0
+
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root
+
+[sefcontext_compile]
+path = /usr/sbin/sefcontext_compile
+args = -r $@
+
+[end]
+
+config=test
+
+[verify module]
+test=value
+[end]
+"
+
+(* Test: Semanage.lns *)
+test Semanage.lns get conf =
+   { "module-store" = "direct" }
+   { "module-store" = "source" }
+   { }
+   { "#comment" = "policy-version = 19" }
+   { }
+   { "expand-check" = "0" }
+   { }
+   { "usepasswd" = "False" }
+   { "bzip-small" = "true" }
+   { "bzip-blocksize" = "5" }
+   { "ignoredirs" = "/root" }
+   { }
+   { "@group" = "sefcontext_compile"
+     { "path" = "/usr/sbin/sefcontext_compile" }
+     { "args" = "-r $@" }
+     { } }
+   { }
+   { "config" = "test" }
+   { }
+   { "@group" = "verify module"
+     { "test" = "value" } }
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8e035e91..2b87c1c7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -186,6 +186,7 @@ lens_tests =			\
   lens-rx.sh			\
   lens-samba.sh			\
   lens-securetty.sh     \
+  lens-semanage.sh		\
   lens-services.sh		\
   lens-shadow.sh		\
   lens-shells.sh		\
-- 
2.17.2