From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 19 Aug 2020 17:05:33 +0200
Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

All tools like ausearch(8) or sesearch(1) and online documentation[1]
use hexadecimal values for extended permissions.
Hence use them, e.g. for audit2allow output, as well.

[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 python/sepolgen/src/sepolgen/refpolicy.py |  5 ++---
 python/sepolgen/tests/test_access.py      | 10 +++++-----
 python/sepolgen/tests/test_refpolicy.py   | 12 ++++++------
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
index 43cecfc77385..747636875ef7 100644
--- a/python/sepolgen/src/sepolgen/refpolicy.py
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
@@ -407,10 +407,9 @@ class XpermSet():
 
         # print single value without braces
         if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
-            return compl + str(self.ranges[0][0])
+            return compl + hex(self.ranges[0][0])
 
-        vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
-                   self.ranges)
+        vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
 
         return "%s{ %s }" % (compl, " ".join(vals))
 
diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
index 73a5407df617..623588e09aeb 100644
--- a/python/sepolgen/tests/test_access.py
+++ b/python/sepolgen/tests/test_access.py
@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
         a.merge(b)
         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
 
     def text_merge_xperm2(self):
         """Test merging AV that does not contain xperms with AV that does"""
@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
         a.merge(b)
         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
 
     def test_merge_xperm_diff_op(self):
         """Test merging two AVs that contain xperms with different operation"""
@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
         a.merge(b)
         self.assertEqual(list(a.perms), ["read"])
         self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
-        self.assertEqual(a.xperms["asdf"].to_string(), "23")
-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
+        self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
                          
     def test_merge_xperm_same_op(self):
         """Test merging two AVs that contain xperms with same operation"""
@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
         a.merge(b)
         self.assertEqual(list(a.perms), ["read"])
         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
 
 class TestUtilFunctions(unittest.TestCase):
     def test_is_idparam(self):
diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
index 4b50c8aada96..c7219fd568e9 100644
--- a/python/sepolgen/tests/test_refpolicy.py
+++ b/python/sepolgen/tests/test_refpolicy.py
@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
         a.complement = True
         self.assertEqual(a.to_string(), "")
         a.add(1234)
-        self.assertEqual(a.to_string(), "~ 1234")
+        self.assertEqual(a.to_string(), "~ 0x4d2")
         a.complement = False
-        self.assertEqual(a.to_string(), "1234")
+        self.assertEqual(a.to_string(), "0x4d2")
         a.add(2345)
-        self.assertEqual(a.to_string(), "{ 1234 2345 }")
+        self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
         a.complement = True
-        self.assertEqual(a.to_string(), "~ { 1234 2345 }")
+        self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
         a.add(42,64)
-        self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
+        self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
         a.complement = False
-        self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
+        self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
 
 class TestSecurityContext(unittest.TestCase):
     def test_init(self):
-- 
2.29.0