Speed up startup time of sepolicy gui
- Clean up ports screen to only show enabled ports. - Update to upstream * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
This commit is contained in:
parent
667e3a73a2
commit
8ba90df46e
@ -9,7 +9,7 @@ index 83ebd45..bea9814 100644
|
|||||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||||
|
|
||||||
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
|
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
index 3967ba5..83c7ecf 100644
|
index 3967ba5..7f8caaf 100644
|
||||||
--- a/policycoreutils/audit2allow/sepolgen-ifgen
|
--- a/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
|
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
|
||||||
@@ -63,7 +63,7 @@ def parse_options():
|
@@ -63,7 +63,7 @@ def parse_options():
|
||||||
@ -21,6 +21,46 @@ index 3967ba5..83c7ecf 100644
|
|||||||
return p
|
return p
|
||||||
i = selinux.security_policyvers()
|
i = selinux.security_policyvers()
|
||||||
p = selinux.selinux_binary_policy_path() + "." + str(i)
|
p = selinux.selinux_binary_policy_path() + "." + str(i)
|
||||||
|
@@ -82,7 +82,7 @@ def get_attrs(policy_path):
|
||||||
|
sys.stderr.write("No installed policy to check\n")
|
||||||
|
return None
|
||||||
|
outfile = tempfile.NamedTemporaryFile()
|
||||||
|
- except IOError, e:
|
||||||
|
+ except IOError as e:
|
||||||
|
sys.stderr.write("could not open attribute output file\n")
|
||||||
|
return None
|
||||||
|
except OSError:
|
||||||
|
@@ -100,7 +100,7 @@ def get_attrs(policy_path):
|
||||||
|
try:
|
||||||
|
attrs.from_file(outfile)
|
||||||
|
except:
|
||||||
|
- print "error parsing attribute info"
|
||||||
|
+ print("error parsing attribute info")
|
||||||
|
return None
|
||||||
|
|
||||||
|
return attrs
|
||||||
|
@@ -111,7 +111,7 @@ def main():
|
||||||
|
# Open the output first to generate errors before parsing
|
||||||
|
try:
|
||||||
|
f = open(options.output, "w")
|
||||||
|
- except IOError, e:
|
||||||
|
+ except IOError as e:
|
||||||
|
sys.stderr.write("could not open output file [%s]\n" % options.output)
|
||||||
|
return 1
|
||||||
|
|
||||||
|
@@ -130,9 +130,9 @@ def main():
|
||||||
|
# Parse the headers
|
||||||
|
try:
|
||||||
|
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
|
||||||
|
- except ValueError, e:
|
||||||
|
- print "error parsing headers"
|
||||||
|
- print str(e)
|
||||||
|
+ except ValueError as e:
|
||||||
|
+ print("error parsing headers")
|
||||||
|
+ print(str(e))
|
||||||
|
return 1
|
||||||
|
|
||||||
|
if_set = interfaces.InterfaceSet(output=log)
|
||||||
diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile
|
diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile
|
||||||
index 9d9f820..0c2b390 100644
|
index 9d9f820..0c2b390 100644
|
||||||
--- a/policycoreutils/gui/Makefile
|
--- a/policycoreutils/gui/Makefile
|
||||||
@ -253158,6 +253198,24 @@ index 89201e1..af72868 100644
|
|||||||
Type=Application
|
Type=Application
|
||||||
StartupNotify=false
|
StartupNotify=false
|
||||||
X-GNOME-Autostart-enabled=false
|
X-GNOME-Autostart-enabled=false
|
||||||
|
diff --git a/policycoreutils/restorecond/restorecond.service b/policycoreutils/restorecond/restorecond.service
|
||||||
|
index 7d64cc5..f560b05 100644
|
||||||
|
--- a/policycoreutils/restorecond/restorecond.service
|
||||||
|
+++ b/policycoreutils/restorecond/restorecond.service
|
||||||
|
@@ -4,9 +4,10 @@ After=syslog.target
|
||||||
|
ConditionPathExists=/etc/selinux/restorecond.conf
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
-Type=oneshot
|
||||||
|
-ExecStart=/usr/sbin/restorecond
|
||||||
|
-RemainAfterExit=yes
|
||||||
|
+Environment=LANG=C
|
||||||
|
+
|
||||||
|
+ExecStart=/usr/sbin/restorecond -d
|
||||||
|
+ExecStop=/bin/kill -WINCH ${MAINPID}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
|
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
|
||||||
index fb5a24c..3668abe 100644
|
index fb5a24c..3668abe 100644
|
||||||
--- a/policycoreutils/sandbox/sandbox
|
--- a/policycoreutils/sandbox/sandbox
|
||||||
@ -258832,6 +258890,100 @@ index cd1026a..ac44dfe 100644
|
|||||||
+ PyModule_AddIntConstant(m, "SENS", SENS);
|
+ PyModule_AddIntConstant(m, "SENS", SENS);
|
||||||
+ PyModule_AddIntConstant(m, "CATS", CATS);
|
+ PyModule_AddIntConstant(m, "CATS", CATS);
|
||||||
}
|
}
|
||||||
|
diff --git a/policycoreutils/sepolicy/org.selinux.policy b/policycoreutils/sepolicy/org.selinux.policy
|
||||||
|
index c0a730c..44ae625 100644
|
||||||
|
--- a/policycoreutils/sepolicy/org.selinux.policy
|
||||||
|
+++ b/policycoreutils/sepolicy/org.selinux.policy
|
||||||
|
@@ -11,8 +11,8 @@
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents restorecon access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>auth_admin_keep</allow_any>
|
||||||
|
- <allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
@@ -20,8 +20,8 @@
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents setenforce access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>auth_admin_keep</allow_any>
|
||||||
|
- <allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
@@ -29,8 +29,8 @@
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents semanage access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>auth_admin_keep</allow_any>
|
||||||
|
- <allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
@@ -38,8 +38,8 @@
|
||||||
|
<description>SELinux Read access</description>
|
||||||
|
<message>System policy prevents read access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>yes</allow_any>
|
||||||
|
- <allow_inactive>yes</allow_inactive>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
<allow_active>yes</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
@@ -47,8 +47,8 @@
|
||||||
|
<description>SELinux list modules access</description>
|
||||||
|
<message>System policy prevents read access to SELinux modules</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>yes</allow_any>
|
||||||
|
- <allow_inactive>yes</allow_inactive>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
<allow_active>yes</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
@@ -56,25 +56,27 @@
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents relabel_on_boot access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>yes</allow_any>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
+ <allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
<action id="org.selinux.change_default_policy">
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents change_default_policy access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>auth_admin_keep</allow_any>
|
||||||
|
- <allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
- <allow_active>auth_admin_keep</allow_active>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
+ <allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
<action id="org.selinux.change_policy_type">
|
||||||
|
<description>SELinux write access</description>
|
||||||
|
<message>System policy prevents change_policy_type access to SELinux</message>
|
||||||
|
<defaults>
|
||||||
|
- <allow_any>auth_admin_keep</allow_any>
|
||||||
|
- <allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
- <allow_active>auth_admin_keep</allow_active>
|
||||||
|
+ <allow_any>no</allow_any>
|
||||||
|
+ <allow_inactive>no</allow_inactive>
|
||||||
|
+ <allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
</policyconfig>
|
||||||
diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c
|
diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c
|
||||||
index 2a9e1c7..365e622 100644
|
index 2a9e1c7..365e622 100644
|
||||||
--- a/policycoreutils/sepolicy/policy.c
|
--- a/policycoreutils/sepolicy/policy.c
|
||||||
@ -259067,7 +259219,7 @@ index 458a4d2..b6088af 100644
|
|||||||
+ except dbus.DBusException as e:
|
+ except dbus.DBusException as e:
|
||||||
+ print(e)
|
+ print(e)
|
||||||
diff --git a/policycoreutils/sepolicy/selinux_server.py b/policycoreutils/sepolicy/selinux_server.py
|
diff --git a/policycoreutils/sepolicy/selinux_server.py b/policycoreutils/sepolicy/selinux_server.py
|
||||||
index 98dbff4..e5d3103 100644
|
index 98dbff4..3cfdc94 100644
|
||||||
--- a/policycoreutils/sepolicy/selinux_server.py
|
--- a/policycoreutils/sepolicy/selinux_server.py
|
||||||
+++ b/policycoreutils/sepolicy/selinux_server.py
|
+++ b/policycoreutils/sepolicy/selinux_server.py
|
||||||
@@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object):
|
@@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
@ -259092,7 +259244,7 @@ index 98dbff4..e5d3103 100644
|
|||||||
# another server to make the two systems have duplicate policy.
|
# another server to make the two systems have duplicate policy.
|
||||||
#
|
#
|
||||||
@slip.dbus.polkit.require_auth("org.selinux.customized")
|
@slip.dbus.polkit.require_auth("org.selinux.customized")
|
||||||
@@ -42,7 +42,7 @@ class selinux_server(slip.dbus.service.Object):
|
@@ -42,12 +42,12 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
if p.returncode and p.returncode != 0:
|
if p.returncode and p.returncode != 0:
|
||||||
raise OSError("Failed to read SELinux configuration: %s", output)
|
raise OSError("Failed to read SELinux configuration: %s", output)
|
||||||
return buf
|
return buf
|
||||||
@ -259101,7 +259253,13 @@ index 98dbff4..e5d3103 100644
|
|||||||
#
|
#
|
||||||
# The semodule_list method will return the output of semodule -l, using the customized polkit,
|
# The semodule_list method will return the output of semodule -l, using the customized polkit,
|
||||||
# since this is a readonly behaviour
|
# since this is a readonly behaviour
|
||||||
@@ -56,7 +56,7 @@ class selinux_server(slip.dbus.service.Object):
|
#
|
||||||
|
- @slip.dbus.polkit.require_auth("org.selinux.customized")
|
||||||
|
+ @slip.dbus.polkit.require_auth("org.selinux.semodule_list")
|
||||||
|
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
|
||||||
|
def semodule_list(self):
|
||||||
|
p = Popen(["/usr/sbin/semodule", "-l"],stdout=PIPE, stderr=PIPE)
|
||||||
|
@@ -56,10 +56,11 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
if p.returncode and p.returncode != 0:
|
if p.returncode and p.returncode != 0:
|
||||||
raise OSError("Failed to list SELinux modules: %s", output)
|
raise OSError("Failed to list SELinux modules: %s", output)
|
||||||
return buf
|
return buf
|
||||||
@ -259110,7 +259268,27 @@ index 98dbff4..e5d3103 100644
|
|||||||
#
|
#
|
||||||
# The restorecon method modifies any file path to the default system label
|
# The restorecon method modifies any file path to the default system label
|
||||||
#
|
#
|
||||||
@@ -83,7 +83,7 @@ class selinux_server(slip.dbus.service.Object):
|
+ @slip.dbus.polkit.require_auth("org.selinux.restorecon")
|
||||||
|
@dbus.service.method("org.selinux", in_signature='s')
|
||||||
|
def restorecon(self, path):
|
||||||
|
selinux.restorecon(str(path), recursive=1)
|
||||||
|
@@ -67,6 +68,7 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
|
#
|
||||||
|
# The setenforce method turns off the current enforcement of SELinux
|
||||||
|
#
|
||||||
|
+ @slip.dbus.polkit.require_auth("org.selinux.setenforce")
|
||||||
|
@dbus.service.method("org.selinux", in_signature='i')
|
||||||
|
def setenforce(self, value):
|
||||||
|
selinux.security_setenforce(value)
|
||||||
|
@@ -74,6 +76,7 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
|
#
|
||||||
|
# The setenforce method turns off the current enforcement of SELinux
|
||||||
|
#
|
||||||
|
+ @slip.dbus.polkit.require_auth("org.selinux.relabel_on_boot")
|
||||||
|
@dbus.service.method("org.selinux", in_signature='i')
|
||||||
|
def relabel_on_boot(self, value):
|
||||||
|
if value == 1:
|
||||||
|
@@ -83,7 +86,7 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
os.unlink("/.autorelabel")
|
os.unlink("/.autorelabel")
|
||||||
|
|
||||||
def write_selinux_config(self, enforcing=None, policy=None):
|
def write_selinux_config(self, enforcing=None, policy=None):
|
||||||
@ -259119,16 +259297,17 @@ index 98dbff4..e5d3103 100644
|
|||||||
backup_path = path + ".bck"
|
backup_path = path + ".bck"
|
||||||
fd = open(path)
|
fd = open(path)
|
||||||
lines = fd.readlines()
|
lines = fd.readlines()
|
||||||
@@ -101,7 +101,7 @@ class selinux_server(slip.dbus.service.Object):
|
@@ -101,26 +104,28 @@ class selinux_server(slip.dbus.service.Object):
|
||||||
os.rename(backup_path, path)
|
os.rename(backup_path, path)
|
||||||
|
|
||||||
#
|
#
|
||||||
- # The change_default_enforcement modifies the current enforcement mode
|
- # The change_default_enforcement modifies the current enforcement mode
|
||||||
+ # The change_default_enforcement modifies the current enforcement mode
|
+ # The change_default_enforcement modifies the current enforcement mode
|
||||||
#
|
#
|
||||||
|
+ @slip.dbus.polkit.require_auth("org.selinux.change_default_mode")
|
||||||
@dbus.service.method("org.selinux", in_signature='s')
|
@dbus.service.method("org.selinux", in_signature='s')
|
||||||
def change_default_mode(self, value):
|
def change_default_mode(self, value):
|
||||||
@@ -109,7 +109,7 @@ class selinux_server(slip.dbus.service.Object):
|
values = [ "enforcing", "permissive", "disabled" ]
|
||||||
if value not in values:
|
if value not in values:
|
||||||
raise ValueError("Enforcement mode must be %s" % ", ".join(values))
|
raise ValueError("Enforcement mode must be %s" % ", ".join(values))
|
||||||
self.write_selinux_config(enforcing=value)
|
self.write_selinux_config(enforcing=value)
|
||||||
@ -259137,7 +259316,11 @@ index 98dbff4..e5d3103 100644
|
|||||||
|
|
||||||
#
|
#
|
||||||
# The change_default_policy method modifies the policy type
|
# The change_default_policy method modifies the policy type
|
||||||
@@ -120,7 +120,7 @@ class selinux_server(slip.dbus.service.Object):
|
#
|
||||||
|
+ @slip.dbus.polkit.require_auth("org.selinux.change_default_policy")
|
||||||
|
@dbus.service.method("org.selinux", in_signature='s')
|
||||||
|
def change_default_policy(self, value):
|
||||||
|
path = selinux.selinux_path() + value
|
||||||
if os.path.isdir(path):
|
if os.path.isdir(path):
|
||||||
return self.write_selinux_config(policy=value)
|
return self.write_selinux_config(policy=value)
|
||||||
raise ValueError("%s does not exist" % path)
|
raise ValueError("%s does not exist" % path)
|
||||||
@ -259215,6 +259398,19 @@ index 779fd75..29ccbdf 100644
|
|||||||
}
|
}
|
||||||
_sepolicy () {
|
_sepolicy () {
|
||||||
local command=${COMP_WORDS[1]}
|
local command=${COMP_WORDS[1]}
|
||||||
|
diff --git a/policycoreutils/sepolicy/sepolicy-generate.8 b/policycoreutils/sepolicy/sepolicy-generate.8
|
||||||
|
index 96c20fc..3a76976 100644
|
||||||
|
--- a/policycoreutils/sepolicy/sepolicy-generate.8
|
||||||
|
+++ b/policycoreutils/sepolicy/sepolicy-generate.8
|
||||||
|
@@ -13,7 +13,7 @@ Common options
|
||||||
|
Confined Applications
|
||||||
|
|
||||||
|
.br
|
||||||
|
-.B sepolicy generate \-\-application [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
+.B sepolicy generate \-\-application [\-n NAME] [\-u USER ]command [\-w WRITE_PATH ]
|
||||||
|
.br
|
||||||
|
.B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
.br
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||||
index 74fb347..adb6ca5 100755
|
index 74fb347..adb6ca5 100755
|
||||||
--- a/policycoreutils/sepolicy/sepolicy.py
|
--- a/policycoreutils/sepolicy/sepolicy.py
|
||||||
@ -261047,7 +261243,7 @@ index 6b53035..32ea970 100644
|
|||||||
out += "%s # %s\n" % (self.write_te(out_dir), _("Type Enforcement file"))
|
out += "%s # %s\n" % (self.write_te(out_dir), _("Type Enforcement file"))
|
||||||
out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file"))
|
out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file"))
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
|
||||||
index 0123e6c..108d9e4 100644
|
index 0123e6c..ac3e513 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/gui.py
|
--- a/policycoreutils/sepolicy/sepolicy/gui.py
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
|
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
|
||||||
@@ -47,12 +47,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
@@ -47,12 +47,15 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||||
@ -261079,23 +261275,51 @@ index 0123e6c..108d9e4 100644
|
|||||||
|
|
||||||
import distutils.sysconfig
|
import distutils.sysconfig
|
||||||
ADVANCED_LABEL = ( _("Advanced >>"), _("Advanced <<") )
|
ADVANCED_LABEL = ( _("Advanced >>"), _("Advanced <<") )
|
||||||
@@ -106,12 +107,12 @@ class SELinuxGui():
|
@@ -102,18 +103,13 @@ class SELinuxGui():
|
||||||
|
|
||||||
|
def __init__( self , app = None, test = False):
|
||||||
|
self.finish_init = False
|
||||||
|
+ self.advanced_init = True
|
||||||
|
self.opage = START_PAGE
|
||||||
self.dbus = SELinuxDBus()
|
self.dbus = SELinuxDBus()
|
||||||
try:
|
try:
|
||||||
customized = self.dbus.customized()
|
customized = self.dbus.customized()
|
||||||
- except dbus.exceptions.DBusException, e:
|
- except dbus.exceptions.DBusException, e:
|
||||||
- print e
|
- print e
|
||||||
|
- self.quit()
|
||||||
|
-
|
||||||
|
- sepolicy_domains = sepolicy.get_all_domains()
|
||||||
|
- sepolicy_domains.sort(compare)
|
||||||
|
- if app and app not in sepolicy_domains:
|
||||||
|
- self.error(_("%s is not a valid domain" % app))
|
||||||
+ except dbus.exceptions.DBusException as e:
|
+ except dbus.exceptions.DBusException as e:
|
||||||
+ print(e)
|
+ print(e)
|
||||||
self.quit()
|
self.quit()
|
||||||
|
|
||||||
sepolicy_domains = sepolicy.get_all_domains()
|
self.init_cur()
|
||||||
- sepolicy_domains.sort(compare)
|
@@ -139,7 +135,7 @@ class SELinuxGui():
|
||||||
+ sepolicy_domains.sort(key=str.lower)
|
self.files_add = False
|
||||||
if app and app not in sepolicy_domains:
|
self.network_add = False
|
||||||
self.error(_("%s is not a valid domain" % app))
|
|
||||||
self.quit()
|
- self.all_list = []
|
||||||
@@ -234,7 +235,7 @@ class SELinuxGui():
|
+ self.all_domains = []
|
||||||
|
self.installed_list = []
|
||||||
|
self.previously_modified = {}
|
||||||
|
|
||||||
|
@@ -151,10 +147,10 @@ class SELinuxGui():
|
||||||
|
self.invalid_entry = False
|
||||||
|
# Advanced search window ****************************
|
||||||
|
self.advanced_search_window = builder.get_object("advanced_search_window")
|
||||||
|
- self.advanced_search_liststore = builder.get_object("Advanced_search_liststore")
|
||||||
|
- self.advanced_search_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
|
||||||
|
self.advanced_search_filter = builder.get_object("advanced_filter")
|
||||||
|
self.advanced_search_filter.set_visible_func(self.filter_the_data)
|
||||||
|
+ self.advanced_search_sort = builder.get_object("advanced_filter")
|
||||||
|
+
|
||||||
|
self.advanced_filter_entry = builder.get_object("advanced_filter_entry")
|
||||||
|
self.advanced_search_treeview = builder.get_object("advanced_search_treeview")
|
||||||
|
self.advanced_search = False
|
||||||
|
@@ -234,7 +230,7 @@ class SELinuxGui():
|
||||||
self.advanced_system.set_visible(False)
|
self.advanced_system.set_visible(False)
|
||||||
self.system_policy_label.set_visible(False)
|
self.system_policy_label.set_visible(False)
|
||||||
self.system_policy_type_combobox.set_visible(False)
|
self.system_policy_type_combobox.set_visible(False)
|
||||||
@ -261104,16 +261328,99 @@ index 0123e6c..108d9e4 100644
|
|||||||
self.enforcing_button_default = builder.get_object("Enforcing_button_default")
|
self.enforcing_button_default = builder.get_object("Enforcing_button_default")
|
||||||
self.permissive_button_default = builder.get_object("Permissive_button_default")
|
self.permissive_button_default = builder.get_object("Permissive_button_default")
|
||||||
self.disabled_button_default = builder.get_object("Disabled_button_default")
|
self.disabled_button_default = builder.get_object("Disabled_button_default")
|
||||||
@@ -484,6 +485,8 @@ class SELinuxGui():
|
@@ -423,12 +419,10 @@ class SELinuxGui():
|
||||||
|
|
||||||
|
# Combobox and Entry items **************************
|
||||||
|
self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar
|
||||||
|
- self.combobox_menu_model = builder.get_object("application_liststore")
|
||||||
|
+ self.application_liststore = builder.get_object("application_liststore")
|
||||||
|
self.completion_entry = builder.get_object("completion_entry") #self.combobox_menu.get_child()
|
||||||
|
- self.completion_entry_model = builder.get_object("application_liststore")
|
||||||
|
self.entrycompletion_obj = builder.get_object("entrycompletion_obj")
|
||||||
|
#self.entrycompletion_obj = Gtk.EntryCompletion()
|
||||||
|
- self.entrycompletion_obj.set_model(self.completion_entry_model)
|
||||||
|
self.entrycompletion_obj.set_minimum_key_length(0)
|
||||||
|
self.entrycompletion_obj.set_text_column(0)
|
||||||
|
self.entrycompletion_obj.set_match_func(self.match_func, None)
|
||||||
|
@@ -483,18 +477,24 @@ class SELinuxGui():
|
||||||
|
self.loading = 1
|
||||||
path = None
|
path = None
|
||||||
if test:
|
if test:
|
||||||
domains = [ "httpd_t", "abrt_t" ]
|
- domains = [ "httpd_t", "abrt_t" ]
|
||||||
+ if app and app not in domains:
|
+ self.all_domains = [ "httpd_t", "abrt_t" ]
|
||||||
+ domains.append(app)
|
+ if app and app not in self.all_domains:
|
||||||
|
+ self.all_domains.append(app)
|
||||||
else:
|
else:
|
||||||
domains = sepolicy_domains
|
- domains = sepolicy_domains
|
||||||
loading_gui.show()
|
- loading_gui.show()
|
||||||
@@ -812,7 +815,7 @@ class SELinuxGui():
|
- length = len(domains)
|
||||||
|
- for domain in domains:
|
||||||
|
+ self.all_domains = sepolicy.get_all_domains()
|
||||||
|
+ self.all_domains.sort(key=str.lower)
|
||||||
|
+
|
||||||
|
+ if app and app not in self.all_domains:
|
||||||
|
+ self.error(_("%s is not a valid domain" % app))
|
||||||
|
+ self.quit()
|
||||||
|
+
|
||||||
|
+ loading_gui.show()
|
||||||
|
+ length = len(self.all_domains)
|
||||||
|
+ for domain in self.all_domains:
|
||||||
|
# After the user selects a path in the drop down menu call
|
||||||
|
# get_init_entrypoint_target(entrypoint) to get the transtype
|
||||||
|
# which will give you the application
|
||||||
|
- self.combo_box_initialize(domain, None)
|
||||||
|
- self.advanced_search_initialize(domain)
|
||||||
|
- self.all_list.append(domain)
|
||||||
|
+ self.combo_box_add(domain, domain)
|
||||||
|
self.percentage = float(float(self.loading)/float(length))
|
||||||
|
self.progress_bar.set_fraction(self.percentage)
|
||||||
|
self.progress_bar.set_pulse_step(self.percentage)
|
||||||
|
@@ -504,14 +504,13 @@ class SELinuxGui():
|
||||||
|
if entrypoint:
|
||||||
|
path = sepolicy.find_entrypoint_path(entrypoint)
|
||||||
|
if path:
|
||||||
|
- self.combo_box_initialize(path, None)
|
||||||
|
- # Adds all files entrypoint paths that exists on disc
|
||||||
|
- # into the combobox
|
||||||
|
- self.advanced_search_initialize(path)
|
||||||
|
+ self.combo_box_add(path, domain)
|
||||||
|
self.installed_list.append(path)
|
||||||
|
|
||||||
|
self.loading += 1
|
||||||
|
loading_gui.hide()
|
||||||
|
+ self.entrycompletion_obj.set_model(self.application_liststore)
|
||||||
|
+ self.advanced_search_treeview.set_model(self.advanced_search_sort)
|
||||||
|
|
||||||
|
dic = {
|
||||||
|
"on_combo_button_clicked" : self.open_combo_menu,
|
||||||
|
@@ -543,7 +542,7 @@ class SELinuxGui():
|
||||||
|
"on_file_equiv_button_clicked" : self.show_file_equiv_page,
|
||||||
|
"on_app/system_button_clicked" : self.system_interface,
|
||||||
|
"on_app/users_button_clicked" : self.users_interface,
|
||||||
|
- "on_main_advanced_label_button_press_event": self.advanced_label_main,
|
||||||
|
+ "on_show_advanced_search_window": self.on_show_advanced_search_window,
|
||||||
|
|
||||||
|
"on_Show_mislabeled_files_toggled" : self.show_mislabeled_files,
|
||||||
|
"on_Browse_button_files_clicked" : self.browse_for_files,
|
||||||
|
@@ -559,8 +558,6 @@ class SELinuxGui():
|
||||||
|
"on_advanced_filter_entry_changed" : self.get_advanced_filter_data,
|
||||||
|
"on_advanced_search_treeview_row_activated" : self.advanced_item_selected,
|
||||||
|
"on_Select_advanced_search_clicked" : self.advanced_item_button_push,
|
||||||
|
- "on_All_advanced_button_toggled" : self.advanced_radio_select,
|
||||||
|
- "on_Installed_advanced_button_toggled" : self.advanced_radio_select,
|
||||||
|
"on_info_button_button_press_event" : self.on_help_button,
|
||||||
|
"on_back_button_clicked" : self.on_help_back_clicked,
|
||||||
|
"on_forward_button_clicked" : self.on_help_forward_clicked,
|
||||||
|
@@ -701,7 +698,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
|
def match_func(self, completion, key_string, iter, func_data):
|
||||||
|
try:
|
||||||
|
- if self.combobox_menu_model.get_value(iter, 0).find(key_string) != -1:
|
||||||
|
+ if self.application_liststore.get_value(iter, 0).find(key_string) != -1:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
except AttributeError:
|
||||||
|
@@ -812,7 +809,7 @@ class SELinuxGui():
|
||||||
self.set_application_label = True
|
self.set_application_label = True
|
||||||
|
|
||||||
def resize_wrap(self, *args):
|
def resize_wrap(self, *args):
|
||||||
@ -261122,7 +261429,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
|
|
||||||
def initialize_system_default_mode(self):
|
def initialize_system_default_mode(self):
|
||||||
self.enforce_mode = selinux.selinux_getenforcemode()[1]
|
self.enforce_mode = selinux.selinux_getenforcemode()[1]
|
||||||
@@ -825,7 +828,7 @@ class SELinuxGui():
|
@@ -825,7 +822,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
def populate_system_policy(self):
|
def populate_system_policy(self):
|
||||||
selinux_path = selinux.selinux_path()
|
selinux_path = selinux.selinux_path()
|
||||||
@ -261131,7 +261438,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
types.sort()
|
types.sort()
|
||||||
ctr = 0
|
ctr = 0
|
||||||
for item in types:
|
for item in types:
|
||||||
@@ -850,14 +853,14 @@ class SELinuxGui():
|
@@ -850,14 +847,14 @@ class SELinuxGui():
|
||||||
# Returns true if filter_txt exists within the val
|
# Returns true if filter_txt exists within the val
|
||||||
if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1) :
|
if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1) :
|
||||||
return True
|
return True
|
||||||
@ -261148,7 +261455,66 @@ index 0123e6c..108d9e4 100644
|
|||||||
for t,ports in netd[k]:
|
for t,ports in netd[k]:
|
||||||
pkey = (",".join(ports), protocol)
|
pkey = (",".join(ports), protocol)
|
||||||
if pkey in self.cur_dict["port"]:
|
if pkey in self.cur_dict["port"]:
|
||||||
@@ -1114,7 +1117,7 @@ class SELinuxGui():
|
@@ -912,11 +909,11 @@ class SELinuxGui():
|
||||||
|
self.ready_mouse()
|
||||||
|
|
||||||
|
def network_initialize(self, app):
|
||||||
|
- netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect")
|
||||||
|
+ netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True)
|
||||||
|
self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore)
|
||||||
|
- netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind")
|
||||||
|
+ netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind",check_bools=True)
|
||||||
|
self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore)
|
||||||
|
- netd = sepolicy.network.get_network_connect(app, "udp", "name_bind")
|
||||||
|
+ netd = sepolicy.network.get_network_connect(app, "udp", "name_bind",check_bools=True)
|
||||||
|
self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore)
|
||||||
|
|
||||||
|
def network_initial_data_insert(self, model, ports, portType, protocol):
|
||||||
|
@@ -952,12 +949,12 @@ class SELinuxGui():
|
||||||
|
iter = liststore.get_iter(index)
|
||||||
|
return liststore.get_value(iter, 0)
|
||||||
|
|
||||||
|
- def combo_box_initialize(self, val, desc):
|
||||||
|
+ def combo_box_add(self, val, val1):
|
||||||
|
if val == None:
|
||||||
|
return
|
||||||
|
- iter = self.combobox_menu_model.append()
|
||||||
|
- for f in val:
|
||||||
|
- self.combobox_menu_model.set_value(iter, 0, val)
|
||||||
|
+ iter = self.application_liststore.append()
|
||||||
|
+ self.application_liststore.set_value(iter, 0, val)
|
||||||
|
+ self.application_liststore.set_value(iter, 1, val1)
|
||||||
|
|
||||||
|
def select_type_more(self, *args):
|
||||||
|
app = self.moreTypes_treeview.get_selection()
|
||||||
|
@@ -973,7 +970,7 @@ class SELinuxGui():
|
||||||
|
model, iter = row.get_selected()
|
||||||
|
iter = model.convert_iter_to_child_iter(iter)
|
||||||
|
iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
|
||||||
|
- app = self.advanced_search_liststore.get_value(iter, 1)
|
||||||
|
+ app = self.application_liststore.get_value(iter, 1)
|
||||||
|
if app == None:
|
||||||
|
return
|
||||||
|
self.advanced_filter_entry.set_text('')
|
||||||
|
@@ -985,7 +982,7 @@ class SELinuxGui():
|
||||||
|
def advanced_item_selected(self, treeview, path, *args):
|
||||||
|
iter = self.advanced_search_filter.get_iter(path)
|
||||||
|
iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
|
||||||
|
- app = self.advanced_search_liststore.get_value(iter, 1)
|
||||||
|
+ app = self.application_liststore.get_value(iter, 1)
|
||||||
|
self.advanced_filter_entry.set_text('')
|
||||||
|
self.advanced_search_window.hide()
|
||||||
|
self.reveal_advanced(self.main_advanced_label)
|
||||||
|
@@ -994,7 +991,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
|
def find_application(self, app):
|
||||||
|
if app and len(app) > 0:
|
||||||
|
- for items in self.combobox_menu_model:
|
||||||
|
+ for items in self.application_liststore:
|
||||||
|
if app == items[0]:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
@@ -1114,7 +1111,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
def executable_files_initialize(self, application):
|
def executable_files_initialize(self, application):
|
||||||
self.entrypoints = sepolicy.get_entrypoints(application)
|
self.entrypoints = sepolicy.get_entrypoints(application)
|
||||||
@ -261157,7 +261523,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
if len(self.entrypoints[exe]) == 0:
|
if len(self.entrypoints[exe]) == 0:
|
||||||
continue
|
continue
|
||||||
file_class = self.entrypoints[exe][1]
|
file_class = self.entrypoints[exe][1]
|
||||||
@@ -1151,7 +1154,7 @@ class SELinuxGui():
|
@@ -1151,7 +1148,7 @@ class SELinuxGui():
|
||||||
def writable_files_initialize(self, application):
|
def writable_files_initialize(self, application):
|
||||||
# Traversing the dictionary data struct
|
# Traversing the dictionary data struct
|
||||||
self.writable_files = sepolicy.get_writable_files(application)
|
self.writable_files = sepolicy.get_writable_files(application)
|
||||||
@ -261166,7 +261532,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
if len(self.writable_files[write]) < 2:
|
if len(self.writable_files[write]) < 2:
|
||||||
self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files"))
|
self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files"))
|
||||||
continue
|
continue
|
||||||
@@ -1194,7 +1197,7 @@ class SELinuxGui():
|
@@ -1194,7 +1191,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
def application_files_initialize(self, application):
|
def application_files_initialize(self, application):
|
||||||
self.file_types = sepolicy.get_file_types(application)
|
self.file_types = sepolicy.get_file_types(application)
|
||||||
@ -261175,7 +261541,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
if len(self.file_types[app]) == 0:
|
if len(self.file_types[app]) == 0:
|
||||||
continue
|
continue
|
||||||
file_class = self.file_types[app][1]
|
file_class = self.file_types[app][1]
|
||||||
@@ -1367,8 +1370,8 @@ class SELinuxGui():
|
@@ -1367,8 +1364,8 @@ class SELinuxGui():
|
||||||
self.treeview = self.network_in_treeview
|
self.treeview = self.network_in_treeview
|
||||||
category = _("listen for inbound connections")
|
category = _("listen for inbound connections")
|
||||||
|
|
||||||
@ -261186,7 +261552,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
|
self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
|
||||||
|
|
||||||
if self.transitions_radio_button.get_active():
|
if self.transitions_radio_button.get_active():
|
||||||
@@ -1439,7 +1442,7 @@ class SELinuxGui():
|
@@ -1439,7 +1436,7 @@ class SELinuxGui():
|
||||||
sort_column, _ = model.get_sort_column_id()
|
sort_column, _ = model.get_sort_column_id()
|
||||||
val1 = self.unmarkup(model.get_value(row1, sort_column))
|
val1 = self.unmarkup(model.get_value(row1, sort_column))
|
||||||
val2 = self.unmarkup(model.get_value(row2, sort_column))
|
val2 = self.unmarkup(model.get_value(row2, sort_column))
|
||||||
@ -261195,7 +261561,16 @@ index 0123e6c..108d9e4 100644
|
|||||||
|
|
||||||
def display_more_detail(self, windows, path):
|
def display_more_detail(self, windows, path):
|
||||||
it = self.boolean_filter.get_iter(path)
|
it = self.boolean_filter.get_iter(path)
|
||||||
@@ -1636,7 +1639,7 @@ class SELinuxGui():
|
@@ -1625,7 +1622,7 @@ class SELinuxGui():
|
||||||
|
self.files_type_combolist.clear()
|
||||||
|
self.files_class_combolist.clear()
|
||||||
|
compare = self.strip_domain(self.application)
|
||||||
|
- for d in self.completion_entry_model:
|
||||||
|
+ for d in self.application_liststore:
|
||||||
|
if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"):
|
||||||
|
exclude_list.append(self.strip_domain(d[0]))
|
||||||
|
|
||||||
|
@@ -1636,7 +1633,7 @@ class SELinuxGui():
|
||||||
self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files])
|
self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files])
|
||||||
|
|
||||||
if ipage == EXE_PAGE and self.entrypoints != None:
|
if ipage == EXE_PAGE and self.entrypoints != None:
|
||||||
@ -261204,7 +261579,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
if exe.startswith(compare):
|
if exe.startswith(compare):
|
||||||
iter = self.files_type_combolist.append()
|
iter = self.files_type_combolist.append()
|
||||||
self.files_type_combolist.set_value(iter, 0, exe)
|
self.files_type_combolist.set_value(iter, 0, exe)
|
||||||
@@ -1646,7 +1649,7 @@ class SELinuxGui():
|
@@ -1646,7 +1643,7 @@ class SELinuxGui():
|
||||||
self.files_class_combobox.set_sensitive(False)
|
self.files_class_combobox.set_sensitive(False)
|
||||||
|
|
||||||
elif ipage == WRITABLE_PAGE and self.writable_files != None:
|
elif ipage == WRITABLE_PAGE and self.writable_files != None:
|
||||||
@ -261213,7 +261588,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types:
|
if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types:
|
||||||
iter = self.files_type_combolist.append()
|
iter = self.files_type_combolist.append()
|
||||||
self.files_type_combolist.set_value(iter, 0, write)
|
self.files_type_combolist.set_value(iter, 0, write)
|
||||||
@@ -1663,7 +1666,7 @@ class SELinuxGui():
|
@@ -1663,7 +1660,7 @@ class SELinuxGui():
|
||||||
self.more_types_files_liststore.set_value(iter, 0, app)
|
self.more_types_files_liststore.set_value(iter, 0, app)
|
||||||
self.files_class_combobox.set_active(0)
|
self.files_class_combobox.set_active(0)
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
@ -261222,8 +261597,17 @@ index 0123e6c..108d9e4 100644
|
|||||||
pass
|
pass
|
||||||
self.files_type_combobox.set_active(0)
|
self.files_type_combobox.set_active(0)
|
||||||
self.files_mls_entry.set_text("s0")
|
self.files_mls_entry.set_text("s0")
|
||||||
@@ -1710,7 +1713,7 @@ class SELinuxGui():
|
@@ -1704,13 +1701,13 @@ class SELinuxGui():
|
||||||
netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind")
|
|
||||||
|
try:
|
||||||
|
if ipage == OUTBOUND_PAGE:
|
||||||
|
- netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect")
|
||||||
|
+ netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools = True)
|
||||||
|
elif ipage == INBOUND_PAGE:
|
||||||
|
- netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind")
|
||||||
|
- netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind")
|
||||||
|
+ netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools = True)
|
||||||
|
+ netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools = True)
|
||||||
|
|
||||||
port_types = []
|
port_types = []
|
||||||
- for k in netd.keys():
|
- for k in netd.keys():
|
||||||
@ -261231,7 +261615,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
for t,ports in netd[k]:
|
for t,ports in netd[k]:
|
||||||
if t not in port_types + ["port_t", "unreserved_port_t"]:
|
if t not in port_types + ["port_t", "unreserved_port_t"]:
|
||||||
if t.endswith("_type"):
|
if t.endswith("_type"):
|
||||||
@@ -1805,7 +1808,7 @@ class SELinuxGui():
|
@@ -1805,7 +1802,7 @@ class SELinuxGui():
|
||||||
self.wait_mouse()
|
self.wait_mouse()
|
||||||
try:
|
try:
|
||||||
self.dbus.semanage(update_buffer)
|
self.dbus.semanage(update_buffer)
|
||||||
@ -261240,7 +261624,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
self.error(e)
|
self.error(e)
|
||||||
self.ready_mouse()
|
self.ready_mouse()
|
||||||
|
|
||||||
@@ -1883,7 +1886,7 @@ class SELinuxGui():
|
@@ -1883,7 +1880,7 @@ class SELinuxGui():
|
||||||
tree.set_value(iter, 2, fclass)
|
tree.set_value(iter, 2, fclass)
|
||||||
|
|
||||||
def restore_to_default(self, *args):
|
def restore_to_default(self, *args):
|
||||||
@ -261249,7 +261633,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
|
|
||||||
def invalid_entry_retry(self, *args):
|
def invalid_entry_retry(self, *args):
|
||||||
self.closewindow(self.error_check_window)
|
self.closewindow(self.error_check_window)
|
||||||
@@ -2136,7 +2139,7 @@ class SELinuxGui():
|
@@ -2136,7 +2133,7 @@ class SELinuxGui():
|
||||||
|
|
||||||
def on_save_delete_file_equiv_clicked(self, *args):
|
def on_save_delete_file_equiv_clicked(self, *args):
|
||||||
for delete in self.files_delete_liststore:
|
for delete in self.files_delete_liststore:
|
||||||
@ -261258,7 +261642,7 @@ index 0123e6c..108d9e4 100644
|
|||||||
|
|
||||||
def on_toggle_update(self, cell, path, model):
|
def on_toggle_update(self, cell, path, model):
|
||||||
model[path][0] = not model[path][0]
|
model[path][0] = not model[path][0]
|
||||||
@@ -2444,8 +2447,8 @@ class SELinuxGui():
|
@@ -2444,8 +2441,8 @@ class SELinuxGui():
|
||||||
self.wait_mouse()
|
self.wait_mouse()
|
||||||
try:
|
try:
|
||||||
self.dbus.semanage(update_buffer)
|
self.dbus.semanage(update_buffer)
|
||||||
@ -261269,7 +261653,79 @@ index 0123e6c..108d9e4 100644
|
|||||||
self.ready_mouse()
|
self.ready_mouse()
|
||||||
self.init_cur()
|
self.init_cur()
|
||||||
|
|
||||||
@@ -2727,8 +2730,8 @@ class SELinuxGui():
|
@@ -2539,34 +2536,7 @@ class SELinuxGui():
|
||||||
|
self.network_mls_label.set_visible(advanced)
|
||||||
|
self.network_mls_entry.set_visible(advanced)
|
||||||
|
|
||||||
|
- def advanced_search_initialize(self, path):
|
||||||
|
- try:
|
||||||
|
- if path[0] == '/':
|
||||||
|
- domain = sepolicy.get_init_transtype(path)
|
||||||
|
- else:
|
||||||
|
- domain = path
|
||||||
|
- except IndexError:
|
||||||
|
- return
|
||||||
|
- except OSError:
|
||||||
|
- return
|
||||||
|
- iter = self.advanced_search_liststore.append()
|
||||||
|
- self.advanced_search_liststore.set_value(iter, 0, path)
|
||||||
|
- self.advanced_search_liststore.set_value(iter, 1, domain)
|
||||||
|
- user_types = sepolicy.get_user_types()
|
||||||
|
- if domain in user_types + ['initrc_t']:
|
||||||
|
- return
|
||||||
|
-
|
||||||
|
- entrypoints = sepolicy.get_entrypoints(domain)
|
||||||
|
- # From entry_point = 0 to the number of keys in the dic
|
||||||
|
- for exe in entrypoints:
|
||||||
|
- if len(entrypoints[exe]):
|
||||||
|
- file_class = entrypoints[exe][1]
|
||||||
|
- for path in entrypoints[exe][0]:
|
||||||
|
- iter = self.advanced_search_liststore.append()
|
||||||
|
- self.advanced_search_liststore.set_value(iter, 1, domain)
|
||||||
|
- self.advanced_search_liststore.set_value(iter, 0, path)
|
||||||
|
-
|
||||||
|
- def advanced_label_main(self, label, *args):
|
||||||
|
+ def on_show_advanced_search_window(self, label, *args):
|
||||||
|
if label.get_text() == ADVANCED_SEARCH_LABEL[1]:
|
||||||
|
label.set_text(ADVANCED_SEARCH_LABEL[0])
|
||||||
|
self.close_popup()
|
||||||
|
@@ -2574,25 +2544,6 @@ class SELinuxGui():
|
||||||
|
label.set_text(ADVANCED_SEARCH_LABEL[1])
|
||||||
|
self.show_popup(self.advanced_search_window)
|
||||||
|
|
||||||
|
- def advanced_radio_select(self, button):
|
||||||
|
- label = ""
|
||||||
|
- if button.get_active():
|
||||||
|
- label = button.get_label()
|
||||||
|
- if label == '':
|
||||||
|
- return
|
||||||
|
- self.advanced_search_liststore.clear()
|
||||||
|
- if label == "All":
|
||||||
|
- for items in self.all_list:
|
||||||
|
- self.advanced_search_initialize(items)
|
||||||
|
- self.idle_func()
|
||||||
|
-
|
||||||
|
- elif label == "Installed":
|
||||||
|
- if self.installed_list == []:
|
||||||
|
- return
|
||||||
|
- for items in self.installed_list:
|
||||||
|
- self.advanced_search_initialize(items)
|
||||||
|
- self.idle_func()
|
||||||
|
-
|
||||||
|
def set_enforce_text(self, value):
|
||||||
|
if value:
|
||||||
|
self.status_bar.push(self.context_id, _("System Status: Enforcing"))
|
||||||
|
@@ -2601,6 +2552,9 @@ class SELinuxGui():
|
||||||
|
self.current_status_permissive.set_active(True)
|
||||||
|
|
||||||
|
def set_enforce(self, button):
|
||||||
|
+ if not self.finish_init:
|
||||||
|
+ return
|
||||||
|
+
|
||||||
|
self.dbus.setenforce(button.get_active())
|
||||||
|
self.set_enforce_text(button.get_active())
|
||||||
|
|
||||||
|
@@ -2727,8 +2681,8 @@ class SELinuxGui():
|
||||||
if not active and not exists:
|
if not active and not exists:
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
@ -262984,22 +263440,36 @@ index ba15b2c..1765b1c 100755
|
|||||||
SELinux policy also controls which roles can transition to a different role.
|
SELinux policy also controls which roles can transition to a different role.
|
||||||
You can list these rules using the following command.
|
You can list these rules using the following command.
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
|
||||||
index 3a75d7c..d1bcd65 100755
|
index 3a75d7c..dca1b79 100755
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/network.py
|
--- a/policycoreutils/sepolicy/sepolicy/network.py
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/network.py
|
+++ b/policycoreutils/sepolicy/sepolicy/network.py
|
||||||
@@ -28,9 +28,9 @@ def get_types(src, tclass, perm):
|
@@ -24,20 +24,22 @@ import sepolicy
|
||||||
|
search=sepolicy.search
|
||||||
|
info=sepolicy.info
|
||||||
|
|
||||||
|
-def get_types(src, tclass, perm):
|
||||||
|
+def get_types(src, tclass, perm, check_bools=False):
|
||||||
allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
|
allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
|
||||||
nlist=[]
|
nlist=[]
|
||||||
if allows:
|
if allows:
|
||||||
- for i in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
|
- for i in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
|
||||||
- if i not in nlist:
|
+ for i in [y[sepolicy.TARGET] for y in
|
||||||
- nlist.append(i)
|
+ [x for x in allows
|
||||||
+ for i in [y[sepolicy.TARGET] for y in [x for x in allows if set(perm).issubset(x[sepolicy.PERMS])]]:
|
+ if set(perm).issubset(x[sepolicy.PERMS]) and (not check_bools or x["enabled"])]]:
|
||||||
+ if i not in nlist:
|
if i not in nlist:
|
||||||
+ nlist.append(i)
|
nlist.append(i)
|
||||||
return nlist
|
return nlist
|
||||||
|
|
||||||
|
|
||||||
|
-def get_network_connect(src, protocol, perm):
|
||||||
|
+def get_network_connect(src, protocol, perm, check_bools=False):
|
||||||
|
portrecs, portrecsbynum = sepolicy.gen_port_dict()
|
||||||
|
d={}
|
||||||
|
- tlist = get_types(src, "%s_socket" % protocol, [perm])
|
||||||
|
+ tlist = get_types(src, "%s_socket" % protocol, [perm], check_bools)
|
||||||
|
if len(tlist) > 0:
|
||||||
|
d[(src,protocol,perm)] = []
|
||||||
|
for i in tlist:
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py
|
||||||
index c6645ef..8965795 100644
|
index c6645ef..8965795 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/sedbus.py
|
--- a/policycoreutils/sepolicy/sepolicy/sedbus.py
|
||||||
@ -263012,6 +263482,129 @@ index c6645ef..8965795 100644
|
|||||||
- print e
|
- print e
|
||||||
+ except dbus.DBusException as e:
|
+ except dbus.DBusException as e:
|
||||||
+ print (e)
|
+ print (e)
|
||||||
|
diff --git a/policycoreutils/sepolicy/sepolicy/sepolicy.glade b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
index 1275c7f..e3137db 100644
|
||||||
|
--- a/policycoreutils/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
+++ b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
<!-- Generated with glade 3.16.0 on Fri Oct 11 08:24:19 2013 -->
|
||||||
|
<interface>
|
||||||
|
<!-- interface-requires gtk+ 3.8 -->
|
||||||
|
- <object class="GtkListStore" id="Advanced_search_liststore">
|
||||||
|
+ <object class="GtkListStore" id="application_liststore">
|
||||||
|
<columns>
|
||||||
|
<!-- column-name Application -->
|
||||||
|
<column type="gchararray"/>
|
||||||
|
@@ -82,7 +82,7 @@
|
||||||
|
<attributes>
|
||||||
|
<attribute name="foreground" value="#00004e4e9999"/>
|
||||||
|
</attributes>
|
||||||
|
- <signal name="button-press-event" handler="on_main_advanced_label_button_press_event" swapped="no"/>
|
||||||
|
+ <signal name="button-press-event" handler="on_show_advanced_search_window" swapped="no"/>
|
||||||
|
</object>
|
||||||
|
<packing>
|
||||||
|
<property name="expand">True</property>
|
||||||
|
@@ -225,7 +225,7 @@
|
||||||
|
</child>
|
||||||
|
</object>
|
||||||
|
<object class="GtkTreeModelFilter" id="advanced_filter">
|
||||||
|
- <property name="child_model">Advanced_search_liststore</property>
|
||||||
|
+ <property name="child_model">application_liststore</property>
|
||||||
|
</object>
|
||||||
|
<object class="GtkTreeModelSort" id="advanced_sort">
|
||||||
|
<property name="model">advanced_filter</property>
|
||||||
|
@@ -256,24 +256,6 @@
|
||||||
|
<object class="GtkTreeModelSort" id="application_files_sort">
|
||||||
|
<property name="model">application_files_filter</property>
|
||||||
|
</object>
|
||||||
|
- <object class="GtkListStore" id="application_liststore">
|
||||||
|
- <columns>
|
||||||
|
- <!-- column-name Application -->
|
||||||
|
- <column type="gchararray"/>
|
||||||
|
- </columns>
|
||||||
|
- </object>
|
||||||
|
- <object class="GtkTreeModelFilter" id="application_filter">
|
||||||
|
- <property name="child_model">application_liststore</property>
|
||||||
|
- </object>
|
||||||
|
- <object class="GtkTreeModelSort" id="application_sort">
|
||||||
|
- <property name="model">application_filter</property>
|
||||||
|
- </object>
|
||||||
|
- <object class="GtkListStore" id="application_tree_list">
|
||||||
|
- <columns>
|
||||||
|
- <!-- column-name Process -->
|
||||||
|
- <column type="gchararray"/>
|
||||||
|
- </columns>
|
||||||
|
- </object>
|
||||||
|
<object class="GtkListStore" id="boolean_liststore">
|
||||||
|
<columns>
|
||||||
|
<!-- column-name Active -->
|
||||||
|
@@ -4328,46 +4310,7 @@ allow alternative access control.</property>
|
||||||
|
<property name="position">0</property>
|
||||||
|
</packing>
|
||||||
|
</child>
|
||||||
|
- <child>
|
||||||
|
- <object class="GtkRadioButton" id="All_advanced_button">
|
||||||
|
- <property name="label" translatable="yes">All</property>
|
||||||
|
- <property name="visible">True</property>
|
||||||
|
- <property name="can_focus">True</property>
|
||||||
|
- <property name="receives_default">False</property>
|
||||||
|
- <property name="xalign">0.5</property>
|
||||||
|
- <property name="active">True</property>
|
||||||
|
- <property name="draw_indicator">True</property>
|
||||||
|
- <signal name="toggled" handler="on_All_advanced_button_toggled" swapped="no"/>
|
||||||
|
- </object>
|
||||||
|
- <packing>
|
||||||
|
- <property name="expand">True</property>
|
||||||
|
- <property name="fill">True</property>
|
||||||
|
- <property name="position">1</property>
|
||||||
|
- </packing>
|
||||||
|
- </child>
|
||||||
|
- <child>
|
||||||
|
- <object class="GtkRadioButton" id="Installed_advanced_button">
|
||||||
|
- <property name="label" translatable="yes">Installed</property>
|
||||||
|
- <property name="visible">True</property>
|
||||||
|
- <property name="can_focus">True</property>
|
||||||
|
- <property name="receives_default">False</property>
|
||||||
|
- <property name="xalign">0.5</property>
|
||||||
|
- <property name="draw_indicator">True</property>
|
||||||
|
- <property name="group">All_advanced_button</property>
|
||||||
|
- <signal name="toggled" handler="on_Installed_advanced_button_toggled" swapped="no"/>
|
||||||
|
- </object>
|
||||||
|
- <packing>
|
||||||
|
- <property name="expand">True</property>
|
||||||
|
- <property name="fill">True</property>
|
||||||
|
- <property name="position">2</property>
|
||||||
|
- </packing>
|
||||||
|
- </child>
|
||||||
|
</object>
|
||||||
|
- <packing>
|
||||||
|
- <property name="expand">False</property>
|
||||||
|
- <property name="fill">True</property>
|
||||||
|
- <property name="position">0</property>
|
||||||
|
- </packing>
|
||||||
|
</child>
|
||||||
|
<child>
|
||||||
|
<object class="GtkScrolledWindow" id="scrolledwindow11">
|
||||||
|
@@ -4377,7 +4320,6 @@ allow alternative access control.</property>
|
||||||
|
<object class="GtkTreeView" id="advanced_search_treeview">
|
||||||
|
<property name="visible">True</property>
|
||||||
|
<property name="can_focus">True</property>
|
||||||
|
- <property name="model">advanced_sort</property>
|
||||||
|
<property name="enable_search">False</property>
|
||||||
|
<signal name="row-activated" handler="on_advanced_search_treeview_row_activated" swapped="no"/>
|
||||||
|
<child internal-child="selection">
|
||||||
|
diff --git a/policycoreutils/sepolicy/sepolicy/templates/executable.py b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
||||||
|
index 4b9534d..0db6b9c 100644
|
||||||
|
--- a/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
||||||
|
+++ b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
||||||
|
@@ -86,6 +86,7 @@ roleattribute system_r TEMPLATETYPE_roles;
|
||||||
|
type TEMPLATETYPE_t;
|
||||||
|
type TEMPLATETYPE_exec_t;
|
||||||
|
application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
|
||||||
|
+role TEMPLATETYPE_roles types TEMPLATETYPE_t;
|
||||||
|
|
||||||
|
permissive TEMPLATETYPE_t;
|
||||||
|
"""
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/templates/spec.py b/policycoreutils/sepolicy/sepolicy/templates/spec.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/templates/spec.py b/policycoreutils/sepolicy/sepolicy/templates/spec.py
|
||||||
index 16a2208..d8ee42f 100644
|
index 16a2208..d8ee42f 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/templates/spec.py
|
--- a/policycoreutils/sepolicy/sepolicy/templates/spec.py
|
||||||
|
@ -1,131 +1,13 @@
|
|||||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py
|
||||||
index d636091..56919be 100644
|
index 3258684..88a6dc3 100644
|
||||||
--- a/sepolgen/src/sepolgen/audit.py
|
--- a/sepolgen/src/sepolgen/interfaces.py
|
||||||
+++ b/sepolgen/src/sepolgen/audit.py
|
+++ b/sepolgen/src/sepolgen/interfaces.py
|
||||||
@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):
|
@@ -276,7 +276,7 @@ class InterfaceVector:
|
||||||
raise ValueError("Error during access vector computation")
|
if attributes:
|
||||||
|
for typeattribute in interface.typeattributes():
|
||||||
if self.type == audit2why.CONSTRAINT:
|
for attr in typeattribute.attributes:
|
||||||
- self.data = []
|
- if not attributes.has_key(attr):
|
||||||
+ self.data = [ self.data ]
|
+ if not attributes.attributes.has_key(attr):
|
||||||
if self.scontext.user != self.tcontext.user:
|
# print "missing attribute " + attr
|
||||||
- self.data.append("user")
|
continue
|
||||||
+ self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))
|
attr_vec = attributes.attributes[attr]
|
||||||
if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
|
|
||||||
- self.data.append("role")
|
|
||||||
+ self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))
|
|
||||||
if self.scontext.level != self.tcontext.level:
|
|
||||||
- self.data.append("level")
|
|
||||||
+ self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))
|
|
||||||
|
|
||||||
avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
|
|
||||||
|
|
||||||
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
|
||||||
index cc9f8ea..ce643e5 100644
|
|
||||||
--- a/sepolgen/src/sepolgen/policygen.py
|
|
||||||
+++ b/sepolgen/src/sepolgen/policygen.py
|
|
||||||
@@ -161,21 +161,21 @@ class PolicyGenerator:
|
|
||||||
if self.explain:
|
|
||||||
rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
|
|
||||||
if av.type == audit2why.ALLOW:
|
|
||||||
- rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
|
||||||
+ rule.comment += "\n#!!!! This avc is allowed in the current policy"
|
|
||||||
if av.type == audit2why.DONTAUDIT:
|
|
||||||
- rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
|
||||||
+ rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy"
|
|
||||||
|
|
||||||
if av.type == audit2why.BOOLEAN:
|
|
||||||
if len(av.data) > 1:
|
|
||||||
- rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: x[0], av.data))
|
|
||||||
+ rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join(map(lambda x: x[0], av.data))
|
|
||||||
else:
|
|
||||||
- rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
|
|
||||||
+ rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0]
|
|
||||||
|
|
||||||
if av.type == audit2why.CONSTRAINT:
|
|
||||||
- rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
|
||||||
- rule.comment += "#Constraint rule: "
|
|
||||||
- for reason in av.data:
|
|
||||||
- rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
|
|
||||||
+ rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
|
|
||||||
+ rule.comment += "#Constraint rule: \n\t" + av.data[0]
|
|
||||||
+ for reason in av.data[1:]:
|
|
||||||
+ rule.comment += "#\tPossible cause is the source %s and target %s are different." % reason
|
|
||||||
|
|
||||||
try:
|
|
||||||
if ( av.type == audit2why.TERULE and
|
|
||||||
@@ -189,9 +189,9 @@ class PolicyGenerator:
|
|
||||||
if i not in self.domains:
|
|
||||||
types.append(i)
|
|
||||||
if len(types) == 1:
|
|
||||||
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
|
||||||
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
|
||||||
elif len(types) >= 1:
|
|
||||||
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
|
||||||
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
self.module.children.append(rule)
|
|
||||||
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
|
|
||||||
index 7b76261..a05d9d1 100644
|
|
||||||
--- a/sepolgen/src/sepolgen/refparser.py
|
|
||||||
+++ b/sepolgen/src/sepolgen/refparser.py
|
|
||||||
@@ -65,6 +65,7 @@ tokens = (
|
|
||||||
'BAR',
|
|
||||||
'EXPL',
|
|
||||||
'EQUAL',
|
|
||||||
+ 'FILENAME',
|
|
||||||
'IDENTIFIER',
|
|
||||||
'NUMBER',
|
|
||||||
'PATH',
|
|
||||||
@@ -249,11 +250,17 @@ def t_refpolicywarn(t):
|
|
||||||
t.lexer.lineno += 1
|
|
||||||
|
|
||||||
def t_IDENTIFIER(t):
|
|
||||||
- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
|
|
||||||
+ r'[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*'
|
|
||||||
# Handle any keywords
|
|
||||||
t.type = reserved.get(t.value,'IDENTIFIER')
|
|
||||||
return t
|
|
||||||
|
|
||||||
+def t_FILENAME(t):
|
|
||||||
+ r'\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"'
|
|
||||||
+ # Handle any keywords
|
|
||||||
+ t.type = reserved.get(t.value,'FILENAME')
|
|
||||||
+ return t
|
|
||||||
+
|
|
||||||
def t_comment(t):
|
|
||||||
r'\#.*\n'
|
|
||||||
# Ignore all comments
|
|
||||||
@@ -450,6 +457,7 @@ def p_interface_call_param(p):
|
|
||||||
| nested_id_set
|
|
||||||
| TRUE
|
|
||||||
| FALSE
|
|
||||||
+ | FILENAME
|
|
||||||
'''
|
|
||||||
# Intentionally let single identifiers pass through
|
|
||||||
# List means set, non-list identifier
|
|
||||||
@@ -461,6 +469,7 @@ def p_interface_call_param(p):
|
|
||||||
def p_interface_call_param_list(p):
|
|
||||||
'''interface_call_param_list : interface_call_param
|
|
||||||
| interface_call_param_list COMMA interface_call_param
|
|
||||||
+ | interface_call_param_list COMMA interface_call_param COMMA interface_call_param_list
|
|
||||||
'''
|
|
||||||
if len(p) == 2:
|
|
||||||
p[0] = [p[1]]
|
|
||||||
@@ -787,6 +796,7 @@ def p_avrule_def(p):
|
|
||||||
|
|
||||||
def p_typerule_def(p):
|
|
||||||
'''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
|
|
||||||
+ | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI
|
|
||||||
| TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
|
|
||||||
| TYPE_CHANGE names names COLON names IDENTIFIER SEMI
|
|
||||||
| TYPE_MEMBER names names COLON names IDENTIFIER SEMI
|
|
||||||
@@ -800,6 +810,7 @@ def p_typerule_def(p):
|
|
||||||
t.tgt_types = p[3]
|
|
||||||
t.obj_classes = p[5]
|
|
||||||
t.dest_type = p[6]
|
|
||||||
+ t.file_name = p[7]
|
|
||||||
p[0] = t
|
|
||||||
|
|
||||||
def p_bool(p):
|
|
||||||
|
@ -107,7 +107,6 @@ Requires:libsemanage-python >= %{libsemanagever} libselinux-python libcgroup
|
|||||||
Requires:audit-libs-python >= %{libauditver}
|
Requires:audit-libs-python >= %{libauditver}
|
||||||
Requires(pre): python >= 2.6
|
Requires(pre): python >= 2.6
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
Requires: checkpolicy
|
|
||||||
Requires: python-IPy yum
|
Requires: python-IPy yum
|
||||||
|
|
||||||
%description python
|
%description python
|
||||||
@ -153,10 +152,6 @@ an SELinux environment.
|
|||||||
%{_mandir}/man8/sandbox.8*
|
%{_mandir}/man8/sandbox.8*
|
||||||
%{_mandir}/man8/semanage*.8*
|
%{_mandir}/man8/semanage*.8*
|
||||||
%{_mandir}/ru/man8/semanage.8*
|
%{_mandir}/ru/man8/semanage.8*
|
||||||
%{_datadir}/system-config-selinux/selinux_server.py
|
|
||||||
%{_datadir}/dbus-1/system-services/org.selinux.service
|
|
||||||
%{_datadir}/polkit-1/actions/org.selinux.policy
|
|
||||||
%{_datadir}/polkit-1/actions/org.selinux.config.policy
|
|
||||||
%{_datadir}/bash-completion/completions/semanage
|
%{_datadir}/bash-completion/completions/semanage
|
||||||
%{_datadir}/bash-completion/completions/setsebool
|
%{_datadir}/bash-completion/completions/setsebool
|
||||||
|
|
||||||
@ -165,6 +160,7 @@ Summary: SELinux policy core policy devel utilities
|
|||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Requires: policycoreutils-python = %{version}-%{release}
|
Requires: policycoreutils-python = %{version}-%{release}
|
||||||
Requires: /usr/bin/make
|
Requires: /usr/bin/make
|
||||||
|
Requires: checkpolicy
|
||||||
Requires: selinux-policy-devel
|
Requires: selinux-policy-devel
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
@ -270,6 +266,10 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%{_mandir}/man8/system-config-selinux.8*
|
%{_mandir}/man8/system-config-selinux.8*
|
||||||
%{_mandir}/man8/selinux-polgengui.8*
|
%{_mandir}/man8/selinux-polgengui.8*
|
||||||
%{_mandir}/man8/sepolicy-gui.8*
|
%{_mandir}/man8/sepolicy-gui.8*
|
||||||
|
%{_datadir}/system-config-selinux/selinux_server.py
|
||||||
|
%{_datadir}/dbus-1/system-services/org.selinux.service
|
||||||
|
%{_datadir}/polkit-1/actions/org.selinux.policy
|
||||||
|
%{_datadir}/polkit-1/actions/org.selinux.config.policy
|
||||||
|
|
||||||
%post gui
|
%post gui
|
||||||
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
||||||
@ -305,10 +305,6 @@ fi
|
|||||||
%{_mandir}/ru/man8/restorecon.8*
|
%{_mandir}/ru/man8/restorecon.8*
|
||||||
%{_mandir}/man8/semodule.8*
|
%{_mandir}/man8/semodule.8*
|
||||||
%{_mandir}/ru/man8/semodule.8*
|
%{_mandir}/ru/man8/semodule.8*
|
||||||
%{_mandir}/man8/semodule_deps.8*
|
|
||||||
%{_mandir}/ru/man8/semodule_deps.8*
|
|
||||||
%{_mandir}/man8/semodule_expand.8*
|
|
||||||
%{_mandir}/ru/man8/semodule_expand.8*
|
|
||||||
%{_mandir}/man8/sestatus.8*
|
%{_mandir}/man8/sestatus.8*
|
||||||
%{_mandir}/ru/man8/sestatus.8*
|
%{_mandir}/ru/man8/sestatus.8*
|
||||||
%{_mandir}/man8/setfiles.8*
|
%{_mandir}/man8/setfiles.8*
|
||||||
@ -351,7 +347,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Nov 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
|
* Fri Nov 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
|
||||||
|
- Speed up startup time of sepolicy gui
|
||||||
|
- Clean up ports screen to only show enabled ports.
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
|
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
|
||||||
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
|
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
|
||||||
|
Loading…
Reference in New Issue
Block a user