From fcb8db4597fe666da4863c2fa10345b0df981f1a Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mon, 10 Sep 2007 19:45:03 +0000
Subject: [PATCH] * Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11 -
 Lots of fixes for polgengui

---
 policycoreutils-gui.patch | 137 ++++++++++++++++++++++++++++++--------
 policycoreutils.spec      |   5 +-
 2 files changed, 112 insertions(+), 30 deletions(-)

diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 8f6ebc0..2584c2b 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -914,8 +914,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
 --- nsapolicycoreutils/gui/polgen.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.glade	2007-09-10 11:56:01.000000000 -0400
-@@ -0,0 +1,2364 @@
++++ policycoreutils-2.0.25/gui/polgen.glade	2007-09-10 15:42:48.000000000 -0400
+@@ -0,0 +1,2386 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
 +
@@ -1028,8 +1028,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +      <child>
 +	<widget class="GtkNotebook" id="notebook1">
 +	  <property name="visible">True</property>
-+	  <property name="can_focus">True</property>
-+	  <property name="show_tabs">True</property>
++	  <property name="show_tabs">False</property>
 +	  <property name="show_border">True</property>
 +	  <property name="tab_pos">GTK_POS_TOP</property>
 +	  <property name="scrollable">False</property>
@@ -1080,7 +1079,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  <child>
 +	    <widget class="GnomeDruidPageStandard" id="select_type_page">
 +	      <property name="visible">True</property>
-+	      <property name="title" translatable="yes">Select application or user type that you want to confine.</property>
++	      <property name="title" translatable="yes">Select application or user role to be confined.</property>
 +	      <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
 +
 +	      <child internal-child="vbox">
@@ -1773,6 +1772,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
++	    <widget class="GtkLabel" id="label30">
++	      <property name="visible">True</property>
++	      <property name="label" translatable="yes">label30</property>
++	      <property name="use_underline">False</property>
++	      <property name="use_markup">False</property>
++	      <property name="justify">GTK_JUSTIFY_LEFT</property>
++	      <property name="wrap">False</property>
++	      <property name="selectable">False</property>
++	      <property name="xalign">0.5</property>
++	      <property name="yalign">0.5</property>
++	      <property name="xpad">0</property>
++	      <property name="ypad">0</property>
++	      <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
++	      <property name="width_chars">-1</property>
++	      <property name="single_line_mode">False</property>
++	      <property name="angle">0</property>
++	    </widget>
++	    <packing>
++	      <property name="type">tab</property>
++	    </packing>
++	  </child>
++
++	  <child>
 +	    <widget class="GnomeDruidPageStandard" id="roles_page">
 +	      <property name="visible">True</property>
 +	      <property name="title" translatable="yes">Select the roles(s) that this user will be able to become</property>
@@ -1824,9 +1846,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label30">
++	    <widget class="GtkLabel" id="label31">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label30</property>
++	      <property name="label" translatable="yes">label31</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2247,9 +2269,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label31">
++	    <widget class="GtkLabel" id="label32">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label31</property>
++	      <property name="label" translatable="yes">label32</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2563,9 +2585,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label32">
++	    <widget class="GtkLabel" id="label33">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label32</property>
++	      <property name="label" translatable="yes">label33</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2695,9 +2717,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label33">
++	    <widget class="GtkLabel" id="label34">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label33</property>
++	      <property name="label" translatable="yes">label34</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3025,9 +3047,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label34">
++	    <widget class="GtkLabel" id="label35">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label34</property>
++	      <property name="label" translatable="yes">label35</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3141,9 +3163,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label35">
++	    <widget class="GtkLabel" id="label43">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label35</property>
++	      <property name="label" translatable="yes"></property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3181,7 +3203,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label43">
++	    <widget class="GtkLabel" id="label44">
 +	      <property name="visible">True</property>
 +	      <property name="label" translatable="yes"></property>
 +	      <property name="use_underline">False</property>
@@ -3282,8 +3304,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +</glade-interface>
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
 --- nsapolicycoreutils/gui/polgengui.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgengui.py	2007-09-10 11:58:05.000000000 -0400
-@@ -0,0 +1,452 @@
++++ policycoreutils-2.0.25/gui/polgengui.py	2007-09-10 15:43:11.000000000 -0400
+@@ -0,0 +1,453 @@
 +#!/usr/bin/python
 +#
 +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -3572,7 +3594,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +                my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
 +                my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
 +                my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
-+                my_policy.set_init_script(self.script_entry.get_text())
++                if self.get_type() is polgen.DAEMON:
++                    my_policy.set_init_script(self.init_script_entry.get_text())
 +            else:
 +                if self.get_type() == polgen.RUSER:
 +                    selected = []
@@ -3738,8 +3761,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
 --- nsapolicycoreutils/gui/polgen.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.py	2007-09-10 12:16:38.000000000 -0400
-@@ -0,0 +1,719 @@
++++ policycoreutils-2.0.25/gui/polgen.py	2007-09-10 15:43:04.000000000 -0400
+@@ -0,0 +1,727 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@@ -4207,6 +4230,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +		newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
 +		return newte
 +	
++	def generate_user_if(self):
++                newif = ""
++                if self.type == USER:
++                    newif += re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
++
++                return newif
++                
 +	def generate_if(self):
 +                newif = ""
 +                if self.program != "":
@@ -4221,6 +4251,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                                        if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
 +                                            newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
 +                                            break
++                newif += self.generate_user_if()
 +                newif += self.generate_admin_if()
 +                
 +		return newif
@@ -8884,8 +8915,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
 --- nsapolicycoreutils/gui/templates/executable.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-05 22:25:10.000000000 -0400
-@@ -0,0 +1,229 @@
++++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-10 15:43:29.000000000 -0400
+@@ -0,0 +1,277 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@@ -8951,6 +8982,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +type TEMPLATETYPE_t;
 +type TEMPLATETYPE_exec_t;
 +application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
++role system_r types TEMPLATETYPE_t;
++
 +"""
 +
 +te_cgi_types="""\
@@ -8995,6 +9028,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +"""
 +
 +te_userapp_rules="""
++########################################
++#
++# TEMPLATETYPE local policy
++#
++
++## internal communication is often done using fifo and unix sockets.
++allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
++allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
++
++files_read_etc_files(TEMPLATETYPE_t)
++
++libs_use_ld_so(TEMPLATETYPE_t)
++libs_use_shared_libs(TEMPLATETYPE_t)
++
++miscfiles_read_localization(TEMPLATETYPE_t)
++
 +"""
 +
 +te_cgi_rules="""
@@ -9032,11 +9081,41 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +                type TEMPLATETYPE_exec_t;
 +	')
 +
-+	domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
++	domtrans_pattern($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
++')
 +
-+	allow TEMPLATETYPE_t $1:fd use;
-+	allow TEMPLATETYPE_t $1:fifo_file rw_file_perms;
-+	allow TEMPLATETYPE_t $1:process sigchld;
++"""
++
++if_user_program_rules="""
++########################################
++## <summary>
++##	Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
++##	allow the specified role the TEMPLATETYPE domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	The role to be allowed the TEMPLATETYPE domain.
++##	</summary>
++## </param>
++## <param name="terminal">
++##	<summary>
++##	The type of the role's terminal.
++##	</summary>
++## </param>
++#
++interface(`TEMPLATETYPE_run',`
++	gen_require(`
++		type TEMPLATETYPE_t;
++	')
++
++	TEMPLATETYPE_domtrans($1)
++	role $2 types TEMPLATETYPE_t;
++	dontaudit TEMPLATETYPE_t $3:chr_file rw_term_perms;
 +')
 +
 +"""
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 479745b..6f44806 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.25
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -200,6 +200,9 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
+* Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11
+- Lots of fixes for polgengui
+
 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-10
 - Change Requires /bin/rpm to rpm