policycoreutils/policycoreutils-rhat.patch

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon	2006-01-05 10:35:49.000000000 -0500
+++ policycoreutils-1.29.5/scripts/genhomedircon	2006-01-10 14:10:21.000000000 -0500
@@ -144,7 +144,7 @@
 		for i in  fd.read().split('\n'):
 			if i.find("HOME_ROOT") == 0:
 				i=i.replace("HOME_ROOT", homedir)
-				ret = i+"\n"
+				ret += i+"\n"
 		fd.close()
 		if ret=="":
 			errorExit("No Home Root Context Found")
@@ -162,9 +162,10 @@
 		for idx in range(self.usize):
 			user = semanage_user_by_idx(self.ulist, idx)
 			if semanage_user_get_name(user) == name:
-				#role=semanage_user_get_defrole(user)
-				#return role
-				return "user_r"
+				if name == "staff_u" or name == "root" and self.type != "targeted":
+					return "staff_r"
+				else:
+					return "user_r"
 		return name
 	def getOldRole(self, role):
 		rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s"' % role, "=")
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile
--- nsapolicycoreutils/semanage/Makefile	2005-11-29 10:55:01.000000000 -0500
+++ policycoreutils-1.29.5/semanage/Makefile	2006-01-06 14:34:47.000000000 -0500
@@ -2,6 +2,8 @@
 PREFIX ?= ${DESTDIR}/usr
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR = $(PREFIX)/share/man
+PYLIBVER ?= python2.4
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
 
 TARGETS=semanage
 
@@ -12,6 +14,8 @@
 	-mkdir -p $(SBINDIR)
 	install -m 755 semanage $(SBINDIR)
 	install -m 644 semanage.8 $(MANDIR)/man8
+	test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
+	install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
 
 clean:
 
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2006-01-05 10:35:49.000000000 -0500
+++ policycoreutils-1.29.5/semanage/semanage	2006-01-06 14:41:04.000000000 -0500
@@ -20,345 +20,9 @@
 #                                        02111-1307  USA
 #
 #  
-import commands, sys, os, pwd, string, getopt, pwd
-from semanage import *;
-class loginRecords:
-	def __init__(self):
-		self.sh = semanage_handle_create()
-		self.semanaged = semanage_is_managed(self.sh)
-		if self.semanaged:
-			semanage_connect(self.sh)
-
-	def add(self, name, sename, serange):
-		if serange == "":
-			serange = "s0"
-		if sename == "":
-			sename = "user_u"
-			
-		(rc,k) = semanage_seuser_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s" % name)
-
-		(rc,exists) = semanage_seuser_exists(self.sh, k)
-		if exists:
-			raise ValueError("SELinux User %s mapping already defined" % name)
-		try:
-			pwd.getpwnam(name)
-		except:
-			raise ValueError("Linux User %s does not exist" % name)
-			
-		(rc,u) = semanage_seuser_create(self.sh)
-		if rc < 0:
-			raise ValueError("Could not create seuser for %s" % name)
-
-		semanage_seuser_set_name(self.sh, u, name)
-		semanage_seuser_set_mlsrange(self.sh, u, serange)
-		semanage_seuser_set_sename(self.sh, u, sename)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_add(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add SELinux user mapping")
-
-	def modify(self, name, sename = "", serange = ""):
-		(rc,k) = semanage_seuser_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s" % name)
-
-		if sename == "" and serange == "":
-			raise ValueError("Requires, seuser or serange")
-
-		(rc,exists) = semanage_seuser_exists(self.sh, k)
-		if exists:
-			(rc,u) = semanage_seuser_query(self.sh, k)
-			if rc < 0:
-				raise ValueError("Could not query seuser for %s" % name)
-		else:
-			raise ValueError("SELinux user %s mapping is not defined." % name)
-
-		if serange != "":
-			semanage_seuser_set_mlsrange(self.sh, u, serange)
-		if sename != "":
-			semanage_seuser_set_sename(self.sh, u, sename)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_modify(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to modify SELinux user mapping")
-
-		
-	def delete(self, name):
-		(rc,k) = semanage_seuser_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s" % name)
-
-		(rc,exists) = semanage_seuser_exists(self.sh, k)
-		if not exists:
-			raise ValueError("SELinux user %s mapping is not defined." % name)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_del(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("SELinux User %s mapping not defined" % name)
-		
-	def list(self,heading=1):
-		if heading:
-			print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
-		(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
-		for idx in range(self.usize):
-			u = semanage_seuser_by_idx(self.ulist, idx)
-			name = semanage_seuser_get_name(u)
-			print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
-
-class seluserRecords:
-	def __init__(self):
-		roles = []
-		self.sh = semanage_handle_create()
-		self.semanaged = semanage_is_managed(self.sh)
-		if self.semanaged:
-			semanage_connect(self.sh)
-
-	def add(self, name, roles, selevel, serange):
-		if serange == "":
-			serange = "s0"
-		if selevel == "":
-			selevel = "s0"
-
-		(rc,k) = semanage_user_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s" % name)
-
-		(rc,exists) = semanage_user_exists_local(self.sh, k)
-		if not exists:
-			(rc,exists) = semanage_user_exists(self.sh, k)
-			if not exists:
-				raise ValueError("SELinux user %s is already defined." % name)
-
-		(rc,u) = semanage_user_create(self.sh)
-		if rc < 0:
-			raise ValueError("Could not create login mapping for %s" % name)
-
-		semanage_user_set_name(self.sh, u, name)
-		for r in roles:
-			semanage_user_add_role(self.sh, u, r)
-		semanage_user_set_mlsrange(self.sh, u, serange)
-		semanage_user_set_mlslevel(self.sh, u, selevel)
-		(rc,key) = semanage_user_key_extract(self.sh,u)
-		if rc < 0:
-			raise ValueError("Could not extract key for %s" % name)
-
-		semanage_begin_transaction(self.sh)
-		semanage_user_add_local(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add SELinux user")
-
-	def modify(self, name, roles = [], selevel = "", serange = ""):
-		if len(roles) == 0  and serange == "" and selevel == "":
-			raise ValueError("Requires, roles, level  or range")
-
-		(rc,k) = semanage_user_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s" % name)
-
-		(rc,exists) = semanage_user_exists_local(self.sh, k)
-		if exists:
-			(rc,u) = semanage_user_query_local(self.sh, k)
-		else:
-			(rc,exists) = semanage_user_exists(self.sh, k)
-			if exists:
-				(rc,u) = semanage_user_query(self.sh, k)
-			else:
-				raise ValueError("SELinux user %s mapping is not defined." % name)
-		if rc < 0:
-			raise ValueError("Could not query user for %s" % name)
-
-		if serange != "":
-			semanage_user_set_mlsrange(self.sh, u, serange)
-		if selevel != "":
-			semanage_user_set_mlslevel(self.sh, u, selevel)
-		if len(roles) < 0:
-			for r in roles:
-				semanage_user_add_role(self.sh, u, r)
-		semanage_begin_transaction(self.sh)
-		semanage_user_modify_local(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to modify SELinux user")
-		
-	def delete(self, name):
-		(rc,k) = semanage_user_key_create(self.sh, name)
-		if rc < 0:
-			raise ValueError("Could not crpppeate a key for %s" % name)
-
-		(rc,exists) = semanage_user_exists_local(self.sh, k)
-		if not exists:
-			raise ValueError("user %s is not defined" % name)
-		semanage_begin_transaction(self.sh)
-		semanage_user_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Login User %s not defined" % name)
-		
-	def list(self, heading=1):
-		if heading:
-			print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
-			print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
-		(status, self.ulist, self.usize) = semanage_user_list(self.sh)
-		for idx in range(self.usize):
-			u = semanage_user_by_idx(self.ulist, idx)
-			name = semanage_user_get_name(u)
-			(status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
-			roles = ""
-
-			if rlist_size:
-				roles += char_by_idx(rlist, 0)
-				for ridx in range (1,rlist_size):
-					roles += " " + char_by_idx(rlist, ridx)
-			print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
-
-class portRecords:
-	def __init__(self):
-		self.sh = semanage_handle_create()
-		self.semanaged = semanage_is_managed(self.sh)
-		if self.semanaged:
-			semanage_connect(self.sh)
-
-	def __genkey(self, port, proto):
-		if proto == "tcp":
-			proto_d=SEMANAGE_PROTO_TCP
-		else:
-			if proto == "udp":
-				proto_d=SEMANAGE_PROTO_UDP
-			else:
-				raise ValueError("Protocol udp or tcp is required")
-		if port == "":
-			raise ValueError("Port is required")
-			
-		ports=port.split("-")
-		if len(ports) == 1:
-			low=string.atoi(ports[0])
-			high=string.atoi(ports[0])
-		else:
-			low=string.atoi(ports[0])
-			high=string.atoi(ports[1])
-			
-		(rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
-		if rc < 0:
-			raise ValueError("Could not create a key for %s/%s" % (proto, port))
-		return ( k, proto_d, low, high )
-
-	def add(self, port, proto, serange, type):
-		if serange == "":
-			serange="s0"
-			
-		if type == "":
-			raise ValueError("Type is required")
-
-		( k, proto_d, low, high ) = self.__genkey(port, proto)			
-
-		(rc,exists) = semanage_port_exists(self.sh, k)
-		if exists:
-			raise ValueError("Port %s/%s already defined" % (proto, port))
-
-		(rc,exists) = semanage_port_exists_local(self.sh, k)
-		if exists:
-			raise ValueError("Port %s/%s already defined locally" % (proto, port))
-
-		(rc,p) = semanage_port_create(self.sh)
-		if rc < 0:
-			raise ValueError("Could not create port for %s/%s" % (proto, port))
-		
-		semanage_port_set_proto(p, proto_d)
-		semanage_port_set_range(p, low, high)
-		(rc, con) = semanage_context_create(self.sh)
-		if rc < 0:
-			raise ValueError("Could not create context for %s/%s" % (proto, port))
-
-		semanage_context_set_user(self.sh, con, "system_u")
-		semanage_context_set_role(self.sh, con, "object_r")
-		semanage_context_set_type(self.sh, con, type)
-		semanage_context_set_mls(self.sh, con, serange)
-		semanage_port_set_con(p, con)
-		semanage_begin_transaction(self.sh)
-		semanage_port_add_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add port")
-
-	def modify(self, port, proto, serange, setype):
-		if serange == "" and setype == "":
-			raise ValueError("Requires, setype or serange")
-
-		( k, proto_d, low, high ) = self.__genkey(port, proto)
-
-		(rc,exists) = semanage_port_exists_local(self.sh, k)
-		if exists:
-			(rc,p) = semanage_port_query_local(self.sh, k)
-			(rc,exists) = semanage_port_exists(self.sh, k)
-			if exists:
-				(rc,p) = semanage_port_query(self.sh, k)
-			else:
-				raise ValueError("port %s/%s is not defined." % (proto,port))
+import sys, getopt
+import seobject
 
-		if rc < 0:
-			raise ValueError("Could not query port for %s/%s" % (proto, port))
-
-		con = semanage_port_get_con(p)
-		semanage_context_set_mls(self.sh, con, serange)	
-		if serange != "":
-			semanage_context_set_mls(self.sh, con, serange)	
-		if setype != "":
-			semanage_context_set_type(self.sh, con, setype)
-		semanage_port_set_con(p, con)
-		semanage_begin_transaction(self.sh)
-		semanage_port_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add port")
-		
-	def delete(self, port, proto):
-		( k, proto_d, low, high ) = self.__genkey(port, proto)
-		(rc,exists) = semanage_port_exists_local(self.sh, k)
-		if not exists:
-			raise ValueError("port %s/%s is not defined localy." % (proto,port))
-
-		semanage_begin_transaction(self.sh)
-		semanage_port_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Port %s/%s not defined" % (proto,port))
-		
-	def list(self, heading=1):
-		(status, self.plist, self.psize) = semanage_port_list(self.sh)
-		if heading:
-			print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
-		dict={}
-		for idx in range(self.psize):
-			u = semanage_port_by_idx(self.plist, idx)
-			con = semanage_port_get_con(u)
-			name = semanage_context_get_type(con)
-			proto=semanage_port_get_proto_str(u)
-			low=semanage_port_get_low(u)
-			high = semanage_port_get_high(u)
-			if (name, proto) not in dict.keys():
-				dict[(name,proto)]=[]
-			if low == high:
-				dict[(name,proto)].append("%d" % low)
-			else:
-				dict[(name,proto)].append("%d-%d" % (low, high))
-		(status, self.plist, self.psize) = semanage_port_list_local(self.sh)
-		for idx in range(self.psize):
-			u = semanage_port_by_idx(self.plist, idx)
-			con = semanage_port_get_con(u)
-			name = semanage_context_get_type(con)
-			proto=semanage_port_get_proto_str(u)
-			low=semanage_port_get_low(u)
-			high = semanage_port_get_high(u)
-			if (name, proto) not in dict.keys():
-				dict[(name,proto)]=[]
-			if low == high:
-				dict[(name,proto)].append("%d" % low)
-			else:
-				dict[(name,proto)].append("%d-%d" % (low, high))
-		for i in dict.keys():
-			rec = "%-30s %-8s " % i
-			rec += "%s" % dict[i][0]
-			for p in dict[i][1:]:
-				rec += ", %s" % p
-			print rec
-			
 if __name__ == '__main__':
 
 	def usage(message = ""):
@@ -366,8 +30,11 @@
 semanage user [-admsRrh] SELINUX_USER\n\
 semanage login [-admsrh] LOGIN_NAME\n\
 semanage port [-admth] PORT | PORTRANGE\n\
+semanage interface [-admth] INTERFACE\n\
+semanage fcontext [-admhfst] INTERFACE\n\
 	-a, --add        Add a OBJECT record NAME\n\
 	-d, --delete     Delete a OBJECT record NAME\n\
+	-f, --ftype      File Type of OBJECT \n\
 	-h, --help       display this message\n\
 	-l, --list       List the OBJECTS\n\
 	-n, --noheading  Do not print heading when listing OBJECTS\n\
@@ -391,7 +58,7 @@
 	# 
 	#
 	try:
-		objectlist = ("login", "user", "port")
+		objectlist = ("login", "user", "port", "interface", "fcontext")
 		input = sys.stdin
 		output = sys.stdout
 		serange = ""
@@ -399,6 +66,7 @@
 		proto = ""
 		selevel = ""
 		setype = ""
+		ftype = ""
 		roles = ""
 		seuser = ""
 		heading=1
@@ -416,9 +84,10 @@
 			
 		args = sys.argv[2:]
 		gopts, cmds = getopt.getopt(args,
-					    'adlhmnp:P:s:R:r:t:v',
+					    'adf:lhmnp:P:s:R:r:t:v',
 					    ['add',
 					     'delete',
+					     'ftype=',
 					     'help',
 					     'list', 
 					     'modify',
@@ -441,6 +110,8 @@
 				if modify or add:
 					usage()
 				delete = 1
+			if o == "-f"  or o == "--ftype":
+				ftype=a
 			if o == "-h" or o == "--help":
 				usage()
 
@@ -474,13 +145,19 @@
 				verbose = 1
 
 		if object == "login":
-			OBJECT = loginRecords()
+			OBJECT = seobject.loginRecords()
 
 		if object == "user":
-			OBJECT = seluserRecords()
+			OBJECT = seobject.seluserRecords()
 
 		if object == "port":
-			OBJECT = portRecords()
+			OBJECT = seobject.portRecords()
+		
+		if object == "interface":
+			OBJECT = seobject.interfaceRecords()
+		
+		if object == "fcontext":
+			OBJECT = seobject.fcontextRecords()
 		
 		if list:
 			OBJECT.list(heading)
@@ -504,6 +181,11 @@
 			if object == "port":
 				OBJECT.add(target, proto, serange, setype)
 
+			if object == "interface":
+				OBJECT.add(target, serange, setype)
+
+			if object == "fcontext":
+				OBJECT.add(target, setype, ftype, serange, seuser)
 			sys.exit(0);
 			
 		if modify:
@@ -516,7 +198,13 @@
 
 			if object == "port":
 				OBJECT.modify(target, proto, serange, setype)
-				sys.exit(0);
+
+			if object == "interface":
+				OBJECT.modify(target, serange, setype)
+
+			if object == "fcontext":
+				OBJECT.modify(target, setype, ftype, serange, seuser)
+
 			sys.exit(0);
 
 		if delete:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.5/semanage/seobject.py	2006-01-06 14:30:39.000000000 -0500
@@ -0,0 +1,722 @@
+#! /usr/bin/env python
+# Copyright (C) 2005 Red Hat 
+# see file 'COPYING' for use and warranty information
+#
+# semanage is a tool for managing SELinux configuration files
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of the GNU General Public License as
+#    published by the Free Software Foundation; either version 2 of
+#    the License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program; if not, write to the Free Software
+#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
+#                                        02111-1307  USA
+#
+#  
+
+import pwd, string
+from semanage import *;
+class semanageRecords:
+	def __init__(self):
+		self.sh = semanage_handle_create()
+		self.semanaged = semanage_is_managed(self.sh)
+		if self.semanaged:
+			semanage_connect(self.sh)
+
+class loginRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+
+	def add(self, name, sename, serange):
+		if serange == "":
+			serange = "s0"
+		if sename == "":
+			sename = "user_u"
+			
+		(rc,k) = semanage_seuser_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s" % name)
+
+		(rc,exists) = semanage_seuser_exists(self.sh, k)
+		if exists:
+			raise ValueError("SELinux User %s mapping already defined" % name)
+		try:
+			pwd.getpwnam(name)
+		except:
+			raise ValueError("Linux User %s does not exist" % name)
+			
+		(rc,u) = semanage_seuser_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create seuser for %s" % name)
+
+		semanage_seuser_set_name(self.sh, u, name)
+		semanage_seuser_set_mlsrange(self.sh, u, serange)
+		semanage_seuser_set_sename(self.sh, u, sename)
+		semanage_begin_transaction(self.sh)
+		semanage_seuser_add(self.sh, k, u)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add SELinux user mapping")
+
+	def modify(self, name, sename = "", serange = ""):
+		(rc,k) = semanage_seuser_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s" % name)
+
+		if sename == "" and serange == "":
+			raise ValueError("Requires, seuser or serange")
+
+		(rc,exists) = semanage_seuser_exists(self.sh, k)
+		if exists:
+			(rc,u) = semanage_seuser_query(self.sh, k)
+			if rc < 0:
+				raise ValueError("Could not query seuser for %s" % name)
+		else:
+			raise ValueError("SELinux user %s mapping is not defined." % name)
+
+		if serange != "":
+			semanage_seuser_set_mlsrange(self.sh, u, serange)
+		if sename != "":
+			semanage_seuser_set_sename(self.sh, u, sename)
+		semanage_begin_transaction(self.sh)
+		semanage_seuser_modify_local(self.sh, k, u)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to modify SELinux user mapping")
+	def delete(self, name):
+		(rc,k) = semanage_seuser_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s" % name)
+
+		(rc,exists) = semanage_seuser_exists(self.sh, k)
+		if not exists:
+			raise ValueError("SELinux user %s mapping is not defined." % name)
+		semanage_begin_transaction(self.sh)
+		semanage_seuser_del(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("SELinux User %s mapping not defined" % name)
+		
+	def get_all(self):
+		dict={}
+		(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+		for idx in range(self.usize):
+			u = semanage_seuser_by_idx(self.ulist, idx)
+			name = semanage_seuser_get_name(u)
+			dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+		return dict
+
+	def list(self,heading=1):
+		if heading:
+			print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
+		dict=self.get_all()
+		keys=dict.keys()
+		keys.sort()
+		for k in keys:
+			print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
+
+class seluserRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+
+	def add(self, name, roles, selevel, serange):
+		if serange == "":
+			serange = "s0"
+		if selevel == "":
+			selevel = "s0"
+
+		(rc,k) = semanage_user_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s" % name)
+
+		(rc,exists) = semanage_user_exists(self.sh, k)
+		if not exists:
+			raise ValueError("SELinux user %s is already defined." % name)
+
+		(rc,u) = semanage_user_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create login mapping for %s" % name)
+
+		semanage_user_set_name(self.sh, u, name)
+		for r in roles:
+			semanage_user_add_role(self.sh, u, r)
+		semanage_user_set_mlsrange(self.sh, u, serange)
+		semanage_user_set_mlslevel(self.sh, u, selevel)
+		(rc,key) = semanage_user_key_extract(self.sh,u)
+		if rc < 0:
+			raise ValueError("Could not extract key for %s" % name)
+
+		semanage_begin_transaction(self.sh)
+		semanage_user_add_local(self.sh, k, u)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add SELinux user")
+
+	def modify(self, name, roles = [], selevel = "", serange = ""):
+		if len(roles) == 0  and serange == "" and selevel == "":
+			raise ValueError("Requires, roles, level  or range")
+
+		(rc,k) = semanage_user_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s" % name)
+
+		(rc,exists) = semanage_user_exists(self.sh, k)
+		if exists:
+			(rc,u) = semanage_user_query(self.sh, k)
+		else:
+			raise ValueError("SELinux user %s mapping is not defined locally." % name)
+		if rc < 0:
+			raise ValueError("Could not query user for %s" % name)
+
+		if serange != "":
+			semanage_user_set_mlsrange(self.sh, u, serange)
+		if selevel != "":
+			semanage_user_set_mlslevel(self.sh, u, selevel)
+		if len(roles) != 0:
+			for r in roles:
+				semanage_user_add_role(self.sh, u, r)
+		semanage_begin_transaction(self.sh)
+		semanage_user_modify_local(self.sh, k, u)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to modify SELinux user")
+		
+	def delete(self, name):
+		(rc,k) = semanage_user_key_create(self.sh, name)
+		if rc < 0:
+			raise ValueError("Could not crpppeate a key for %s" % name)
+		(rc,exists) = semanage_user_exists(self.sh, k)
+		if not exists:
+			raise ValueError("user %s is not defined" % name)
+		else:
+			(rc,exists) = semanage_user_exists_local(self.sh, k)
+			if not exists:
+				raise ValueError("user %s is not defined locally, can not delete " % name)
+			
+		semanage_begin_transaction(self.sh)
+		semanage_user_del_local(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Login User %s not defined" % name)
+		
+	def get_all(self):
+		dict={}
+		(status, self.ulist, self.usize) = semanage_user_list(self.sh)
+		for idx in range(self.usize):
+			u = semanage_user_by_idx(self.ulist, idx)
+			name = semanage_user_get_name(u)
+			(status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+			roles = ""
+
+			if rlist_size:
+				roles += char_by_idx(rlist, 0)
+				for ridx in range (1,rlist_size):
+					roles += " " + char_by_idx(rlist, ridx)
+			dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+
+		return dict
+
+	def list(self, heading=1):
+		if heading:
+			print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
+			print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+		dict=self.get_all()
+		keys=dict.keys()
+		keys.sort()
+		for k in keys:
+			print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
+
+class portRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+
+	def __genkey(self, port, proto):
+		if proto == "tcp":
+			proto_d=SEMANAGE_PROTO_TCP
+		else:
+			if proto == "udp":
+				proto_d=SEMANAGE_PROTO_UDP
+			else:
+				raise ValueError("Protocol udp or tcp is required")
+		if port == "":
+			raise ValueError("Port is required")
+			
+		ports=port.split("-")
+		if len(ports) == 1:
+			low=string.atoi(ports[0])
+			high=string.atoi(ports[0])
+		else:
+			low=string.atoi(ports[0])
+			high=string.atoi(ports[1])
+
+		(rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
+		if rc < 0:
+			raise ValueError("Could not create a key for %s/%s" % (proto, port))
+		return ( k, proto_d, low, high )
+
+	def add(self, port, proto, serange, type):
+		if serange == "":
+			serange="s0"
+			
+		if type == "":
+			raise ValueError("Type is required")
+
+		( k, proto_d, low, high ) = self.__genkey(port, proto)			
+
+		(rc,exists) = semanage_port_exists(self.sh, k)
+		if exists:
+			raise ValueError("Port %s/%s already defined" % (proto, port))
+
+		(rc,p) = semanage_port_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create port for %s/%s" % (proto, port))
+		
+		semanage_port_set_proto(p, proto_d)
+		semanage_port_set_range(p, low, high)
+		(rc, con) = semanage_context_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create context for %s/%s" % (proto, port))
+
+		semanage_context_set_user(self.sh, con, "system_u")
+		semanage_context_set_role(self.sh, con, "object_r")
+		semanage_context_set_type(self.sh, con, type)
+		semanage_context_set_mls(self.sh, con, serange)
+		semanage_begin_transaction(self.sh)
+		semanage_port_set_con(p, con)
+		semanage_port_add_local(self.sh, k, p)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add port")
+
+	def modify(self, port, proto, serange, setype):
+		if serange == "" and setype == "":
+			raise ValueError("Requires, setype or serange")
+
+		( k, proto_d, low, high ) = self.__genkey(port, proto)
+
+		(rc,exists) = semanage_port_exists(self.sh, k)
+		if exists:
+			(rc,p) = semanage_port_query(self.sh, k)
+		else:
+			raise ValueError("port %s/%s is not defined." % (proto,port))
+
+		if rc < 0:
+			raise ValueError("Could not query port for %s/%s" % (proto, port))
+
+		con = semanage_port_get_con(p)
+		if rc < 0:
+			raise ValueError("Could not get port context for %s/%s" % (proto, port))
+			
+		if serange != "":
+			semanage_context_set_mls(self.sh, con, serange)	
+		if setype != "":
+			semanage_context_set_type(self.sh, con, setype)
+		semanage_begin_transaction(self.sh)
+		semanage_port_modify_local(self.sh, k, p)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add port")
+		
+	def delete(self, port, proto):
+		( k, proto_d, low, high ) = self.__genkey(port, proto)
+		(rc,exists) = semanage_port_exists(self.sh, k)
+		if not exists:
+			raise ValueError("port %s/%s is not defined." % (proto,port))
+		else:
+			(rc,exists) = semanage_port_exists_local(self.sh, k)
+			if not exists:
+				raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
+
+		semanage_begin_transaction(self.sh)
+		semanage_port_del_local(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Port %s/%s not defined" % (proto,port))
+		
+	def get_all(self):
+		dict={}
+		(status, self.plist, self.psize) = semanage_port_list(self.sh)
+		for idx in range(self.psize):
+			u = semanage_port_by_idx(self.plist, idx)
+			con = semanage_port_get_con(u)
+			name = semanage_context_get_type(con)
+			proto=semanage_port_get_proto_str(u)
+			low=semanage_port_get_low(u)
+			high = semanage_port_get_high(u)
+			if (name, proto) not in dict.keys():
+				dict[(name,proto)]=[]
+			if low == high:
+				dict[(name,proto)].append("%d" % low)
+			else:
+				dict[(name,proto)].append("%d-%d" % (low, high))
+		return dict
+
+	def list(self, heading=1):
+		if heading:
+			print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
+		dict=self.get_all()
+		keys=dict.keys()
+		keys.sort()
+		for i in keys:
+			rec = "%-30s %-8s " % i
+			rec += "%s" % dict[i][0]
+			for p in dict[i][1:]:
+				rec += ", %s" % p
+			print rec
+
+class interfaceRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+
+	def add(self, interface, serange, type):
+		if serange == "":
+			serange="s0"
+			
+		if type == "":
+			raise ValueError("SELinux Type is required")
+
+		(rc,k) = semanage_iface_key_create(self.sh, interface)
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % interface)
+		(rc,exists) = semanage_iface_exists(self.sh, k)
+		if exists:
+			raise ValueError("Interface %s already defined" % interface)
+
+		(rc,iface) = semanage_iface_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create interface for %s" % (interface))
+		
+		rc = semanage_iface_set_name(self.sh, iface, interface)
+		(rc, con) = semanage_context_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create context for %s" % interface)
+
+		semanage_context_set_user(self.sh, con, "system_u")
+		semanage_context_set_role(self.sh, con, "object_r")
+		semanage_context_set_type(self.sh, con, type)
+		semanage_context_set_mls(self.sh, con, serange)
+		semanage_begin_transaction(self.sh)
+		semanage_iface_set_ifcon(iface, con)
+		semanage_iface_set_msgcon(iface, con)
+		semanage_iface_add_local(self.sh, k, iface)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add interface")
+
+	def modify(self, interface, serange, setype):
+		if serange == "" and setype == "":
+			raise ValueError("Requires, setype or serange")
+
+		(rc,k) = semanage_iface_key_create(self.sh, interface)
+		if rc < 0:
+			raise ValueError("Can't creater key for %s" % interface)
+		(rc,exists) = semanage_iface_exists(self.sh, k)
+		if exists:
+			(rc,p) = semanage_iface_query(self.sh, k)
+		else:
+			raise ValueError("interface %s is not defined." % interface)
+
+		if rc < 0:
+			raise ValueError("Could not query interface for %s" % interface)
+
+		con = semanage_iface_get_ifcon(p)
+		if rc < 0:
+			raise ValueError("Could not get interface context for %s" % interface)
+			
+		if serange != "":
+			semanage_context_set_mls(self.sh, con, serange)	
+		if setype != "":
+			semanage_context_set_type(self.sh, con, setype)
+
+		semanage_begin_transaction(self.sh)
+		semanage_iface_modify_local(self.sh, k, p)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add interface")
+		
+	def delete(self, interface):
+		(rc,k) = semanage_iface_key_create(self.sh, interface)
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % interface)
+		(rc,exists) = semanage_iface_exists(self.sh, k)
+		if not exists:
+			raise ValueError("interface %s is not defined." % interface)
+		else:
+			(rc,exists) = semanage_iface_exists_local(self.sh, k)
+			if not exists:
+				raise ValueError("interface %s is not defined localy, can not be deleted." % interface)
+
+		semanage_begin_transaction(self.sh)
+		semanage_iface_del_local(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Interface %s not defined" % interface)
+		
+	def get_all(self):
+		dict={}
+		(status, self.plist, self.psize) = semanage_iface_list(self.sh)
+		if status < 0:
+			raise ValueError("Unable to list interfaces")
+		for idx in range(self.psize):
+			interface = semanage_iface_by_idx(self.plist, idx)
+			con = semanage_iface_get_ifcon(interface)
+			dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+
+		return dict
+			
+	def list(self, heading=1):
+		if heading:
+			print "%-30s %s\n" % ("SELinux Interface", "Context")
+		dict=self.get_all()
+		keys=dict.keys()
+		keys.sort()
+		for k in keys:
+			print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+			
+class fcontextRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+		self.file_types={}
+		self.file_types[""]   = SEMANAGE_FCONTEXT_ALL;
+		self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
+		self.file_types["--"] = SEMANAGE_FCONTEXT_REG;
+		self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
+		self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
+		self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
+		self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
+		self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
+		self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
+		self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
+		self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
+		self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
+		self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
+		self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
+		self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
+		
+		
+	def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
+		if seuser == "":
+			seuser="system_u"
+			
+		if serange == "":
+			serange="s0"
+			
+		if type == "":
+			raise ValueError("SELinux Type is required")
+
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		print (rc, exists, target)
+		if exists:
+			raise ValueError("fcontext %s already defined" % target)
+		(rc,fcontext) = semanage_fcontext_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create fcontext for %s" % target)
+		
+		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+		(rc, con) = semanage_context_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create context for %s" % target)
+
+		semanage_context_set_user(self.sh, con, seuser)
+		semanage_context_set_role(self.sh, con, "object_r")
+		semanage_context_set_type(self.sh, con, type)
+		semanage_context_set_mls(self.sh, con, serange)
+		semanage_fcontext_set_type(fcontext, self.file_types[ftype])
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_set_con(fcontext, con)
+		semanage_fcontext_add_local(self.sh, k, fcontext)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add fcontext")
+
+	def modify(self, target, setype, ftype, serange, seuser):
+		if serange == "" and setype == "" and seuser == "":
+			raise ValueError("Requires, setype, serange or seuser")
+
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't creater key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		if exists:
+			(rc,p) = semanage_fcontext_query(self.sh, k)
+		else:
+			raise ValueError("fcontext %s is not defined." % target)
+		if rc < 0:
+			raise ValueError("Could not query fcontext for %s" % target)
+		con = semanage_fcontext_get_con(p)
+		if rc < 0:
+			raise ValueError("Could not get fcontext context for %s" % target)
+			
+		if serange != "":
+			semanage_context_set_mls(self.sh, con, serange)	
+		if seuser != "":
+			semanage_context_set_user(self.sh, con, seuser)	
+		if setype != "":
+			semanage_context_set_type(self.sh, con, setype)
+
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_modify_local(self.sh, k, p)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add fcontext")
+		
+	def delete(self, target):
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		if not exists:
+			raise ValueError("fcontext %s is not defined." % target)
+		else:
+			(rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+			if not exists:
+				raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
+
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_del_local(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("fcontext %s not defined" % target)
+		
+	def get_all(self):
+		dict={}
+		(status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
+		if status < 0:
+			raise ValueError("Unable to list fcontexts")
+
+		for idx in range(self.psize):
+			fcontext = semanage_fcontext_by_idx(self.plist, idx)
+			expr=semanage_fcontext_get_expr(fcontext)
+			ftype=semanage_fcontext_get_type_str(fcontext)
+			con = semanage_fcontext_get_con(fcontext)
+			if con:
+				dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+			else:
+				dict[expr, ftype]=con
+
+		return dict
+			
+	def list(self, heading=1):
+		if heading:
+			print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
+		dict=self.get_all()
+		keys=dict.keys()
+		for k in keys:
+			if dict[k]:
+				print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+			else:
+				print "%-50s %-18s <<None>>" % (k[0], k[1])
+				
+class booleanRecords(semanageRecords):
+	def __init__(self):
+		semanageRecords.__init__(self)
+		
+	def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
+		if seuser == "":
+			seuser="system_u"
+			
+		if serange == "":
+			serange="s0"
+			
+		if type == "":
+			raise ValueError("SELinux Type is required")
+
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		print (rc, exists, target)
+		if exists:
+			raise ValueError("fcontext %s already defined" % target)
+		(rc,fcontext) = semanage_fcontext_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create fcontext for %s" % target)
+		
+		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+		(rc, con) = semanage_context_create(self.sh)
+		if rc < 0:
+			raise ValueError("Could not create context for %s" % target)
+
+		semanage_context_set_user(self.sh, con, seuser)
+		semanage_context_set_role(self.sh, con, "object_r")
+		semanage_context_set_type(self.sh, con, type)
+		semanage_context_set_mls(self.sh, con, serange)
+		semanage_fcontext_set_type(fcontext, self.file_types[ftype])
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_set_con(fcontext, con)
+		semanage_fcontext_add_local(self.sh, k, fcontext)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add fcontext")
+
+	def modify(self, target, setype, ftype, serange, seuser):
+		if serange == "" and setype == "" and seuser == "":
+			raise ValueError("Requires, setype, serange or seuser")
+
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't creater key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		if exists:
+			(rc,p) = semanage_fcontext_query(self.sh, k)
+		else:
+			raise ValueError("fcontext %s is not defined." % target)
+		if rc < 0:
+			raise ValueError("Could not query fcontext for %s" % target)
+		con = semanage_fcontext_get_con(p)
+		if rc < 0:
+			raise ValueError("Could not get fcontext context for %s" % target)
+			
+		if serange != "":
+			semanage_context_set_mls(self.sh, con, serange)	
+		if seuser != "":
+			semanage_context_set_user(self.sh, con, seuser)	
+		if setype != "":
+			semanage_context_set_type(self.sh, con, setype)
+
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_modify_local(self.sh, k, p)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("Failed to add fcontext")
+		
+	def delete(self, target):
+		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		if rc < 0:
+			raise ValueError("Can't create key for %s" % target)
+		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+		if not exists:
+			raise ValueError("fcontext %s is not defined." % target)
+		else:
+			(rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+			if not exists:
+				raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
+
+		semanage_begin_transaction(self.sh)
+		semanage_fcontext_del_local(self.sh, k)
+		if semanage_commit(self.sh) < 0:
+			raise ValueError("fcontext %s not defined" % target)
+		
+	def get_all(self):
+		dict={}
+		(status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
+		if status < 0:
+			raise ValueError("Unable to list fcontexts")
+
+		for idx in range(self.psize):
+			fcontext = semanage_fcontext_by_idx(self.plist, idx)
+			expr=semanage_fcontext_get_expr(fcontext)
+			ftype=semanage_fcontext_get_type_str(fcontext)
+			con = semanage_fcontext_get_con(fcontext)
+			if con:
+				dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+			else:
+				dict[expr, ftype]=con
+
+		return dict
+			
+	def list(self, heading=1):
+		if heading:
+			print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
+		dict=self.get_all()
+		keys=dict.keys()
+		for k in keys:
+			if dict[k]:
+				print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+			else:
+				print "%-50s %-18s <<None>>" % (k[0], k[1])
+				
+