policycoreutils/policycoreutils-rhat.patch

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon	2006-01-13 09:47:40.000000000 -0500
+++ policycoreutils-1.29.7/scripts/genhomedircon	2006-01-14 08:39:02.000000000 -0500
@@ -327,6 +327,9 @@
 			sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
 
 
+if os.getuid() > 0 or os.geteuid() > 0:
+	print "You must be root to run %s." % sys.argv[0]
+	sys.exit(0)
 
 #
 # This script will generate home dir file context
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2006-01-13 09:47:40.000000000 -0500
+++ policycoreutils-1.29.7/semanage/semanage	2006-01-14 08:38:35.000000000 -0500
@@ -20,10 +20,13 @@
 #                                        02111-1307  USA
 #
 #  
-import sys, getopt
+import os, sys, getopt
 import seobject
 
 if __name__ == '__main__':
+	if os.getuid() > 0 or os.geteuid() > 0:
+		print "You must be root to run %s." % sys.argv[0]
+		sys.exit(0)
 
 	def usage(message = ""):
 		print '\
@@ -210,8 +214,13 @@
 		if delete:
 			if object == "port":
 				OBJECT.delete(target, proto)
+
+			if object == "fcontext":
+				OBJECT.delete(target, ftype)
+
 			else:
 				OBJECT.delete(target)
+
 			sys.exit(0);
 		usage()
 			
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2006-01-13 08:39:11.000000000 -0500
+++ policycoreutils-1.29.7/semanage/seobject.py	2006-01-14 01:50:09.000000000 -0500
@@ -46,7 +46,7 @@
 
 		(rc,exists) = semanage_seuser_exists(self.sh, k)
 		if exists:
-			raise ValueError("SELinux User %s mapping already defined" % name)
+			raise ValueError("Login mapping for %s is already defined" % name)
 		try:
 			pwd.getpwnam(name)
 		except:
@@ -54,40 +54,65 @@
 			
 		(rc,u) = semanage_seuser_create(self.sh)
 		if rc < 0:
-			raise ValueError("Could not create seuser for %s" % name)
+			raise ValueError("Could not create login mapping for %s" % name)
 
-		semanage_seuser_set_name(self.sh, u, name)
-		semanage_seuser_set_mlsrange(self.sh, u, serange)
-		semanage_seuser_set_sename(self.sh, u, sename)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_add(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add SELinux user mapping")
+		rc = semanage_seuser_set_name(self.sh, u, name)
+		if rc < 0:
+			raise ValueError("Could not set name for %s" % name)
+
+		rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+		if rc < 0:
+			raise ValueError("Could not set MLS range for %s" % name)
+
+		rc = semanage_seuser_set_sename(self.sh, u, sename)
+		if rc < 0:
+			raise ValueError("Could not set SELinux user for %s" % name)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_seuser_modify(self.sh, k, u)
+		if rc < 0:
+			raise ValueError("Failed to add login mapping for %s" % name)
+
+		rc = semanage_commit(self.sh) 
+		if rc < 0:
+			raise ValueError("Failed to add login mapping for %s" % name)
 
 	def modify(self, name, sename = "", serange = ""):
+		if sename == "" and serange == "":
+			raise ValueError("Requires seuser or serange")
+
 		(rc,k) = semanage_seuser_key_create(self.sh, name)
 		if rc < 0:
 			raise ValueError("Could not create a key for %s" % name)
 
-		if sename == "" and serange == "":
-			raise ValueError("Requires, seuser or serange")
-
 		(rc,exists) = semanage_seuser_exists(self.sh, k)
-		if exists:
-			(rc,u) = semanage_seuser_query(self.sh, k)
-			if rc < 0:
-				raise ValueError("Could not query seuser for %s" % name)
-		else:
-			raise ValueError("SELinux user %s mapping is not defined." % name)
+		if not exists:
+			raise ValueError("Login mapping for %s is not defined" % name)
+
+		(rc,u) = semanage_seuser_query(self.sh, k)
+		if rc < 0:
+			raise ValueError("Could not query seuser for %s" % name)
 
 		if serange != "":
 			semanage_seuser_set_mlsrange(self.sh, u, serange)
 		if sename != "":
 			semanage_seuser_set_sename(self.sh, u, sename)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_modify_local(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to modify SELinux user mapping")
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not srart semanage transaction")
+
+		rc = semanage_seuser_modify(self.sh, k, u)
+		if rc < 0:
+			raise ValueError("Failed to modify login mapping for %s" % name)
+	
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to modify login mapping for %s" % name)
+
 	def delete(self, name):
 		(rc,k) = semanage_seuser_key_create(self.sh, name)
 		if rc < 0:
@@ -95,15 +120,26 @@
 
 		(rc,exists) = semanage_seuser_exists(self.sh, k)
 		if not exists:
-			raise ValueError("SELinux user %s mapping is not defined." % name)
-		semanage_begin_transaction(self.sh)
-		semanage_seuser_del(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("SELinux User %s mapping not defined" % name)
+			raise ValueError("Login mapping for %s is not defined" % name)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_seuser_del(self.sh, k)
+		if rc < 0:
+			raise ValueError("Failed to delete login mapping for %s" % name)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to delete login mapping for %s" % name)
 		
 	def get_all(self):
 		dict={}
-		(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+		(rc, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list login mappings")
+
 		for idx in range(self.usize):
 			u = semanage_seuser_by_idx(self.ulist, idx)
 			name = semanage_seuser_get_name(u)
@@ -134,40 +170,59 @@
 			raise ValueError("Could not create a key for %s" % name)
 
 		(rc,exists) = semanage_user_exists(self.sh, k)
-		if not exists:
-			raise ValueError("SELinux user %s is already defined." % name)
+		if exists:
+			raise ValueError("SELinux user %s is already defined" % name)
 
 		(rc,u) = semanage_user_create(self.sh)
 		if rc < 0:
-			raise ValueError("Could not create login mapping for %s" % name)
+			raise ValueError("Could not create SELinux user for %s" % name)
+
+		rc = semanage_user_set_name(self.sh, u, name)
+		if rc < 0:
+			raise ValueError("Could not set name for %s" % name)
 
-		semanage_user_set_name(self.sh, u, name)
 		for r in roles:
-			semanage_user_add_role(self.sh, u, r)
-		semanage_user_set_mlsrange(self.sh, u, serange)
-		semanage_user_set_mlslevel(self.sh, u, selevel)
+			rc = semanage_user_add_role(self.sh, u, r)
+			if rc < 0:
+				raise ValueError("Could not add role %s for %s" % (r, name))
+
+		rc = semanage_user_set_mlsrange(self.sh, u, serange)
+		if rc < 0:
+			raise ValueError("Could not set MLS range for %s" % name)
+
+		rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+		if rc < 0:
+			raise ValueError("Could not set MLS level for %s" % name)
+
 		(rc,key) = semanage_user_key_extract(self.sh,u)
 		if rc < 0:
 			raise ValueError("Could not extract key for %s" % name)
 
-		semanage_begin_transaction(self.sh)
-		semanage_user_modify_local(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add SELinux user")
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_user_modify_local(self.sh, k, u)
+		if rc < 0:
+			raise ValueError("Failed to add SELinux user %s" % name)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add SELinux user %s" % name)
 
 	def modify(self, name, roles = [], selevel = "", serange = ""):
 		if len(roles) == 0  and serange == "" and selevel == "":
-			raise ValueError("Requires, roles, level  or range")
+			raise ValueError("Requires roles, level or range")
 
 		(rc,k) = semanage_user_key_create(self.sh, name)
 		if rc < 0:
 			raise ValueError("Could not create a key for %s" % name)
 
 		(rc,exists) = semanage_user_exists(self.sh, k)
-		if exists:
-			(rc,u) = semanage_user_query(self.sh, k)
-		else:
-			raise ValueError("SELinux user %s mapping is not defined locally." % name)
+		if not exists:
+			raise ValueError("SELinux user %s is not defined" % name)
+		
+		(rc,u) = semanage_user_query(self.sh, k)
 		if rc < 0:
 			raise ValueError("Could not query user for %s" % name)
 
@@ -178,35 +233,57 @@
 		if len(roles) != 0:
 			for r in roles:
 				semanage_user_add_role(self.sh, u, r)
-		semanage_begin_transaction(self.sh)
-		semanage_user_modify_local(self.sh, k, u)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to modify SELinux user")
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_user_modify_local(self.sh, k, u)
+		if rc < 0:
+			raise ValueError("Failed to modify SELinux user %s" % name)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to modify SELinux user %s" % name)
 		
 	def delete(self, name):
 		(rc,k) = semanage_user_key_create(self.sh, name)
 		if rc < 0:
-			raise ValueError("Could not crpppeate a key for %s" % name)
+			raise ValueError("Could not create a key for %s" % name)
+
 		(rc,exists) = semanage_user_exists(self.sh, k)
 		if not exists:
-			raise ValueError("user %s is not defined" % name)
-		else:
-			(rc,exists) = semanage_user_exists_local(self.sh, k)
-			if not exists:
-				raise ValueError("user %s is not defined locally, can not delete " % name)
-			
-		semanage_begin_transaction(self.sh)
-		semanage_user_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Login User %s not defined" % name)
+			raise ValueError("SELinux user %s is not defined" % name)
+
+		(rc,exists) = semanage_user_exists_local(self.sh, k)
+		if not exists:
+			raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
+			
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_user_del_local(self.sh, k)
+		if rc < 0:
+			raise ValueError("Failed to delete SELinux user %s" % name)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to delete SELinux user %s" % name)
 		
 	def get_all(self):
 		dict={}
-		(status, self.ulist, self.usize) = semanage_user_list(self.sh)
+		(rc, self.ulist, self.usize) = semanage_user_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list SELinux users")
+
 		for idx in range(self.usize):
 			u = semanage_user_by_idx(self.ulist, idx)
 			name = semanage_user_get_name(u)
-			(status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+			(rc, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+			if rc < 0:
+				raise ValueError("Could not list roles for user %s" % name)
+
 			roles = ""
 
 			if rlist_size:
@@ -278,62 +355,97 @@
 		if rc < 0:
 			raise ValueError("Could not create context for %s/%s" % (proto, port))
 
-		semanage_context_set_user(self.sh, con, "system_u")
-		semanage_context_set_role(self.sh, con, "object_r")
-		semanage_context_set_type(self.sh, con, type)
-		semanage_context_set_mls(self.sh, con, serange)
-		semanage_begin_transaction(self.sh)
+		rc = semanage_context_set_user(self.sh, con, "system_u")
+		if rc < 0:
+			raise ValueError("Could not set user in port context for %s/%s" % (proto, port))
+
+		rc = semanage_context_set_role(self.sh, con, "object_r")
+		if rc < 0:
+			raise ValueError("Could not set role in port context for %s/%s" % (proto, port))
+
+		rc = semanage_context_set_type(self.sh, con, type)
+		if rc < 0:
+			raise ValueError("Could not set type in port context for %s/%s" % (proto, port))
+
+		rc = semanage_context_set_mls(self.sh, con, serange)
+		if rc < 0:
+			raise ValueError("Could not set mls fields in port context for %s/%s" % (proto, port))
+
 		semanage_port_set_con(p, con)
-		semanage_port_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add port")
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_port_modify_local(self.sh, k, p)
+		if rc < 0:
+			raise ValueError("Failed to add port %s/%s" % (proto, port))
+	
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add port %s/%s" % (proto, port))
 
 	def modify(self, port, proto, serange, setype):
 		if serange == "" and setype == "":
-			raise ValueError("Requires, setype or serange")
+			raise ValueError("Requires setype or serange")
 
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
 
 		(rc,exists) = semanage_port_exists(self.sh, k)
-		if exists:
-			(rc,p) = semanage_port_query(self.sh, k)
-		else:
-			raise ValueError("port %s/%s is not defined." % (proto,port))
-
+		if not exists:
+			raise ValueError("Port %s/%s is not defined" % (proto,port))
+	
+		(rc,p) = semanage_port_query(self.sh, k)
 		if rc < 0:
-			raise ValueError("Could not query port for %s/%s" % (proto, port))
+			raise ValueError("Could not query port %s/%s" % (proto, port))
 
 		con = semanage_port_get_con(p)
-		if rc < 0:
-			raise ValueError("Could not get port context for %s/%s" % (proto, port))
 			
 		if serange != "":
 			semanage_context_set_mls(self.sh, con, serange)	
 		if setype != "":
 			semanage_context_set_type(self.sh, con, setype)
-		semanage_begin_transaction(self.sh)
-		semanage_port_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add port")
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_port_modify_local(self.sh, k, p)
+		if rc < 0:
+			raise ValueError("Failed to modify port %s/%s" % (proto, port))
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add port %s/%s" % (proto, port))
 		
 	def delete(self, port, proto):
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
 		(rc,exists) = semanage_port_exists(self.sh, k)
 		if not exists:
-			raise ValueError("port %s/%s is not defined." % (proto,port))
-		else:
-			(rc,exists) = semanage_port_exists_local(self.sh, k)
-			if not exists:
-				raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
-
-		semanage_begin_transaction(self.sh)
-		semanage_port_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Port %s/%s not defined" % (proto,port))
+			raise ValueError("Port %s/%s is not defined" % (proto, port))
+		
+		(rc,exists) = semanage_port_exists_local(self.sh, k)
+		if not exists:
+			raise ValueError("Port %s/%s is defined in policy, cannot be deleted" % (proto, port))
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_port_del_local(self.sh, k)
+		if rc < 0:
+			raise ValueError("Could not delete port %s/%s" % (proto, port))
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Could not delete port %s/%s" % (proto, port))
 		
 	def get_all(self):
 		dict={}
-		(status, self.plist, self.psize) = semanage_port_list(self.sh)
+		(rc, self.plist, self.psize) = semanage_port_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list ports")
+
 		for idx in range(self.psize):
 			u = semanage_port_by_idx(self.plist, idx)
 			con = semanage_port_get_con(u)
@@ -375,83 +487,122 @@
 
 		(rc,k) = semanage_iface_key_create(self.sh, interface)
 		if rc < 0:
-			raise ValueError("Can't create key for %s" % interface)
+			raise ValueError("Could not create key for %s" % interface)
+
 		(rc,exists) = semanage_iface_exists(self.sh, k)
 		if exists:
 			raise ValueError("Interface %s already defined" % interface)
 
 		(rc,iface) = semanage_iface_create(self.sh)
 		if rc < 0:
-			raise ValueError("Could not create interface for %s" % (interface))
+			raise ValueError("Could not create interface for %s" % interface)
 		
 		rc = semanage_iface_set_name(self.sh, iface, interface)
 		(rc, con) = semanage_context_create(self.sh)
 		if rc < 0:
 			raise ValueError("Could not create context for %s" % interface)
 
-		semanage_context_set_user(self.sh, con, "system_u")
-		semanage_context_set_role(self.sh, con, "object_r")
-		semanage_context_set_type(self.sh, con, type)
-		semanage_context_set_mls(self.sh, con, serange)
-		semanage_begin_transaction(self.sh)
+		rc = semanage_context_set_user(self.sh, con, "system_u")
+		if rc < 0:
+			raise ValueError("Could not set user in interface context for %s" % interface)
+
+		rc = semanage_context_set_role(self.sh, con, "object_r")
+		if rc < 0:
+			raise ValueError("Could not set role in interface context for %s" % interface)
+
+		rc = semanage_context_set_type(self.sh, con, type)
+		if rc < 0:
+			raise ValueError("Could not set type in interface context for %s" % interface)
+
+		rc = semanage_context_set_mls(self.sh, con, serange)
+		if rc < 0:
+			raise ValueError("Could not set mls fields in interface context for %s" % interface)
+
+		(rc, con2) = semanage_context_clone(self.sh, con)
+		if rc < 0:
+			raise ValueError("Could not clone interface context for %s" % interface)
+
 		semanage_iface_set_ifcon(iface, con)
-		semanage_iface_set_msgcon(iface, con)
-		semanage_iface_add_local(self.sh, k, iface)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add interface")
+		semanage_iface_set_msgcon(iface, con2)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_iface_modify_local(self.sh, k, iface)
+		if rc < 0:
+			raise ValueError("Failed to add interface %s" % interface)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add interface %s" % interface)
 
 	def modify(self, interface, serange, setype):
 		if serange == "" and setype == "":
-			raise ValueError("Requires, setype or serange")
+			raise ValueError("Requires setype or serange")
 
 		(rc,k) = semanage_iface_key_create(self.sh, interface)
 		if rc < 0:
-			raise ValueError("Can't creater key for %s" % interface)
-		(rc,exists) = semanage_iface_exists(self.sh, k)
-		if exists:
-			(rc,p) = semanage_iface_query(self.sh, k)
-		else:
-			raise ValueError("interface %s is not defined." % interface)
+			raise ValueError("Could not create key for %s" % interface)
 
+		(rc,exists) = semanage_iface_exists(self.sh, k)
+		if not exists:
+			raise ValueError("Interface %s is not defined" % interface)
+	
+		(rc,p) = semanage_iface_query(self.sh, k)
 		if rc < 0:
-			raise ValueError("Could not query interface for %s" % interface)
+			raise ValueError("Could not query interface %s" % interface)
 
 		con = semanage_iface_get_ifcon(p)
-		if rc < 0:
-			raise ValueError("Could not get interface context for %s" % interface)
 			
 		if serange != "":
 			semanage_context_set_mls(self.sh, con, serange)	
 		if setype != "":
 			semanage_context_set_type(self.sh, con, setype)
 
-		semanage_begin_transaction(self.sh)
-		semanage_iface_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add interface")
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_iface_modify_local(self.sh, k, p)
+		if rc < 0:
+			raise ValueError("Failed to modify interface %s" % interface)
 		
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add interface %s" % interface)
+
 	def delete(self, interface):
 		(rc,k) = semanage_iface_key_create(self.sh, interface)
 		if rc < 0:
-			raise ValueError("Can't create key for %s" % interface)
+			raise ValueError("Could not create key for %s" % interface)
+
 		(rc,exists) = semanage_iface_exists(self.sh, k)
 		if not exists:
-			raise ValueError("interface %s is not defined." % interface)
-		else:
-			(rc,exists) = semanage_iface_exists_local(self.sh, k)
-			if not exists:
-				raise ValueError("interface %s is not defined localy, can not be deleted." % interface)
-
-		semanage_begin_transaction(self.sh)
-		semanage_iface_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Interface %s not defined" % interface)
+			raise ValueError("Interface %s is not defined" % interface)
+
+		(rc,exists) = semanage_iface_exists_local(self.sh, k)
+		if not exists:
+			raise ValueError("Interface %s is defined in policy, cannot be deleted" % interface)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_iface_del_local(self.sh, k)
+		if rc < 0:
+			raise ValueError("Failed to delete interface %s" % interface)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to delete interface %s" % interface)
 		
 	def get_all(self):
 		dict={}
-		(status, self.plist, self.psize) = semanage_iface_list(self.sh)
-		if status < 0:
-			raise ValueError("Unable to list interfaces")
+		(rc, self.plist, self.psize) = semanage_iface_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list interfaces")
+
 		for idx in range(self.psize):
 			interface = semanage_iface_by_idx(self.plist, idx)
 			con = semanage_iface_get_ifcon(interface)
@@ -501,48 +652,69 @@
 
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
 		if rc < 0:
-			raise ValueError("Can't create key for %s" % target)
+			raise ValueError("Could not create key for %s" % target)
+
 		(rc,exists) = semanage_fcontext_exists(self.sh, k)
-		print (rc, exists, target)
 		if exists:
-			raise ValueError("fcontext %s already defined" % target)
+			raise ValueError("File context for %s already defined" % target)
+
 		(rc,fcontext) = semanage_fcontext_create(self.sh)
 		if rc < 0:
-			raise ValueError("Could not create fcontext for %s" % target)
+			raise ValueError("Could not create file context for %s" % target)
 		
 		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
 		(rc, con) = semanage_context_create(self.sh)
 		if rc < 0:
 			raise ValueError("Could not create context for %s" % target)
 
-		semanage_context_set_user(self.sh, con, seuser)
-		semanage_context_set_role(self.sh, con, "object_r")
-		semanage_context_set_type(self.sh, con, type)
-		semanage_context_set_mls(self.sh, con, serange)
+		rc = semanage_context_set_user(self.sh, con, seuser)
+		if rc < 0:
+			raise ValueError("Could not set user in file context for %s" % target)
+		
+		rc = semanage_context_set_role(self.sh, con, "object_r")
+		if rc < 0:
+			raise ValueError("Could not set role in file context for %s" % target)
+
+		rc = semanage_context_set_type(self.sh, con, type)
+		if rc < 0:
+			raise ValueError("Could not set type in file context for %s" % target)
+
+		rc = semanage_context_set_mls(self.sh, con, serange)
+		if rc < 0:
+			raise ValueError("Could not set mls fields in file context for %s" % target)
+
 		semanage_fcontext_set_type(fcontext, self.file_types[ftype])
-		semanage_begin_transaction(self.sh)
 		semanage_fcontext_set_con(fcontext, con)
-		semanage_fcontext_add_local(self.sh, k, fcontext)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add fcontext")
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
+		if rc < 0:
+			raise ValueError("Failed to add file context for %s" % target)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add file context for %s" % target)
 
 	def modify(self, target, setype, ftype, serange, seuser):
 		if serange == "" and setype == "" and seuser == "":
-			raise ValueError("Requires, setype, serange or seuser")
+			raise ValueError("Requires setype, serange or seuser")
 
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
 		if rc < 0:
-			raise ValueError("Can't creater key for %s" % target)
+			raise ValueError("Could not create a key for %s" % target)
+
 		(rc,exists) = semanage_fcontext_exists(self.sh, k)
-		if exists:
-			(rc,p) = semanage_fcontext_query(self.sh, k)
-		else:
-			raise ValueError("fcontext %s is not defined." % target)
+		if not exists:
+			raise ValueError("File context for %s is not defined" % target)
+		
+		(rc,p) = semanage_fcontext_query(self.sh, k)
 		if rc < 0:
-			raise ValueError("Could not query fcontext for %s" % target)
+			raise ValueError("Could not query file context for %s" % target)
+
 		con = semanage_fcontext_get_con(p)
-		if rc < 0:
-			raise ValueError("Could not get fcontext context for %s" % target)
 			
 		if serange != "":
 			semanage_context_set_mls(self.sh, con, serange)	
@@ -551,33 +723,48 @@
 		if setype != "":
 			semanage_context_set_type(self.sh, con, setype)
 
-		semanage_begin_transaction(self.sh)
-		semanage_fcontext_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add fcontext")
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_fcontext_modify_local(self.sh, k, p)
+		if rc < 0:
+			raise ValueError("Failed to modify file context for %s" % target)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to add file context for %s" % target)
 		
-	def delete(self, target):
+	def delete(self, target, ftype):
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
 		if rc < 0:
-			raise ValueError("Can't create key for %s" % target)
+			raise ValueError("Could not create a key for %s" % target)
+
 		(rc,exists) = semanage_fcontext_exists(self.sh, k)
 		if not exists:
-			raise ValueError("fcontext %s is not defined." % target)
-		else:
-			(rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-			if not exists:
-				raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
-
-		semanage_begin_transaction(self.sh)
-		semanage_fcontext_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("fcontext %s not defined" % target)
+			raise ValueError("File context for %s is not defined" % target)
+		
+		(rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+		if not exists:
+			raise ValueError("File context for %s is defined in policy, cannot be deleted" % target)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_fcontext_del_local(self.sh, k)
+		if rc < 0:
+			raise ValueError("Failed to delete file context for %s" % target)
+
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to delete file context for %s" % target)
 		
 	def get_all(self):
 		dict={}
-		(status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
-		if status < 0:
-			raise ValueError("Unable to list fcontexts")
+		(rc, self.plist, self.psize) = semanage_fcontext_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list file contexts")
 
 		for idx in range(self.psize):
 			fcontext = semanage_fcontext_by_idx(self.plist, idx)
@@ -606,117 +793,82 @@
 	def __init__(self):
 		semanageRecords.__init__(self)
 		
-	def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
-		if seuser == "":
-			seuser="system_u"
-			
-		if serange == "":
-			serange="s0"
-			
-		if type == "":
-			raise ValueError("SELinux Type is required")
+	def modify(self, name, value = ""):
+		if value == "":
+			raise ValueError("Requires value")
 
-		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
-		if rc < 0:
-			raise ValueError("Can't create key for %s" % target)
-		(rc,exists) = semanage_fcontext_exists(self.sh, k)
-		print (rc, exists, target)
-		if exists:
-			raise ValueError("fcontext %s already defined" % target)
-		(rc,fcontext) = semanage_fcontext_create(self.sh)
+		(rc,k) = semanage_bool_key_create(self.sh, name)
 		if rc < 0:
-			raise ValueError("Could not create fcontext for %s" % target)
-		
-		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
-		(rc, con) = semanage_context_create(self.sh)
-		if rc < 0:
-			raise ValueError("Could not create context for %s" % target)
-
-		semanage_context_set_user(self.sh, con, seuser)
-		semanage_context_set_role(self.sh, con, "object_r")
-		semanage_context_set_type(self.sh, con, type)
-		semanage_context_set_mls(self.sh, con, serange)
-		semanage_fcontext_set_type(fcontext, self.file_types[ftype])
-		semanage_begin_transaction(self.sh)
-		semanage_fcontext_set_con(fcontext, con)
-		semanage_fcontext_add_local(self.sh, k, fcontext)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add fcontext")
+			raise ValueError("Could not create a key for %s" % name)
 
-	def modify(self, target, setype, ftype, serange, seuser):
-		if serange == "" and setype == "" and seuser == "":
-			raise ValueError("Requires, setype, serange or seuser")
+		(rc,exists) = semanage_bool_exists(self.sh, k)
+		if not exists:
+			raise ValueError("Boolean %s is not defined" % name)	
 
-		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+		(rc,b) = semanage_bool_query(self.sh, k)
 		if rc < 0:
-			raise ValueError("Can't creater key for %s" % target)
-		(rc,exists) = semanage_fcontext_exists(self.sh, k)
-		if exists:
-			(rc,p) = semanage_fcontext_query(self.sh, k)
-		else:
-			raise ValueError("fcontext %s is not defined." % target)
+			raise ValueError("Could not query file context %s" % name)
+
+		if value != "":
+			nvalue = string.atoi(value)
+			semanage_bool_set_value(b, nvalue)
+
+		rc = semanage_begin_transaction(self.sh)
 		if rc < 0:
-			raise ValueError("Could not query fcontext for %s" % target)
-		con = semanage_fcontext_get_con(p)
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_bool_modify_local(self.sh, k, b)
 		if rc < 0:
-			raise ValueError("Could not get fcontext context for %s" % target)
-			
-		if serange != "":
-			semanage_context_set_mls(self.sh, con, serange)	
-		if seuser != "":
-			semanage_context_set_user(self.sh, con, seuser)	
-		if setype != "":
-			semanage_context_set_type(self.sh, con, setype)
+			raise ValueError("Failed to modify boolean %s" % name)
 
-		semanage_begin_transaction(self.sh)
-		semanage_fcontext_modify_local(self.sh, k, p)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("Failed to add fcontext")
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to modify boolean %s" % name)
 		
-	def delete(self, target):
-		(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+	def delete(self, name):
+		(rc,k) = semanage_bool_key_create(self.sh, name)
 		if rc < 0:
-			raise ValueError("Can't create key for %s" % target)
-		(rc,exists) = semanage_fcontext_exists(self.sh, k)
+			raise ValueError("Could not create a key for %s" % name)
+
+		(rc,exists) = semanage_bool_exists(self.sh, k)
 		if not exists:
-			raise ValueError("fcontext %s is not defined." % target)
-		else:
-			(rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-			if not exists:
-				raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
-
-		semanage_begin_transaction(self.sh)
-		semanage_fcontext_del_local(self.sh, k)
-		if semanage_commit(self.sh) < 0:
-			raise ValueError("fcontext %s not defined" % target)
+			raise ValueError("Boolean %s is not defined" % name)
+	
+		(rc,exists) = semanage_bool_exists_local(self.sh, k)
+		if not exists:
+			raise ValueError("Boolean %s is defined in policy, cannot be deleted" % name)
+
+		rc = semanage_begin_transaction(self.sh)
+		if rc < 0:
+			raise ValueError("Could not start semanage transaction")
+
+		rc = semanage_fcontext_del_local(self.sh, k)
+		if rc < 0:
+			raise ValueError("Failed to delete boolean %s" % name)
+	
+		rc = semanage_commit(self.sh)
+		if rc < 0:
+			raise ValueError("Failed to delete boolean %s" % name)
 		
 	def get_all(self):
 		dict={}
-		(status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
-		if status < 0:
-			raise ValueError("Unable to list fcontexts")
+		(rc, self.blist, self.bsize) = semanage_bool_list(self.sh)
+		if rc < 0:
+			raise ValueError("Could not list booleans")
 
-		for idx in range(self.psize):
-			fcontext = semanage_fcontext_by_idx(self.plist, idx)
-			expr=semanage_fcontext_get_expr(fcontext)
-			ftype=semanage_fcontext_get_type_str(fcontext)
-			con = semanage_fcontext_get_con(fcontext)
-			if con:
-				dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
-			else:
-				dict[expr, ftype]=con
+		for idx in range(self.bsize):
+			boolean = semanage_bool_by_idx(self.blist, idx)
+			name = semanage_bool_get_name(boolean)
+			value = semanage_bool_get_value(boolean)
+			dict[name] = value
 
 		return dict
 			
 	def list(self, heading=1):
 		if heading:
-			print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
+			print "%-50s %-18s\n" % ("SELinux boolean", "value")
 		dict=self.get_all()
 		keys=dict.keys()
 		for k in keys:
 			if dict[k]:
-				print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
-			else:
-				print "%-50s %-18s <<None>>" % (k[0], k[1])
-				
-			
+				print "%-50s %-18s " % (k[0], dict[k][0])
Binary files nsapolicycoreutils/semanage/seobject.pyc and policycoreutils-1.29.7/semanage/seobject.pyc differ