diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 6d211c5..db7867e 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -513350,7 +513350,7 @@ index 378eac2..3186c86 100644 +tmp +*.bak diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile -index 11b534f..a17eb72 100644 +index 11b534f..61324b5 100644 --- a/policycoreutils/sepolicy/Makefile +++ b/policycoreutils/sepolicy/Makefile @@ -7,11 +7,11 @@ SBINDIR ?= $(PREFIX)/sbin @@ -513368,7 +513368,7 @@ index 11b534f..a17eb72 100644 all: python-build -@@ -22,11 +22,26 @@ clean: +@@ -22,11 +22,27 @@ clean: $(PYTHON) setup.py clean -rm -rf build *~ \#* *pyc .#* @@ -513396,6 +513396,7 @@ index 11b534f..a17eb72 100644 + install -m 644 org.selinux.policy $(DESTDIR)/usr/share/polkit-1/actions/ + -mkdir -p $(DESTDIR)/usr/share/system-config-selinux + install -m 755 selinux_server.py $(DESTDIR)/usr/share/system-config-selinux ++ install -m 644 *.desktop $(DESTDIR)/usr/share/system-config-selinux diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c index 65458e6..cd1026a 100644 --- a/policycoreutils/sepolicy/info.c @@ -514178,19 +514179,37 @@ index 0748ca9..6348287 100644 .SH "SEE ALSO" -selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8) +selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8),sepolicy-gui(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8) +diff --git a/policycoreutils/sepolicy/sepolicy.desktop b/policycoreutils/sepolicy/sepolicy.desktop +new file mode 100644 +index 0000000..f9d0cec +--- /dev/null ++++ b/policycoreutils/sepolicy/sepolicy.desktop +@@ -0,0 +1,10 @@ ++[Desktop Entry] ++Name=SELinux Policy Management Tool ++Comment=Generate SELinux policy modules ++Icon=system-config-selinux ++Exec=/usr/bin/sepolicy gui ++Type=Application ++Terminal=false ++Categories=System;Security; ++X-Desktop-File-Install-Version=0.2 ++Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py -index b25d3b2..43b3666 100755 +index b25d3b2..50279e1 100755 --- a/policycoreutils/sepolicy/sepolicy.py +++ b/policycoreutils/sepolicy/sepolicy.py -@@ -22,6 +22,8 @@ +@@ -22,7 +22,9 @@ # # import os, sys +-from sepolicy import get_os_version +import selinux +import sepolicy - from sepolicy import get_os_version ++from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text import argparse import gettext + PROGNAME="policycoreutils" @@ -37,6 +39,9 @@ except IOError: import __builtin__ __builtin__.__dict__['_'] = unicode @@ -514259,7 +514278,7 @@ index b25d3b2..43b3666 100755 newval = getattr(namespace, self.dest) if not newval: newval = [] -@@ -140,102 +165,173 @@ class CheckPolicyType(argparse.Action): +@@ -140,102 +165,181 @@ class CheckPolicyType(argparse.Action): class CheckUser(argparse.Action): def __call__(self, parser, namespace, value, option_string=None): @@ -514326,13 +514345,22 @@ index b25d3b2..43b3666 100755 + import sepolicy.network + portdict = sepolicy.network.get_network_connect(src, protocol, perm) if len(portdict) > 0: - print "%s: %s %s" % (src, protocol, perm) +- print "%s: %s %s" % (src, protocol, perm) ++ bold_start="\033[1m" ++ bold_end="\033[0;0m" ++ print "\n"+bold_start+"%s: %s %s" % (src, protocol, perm) + bold_end + port_strings=[] ++ boolean_text="" for p in portdict: - for recs in portdict[p]: - print "\t" + recs + for t, recs in portdict[p]: -+ port_strings.append("%s (%s)" % (", ".join(recs), t)) ++ cond=get_conditionals(src,t,"%s_socket" % protocol, [perm]) ++ if cond: ++ boolean_text=get_conditionals_format_text(cond) ++ port_strings.append("%s (%s) %s" % (", ".join(recs), t, boolean_text)) ++ else: ++ port_strings.append("%s (%s)" % (", ".join(recs), t)) + port_strings.sort(numcmp) + for p in port_strings: + print "\t" + p @@ -514490,7 +514518,7 @@ index b25d3b2..43b3666 100755 def gen_network_args(parser): net = parser.add_parser("network", -@@ -245,15 +341,18 @@ def gen_network_args(parser): +@@ -245,15 +349,18 @@ def gen_network_args(parser): group.add_argument("-l", "--list", dest="list_ports", action="store_true", help=_("list all SELinux port types")) @@ -514512,7 +514540,7 @@ index b25d3b2..43b3666 100755 net.set_defaults(func=network) def communicate(args): -@@ -283,7 +382,6 @@ def gen_communicate_args(parser): +@@ -283,7 +390,6 @@ def gen_communicate_args(parser): comm.set_defaults(func=communicate) def booleans(args): @@ -514520,7 +514548,7 @@ index b25d3b2..43b3666 100755 from sepolicy import boolean_desc if args.all: rc, args.booleans = selinux.security_get_boolean_names() -@@ -300,6 +398,7 @@ def gen_booleans_args(parser): +@@ -300,6 +406,7 @@ def gen_booleans_args(parser): action="store_true", help=_("get all booleans descriptions")) group.add_argument("-b", "--boolean", dest="booleans", nargs="+", @@ -514528,7 +514556,7 @@ index b25d3b2..43b3666 100755 help=_("boolean to get description")) bools.set_defaults(func=booleans) -@@ -319,22 +418,49 @@ def gen_transition_args(parser): +@@ -319,22 +426,49 @@ def gen_transition_args(parser): help=_("target process domain")) trans.set_defaults(func=transition) @@ -514587,7 +514615,7 @@ index b25d3b2..43b3666 100755 if not args.command: raise ValueError(_("Command required for this type of policy")) cmd = os.path.realpath(args.command) -@@ -346,8 +472,22 @@ def generate(args): +@@ -346,8 +480,22 @@ def generate(args): mypolicy.set_program(cmd) if args.types: @@ -514610,7 +514638,7 @@ index b25d3b2..43b3666 100755 for p in args.writepaths: if os.path.isdir(p): mypolicy.add_dir(p) -@@ -355,6 +495,7 @@ def generate(args): +@@ -355,6 +503,7 @@ def generate(args): mypolicy.add_file(p) mypolicy.set_transition_users(args.user) @@ -514618,7 +514646,7 @@ index b25d3b2..43b3666 100755 mypolicy.set_admin_domains(args.admin_domain) mypolicy.set_existing_domains(args.domain) -@@ -366,20 +507,34 @@ def generate(args): +@@ -366,20 +515,34 @@ def generate(args): def gen_interface_args(parser): itf = parser.add_parser("interface", help=_('List SELinux Policy interfaces')) @@ -514656,7 +514684,7 @@ index b25d3b2..43b3666 100755 help=_('Generate SELinux Policy module template')) pol.add_argument("-d", "--domain", dest="domain", default=[], action=CheckDomain, nargs="*", -@@ -387,9 +542,12 @@ def gen_generate_args(parser): +@@ -387,9 +550,12 @@ def gen_generate_args(parser): pol.add_argument("-u", "--user", dest="user", default=[], action=CheckUser, help=_("Enter SELinux user(s) which will transition to this domain")) @@ -514670,7 +514698,7 @@ index b25d3b2..43b3666 100755 pol.add_argument("-n", "--name", dest="name", default=None, help=_("name of policy to generate")) -@@ -397,53 +555,57 @@ def gen_generate_args(parser): +@@ -397,53 +563,57 @@ def gen_generate_args(parser): help=argparse.SUPPRESS) pol.add_argument("-t", "--type", dest="types", default=[], nargs="*", action=CheckType, @@ -514754,7 +514782,7 @@ index b25d3b2..43b3666 100755 pol.set_defaults(func=generate) if __name__ == '__main__': -@@ -455,17 +617,25 @@ if __name__ == '__main__': +@@ -455,17 +625,25 @@ if __name__ == '__main__': gen_booleans_args(subparsers) gen_communicate_args(subparsers) gen_generate_args(subparsers) @@ -514782,7 +514810,7 @@ index b25d3b2..43b3666 100755 sys.exit(0) + diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 5e7415c..79cd732 100644 +index 5e7415c..0fe8226 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -1,12 +1,15 @@ @@ -514802,7 +514830,7 @@ index 5e7415c..79cd732 100644 gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: -@@ -37,16 +40,308 @@ CLASS = 'class' +@@ -37,16 +40,362 @@ CLASS = 'class' TRANSITION = 'transition' ROLE_ALLOW = 'role_allow' @@ -514828,6 +514856,33 @@ index 5e7415c..79cd732 100644 + dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list) + return dict_list + ++def get_conditionals(src,dest,tclass,perm): ++ tdict = {} ++ tlist = [] ++ if dest.endswith("_t"): ++ allows=search([ALLOW],{SOURCE:src,TARGET:dest,CLASS:tclass,PERMS:perm}) ++ else: ++ # to include attribute ++ allows=search([ALLOW],{SOURCE:src,CLASS:tclass,PERMS:perm}) ++ for i in allows: ++ if i['target'] == dest: ++ allows=[] ++ allows.append(i) ++ try: ++ for i in map(lambda y: (y), filter(lambda x: set(perm).issubset(x[PERMS]) and x['boolean'], allows)): ++ tdict.update({'source':i['source'],'boolean':i['boolean']}) ++ if tdict not in tlist: ++ tlist.append(tdict) ++ tdict={} ++ except KeyError: ++ return(tlist) ++ ++ return (tlist) ++ ++def get_conditionals_format_text(cond): ++ enabled = len(filter(lambda x: x['boolean'][0][1], cond)) > 0 ++ return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]), cond)))) ++ +def get_types_from_attribute(attribute): + return info(ATTRIBUTE,attribute)[0]["types"] + @@ -514949,6 +515004,33 @@ index 5e7415c..79cd732 100644 + pass + return None + ++def read_file_equiv(edict, fc_path): ++ fd = open(fc_path, "r") ++ fc = fd.readlines() ++ fd.close() ++ for e in fc: ++ f = e.split() ++ edict[f[0]] = f[1] ++ return edict ++ ++file_equiv_modified=None ++def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()): ++ global file_equiv_modified ++ if file_equiv_modified: ++ return file_equiv_modified ++ file_equiv_modified = {} ++ file_equiv_modified = read_file_equiv(file_equiv_modified, fc_path + ".subs") ++ return file_equiv_modified ++ ++file_equiv=None ++def get_file_equiv(fc_path = selinux.selinux_file_context_path()): ++ global file_equiv ++ if file_equiv: ++ return file_equiv ++ file_equiv = get_file_equiv_modified(fc_path) ++ file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist") ++ return file_equiv ++ +fcdict=None +def get_fcdict(fc_path = selinux.selinux_file_context_path()): + global fcdict @@ -515114,7 +515196,7 @@ index 5e7415c..79cd732 100644 all_types = None def get_all_types(): global all_types -@@ -54,23 +349,31 @@ def get_all_types(): +@@ -54,23 +403,31 @@ def get_all_types(): all_types = map(lambda x: x['name'], info(TYPE)) return all_types @@ -515159,7 +515241,7 @@ index 5e7415c..79cd732 100644 all_domains = [] types=get_all_types() types.sort() -@@ -81,138 +384,364 @@ def get_all_entrypoint_domains(): +@@ -81,138 +438,366 @@ def get_all_entrypoint_domains(): all_domains.append(m[0]) return all_domains @@ -515236,6 +515318,8 @@ index 5e7415c..79cd732 100644 + global selinux_user_list + if not selinux_user_list: + selinux_user_list = info(USER) ++ for x in selinux_user_list: ++ x['range']="".join(x['range'].split(" ")) + return selinux_user_list + +login_mappings = None @@ -515608,7 +515692,7 @@ index 5e7415c..79cd732 100644 def boolean_category(boolean): booleans_dict = gen_bool_dict() -@@ -233,18 +762,56 @@ def get_os_version(): +@@ -233,18 +818,56 @@ def get_os_version(): os_version = "" pkg_name = "selinux-policy" try: @@ -515965,10 +516049,10 @@ index 26f8390..ba959ae 100644 return out diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py new file mode 100644 -index 0000000..c6d4588 +index 0000000..b772c7b --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/gui.py -@@ -0,0 +1,2932 @@ +@@ -0,0 +1,2990 @@ +#!/usr/bin/python -Es +# +# Copyright (C) 2013 Red Hat @@ -516044,9 +516128,10 @@ index 0000000..c6d4588 +TRANSITIONS_PAGE=3 +LOGIN_PAGE=4 +USER_PAGE=5 -+SYSTEM_PAGE=7 +LOCKDOWN_PAGE=6 -+START_PAGE=8 ++SYSTEM_PAGE=7 ++FILE_EQUIV_PAGE=8 ++START_PAGE=9 + +DISABLED_TEXT = _(""" +To change from Disabled to Enforcing mode @@ -516124,11 +516209,12 @@ index 0000000..c6d4588 + # Login Items ************************************** + self.login_label = builder.get_object("Login_label") + self.login_seuser_combobox = builder.get_object("login_seuser_combobox") -+ self.login_seuser_liststore = builder.get_object("login_seuser_liststore") ++ self.login_seuser_combolist = builder.get_object("login_seuser_liststore") + self.login_name_entry = builder.get_object("login_name_entry") + self.login_mls_label = builder.get_object("login_mls_label") + self.login_mls_entry = builder.get_object("login_mls_entry") + self.login_radio_button = builder.get_object("Login_button") ++ self.login_treeview = builder.get_object("login_treeview") + self.login_liststore = builder.get_object("login_liststore") + self.login_popup_window = builder.get_object("popup_window_login") + @@ -516136,6 +516222,7 @@ index 0000000..c6d4588 + self.user_popup_window = builder.get_object("popup_window_user") + self.user_radio_button = builder.get_object("User_button") + self.user_liststore = builder.get_object("user_liststore") ++ self.user_treeview = builder.get_object("user_treeview") + self.user_roles_liststore = builder.get_object("user_roles_liststore") + self.user_label = builder.get_object("User_label") + self.user_name_entry = builder.get_object("user_name_entry") @@ -516143,6 +516230,9 @@ index 0000000..c6d4588 + self.user_mls_entry = builder.get_object("user_mls_entry") + self.selinux_user_combobox = builder.get_object("selinux_user_combobox") + ++ self.file_equiv_radio_button = builder.get_object("file_equiv_button") ++ self.file_equiv_treeview = builder.get_object("file_equiv_treeview") ++ self.file_equiv_liststore = builder.get_object("file_equiv_liststore") + # System Items ************************************** + self.app_system_button = builder.get_object("app_system_button") + self.system_radio_button = builder.get_object("System_button") @@ -516490,6 +516580,7 @@ index 0000000..c6d4588 + "on_column_clicked" : self.column_clicked, + "on_tab_switch" : self.clear_filters, + ++ "on_file_equiv_button_clicked" : self.show_file_equiv_page, + "on_app/system_button_clicked" : self.system_interface, + "on_app/users_button_clicked" : self.users_interface, + "on_main_advanced_label_button_press_event": self.advanced_label_main, @@ -516499,8 +516590,9 @@ index 0000000..c6d4588 + "on_cancel_delete_network_clicked" : self.close_network_popup, + "on_cancel_user_clicked" : self.user_close_popup, + "on_cancel_login_clicked" : self.login_close_popup, -+ "on_user_treeview_row_activated" : self.user_row_activated, -+ "on_login_treeview_row_activated" : self.login_row_activated, ++ "on_treeview_cursor_changed" : self.cursor_changed, ++ "on_login_seuser_combobox_changed" : self.login_seuser_combobox_change, ++ + "on_login_advanced_button_press_event" : self.login_advanced_button, + "on_user_advanced_button_press_event" : self.user_advanced_button, + "on_cancel_network_clicked" : self.close_add_network_popup, @@ -516560,12 +516652,14 @@ index 0000000..c6d4588 + self.applications_selection_button.set_label(self.application) + self.show_applications_page() + else: -+ self.clearbuttons() ++ self.clearbuttons() + self.outer_notebook.set_current_page(START_PAGE) + ++ self.add_modify_delete_box.hide() ++ self.filter_box.hide() + self.finish_init = True + Gtk.main() -+ ++ + def selinux_status(self): + try: + self.status = selinux.security_getenforce() @@ -516715,11 +516809,17 @@ index 0000000..c6d4588 + self.help_window.set_title(_("Help: Systems Page")) + self.help_list = [ "system"] + return self.help_show_page() ++ + if opage == LOCKDOWN_PAGE: + self.help_window.set_title(_("Help: Lockdown Page")) + self.help_list = [ "lockdown"] + return self.help_show_page() + ++ if opage == FILE_EQUIV_PAGE: ++ self.help_window.set_title(_("Help: File Equivalence Page")) ++ self.help_list = [ "file_equiv"] ++ return self.help_show_page() ++ + def open_combo_menu(self, *args): + if self.popup == 0: + self.popup = 1 @@ -516806,7 +516906,16 @@ index 0000000..c6d4588 + except KeyError: + pass + -+ ++ ++ def file_equiv_initialize(self): ++ self.wait_mouse() ++ edict = sepolicy.get_file_equiv() ++ for f in edict: ++ iter = self.file_equiv_liststore.append() ++ self.file_equiv_liststore.set_value(iter, 0, f) ++ self.file_equiv_liststore.set_value(iter, 0, edict[f]) ++ self.ready_mouse() ++ + def user_initialize(self): + self.wait_mouse() + for u in sepolicy.get_selinux_users(): @@ -516815,11 +516924,14 @@ index 0000000..c6d4588 + roles = u["roles"] + roles.remove("object_r") + self.user_liststore.set_value(iter, 1, ", ".join(roles)) ++ self.user_liststore.set_value(iter, 2, u["level"]) ++ self.user_liststore.set_value(iter, 3, u["range"]) + + for u in sepolicy.get_login_mappings(): + iter = self.login_liststore.append() + self.login_liststore.set_value(iter, 0, u["name"]) + self.login_liststore.set_value(iter, 1, u["seuser"]) ++ self.login_liststore.set_value(iter, 2, u["mls"]) + self.ready_mouse() + + def network_initialize(self, app): @@ -516832,7 +516944,7 @@ index 0000000..c6d4588 + self.net_update(app, netd, "udp", INBOUND) + + def network_initial_data_insert(self, bound, ports, portType, protocol): -+ if bound == OUTBOUND: ++ if bound == OUTBOUND: + model = self.out_network_tree_data_set + else: + model = self.in_network_tree_data_set @@ -516842,6 +516954,24 @@ index 0000000..c6d4588 + model.set_value(iter, 1, protocol) + model.set_value(iter, 2, portType) + ++ def combo_set_active_text(self, combobox, val): ++ ctr = 0 ++ liststore = combobox.get_model() ++ for i in liststore: ++ if i[0] == val: ++ combobox.set_active(ctr) ++ return ++ ctr += 1 ++ ++ niter = liststore.get_iter(ctr-1) ++ if liststore.get_value(niter, 0) == _("More..."): ++ iter = liststore.insert_before(niter) ++ ctr = ctr - 1 ++ else: ++ iter = liststore.append() ++ liststore.set_value(iter, 0, val) ++ combobox.set_active(ctr) ++ + def combo_get_active_text(self, combobox): + liststore = combobox.get_model() + index = combobox.get_active() @@ -516857,12 +516987,11 @@ index 0000000..c6d4588 + + def select_type_more(self, *args): + app = self.moreTypes_treeview.get_selection() -+ iter = app.get_selected() -+ if iter[1] == None: ++ iter = app.get_selected()[1] ++ if iter == None: + return -+ app = self.more_types_files_liststore.get_value(iter[1], 0) -+ self.check_if_type_is_in_combo(self.files_type_combolist, app) -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, app)) ++ app = self.more_types_files_liststore.get_value(iter, 0) ++ self.combo_set_active_text(self.files_type_combobox, app) + self.closewindow(self.moreTypes_window_files) + + def advanced_item_button_push(self, *args): @@ -517093,7 +517222,7 @@ index 0000000..c6d4588 + continue + except KeyError: + pass -+ self.application_file_types_initial_data_insert(path, desc, file_class) ++ self.application_file_types_initial_data_insert(path, desc, file_class) + try: + for action, key in (("Add", "old"), ("Modify", "changed")): + for path, file_class in self.filedict[application, 2, action]: @@ -517122,13 +517251,13 @@ index 0000000..c6d4588 + desc = sepolicy.boolean_desc(b) + self.boolean_initial_data_insert(b, desc , active) + -+ def boolean_initial_data_insert(self, val, desc, active): ++ def boolean_initial_data_insert(self, val, desc, active): + # Insert data from data source into tree + iter = self.boolean_tree_data_set.append() + self.boolean_tree_data_set.set_value(iter, 0, active) -+ self.boolean_tree_data_set.set_value(iter, 1, desc) ++ self.boolean_tree_data_set.set_value(iter, 1, desc) + self.boolean_tree_data_set.set_value(iter, 2, val) -+ self.boolean_tree_data_set.set_value(iter, 3, 'More...') ++ self.boolean_tree_data_set.set_value(iter, 3, _('More...')) + + def transitions_into_x_initialize(self, application): + for x in sepolicy.get_transitions_into(application): @@ -517179,7 +517308,7 @@ index 0000000..c6d4588 + else: + niter = self.transitions_from_x_treestore.append(iter) + # active[0][1] is either T or F (enabled is all the way at the top) -+ self.transitions_from_x_treestore.set_value(iter, 0, enabled[active[0][1]]) ++ self.transitions_from_x_treestore.set_value(iter, 0, enabled[active[0][1]]) + markup = '%s' + if active[0][1]: + self.transitions_from_x_treestore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section.")))) @@ -517187,7 +517316,7 @@ index 0000000..c6d4588 + self.transitions_from_x_treestore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section.")))) + + # active[0][0] is the Bool Name -+ self.transitions_from_x_treestore.set_value(niter, 1, active[0][0]) ++ self.transitions_from_x_treestore.set_value(niter, 1, active[0][0]) + self.transitions_from_x_treestore.set_value(niter, 5, True) + + self.transitions_from_x_treestore.set_value(iter, 2, executable) @@ -517217,10 +517346,12 @@ index 0000000..c6d4588 + if self.booleans_radio_button.get_active(): + self.outer_notebook.set_current_page(BOOLEANS_PAGE) + self.fuzzin_modify(self.boolean_treeview) ++ self.filter_box.show() + + if self.files_radio_button.get_active(): + self.add_modify_delete_box.show() + self.outer_notebook.set_current_page(FILES_PAGE) ++ self.filter_box.show() + ipage = self.inner_notebook_files.get_current_page() + if ipage == 0: + self.fuzzin_modify(self.executable_files_treeview) @@ -517231,6 +517362,7 @@ index 0000000..c6d4588 + + if self.network_radio_button.get_active(): + self.add_modify_delete_box.show() ++ self.filter_box.show() + self.outer_notebook.set_current_page(NETWORK_PAGE) + ipage = self.inner_notebook_network.get_current_page() + if ipage == 0: @@ -517240,20 +517372,31 @@ index 0000000..c6d4588 + + if self.transitions_radio_button.get_active(): + self.outer_notebook.set_current_page(TRANSITIONS_PAGE) ++ self.filter_box.show() + + if self.system_radio_button.get_active(): + self.outer_notebook.set_current_page(SYSTEM_PAGE) ++ self.filter_box.hide() + + if self.lockdown_radio_button.get_active(): + self.outer_notebook.set_current_page(LOCKDOWN_PAGE) ++ self.filter_box.hide() + + if self.user_radio_button.get_active(): + self.outer_notebook.set_current_page(USER_PAGE) + self.add_modify_delete_box.show() ++ self.fuzzin_modify(self.user_treeview) ++ self.filter_box.show() + + if self.login_radio_button.get_active(): + self.outer_notebook.set_current_page(LOGIN_PAGE) + self.add_modify_delete_box.show() ++ self.fuzzin_modify(self.login_treeview) ++ self.filter_box.show() ++ ++ if self.file_equiv_radio_button.get_active(): ++ self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) ++ self.filter_box.show() + + def return_to_booleans_clicked(self, model, path): + self.booleans_radio_button.clicked() @@ -517311,12 +517454,6 @@ index 0000000..c6d4588 + self.user_init_dialog(args) + self.clear_entry = True + -+ def error_check_iter(self, iter): -+ if iter == None: -+ self.modify_button.set_sensitive(False) -+ return True -+ return False -+ + def modify_button_clicked(self, *args): + opage = self.outer_notebook.get_current_page() + if opage == NETWORK_PAGE: @@ -517335,49 +517472,49 @@ index 0000000..c6d4588 + self.filedict[(self.application, ipage, operation)] = {} + if ipage == self.EXE_PAGE: + row = self.executable_files_treeview.get_selection() -+ # iter[0] is tree model iter[1] is the iter -+ iter = row.get_selected() -+ if self.error_check_iter(iter[1]): ++ iter = row.get_selected()[1] ++ if not iter: ++ self.modify_button.set_sensitive(False) + return -+ iter = self.executable_files_treemodel_sort.convert_iter_to_child_iter(iter[1]) ++ iter = self.executable_files_treemodel_sort.convert_iter_to_child_iter(iter) + iter = self.exe_files_filter_data_set.convert_iter_to_child_iter(iter) + self.delete_old_item = iter + path = self.executable_files_treestore.get_value(iter, 0) + self.files_path_entry.set_text(path) -+ type = self.executable_files_treestore.get_value(iter, 2) ++ ftype = self.executable_files_treestore.get_value(iter, 1) + if type != None: -+ self.files_class_combobox.set_active(self.map_selected_items_into_combobox(self.files_class_combolist, type)) -+ tclass = self.executable_files_treestore.get_value(iter, 1) ++ self.combo_set_active_text(self.files_type_combobox, ftype) ++ tclass = self.executable_files_treestore.get_value(iter, 2) + if tclass != None: -+ self.check_if_type_is_in_combo(self.files_type_combolist, tclass) -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, tclass)) ++ self.combo_set_active_text(self.files_class_combobox, tclass) + + if ipage == self.WRITABLE_PAGE: + row = self.writable_files_treeview.get_selection() -+ # iter[0] is tree model iter[1] is the iter -+ iter = row.get_selected() -+ if self.error_check_iter(iter[1]): ++ iter = row.get_selected()[1] ++ if not iter: ++ self.modify_button.set_sensitive(False) ++ + return -+ iter = self.writable_files_treemodel_sort.convert_iter_to_child_iter(iter[1]) ++ iter = self.writable_files_treemodel_sort.convert_iter_to_child_iter(iter) + iter = self.writable_files_filter_data_set.convert_iter_to_child_iter(iter) + self.delete_old_item = iter + path = self.writable_files_treestore.get_value(iter, 0) + self.files_path_entry.set_text(path) -+ type = self.writable_files_treestore.get_value(iter, 2) ++ type = self.writable_files_treestore.get_value(iter, 1) + if type != None: -+ self.files_class_combobox.set_active(self.map_selected_items_into_combobox(self.files_class_combolist, type)) -+ tclass = self.writable_files_treestore.get_value(iter, 1) ++ self.combo_set_active_text(self.files_type_combobox, type) ++ tclass = self.writable_files_treestore.get_value(iter, 2) + if tclass != None: -+ self.check_if_type_is_in_combo(self.files_type_combolist, tclass) -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, tclass)) ++ self.combo_set_active_text(self.files_class_combobox, tclass) + + if ipage == self.APP_PAGE: + row = self.application_files_treeview.get_selection() + # iter[0] is tree model iter[1] is the iter -+ iter = row.get_selected() -+ if self.error_check_iter(iter[1]): ++ iter = row.get_selected()[1] ++ if not iter: ++ self.modify_button.set_sensitive(False) + return -+ iter = self.application_files_treemodel_sort.convert_iter_to_child_iter(iter[1]) ++ iter = self.application_files_treemodel_sort.convert_iter_to_child_iter(iter) + iter = self.application_files_filter_data_set.convert_iter_to_child_iter(iter) + self.delete_old_item = iter + path = self.application_files_treestore.get_value(iter, 0) @@ -517389,40 +517526,35 @@ index 0000000..c6d4588 + pass + type = self.application_files_treestore.get_value(iter, 2) + if type != None: -+ self.files_class_combobox.set_active(self.map_selected_items_into_combobox(self.files_class_combolist, type)) ++ self.combo_set_active_text(self.files_type_combobox, type) + tclass = get_type[0] + if tclass != None: -+ self.check_if_type_is_in_combo(self.files_type_combolist, tclass) -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, tclass)) ++ self.combo_set_active_text(self.files_class_combobox, tclass) ++ + self.filedict[(self.application, ipage, operation)][(path, type)] = {"type": tclass, "mls": mls, "changed": True, "old": False} ++ + if opage == USER_PAGE: + row = self.user_treeview.get_selection() -+ print row -+ ++ iter = row.get_selected()[1] ++ self.user_init_dialog(args) ++ self.user_liststore.get_value(iter,0), self.user_liststore.get_value(iter,1) ++ self.user_name_entry.set_text(self.user_liststore.get_value(iter,0)) ++ self.user_mls_entry.set_text(self.user_liststore.get_value(iter,3)) ++ self.user_popup_window.show() ++ + if opage == LOGIN_PAGE: ++ self.login_init_dialog(args) + row = self.login_treeview.get_selection() -+ print row -+ -+ -+ def check_if_type_is_in_combo(self, combolist, ftype): -+ match = False -+ ctr = 0 -+ for i in combolist: -+ if ftype == i[0]: -+ match = True -+ ctr += 1 -+ if not match: -+ #'More...' is last item in the list = (ctr-1) -+ niter = combolist.get_iter(ctr-1) -+ iter = combolist.insert_before(niter) -+ combolist.set_value(iter, 0, ftype) -+ #return True ++ iter = row.get_selected()[1] ++ self.login_popup_window.show() ++ self.login_name_entry.set_text(self.login_liststore.get_value(iter,0)) ++ self.login_mls_entry.set_text(self.login_liststore.get_value(iter,2)) ++ self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter,1)) + + def populate_type_combo(self, tree, loc, *args): + iter = self.more_types_files_liststore.get_iter(loc) + ftype = self.more_types_files_liststore.get_value(iter, 0) -+ self.check_if_type_is_in_combo(self.files_type_combolist, ftype) -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, ftype)) ++ self.combo_set_active_text(self.files_type_combobox, ftype) + self.popup_window_files.show() + self.moreTypes_window_files.hide() + @@ -517493,7 +517625,7 @@ index 0000000..c6d4588 + self.files_type_combobox.set_active(0) + self.files_mls_combobox.set_active(0) + iter = self.files_type_combolist.append() -+ self.files_type_combolist.set_value(iter, 0, 'More...') ++ self.files_type_combolist.set_value(iter, 0, _('More...')) + + def modify_button_network_clicked(self, *args): + if self.application != None: @@ -517509,18 +517641,18 @@ index 0000000..c6d4588 + self.portdict[(self.application, ipage, operation)] = {} + if ipage == OUTBOUND: + row = self.out_network_treeview.get_selection() -+ # iter[0] is tree model iter[1] is the iter -+ iter = row.get_selected() -+ if self.error_check_iter(iter[1]): ++ iter = row.get_selected()[1] ++ if not iter: ++ self.modify_button.set_sensitive(False) + return -+ iter = self.out_network_treemodel_sort.convert_iter_to_child_iter(iter[1]) ++ iter = self.out_network_treemodel_sort.convert_iter_to_child_iter(iter) + iter = self.out_network_filter_data_set.convert_iter_to_child_iter(iter) + self.delete_old_item = iter + port = self.out_network_tree_data_set.get_value(iter, 0) + self.network_ports_entry.set_text(port) + type = self.out_network_tree_data_set.get_value(iter, 2) + if type != None: -+ self.network_port_type_combobox.set_active(self.map_selected_items_into_combobox(self.network_port_type_combolist, type)) ++ self.combo_set_active_text(self.network_port_type_combobox, type) + protocol = self.out_network_tree_data_set.get_value(iter, 1) + if protocol == "tcp": + self.network_tcp_button.set_active(True) @@ -517529,8 +517661,9 @@ index 0000000..c6d4588 + + elif ipage == INBOUND: + row = self.in_network_treeview.get_selection() -+ model, iter = row.get_selected() -+ if self.error_check_iter(iter): ++ iter = row.get_selected()[1] ++ if not iter: ++ self.modify_button.set_sensitive(False) + return + iter = self.in_network_treemodel_sort.convert_iter_to_child_iter(iter) + iter = self.in_network_filter_data_set.convert_iter_to_child_iter(iter) @@ -517539,24 +517672,16 @@ index 0000000..c6d4588 + self.network_ports_entry.set_text(port) + type = self.in_network_tree_data_set.get_value(iter, 2) + if type != None: -+ self.network_port_type_combobox.set_active(self.map_selected_items_into_combobox(self.network_port_type_combolist, type)) ++ self.combo_set_active_text(self.network_port_type_combobox, type) + protocol = self.in_network_tree_data_set.get_value(iter, 1) + if protocol == "tcp": + self.network_tcp_button.set_active(True) -+ #self.network_protocol_combobox.set_active(self.map_selected_items_into_combobox(self.network_protocol_combolist, protocol)) ++ + elif protocol == "udp": + self.network_udp_button.set_active(True) + + self.portdict[(self.application, ipage, operation)][(port, protocol)] = {"type": type, "mls": mls, "changed": True, "old": False} + -+ def map_selected_items_into_combobox(self, combolist, match): -+ ctr = 0 -+ for items in combolist: -+ if match.startswith(items[0]): -+ break -+ ctr += 1 -+ return ctr -+ + def init_network_dialog(self, *args): + self.popup_window_network.show() + self.window.set_sensitive(False) @@ -517613,6 +517738,13 @@ index 0000000..c6d4588 + self.login_popup_window.hide() + self.window.set_sensitive(True) + ++ def login_seuser_combobox_change(self, combo, *args): ++ seuser = self.combo_get_active_text(combo) ++ if self.login_mls_entry.get_text() == "": ++ for u in sepolicy.get_selinux_users(): ++ if seuser == u['name']: ++ self.login_mls_entry.set_text(u['range']) ++ + def login_advanced_button(self, label, *args): + advanced = (label.get_text() == ADVANCED_LABEL[0]) + self.login_mls_label.set_visible(advanced) @@ -517622,31 +517754,34 @@ index 0000000..c6d4588 + else: + label.set_text(ADVANCED_LABEL[0]) + -+ def login_row_activated(self, treeview, path, *args): ++ def cursor_changed(self, treeview, *args): ++ row = treeview.get_selection() ++ if row == None: ++ self.modify_button.set_sensitive(False) ++ return ++ iter = row.get_selected()[1] ++ self.modify_button.set_sensitive(iter == None) ++ ++ def row_activated(self, treeview, *args): + self.modify_button.set_sensitive(True) -+ print treeview, path, args + + def login_init_dialog(self, *args): + self.login_popup_window.show() -+ self.login_seuser_liststore.clear() ++ self.login_seuser_combolist.clear() + users = sepolicy.get_all_users() + users.sort() -+ for u in users: -+ iter = self.login_seuser_liststore.append() -+ self.login_seuser_liststore.set_value(iter, 0, str(u)) ++ for u in users: ++ iter = self.login_seuser_combolist.append() ++ self.login_seuser_combolist.set_value(iter, 0, str(u)) + self.login_name_entry.set_text("") + self.login_mls_entry.set_text("") + -+ def user_row_activated(self, treeview, path, *args): -+ self.modify_button.set_sensitive(True) -+ print treeview, path, args -+ + def user_init_dialog(self, *args): + self.user_popup_window.show() + self.user_liststore.clear() + roles = sepolicy.get_all_roles() + roles.sort() -+ for r in roles: ++ for r in roles: + iter = self.user_roles_liststore.append() + self.user_roles_liststore.set_value(iter, 0, str(r)) + self.user_name_entry.set_text("") @@ -517660,7 +517795,7 @@ index 0000000..c6d4588 + self.files_show_modified(checkbutton) + if opage == NETWORK_PAGE: + self.network_show_modified(checkbutton) -+ ++ + def bools_show_modified(self, checkbutton): + append_list = [] + if checkbutton.get_active() == True: @@ -517674,7 +517809,7 @@ index 0000000..c6d4588 + self.boolean_tree_data_set.set_value(iter, 0, self.booldict[i]['active']) + self.boolean_tree_data_set.set_value(iter, 1, sepolicy.boolean_desc(i)) + self.boolean_tree_data_set.set_value(iter, 2, i) -+ self.boolean_tree_data_set.set_value(iter, 3, 'More...') ++ self.boolean_tree_data_set.set_value(iter, 3, _('More...')) + elif self.application != None: + self.boolean_tree_data_set.clear() + self.bool_initialize(self.application) @@ -517919,7 +518054,7 @@ index 0000000..c6d4588 + return False + + def show_more_types(self, *args): -+ if self.combo_get_active_text(self.files_type_combobox) == 'More...': ++ if self.combo_get_active_text(self.files_type_combobox) == _('More...'): + self.popup_window_files.hide() + self.moreTypes_window_files.show() + @@ -518128,7 +518263,7 @@ index 0000000..c6d4588 + def get_filter_data(self, windows, *args): + #search for desired item + # The txt that the user inputs into the filter is stored in filter_txt -+ self.filter_txt = windows.get_text() ++ self.filter_txt = windows.get_text() + opage = self.outer_notebook.get_current_page() + if opage == BOOLEANS_PAGE: + self.booleans_filter_data_set.refilter() @@ -518270,16 +518405,24 @@ index 0000000..c6d4588 + self.clearbuttons() + self.system_radio_button.set_visible(True) + self.lockdown_radio_button.set_visible(True) -+ self.applications_selection_button.set_label("System") ++ self.applications_selection_button.set_label(_("System")) + self.system_radio_button.set_active(True) + self.tab_change() + self.idle_func() + ++ def show_file_equiv_page(self, *args): ++ self.clearbuttons() ++ self.file_equiv_initialize() ++ self.file_equiv_radio_button.set_active(True) ++ self.applications_selection_button.set_label(_("File Equivalence")) ++ self.tab_change() ++ self.idle_func() ++ + def show_users_page(self): + self.clearbuttons() + self.login_radio_button.set_visible(True) + self.user_radio_button.set_visible(True) -+ self.applications_selection_button.set_label("Users") ++ self.applications_selection_button.set_label(_("Users")) + self.login_radio_button.set_active(True) + self.tab_change() + self.user_initialize() @@ -518534,7 +518677,7 @@ index 0000000..c6d4588 + + entrypoints = sepolicy.get_entrypoints(domain) + # From entry_point = 0 to the number of keys in the dic -+ for exe in entrypoints: ++ for exe in entrypoints: + if len(entrypoints[exe]): + file_class = entrypoints[exe][1] + for path in entrypoints[exe][0]: @@ -518605,11 +518748,10 @@ index 0000000..c6d4588 + def fuzzin_modify(self, tree, *args): + row = tree.get_selection() + if row == None: -+ self.modify_button.set_sensitive(True) -+ model, iter = row.get_selected() -+ # Returns True if there is an error -+ if not self.error_check_iter(iter): -+ self.modify_button.set_sensitive(True) ++ self.modify_button.set_sensitive(False) ++ return ++ iter = row.get_selected()[1] ++ self.modify_button.set_sensitive(iter != None) + + def highlight_entry_text(self, entry_obj, *args): + txt = entry_obj.get_text() @@ -518627,7 +518769,7 @@ index 0000000..c6d4588 + if text.startswith(d): + for t in self.files_type_combolist: + if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): -+ self.files_type_combobox.set_active(self.map_selected_items_into_combobox(self.files_type_combolist, t[0])) ++ self.combo_set_active_text(self.files_type_combobox, t[0]) + + def resize_columns(self, *args): + self.booleans_column_1 = self.boolean_treeview.get_col(1) @@ -518769,7 +518911,7 @@ index 0000000..c6d4588 + self.window.set_sensitive(True) + if self.moreTypes_window_files == window: + self.popup_window_files.show() -+ if self.combo_get_active_text(self.files_type_combobox) =='More...': ++ if self.combo_get_active_text(self.files_type_combobox) == _('More...'): + self.files_type_combobox.set_active(0) + if self.error_check_window == window: + self.window.set_sensitive(False) @@ -518901,6 +519043,9 @@ index 0000000..c6d4588 + +if __name__ == '__main__': + start = SELinuxGui() +diff --git a/policycoreutils/sepolicy/sepolicy/help/__init__.py b/policycoreutils/sepolicy/sepolicy/help/__init__.py +new file mode 100644 +index 0000000..e69de29 diff --git a/policycoreutils/sepolicy/sepolicy/help/booleans.png b/policycoreutils/sepolicy/sepolicy/help/booleans.png new file mode 100644 index 0000000..a7b4206 @@ -519755,10 +519900,10 @@ index 25062da..049b66a 100755 def _home_exec(self): permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']}) diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py -index 66efe26..970f4c8 100755 +index 66efe26..6a7dab7 100755 --- a/policycoreutils/sepolicy/sepolicy/network.py +++ b/policycoreutils/sepolicy/sepolicy/network.py -@@ -25,27 +25,6 @@ import sepolicy +@@ -25,47 +25,22 @@ import sepolicy search=sepolicy.search info=sepolicy.info @@ -519786,7 +519931,12 @@ index 66efe26..970f4c8 100755 def get_types(src, tclass, perm): allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm}) nlist=[] -@@ -57,11 +36,12 @@ def get_types(src, tclass, perm): + if allows: +- for i in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]) and x['enabled'], allows)): ++ for i in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)): + if i not in nlist: + nlist.append(i) + return nlist def get_network_connect(src, protocol, perm): @@ -519794,18 +519944,23 @@ index 66efe26..970f4c8 100755 d={} tlist = get_types(src, "%s_socket" % protocol, [perm]) if len(tlist) > 0: - if "port_type" in tlist: +- if "port_type" in tlist: - d[(src,protocol,perm)] = ["all ports"] -+ d[(src,protocol,perm)] = [("port_type", ["all ports"])] - return d - +- return d +- d[(src,protocol,perm)] = [] -@@ -77,16 +57,16 @@ def get_network_connect(src, protocol, perm): +- + for i in tlist: + if i == "ephemeral_port_type": + if "unreserved_port_type" in tlist: +@@ -77,16 +52,18 @@ def get_network_connect(src, protocol, perm): if "port_t" in tlist: continue if i == "port_t": - d[(src,protocol,perm)].append("all ports with out defined types") + d[(src,protocol,perm)].append((i, ["all ports with out defined types"])) ++ if i == "port_type": ++ d[(src,protocol,perm)].append((i, ["all ports"])) elif i == "unreserved_port_type": - d[(src,protocol,perm)].append("%s: all ports > 1024" % i) + d[(src,protocol,perm)].append((i, ["all ports > 1024"])) @@ -519885,12 +520040,12 @@ index 0000000..7ad2af7 + print e diff --git a/policycoreutils/sepolicy/sepolicy/sepolicy.glade b/policycoreutils/sepolicy/sepolicy/sepolicy.glade new file mode 100644 -index 0000000..526ad31 +index 0000000..440c30e --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/sepolicy.glade -@@ -0,0 +1,4807 @@ +@@ -0,0 +1,4935 @@ + -+ ++ + + + @@ -520052,6 +520207,23 @@ index 0000000..526ad31 + + + ++ ++ File Equivalency ++ True ++ True ++ True ++ False ++ none ++ 0 ++ ++ ++ ++ True ++ True ++ 2 ++ ++ ++ + + Users + True @@ -520065,7 +520237,7 @@ index 0000000..526ad31 + + True + True -+ 2 ++ 3 + + + @@ -520082,7 +520254,7 @@ index 0000000..526ad31 + + True + True -+ 3 ++ 4 + + + @@ -520369,6 +520541,14 @@ index 0000000..526ad31 + + executable_files_treemodelfilter + ++ ++ ++ ++ ++ ++ ++ ++ + + + @@ -520548,6 +520728,8 @@ index 0000000..526ad31 + + + ++ ++ + + + @@ -520975,6 +521157,12 @@ index 0000000..526ad31 + 5 + 2 + ++ ++ ++ ++ ++ ++ + + True + False @@ -521051,6 +521239,7 @@ index 0000000..526ad31 + True + False + login_seuser_liststore ++ + + + @@ -521108,12 +521297,6 @@ index 0000000..526ad31 + + + -+ -+ -+ -+ -+ -+ + + True + @@ -521448,6 +521631,10 @@ index 0000000..526ad31 + + + ++ ++ ++ ++ + + + @@ -521456,204 +521643,6 @@ index 0000000..526ad31 + + + -+ -+ False -+ Network Port Definitions -+ False -+ True -+ center-on-parent -+ SELinux_window -+ -+ -+ -+ True -+ False -+ vertical -+ -+ -+ True -+ False -+ 0 -+ 10 -+ Add User Roles. SELinux User Roles will be created when Update is applied. -+ fill -+ True -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 5 -+ 2 -+ -+ -+ -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ 10 -+ SELinux User Name -+ -+ -+ -+ -+ -+ -+ -+ True -+ True -+ -+ False -+ False -+ -+ -+ 1 -+ 2 -+ -+ -+ -+ -+ True -+ False -+ 0 -+ 10 -+ SELinux Roles -+ -+ -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ 10 -+ Advanced >> -+ True -+ -+ -+ -+ -+ -+ -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ False -+ 0 -+ 10 -+ MLS -+ -+ -+ 3 -+ 4 -+ -+ -+ -+ -+ -+ 360 -+ True -+ False -+ user_roles_liststore -+ -+ -+ -+ 0 -+ -+ -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ Save to update -+ True -+ True -+ True -+ -+ -+ -+ False -+ True -+ end -+ 0 -+ -+ -+ -+ -+ Cancel -+ True -+ True -+ True -+ -+ -+ -+ False -+ True -+ end -+ 1 -+ -+ -+ -+ -+ 1 -+ 2 -+ 4 -+ 5 -+ -+ -+ -+ -+ True -+ -+ False -+ False -+ -+ -+ 1 -+ 2 -+ 3 -+ 4 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ + + + @@ -521702,7 +521691,7 @@ index 0000000..526ad31 + False + vertical + -+ ++ + True + False + @@ -521905,6 +521894,20 @@ index 0000000..526ad31 + + + ++ ++ radiobutton ++ False ++ False ++ 0 ++ False ++ ++ ++ False ++ True ++ 9 ++ ++ ++ + + True + False @@ -521922,7 +521925,7 @@ index 0000000..526ad31 + False + False + end -+ 10 ++ 11 + + + @@ -522082,13 +522085,13 @@ index 0000000..526ad31 +allow alternative access control. + boolean_treemodelsort + True ++ + + + + + + -+ autosize + Enabled + True + 0 @@ -522197,6 +522200,7 @@ index 0000000..526ad31 + 0 + True + ++ + + + @@ -522303,6 +522307,7 @@ index 0000000..526ad31 + writable_files_treemodelsort + True + ++ + + + @@ -522416,6 +522421,7 @@ index 0000000..526ad31 + 0 + True + ++ + + + @@ -522570,6 +522576,7 @@ index 0000000..526ad31 + True + True + ++ + + + @@ -522662,6 +522669,7 @@ index 0000000..526ad31 + True + True + ++ + + + @@ -522792,7 +522800,6 @@ index 0000000..526ad31 + + + True -+ autosize + Boolean +Enabled + True @@ -523045,12 +523052,11 @@ index 0000000..526ad31 + True + True + True -+ If-Then-Else rules written in policy that can -+allow alternative access control. + login_liststore + 0 + True -+ ++ ++ + + + @@ -523058,16 +523064,12 @@ index 0000000..526ad31 + + True + fixed -+ 240 + Login Name + True + True + 0 + -+ -+ word -+ 360 -+ ++ + + 0 + @@ -523076,6 +523078,7 @@ index 0000000..526ad31 + + + ++ True + fixed + SELinux User + True @@ -523090,6 +523093,19 @@ index 0000000..526ad31 + + + ++ ++ ++ True ++ MLS Range ++ 2 ++ ++ ++ ++ 2 ++ ++ ++ ++ + + + True @@ -523129,14 +523145,14 @@ index 0000000..526ad31 + True + 0 + True -+ ++ ++ + + + + + + True -+ fixed + 240 + SELinux User + True @@ -523155,7 +523171,7 @@ index 0000000..526ad31 + + + -+ fixed ++ True + SELinux Roles + True + True @@ -523170,6 +523186,33 @@ index 0000000..526ad31 + + + ++ ++ ++ Default Level ++ True ++ 2 ++ ++ ++ ++ 2 ++ ++ ++ ++ ++ ++ ++ True ++ MLS Range ++ True ++ 3 ++ ++ ++ ++ 3 ++ ++ ++ ++ + + + True @@ -523818,6 +523861,48 @@ index 0000000..526ad31 + + + ++ ++ True ++ True ++ file_equiv_liststore ++ ++ ++ ++ ++ ++ True ++ Source ++ ++ ++ ++ ++ ++ ++ ++ True ++ Destination ++ ++ ++ ++ ++ ++ ++ ++ 8 ++ ++ ++ ++ ++ True ++ False ++ Files Equivalence ++ ++ ++ 8 ++ False ++ ++ ++ + + True + False @@ -523827,7 +523912,7 @@ index 0000000..526ad31 + True + + -+ 8 ++ 9 + + + @@ -523837,7 +523922,7 @@ index 0000000..526ad31 + 0 + + -+ 8 ++ 9 + False + + @@ -524530,6 +524615,204 @@ index 0000000..526ad31 + + + ++ ++ False ++ Network Port Definitions ++ False ++ True ++ center-on-parent ++ SELinux_window ++ ++ ++ ++ True ++ False ++ vertical ++ ++ ++ True ++ False ++ 0 ++ 10 ++ Add User Roles. SELinux User Roles will be created when Update is applied. ++ fill ++ True ++ ++ ++ True ++ True ++ 0 ++ ++ ++ ++ ++ True ++ False ++ 5 ++ 2 ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ False ++ 0 ++ 10 ++ SELinux User Name ++ ++ ++ ++ ++ ++ ++ ++ True ++ True ++ ++ False ++ False ++ ++ ++ 1 ++ 2 ++ ++ ++ ++ ++ True ++ False ++ 0 ++ 10 ++ SELinux Roles ++ ++ ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ True ++ False ++ 0 ++ 10 ++ Advanced >> ++ True ++ ++ ++ ++ ++ ++ ++ 2 ++ 3 ++ ++ ++ ++ ++ ++ False ++ 0 ++ 10 ++ MLS ++ ++ ++ 3 ++ 4 ++ ++ ++ ++ ++ ++ 360 ++ True ++ False ++ user_roles_liststore ++ ++ ++ ++ 0 ++ ++ ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ ++ ++ ++ ++ True ++ False ++ ++ ++ Save to update ++ True ++ True ++ True ++ ++ ++ ++ False ++ True ++ end ++ 0 ++ ++ ++ ++ ++ Cancel ++ True ++ True ++ True ++ ++ ++ ++ False ++ True ++ end ++ 1 ++ ++ ++ ++ ++ 1 ++ 2 ++ 4 ++ 5 ++ ++ ++ ++ ++ True ++ ++ False ++ False ++ ++ ++ 1 ++ 2 ++ 3 ++ 4 ++ ++ ++ ++ ++ True ++ True ++ 1 ++ ++ ++ ++ ++ + + False + True @@ -524991,10 +525274,15 @@ index 79f3997..1ff9d2c 100644 ') """ diff --git a/policycoreutils/sepolicy/sepolicy/transition.py b/policycoreutils/sepolicy/sepolicy/transition.py -index 5850622..5e308e3 100755 +index 5850622..1688c97 100755 --- a/policycoreutils/sepolicy/sepolicy/transition.py +++ b/policycoreutils/sepolicy/sepolicy/transition.py -@@ -64,8 +64,9 @@ class setrans: +@@ -60,12 +60,18 @@ class setrans: + + def out(self, name, seen=[], header=""): + buf = "" ++ boolean_text="" + if name in seen: return buf seen.append(name) @@ -525002,7 +525290,11 @@ index 5850622..5e308e3 100755 - buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"]) + if "map" in self.sdict[name]: + for t in self.sdict[name]["map"]: -+ buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"]) ++ cond=sepolicy.get_conditionals(t["source"], t["transtype"],"process",["transition"]) ++ if cond: ++ buf += "%s%s @ %s --> %s %s\n" % (header, t["source"], t["target"], t["transtype"], sepolicy.get_conditionals_format_text(cond)) ++ else: ++ buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"]) if "child" in self.sdict[name]: for x in self.sdict[name]["child"]: @@ -525500,7 +525792,7 @@ index 38abeb8..916a58c 100644 -getsebool(8), booleans(8), togglesebool(8) +getsebool(8), booleans(8), togglesebool(8), semanage(8) diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c -index 86578f7..3ef37a0 100644 +index 86578f7..29146a8 100644 --- a/policycoreutils/setsebool/setsebool.c +++ b/policycoreutils/setsebool/setsebool.c @@ -10,6 +10,8 @@ @@ -525566,21 +525858,18 @@ index 86578f7..3ef37a0 100644 managed = semanage_is_managed(handle); if (managed < 0) { fprintf(stderr, -@@ -166,13 +177,25 @@ static int semanage_set_boolean_list(size_t boolcnt, +@@ -166,13 +177,22 @@ static int semanage_set_boolean_list(size_t boolcnt, if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0) goto err; + + semanage_bool_exists(handle, bool_key, &result); + if ( !result ) { -+ fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name); -+ goto err; -+ } -+ -+ semanage_bool_exists_local(handle, bool_key, &result); -+ if ( !result ) { -+ fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name); -+ goto err; ++ semanage_bool_exists_local(handle, bool_key, &result); ++ if ( !result ) { ++ fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name); ++ goto err; ++ } + } if (semanage_bool_modify_local(handle, bool_key, @@ -525593,7 +525882,7 @@ index 86578f7..3ef37a0 100644 boollist[j].name); goto err; } -@@ -194,7 +217,6 @@ static int semanage_set_boolean_list(size_t boolcnt, +@@ -194,7 +214,6 @@ static int semanage_set_boolean_list(size_t boolcnt, semanage_bool_key_free(bool_key); semanage_bool_free(boolean); semanage_handle_destroy(handle); diff --git a/policycoreutils.spec b/policycoreutils.spec index 1df55d9..a70a11a 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 80%{?dist} +Release: 81%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -16,6 +16,7 @@ Source1:git://oss.tresys.com/git/selinux/sepolgen-%{sepolgenver}.tgz URL: http://www.selinuxproject.org Source2: policycoreutils_man_ru2.tar.bz2 Source3: system-config-selinux.png +Source4: sepolicy-help.tgz Patch: policycoreutils-rhat.patch Patch1: policycoreutils-sepolgen.patch Obsoletes: policycoreutils < 2.0.61-2 @@ -49,9 +50,10 @@ to switch roles. %setup -q -a 1 %patch -p2 -b .rhat %patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver} +cp %{SOURCE3} gui/ +tar xvf %{SOURCE4} %build -cp %{SOURCE3} gui/ make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all @@ -84,11 +86,16 @@ desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ --add-category Settings \ %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop +desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ + --add-category Settings \ + %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop + desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop +rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop %find_lang %{name} @@ -120,7 +127,7 @@ an SELinux environment. %dir %{python_sitearch}/sepolicy %{python_sitearch}/sepolicy/*so %{python_sitearch}/sepolicy/templates -%{python_sitearch}/sepolicy/help +%dir %{python_sitearch}/sepolicy/help %{python_sitearch}/sepolicy/help/* %{python_sitearch}/sepolicy/__init__.py* %{python_sitearch}/sepolicy/booleans.py* @@ -228,6 +235,7 @@ system-config-selinux is a utility for managing the SELinux environment %files gui %{_bindir}/system-config-selinux %{_bindir}/selinux-polgengui +%{_datadir}/applications/sepolicy.desktop %{_datadir}/applications/system-config-selinux.desktop %{_datadir}/applications/selinux-polgengui.desktop %{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png @@ -336,6 +344,10 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Wed Sep 18 2013 Dan Walsh - 2.1.14-81 +- Add back in the help png files +- Begin Adding support for file equivalency. + * Wed Sep 4 2013 Dan Walsh - 2.1.14-80 - Random fixes for sepolicy gui * Do not prompt for password until you make a change diff --git a/sepolicy-help.tgz b/sepolicy-help.tgz new file mode 100644 index 0000000..fd579a5 Binary files /dev/null and b/sepolicy-help.tgz differ