rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-4

Browse Source 
- Allow policy writer to select user types to transition to there users
This commit is contained in:
Daniel J Walsh 2007-10-01 21:45:35 +00:00
parent 8f66192228
commit 76680e0455
2 changed files with 239 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

374
policycoreutils-gui.patch
View File

@ -1,7 +1,7 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.27/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/booleansPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,236 @@
+++ policycoreutils-2.0.27/gui/booleansPage.py 2007-10-01 17:22:52.000000000 -0400
@@ -0,0 +1,254 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
+#
@ -175,6 +175,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+ self.typeLabel = xml.get_widget("typeLabel")
+ self.modifySeparator = xml.get_widget("modifySeparator")
+
+ self.revertButton = xml.get_widget("booleanRevertButton")
+ self.revertButton.set_sensitive(self.local)
+ listStore = gtk.ListStore(gobject.TYPE_STRING)
+ cell = gtk.CellRendererText()
+
@ -194,6 +196,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+ self.filter=""
+ self.load(self.filter)
+
+ def deleteDialog(self):
+ store, iter = self.booleansView.get_selection().get_selected()
+ boolean = store.get_value(iter, 2)
+ if boolean == None:
+ return
+ try:
+ (rc, out) = commands.getstatusoutput("semanage boolean -d %s" % boolean)
+
+ if rc != 0:
+ return self.error(out)
+ self.load(self.filter)
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
@ -230,6 +246,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+
+ def on_local_clicked(self, button):
+ self.local = not self.local
+ self.revertButton.set_sensitive(self.local)
+
+ if self.local:
+ button.set_label(_("all"))
+ else:
@ -919,8 +937,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.27/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgen.glade 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,2386 @@
+++ policycoreutils-2.0.27/gui/polgen.glade 2007-09-28 15:35:53.000000000 -0400
@@ -0,0 +1,2461 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@ -1726,6 +1744,80 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="user_transition_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select user types that will transition to this domain</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="user_transition_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the user types that will transiton to this applications domains.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label30">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label30</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="admin_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select additional domains that this user will administer</property>
@ -1777,9 +1869,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label30">
+ <widget class="GtkLabel" id="label31">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label30</property>
+ <property name="label" translatable="yes">label31</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -1802,7 +1894,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <child>
+ <widget class="GnomeDruidPageStandard" id="roles_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select additioanl roles for this user</property>
+ <property name="title" translatable="yes">Select additional roles for this user</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
@ -1851,9 +1943,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label31">
+ <widget class="GtkLabel" id="label32">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label31</property>
+ <property name="label" translatable="yes">label32</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2274,9 +2366,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label32">
+ <widget class="GtkLabel" id="label33">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label32</property>
+ <property name="label" translatable="yes">label33</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2300,6 +2392,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <widget class="GnomeDruidPageStandard" id="out_net_page">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user connects to. </property>
+ <property name="title" translatable="yes"></property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox7">
+ <property name="border_width">16</property>
@ -2398,7 +2492,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <widget class="GtkEntry" id="out_tcp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@ -2530,7 +2623,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <child>
+ <widget class="GtkEntry" id="out_udp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@ -2590,9 +2683,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label33">
+ <widget class="GtkLabel" id="label34">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label33</property>
+ <property name="label" translatable="yes">label34</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2722,9 +2815,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label34">
+ <widget class="GtkLabel" id="label35">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label34</property>
+ <property name="label" translatable="yes">label35</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -3052,9 +3145,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label35">
+ <widget class="GtkLabel" id="label43">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label35</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -3168,7 +3261,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label43">
+ <widget class="GtkLabel" id="label44">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
@ -3195,7 +3288,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <property name="visible">True</property>
+ <property name="position">GNOME_EDGE_FINISH</property>
+ <property name="title" translatable="yes">Generated Policy Files</property>
+ <property name="text" translatable="yes">This tool will generate the following: Type Enforcment(te), File Context(fc), Interface(if), Shell Script(sh).
+ <property name="text" translatable="yes">This tool will generate the following: Type Enforcement(te), File Context(fc), Interface(if), Shell Script(sh).
+Execute shell script to compile/install and relabel files/directories. Now you can put the machine in permissive mode (setenforce 0).
+Run/restart the application to generate avc messages.
+Use audit2allow -R to generate additional rules for the te file.
@ -3208,7 +3301,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label44">
+ <widget class="GtkLabel" id="label45">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
@ -3309,8 +3402,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.27/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgengui.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,476 @@
+++ policycoreutils-2.0.27/gui/polgengui.py 2007-09-28 15:36:01.000000000 -0400
@@ -0,0 +1,495 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@ -3390,14 +3483,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ SELECT_TYPE_PAGE = 1
+ APP_PAGE = 2
+ TRANSITION_PAGE = 3
+ ADMIN_PAGE = 4
+ ROLE_PAGE = 5
+ IN_NET_PAGE = 6
+ OUT_NET_PAGE = 7
+ COMMON_APPS_PAGE = 8
+ FILES_PAGE = 9
+ GEN_POLICY_PAGE = 10
+ FINISH_PAGE = 11
+ USER_TRANSITION_PAGE = 4
+ ADMIN_PAGE = 5
+ ROLE_PAGE = 6
+ IN_NET_PAGE = 7
+ OUT_NET_PAGE = 8
+ COMMON_APPS_PAGE = 9
+ FILES_PAGE = 10
+ GEN_POLICY_PAGE = 11
+ FINISH_PAGE = 12
+
+ def __init__(self):
+ self.xml = xml
@ -3420,6 +3514,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE]
+ for i in polgen.APPLICATIONS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+
+ self.current_page = 0
+ self.back_button.set_sensitive(0)
@ -3468,6 +3563,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.role_store.set_value(iter, 0, i[:-2])
+
+ self.types = commands.getoutput("/usr/bin/seinfo -t").split()[2:]
+
+ self.transition_treeview = self.xml.get_widget("transition_treeview")
+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.transition_treeview.set_model(self.transition_store)
@ -3476,6 +3572,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.transition_treeview.append_column(col)
+
+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.user_transition_treeview.set_model(self.user_transition_store)
+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.user_transition_treeview.append_column(col)
+
+ for i in polgen.get_users():
+ iter = self.user_transition_store.append()
+ self.user_transition_store.set_value(iter, 0, i)
+
+ self.admin_treeview = self.xml.get_widget("admin_treeview")
+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.admin_treeview.set_model(self.admin_store)
@ -3608,6 +3716,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
+ if self.get_type() is polgen.DAEMON:
+ my_policy.set_init_script(self.init_script_entry.get_text())
+ if self.get_type() == polgen.USER:
+ selected = []
+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
+ my_policy.set_transition_users(selected)
+ else:
+ if self.get_type() == polgen.RUSER:
+ selected = []
@ -3789,8 +3901,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.27/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgen.py 2007-09-27 15:04:11.000000000 -0400
@@ -0,0 +1,740 @@
+++ policycoreutils-2.0.27/gui/polgen.py 2007-09-28 15:36:04.000000000 -0400
@@ -0,0 +1,759 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@ -3858,6 +3970,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
+ sys.exit(1)
+
+def get_users():
+ users = []
+ userdict = seobject.seluserRecords().get_all()
+ for i in userdict.keys():
+ if userdict[i][0] not in users:
+ users.append(userdict[i][0])
+ users.sort()
+ return users
+
+
+ALL = 0
+RESERVED = 1
@ -3908,8 +4029,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ def __init__(self, name, type):
+ ports = seobject.portRecords()
+ self.dict = ports.get_all()
+
+ self.ports = ports.get_all()
+
+ self.DEFAULT_DIRS = {}
+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
@ -3960,6 +4081,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ def set_transition_domains(self, transition_domains):
+ self.transition_domains = transition_domains
+
+ def set_transition_users(self, transition_users):
+ self.transition_users = transition_users
+
+ def use_in_udp(self):
+ return self.__isnetset(self.in_udp)
+
@ -3982,9 +4106,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return self.use_tcp() or self.use_udp()
+
+ def find_port(self, port):
+ for begin,end in self.dict.keys():
+ for begin,end in self.ports.keys():
+ if port >= begin and port <= end:
+ return self.dict[begin,end]
+ return self.ports[begin,end]
+ return None
+
+ def set_program(self, program):
@ -4178,6 +4302,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ for app in self.transition_domains:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
+ newte += re.sub("APPLICATION", app, tmp)
+
+ if self.type == USER:
+ for u in self.transition_users:
+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
+ newte += re.sub("USER", u, temp)
+
+ return newte
+
+ def generate_admin_rules(self):
@ -4477,6 +4607,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ mypolicy.set_use_pam(True)
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
+ mypolicy.set_out_tcp(0,"8000")
+ mypolicy.set_transition_users(["unconfined", "staff"])
+ print mypolicy.generate("/var/tmp")
+
+
@ -4533,8 +4664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.27/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/portsPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,247 @@
+++ policycoreutils-2.0.27/gui/portsPage.py 2007-10-01 17:44:08.000000000 -0400
@@ -0,0 +1,251 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
@ -4586,6 +4717,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+class portsPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "ports", "Network Port")
+ xml.signal_connect("on_group_clicked", self.on_group_clicked)
+ self.group = False
+ self.ports_filter = xml.get_widget("portsFilterEntry")
+ self.ports_filter.connect("focus_out_event", self.filter_changed)
+ self.ports_filter.connect("activate", self.filter_changed)
@ -4596,8 +4729,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ self.ports_add_button = xml.get_widget("portsAddButton")
+ self.ports_properties_button = xml.get_widget("portsPropertiesButton")
+ self.ports_delete_button = xml.get_widget("portsDeleteButton")
+ self.ports_group_togglebutton = xml.get_widget("portsGroupTogglebutton")
+ self.ports_group_togglebutton.connect("toggled", self.group_toggle)
+ liststore = self.ports_protocol_combo.get_model()
+ iter = liststore.get_iter_first()
+ self.ports_protocol_combo.set_active_iter(iter)
@ -4640,17 +4771,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ self.view.append_column(col)
+ self.store.set_sort_func(PORT_COL,self.sort_int, "")
+
+ def group_toggle(self, button):
+ self.edit = not button.get_active()
+ self.ports_add_button.set_sensitive(self.edit)
+ self.ports_properties_button.set_sensitive(self.edit)
+ self.ports_delete_button.set_sensitive(self.edit)
+ self.mls_col.set_visible(self.edit)
+ if self.edit:
+ self.load(self.filter)
+ else:
+ self.group_load(self.filter)
+
+ def sort_int(self, treemodel, iter1, iter2, user_data):
+ try:
+ p1 = int(treemodel.get_value(iter1,2))
@ -4666,7 +4786,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ def load(self,filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
+ dict = self.port.get_all()
+ dict = self.port.get_all(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
@ -4687,7 +4807,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ def group_load(self, filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
+ dict = self.port.get_all_by_type()
+ dict = self.port.get_all_by_type(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
@ -4781,7 +4901,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ self.store.set_value(iter, PROTOCOL_COL, protocol)
+ self.store.set_value(iter, MLS_COL, mls)
+
+ def on_group_clicked(self, button):
+ self.ports_add_button.set_sensitive(self.group)
+ self.ports_properties_button.set_sensitive(self.group)
+ self.ports_delete_button.set_sensitive(self.group)
+ self.mls_col.set_visible(self.group)
+
+ self.group = not self.group
+ if self.group:
+ button.set_label(_("List View"))
+ self.group_load(self.filter)
+ else:
+ button.set_label(_("Group View"))
+ self.load(self.filter)
+
+ return True
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.27/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/selinux.tbl 2007-09-27 11:20:32.000000000 -0400
@ -5457,8 +5592,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.27/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/system-config-selinux.glade 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,3393 @@
+++ policycoreutils-2.0.27/gui/system-config-selinux.glade 2007-10-01 17:44:01.000000000 -0400
@@ -0,0 +1,3339 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@ -7345,9 +7480,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton33">
+ <widget class="GtkToolButton" id="booleanRevertButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Revert boolean setting to default</property>
+ <property name="tooltip" translatable="yes">Revert boolean setting to system default</property>
+ <property name="stock_id">gtk-revert-to-saved</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
@ -8367,92 +8502,38 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ </child>
+
+ <child>
+ <widget class="GtkToolItem" id="toolitem1">
+ <widget class="GtkToolButton" id="listViewButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
+ <property name="label" translatable="yes">Group View</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-indent</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+
+ <child>
+ <widget class="GtkToggleButton" id="portsGroupTogglebutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Group/ungroup network ports by SELinux type.</property>
+ <property name="can_focus">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <signal name="toggled" handler="on_groupview_toggled" last_modification_time="Wed, 15 Nov 2006 16:55:38 GMT"/>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment3">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">0</property>
+ <property name="yscale">0</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">0</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox5">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">2</property>
+
+ <child>
+ <widget class="GtkImage" id="image1">
+ <property name="visible">True</property>
+ <property name="stock">gtk-indent</property>
+ <property name="icon_size">4</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label46">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Group View</property>
+ <property name="use_underline">True</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ <signal name="clicked" handler="on_group_clicked" last_modification_time="Mon, 01 Oct 2007 21:31:19 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton35">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
+ <property name="label" translatable="yes">Customized</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-find</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
@ -9033,8 +9114,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.27/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/executable.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,278 @@
+++ policycoreutils-2.0.27/gui/templates/executable.py 2007-09-28 15:36:45.000000000 -0400
@@ -0,0 +1,291 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@ -9179,6 +9260,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+auth_domtrans_chk_passwd(TEMPLATETYPE_t)
+"""
+
+te_userapp_trans_rules="""
+optional_policy(`
+ gen_require(`
+ type USER_t;
+ type USER_devpts_t;
+ type USER_tty_device_t;
+ role USER_r;
+ ')
+
+ TEMPLATETYPE_run(USER_t, USER_r, { USER_tty_device_t USER_devpts_t })
+')
+"""
+
+########################### Interface File #############################
+if_program_rules="""
+## <summary>policy for TEMPLATETYPE</summary>

7
policycoreutils.spec
View File

@ -1,4 +1,4 @@
%define libauditver 1.4.2-1
%define libauditver 1.4.2-1
%define libsepolver 2.0.10-1
%define libsemanagever 2.0.5-1
%define libselinuxver 2.0.34-1
@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.27
Release: 3%{?dist}
Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -199,6 +199,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-4
- Allow policy writer to select user types to transition to there users
* Thu Sep 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-3
- Fix bug in building policy with polgengui
- Creating ports correctly