diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2006-01-05 10:35:49.000000000 -0500 +++ policycoreutils-1.29.5/scripts/genhomedircon 2006-01-10 14:10:21.000000000 -0500 @@ -144,7 +144,7 @@ for i in fd.read().split('\n'): if i.find("HOME_ROOT") == 0: i=i.replace("HOME_ROOT", homedir) - ret = i+"\n" + ret += i+"\n" fd.close() if ret=="": errorExit("No Home Root Context Found") @@ -162,9 +162,10 @@ for idx in range(self.usize): user = semanage_user_by_idx(self.ulist, idx) if semanage_user_get_name(user) == name: - #role=semanage_user_get_defrole(user) - #return role - return "user_r" + if name == "staff_u" or name == "root" and self.type != "targeted": + return "staff_r" + else: + return "user_r" return name def getOldRole(self, role): rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s"' % role, "=") diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile --- nsapolicycoreutils/semanage/Makefile 2005-11-29 10:55:01.000000000 -0500 +++ policycoreutils-1.29.5/semanage/Makefile 2006-01-06 14:34:47.000000000 -0500 @@ -2,6 +2,8 @@ PREFIX ?= ${DESTDIR}/usr SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man +PYLIBVER ?= python2.4 +PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) TARGETS=semanage @@ -12,6 +14,8 @@ -mkdir -p $(SBINDIR) install -m 755 semanage $(SBINDIR) install -m 644 semanage.8 $(MANDIR)/man8 + test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages + install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages clean: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500 +++ policycoreutils-1.29.5/semanage/semanage 2006-01-06 14:41:04.000000000 -0500 @@ -20,345 +20,9 @@ # 02111-1307 USA # # -import commands, sys, os, pwd, string, getopt, pwd -from semanage import *; -class loginRecords: - def __init__(self): - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) - - def add(self, name, sename, serange): - if serange == "": - serange = "s0" - if sename == "": - sename = "user_u" - - (rc,k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - - (rc,exists) = semanage_seuser_exists(self.sh, k) - if exists: - raise ValueError("SELinux User %s mapping already defined" % name) - try: - pwd.getpwnam(name) - except: - raise ValueError("Linux User %s does not exist" % name) - - (rc,u) = semanage_seuser_create(self.sh) - if rc < 0: - raise ValueError("Could not create seuser for %s" % name) - - semanage_seuser_set_name(self.sh, u, name) - semanage_seuser_set_mlsrange(self.sh, u, serange) - semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) - semanage_seuser_add(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user mapping") - - def modify(self, name, sename = "", serange = ""): - (rc,k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - - if sename == "" and serange == "": - raise ValueError("Requires, seuser or serange") - - (rc,exists) = semanage_seuser_exists(self.sh, k) - if exists: - (rc,u) = semanage_seuser_query(self.sh, k) - if rc < 0: - raise ValueError("Could not query seuser for %s" % name) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) - - if serange != "": - semanage_seuser_set_mlsrange(self.sh, u, serange) - if sename != "": - semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) - semanage_seuser_modify(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user mapping") - - - def delete(self, name): - (rc,k) = semanage_seuser_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - - (rc,exists) = semanage_seuser_exists(self.sh, k) - if not exists: - raise ValueError("SELinux user %s mapping is not defined." % name) - semanage_begin_transaction(self.sh) - semanage_seuser_del(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("SELinux User %s mapping not defined" % name) - - def list(self,heading=1): - if heading: - print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") - (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) - for idx in range(self.usize): - u = semanage_seuser_by_idx(self.ulist, idx) - name = semanage_seuser_get_name(u) - print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) - -class seluserRecords: - def __init__(self): - roles = [] - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) - - def add(self, name, roles, selevel, serange): - if serange == "": - serange = "s0" - if selevel == "": - selevel = "s0" - - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - - (rc,exists) = semanage_user_exists_local(self.sh, k) - if not exists: - (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("SELinux user %s is already defined." % name) - - (rc,u) = semanage_user_create(self.sh) - if rc < 0: - raise ValueError("Could not create login mapping for %s" % name) - - semanage_user_set_name(self.sh, u, name) - for r in roles: - semanage_user_add_role(self.sh, u, r) - semanage_user_set_mlsrange(self.sh, u, serange) - semanage_user_set_mlslevel(self.sh, u, selevel) - (rc,key) = semanage_user_key_extract(self.sh,u) - if rc < 0: - raise ValueError("Could not extract key for %s" % name) - - semanage_begin_transaction(self.sh) - semanage_user_add_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user") - - def modify(self, name, roles = [], selevel = "", serange = ""): - if len(roles) == 0 and serange == "" and selevel == "": - raise ValueError("Requires, roles, level or range") - - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - - (rc,exists) = semanage_user_exists_local(self.sh, k) - if exists: - (rc,u) = semanage_user_query_local(self.sh, k) - else: - (rc,exists) = semanage_user_exists(self.sh, k) - if exists: - (rc,u) = semanage_user_query(self.sh, k) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) - if rc < 0: - raise ValueError("Could not query user for %s" % name) - - if serange != "": - semanage_user_set_mlsrange(self.sh, u, serange) - if selevel != "": - semanage_user_set_mlslevel(self.sh, u, selevel) - if len(roles) < 0: - for r in roles: - semanage_user_add_role(self.sh, u, r) - semanage_begin_transaction(self.sh) - semanage_user_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user") - - def delete(self, name): - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not crpppeate a key for %s" % name) - - (rc,exists) = semanage_user_exists_local(self.sh, k) - if not exists: - raise ValueError("user %s is not defined" % name) - semanage_begin_transaction(self.sh) - semanage_user_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Login User %s not defined" % name) - - def list(self, heading=1): - if heading: - print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") - print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") - (status, self.ulist, self.usize) = semanage_user_list(self.sh) - for idx in range(self.usize): - u = semanage_user_by_idx(self.ulist, idx) - name = semanage_user_get_name(u) - (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) - roles = "" - - if rlist_size: - roles += char_by_idx(rlist, 0) - for ridx in range (1,rlist_size): - roles += " " + char_by_idx(rlist, ridx) - print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) - -class portRecords: - def __init__(self): - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) - - def __genkey(self, port, proto): - if proto == "tcp": - proto_d=SEMANAGE_PROTO_TCP - else: - if proto == "udp": - proto_d=SEMANAGE_PROTO_UDP - else: - raise ValueError("Protocol udp or tcp is required") - if port == "": - raise ValueError("Port is required") - - ports=port.split("-") - if len(ports) == 1: - low=string.atoi(ports[0]) - high=string.atoi(ports[0]) - else: - low=string.atoi(ports[0]) - high=string.atoi(ports[1]) - - (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) - if rc < 0: - raise ValueError("Could not create a key for %s/%s" % (proto, port)) - return ( k, proto_d, low, high ) - - def add(self, port, proto, serange, type): - if serange == "": - serange="s0" - - if type == "": - raise ValueError("Type is required") - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - - (rc,exists) = semanage_port_exists(self.sh, k) - if exists: - raise ValueError("Port %s/%s already defined" % (proto, port)) - - (rc,exists) = semanage_port_exists_local(self.sh, k) - if exists: - raise ValueError("Port %s/%s already defined locally" % (proto, port)) - - (rc,p) = semanage_port_create(self.sh) - if rc < 0: - raise ValueError("Could not create port for %s/%s" % (proto, port)) - - semanage_port_set_proto(p, proto_d) - semanage_port_set_range(p, low, high) - (rc, con) = semanage_context_create(self.sh) - if rc < 0: - raise ValueError("Could not create context for %s/%s" % (proto, port)) - - semanage_context_set_user(self.sh, con, "system_u") - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) - semanage_port_set_con(p, con) - semanage_begin_transaction(self.sh) - semanage_port_add_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") - - def modify(self, port, proto, serange, setype): - if serange == "" and setype == "": - raise ValueError("Requires, setype or serange") - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - - (rc,exists) = semanage_port_exists_local(self.sh, k) - if exists: - (rc,p) = semanage_port_query_local(self.sh, k) - (rc,exists) = semanage_port_exists(self.sh, k) - if exists: - (rc,p) = semanage_port_query(self.sh, k) - else: - raise ValueError("port %s/%s is not defined." % (proto,port)) +import sys, getopt +import seobject - if rc < 0: - raise ValueError("Could not query port for %s/%s" % (proto, port)) - - con = semanage_port_get_con(p) - semanage_context_set_mls(self.sh, con, serange) - if serange != "": - semanage_context_set_mls(self.sh, con, serange) - if setype != "": - semanage_context_set_type(self.sh, con, setype) - semanage_port_set_con(p, con) - semanage_begin_transaction(self.sh) - semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") - - def delete(self, port, proto): - ( k, proto_d, low, high ) = self.__genkey(port, proto) - (rc,exists) = semanage_port_exists_local(self.sh, k) - if not exists: - raise ValueError("port %s/%s is not defined localy." % (proto,port)) - - semanage_begin_transaction(self.sh) - semanage_port_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Port %s/%s not defined" % (proto,port)) - - def list(self, heading=1): - (status, self.plist, self.psize) = semanage_port_list(self.sh) - if heading: - print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") - dict={} - for idx in range(self.psize): - u = semanage_port_by_idx(self.plist, idx) - con = semanage_port_get_con(u) - name = semanage_context_get_type(con) - proto=semanage_port_get_proto_str(u) - low=semanage_port_get_low(u) - high = semanage_port_get_high(u) - if (name, proto) not in dict.keys(): - dict[(name,proto)]=[] - if low == high: - dict[(name,proto)].append("%d" % low) - else: - dict[(name,proto)].append("%d-%d" % (low, high)) - (status, self.plist, self.psize) = semanage_port_list_local(self.sh) - for idx in range(self.psize): - u = semanage_port_by_idx(self.plist, idx) - con = semanage_port_get_con(u) - name = semanage_context_get_type(con) - proto=semanage_port_get_proto_str(u) - low=semanage_port_get_low(u) - high = semanage_port_get_high(u) - if (name, proto) not in dict.keys(): - dict[(name,proto)]=[] - if low == high: - dict[(name,proto)].append("%d" % low) - else: - dict[(name,proto)].append("%d-%d" % (low, high)) - for i in dict.keys(): - rec = "%-30s %-8s " % i - rec += "%s" % dict[i][0] - for p in dict[i][1:]: - rec += ", %s" % p - print rec - if __name__ == '__main__': def usage(message = ""): @@ -366,8 +30,11 @@ semanage user [-admsRrh] SELINUX_USER\n\ semanage login [-admsrh] LOGIN_NAME\n\ semanage port [-admth] PORT | PORTRANGE\n\ +semanage interface [-admth] INTERFACE\n\ +semanage fcontext [-admhfst] INTERFACE\n\ -a, --add Add a OBJECT record NAME\n\ -d, --delete Delete a OBJECT record NAME\n\ + -f, --ftype File Type of OBJECT \n\ -h, --help display this message\n\ -l, --list List the OBJECTS\n\ -n, --noheading Do not print heading when listing OBJECTS\n\ @@ -391,7 +58,7 @@ # # try: - objectlist = ("login", "user", "port") + objectlist = ("login", "user", "port", "interface", "fcontext") input = sys.stdin output = sys.stdout serange = "" @@ -399,6 +66,7 @@ proto = "" selevel = "" setype = "" + ftype = "" roles = "" seuser = "" heading=1 @@ -416,9 +84,10 @@ args = sys.argv[2:] gopts, cmds = getopt.getopt(args, - 'adlhmnp:P:s:R:r:t:v', + 'adf:lhmnp:P:s:R:r:t:v', ['add', 'delete', + 'ftype=', 'help', 'list', 'modify', @@ -441,6 +110,8 @@ if modify or add: usage() delete = 1 + if o == "-f" or o == "--ftype": + ftype=a if o == "-h" or o == "--help": usage() @@ -474,13 +145,19 @@ verbose = 1 if object == "login": - OBJECT = loginRecords() + OBJECT = seobject.loginRecords() if object == "user": - OBJECT = seluserRecords() + OBJECT = seobject.seluserRecords() if object == "port": - OBJECT = portRecords() + OBJECT = seobject.portRecords() + + if object == "interface": + OBJECT = seobject.interfaceRecords() + + if object == "fcontext": + OBJECT = seobject.fcontextRecords() if list: OBJECT.list(heading) @@ -504,6 +181,11 @@ if object == "port": OBJECT.add(target, proto, serange, setype) + if object == "interface": + OBJECT.add(target, serange, setype) + + if object == "fcontext": + OBJECT.add(target, setype, ftype, serange, seuser) sys.exit(0); if modify: @@ -516,7 +198,13 @@ if object == "port": OBJECT.modify(target, proto, serange, setype) - sys.exit(0); + + if object == "interface": + OBJECT.modify(target, serange, setype) + + if object == "fcontext": + OBJECT.modify(target, setype, ftype, serange, seuser) + sys.exit(0); if delete: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.29.5/semanage/seobject.py 2006-01-06 14:30:39.000000000 -0500 @@ -0,0 +1,722 @@ +#! /usr/bin/env python +# Copyright (C) 2005 Red Hat +# see file 'COPYING' for use and warranty information +# +# semanage is a tool for managing SELinux configuration files +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# +# + +import pwd, string +from semanage import *; +class semanageRecords: + def __init__(self): + self.sh = semanage_handle_create() + self.semanaged = semanage_is_managed(self.sh) + if self.semanaged: + semanage_connect(self.sh) + +class loginRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def add(self, name, sename, serange): + if serange == "": + serange = "s0" + if sename == "": + sename = "user_u" + + (rc,k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_seuser_exists(self.sh, k) + if exists: + raise ValueError("SELinux User %s mapping already defined" % name) + try: + pwd.getpwnam(name) + except: + raise ValueError("Linux User %s does not exist" % name) + + (rc,u) = semanage_seuser_create(self.sh) + if rc < 0: + raise ValueError("Could not create seuser for %s" % name) + + semanage_seuser_set_name(self.sh, u, name) + semanage_seuser_set_mlsrange(self.sh, u, serange) + semanage_seuser_set_sename(self.sh, u, sename) + semanage_begin_transaction(self.sh) + semanage_seuser_add(self.sh, k, u) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add SELinux user mapping") + + def modify(self, name, sename = "", serange = ""): + (rc,k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + if sename == "" and serange == "": + raise ValueError("Requires, seuser or serange") + + (rc,exists) = semanage_seuser_exists(self.sh, k) + if exists: + (rc,u) = semanage_seuser_query(self.sh, k) + if rc < 0: + raise ValueError("Could not query seuser for %s" % name) + else: + raise ValueError("SELinux user %s mapping is not defined." % name) + + if serange != "": + semanage_seuser_set_mlsrange(self.sh, u, serange) + if sename != "": + semanage_seuser_set_sename(self.sh, u, sename) + semanage_begin_transaction(self.sh) + semanage_seuser_modify_local(self.sh, k, u) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to modify SELinux user mapping") + def delete(self, name): + (rc,k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_seuser_exists(self.sh, k) + if not exists: + raise ValueError("SELinux user %s mapping is not defined." % name) + semanage_begin_transaction(self.sh) + semanage_seuser_del(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("SELinux User %s mapping not defined" % name) + + def get_all(self): + dict={} + (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) + for idx in range(self.usize): + u = semanage_seuser_by_idx(self.ulist, idx) + name = semanage_seuser_get_name(u) + dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) + return dict + + def list(self,heading=1): + if heading: + print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") + dict=self.get_all() + keys=dict.keys() + keys.sort() + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1]) + +class seluserRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def add(self, name, roles, selevel, serange): + if serange == "": + serange = "s0" + if selevel == "": + selevel = "s0" + + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_user_exists(self.sh, k) + if not exists: + raise ValueError("SELinux user %s is already defined." % name) + + (rc,u) = semanage_user_create(self.sh) + if rc < 0: + raise ValueError("Could not create login mapping for %s" % name) + + semanage_user_set_name(self.sh, u, name) + for r in roles: + semanage_user_add_role(self.sh, u, r) + semanage_user_set_mlsrange(self.sh, u, serange) + semanage_user_set_mlslevel(self.sh, u, selevel) + (rc,key) = semanage_user_key_extract(self.sh,u) + if rc < 0: + raise ValueError("Could not extract key for %s" % name) + + semanage_begin_transaction(self.sh) + semanage_user_add_local(self.sh, k, u) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add SELinux user") + + def modify(self, name, roles = [], selevel = "", serange = ""): + if len(roles) == 0 and serange == "" and selevel == "": + raise ValueError("Requires, roles, level or range") + + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_user_exists(self.sh, k) + if exists: + (rc,u) = semanage_user_query(self.sh, k) + else: + raise ValueError("SELinux user %s mapping is not defined locally." % name) + if rc < 0: + raise ValueError("Could not query user for %s" % name) + + if serange != "": + semanage_user_set_mlsrange(self.sh, u, serange) + if selevel != "": + semanage_user_set_mlslevel(self.sh, u, selevel) + if len(roles) != 0: + for r in roles: + semanage_user_add_role(self.sh, u, r) + semanage_begin_transaction(self.sh) + semanage_user_modify_local(self.sh, k, u) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to modify SELinux user") + + def delete(self, name): + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not crpppeate a key for %s" % name) + (rc,exists) = semanage_user_exists(self.sh, k) + if not exists: + raise ValueError("user %s is not defined" % name) + else: + (rc,exists) = semanage_user_exists_local(self.sh, k) + if not exists: + raise ValueError("user %s is not defined locally, can not delete " % name) + + semanage_begin_transaction(self.sh) + semanage_user_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("Login User %s not defined" % name) + + def get_all(self): + dict={} + (status, self.ulist, self.usize) = semanage_user_list(self.sh) + for idx in range(self.usize): + u = semanage_user_by_idx(self.ulist, idx) + name = semanage_user_get_name(u) + (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) + roles = "" + + if rlist_size: + roles += char_by_idx(rlist, 0) + for ridx in range (1,rlist_size): + roles += " " + char_by_idx(rlist, ridx) + dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) + + return dict + + def list(self, heading=1): + if heading: + print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") + print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") + dict=self.get_all() + keys=dict.keys() + keys.sort() + for k in keys: + print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2]) + +class portRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def __genkey(self, port, proto): + if proto == "tcp": + proto_d=SEMANAGE_PROTO_TCP + else: + if proto == "udp": + proto_d=SEMANAGE_PROTO_UDP + else: + raise ValueError("Protocol udp or tcp is required") + if port == "": + raise ValueError("Port is required") + + ports=port.split("-") + if len(ports) == 1: + low=string.atoi(ports[0]) + high=string.atoi(ports[0]) + else: + low=string.atoi(ports[0]) + high=string.atoi(ports[1]) + + (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) + if rc < 0: + raise ValueError("Could not create a key for %s/%s" % (proto, port)) + return ( k, proto_d, low, high ) + + def add(self, port, proto, serange, type): + if serange == "": + serange="s0" + + if type == "": + raise ValueError("Type is required") + + ( k, proto_d, low, high ) = self.__genkey(port, proto) + + (rc,exists) = semanage_port_exists(self.sh, k) + if exists: + raise ValueError("Port %s/%s already defined" % (proto, port)) + + (rc,p) = semanage_port_create(self.sh) + if rc < 0: + raise ValueError("Could not create port for %s/%s" % (proto, port)) + + semanage_port_set_proto(p, proto_d) + semanage_port_set_range(p, low, high) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s/%s" % (proto, port)) + + semanage_context_set_user(self.sh, con, "system_u") + semanage_context_set_role(self.sh, con, "object_r") + semanage_context_set_type(self.sh, con, type) + semanage_context_set_mls(self.sh, con, serange) + semanage_begin_transaction(self.sh) + semanage_port_set_con(p, con) + semanage_port_add_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add port") + + def modify(self, port, proto, serange, setype): + if serange == "" and setype == "": + raise ValueError("Requires, setype or serange") + + ( k, proto_d, low, high ) = self.__genkey(port, proto) + + (rc,exists) = semanage_port_exists(self.sh, k) + if exists: + (rc,p) = semanage_port_query(self.sh, k) + else: + raise ValueError("port %s/%s is not defined." % (proto,port)) + + if rc < 0: + raise ValueError("Could not query port for %s/%s" % (proto, port)) + + con = semanage_port_get_con(p) + if rc < 0: + raise ValueError("Could not get port context for %s/%s" % (proto, port)) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + semanage_begin_transaction(self.sh) + semanage_port_modify_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add port") + + def delete(self, port, proto): + ( k, proto_d, low, high ) = self.__genkey(port, proto) + (rc,exists) = semanage_port_exists(self.sh, k) + if not exists: + raise ValueError("port %s/%s is not defined." % (proto,port)) + else: + (rc,exists) = semanage_port_exists_local(self.sh, k) + if not exists: + raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) + + semanage_begin_transaction(self.sh) + semanage_port_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("Port %s/%s not defined" % (proto,port)) + + def get_all(self): + dict={} + (status, self.plist, self.psize) = semanage_port_list(self.sh) + for idx in range(self.psize): + u = semanage_port_by_idx(self.plist, idx) + con = semanage_port_get_con(u) + name = semanage_context_get_type(con) + proto=semanage_port_get_proto_str(u) + low=semanage_port_get_low(u) + high = semanage_port_get_high(u) + if (name, proto) not in dict.keys(): + dict[(name,proto)]=[] + if low == high: + dict[(name,proto)].append("%d" % low) + else: + dict[(name,proto)].append("%d-%d" % (low, high)) + return dict + + def list(self, heading=1): + if heading: + print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") + dict=self.get_all() + keys=dict.keys() + keys.sort() + for i in keys: + rec = "%-30s %-8s " % i + rec += "%s" % dict[i][0] + for p in dict[i][1:]: + rec += ", %s" % p + print rec + +class interfaceRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def add(self, interface, serange, type): + if serange == "": + serange="s0" + + if type == "": + raise ValueError("SELinux Type is required") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if exists: + raise ValueError("Interface %s already defined" % interface) + + (rc,iface) = semanage_iface_create(self.sh) + if rc < 0: + raise ValueError("Could not create interface for %s" % (interface)) + + rc = semanage_iface_set_name(self.sh, iface, interface) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % interface) + + semanage_context_set_user(self.sh, con, "system_u") + semanage_context_set_role(self.sh, con, "object_r") + semanage_context_set_type(self.sh, con, type) + semanage_context_set_mls(self.sh, con, serange) + semanage_begin_transaction(self.sh) + semanage_iface_set_ifcon(iface, con) + semanage_iface_set_msgcon(iface, con) + semanage_iface_add_local(self.sh, k, iface) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add interface") + + def modify(self, interface, serange, setype): + if serange == "" and setype == "": + raise ValueError("Requires, setype or serange") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't creater key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if exists: + (rc,p) = semanage_iface_query(self.sh, k) + else: + raise ValueError("interface %s is not defined." % interface) + + if rc < 0: + raise ValueError("Could not query interface for %s" % interface) + + con = semanage_iface_get_ifcon(p) + if rc < 0: + raise ValueError("Could not get interface context for %s" % interface) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + + semanage_begin_transaction(self.sh) + semanage_iface_modify_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add interface") + + def delete(self, interface): + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: + raise ValueError("Can't create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if not exists: + raise ValueError("interface %s is not defined." % interface) + else: + (rc,exists) = semanage_iface_exists_local(self.sh, k) + if not exists: + raise ValueError("interface %s is not defined localy, can not be deleted." % interface) + + semanage_begin_transaction(self.sh) + semanage_iface_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("Interface %s not defined" % interface) + + def get_all(self): + dict={} + (status, self.plist, self.psize) = semanage_iface_list(self.sh) + if status < 0: + raise ValueError("Unable to list interfaces") + for idx in range(self.psize): + interface = semanage_iface_by_idx(self.plist, idx) + con = semanage_iface_get_ifcon(interface) + dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) + + return dict + + def list(self, heading=1): + if heading: + print "%-30s %s\n" % ("SELinux Interface", "Context") + dict=self.get_all() + keys=dict.keys() + keys.sort() + for k in keys: + print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3]) + +class fcontextRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + self.file_types={} + self.file_types[""] = SEMANAGE_FCONTEXT_ALL; + self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL; + self.file_types["--"] = SEMANAGE_FCONTEXT_REG; + self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG; + self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR; + self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR; + self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR; + self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR; + self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK; + self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK; + self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK; + self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK; + self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK; + self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE; + self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE; + + + def add(self, target, type, ftype="", serange="s0", seuser="system_u"): + if seuser == "": + seuser="system_u" + + if serange == "": + serange="s0" + + if type == "": + raise ValueError("SELinux Type is required") + + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't create key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + print (rc, exists, target) + if exists: + raise ValueError("fcontext %s already defined" % target) + (rc,fcontext) = semanage_fcontext_create(self.sh) + if rc < 0: + raise ValueError("Could not create fcontext for %s" % target) + + rc = semanage_fcontext_set_expr(self.sh, fcontext, target) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % target) + + semanage_context_set_user(self.sh, con, seuser) + semanage_context_set_role(self.sh, con, "object_r") + semanage_context_set_type(self.sh, con, type) + semanage_context_set_mls(self.sh, con, serange) + semanage_fcontext_set_type(fcontext, self.file_types[ftype]) + semanage_begin_transaction(self.sh) + semanage_fcontext_set_con(fcontext, con) + semanage_fcontext_add_local(self.sh, k, fcontext) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add fcontext") + + def modify(self, target, setype, ftype, serange, seuser): + if serange == "" and setype == "" and seuser == "": + raise ValueError("Requires, setype, serange or seuser") + + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't creater key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + if exists: + (rc,p) = semanage_fcontext_query(self.sh, k) + else: + raise ValueError("fcontext %s is not defined." % target) + if rc < 0: + raise ValueError("Could not query fcontext for %s" % target) + con = semanage_fcontext_get_con(p) + if rc < 0: + raise ValueError("Could not get fcontext context for %s" % target) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if seuser != "": + semanage_context_set_user(self.sh, con, seuser) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + + semanage_begin_transaction(self.sh) + semanage_fcontext_modify_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add fcontext") + + def delete(self, target): + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't create key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + if not exists: + raise ValueError("fcontext %s is not defined." % target) + else: + (rc,exists) = semanage_fcontext_exists_local(self.sh, k) + if not exists: + raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) + + semanage_begin_transaction(self.sh) + semanage_fcontext_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("fcontext %s not defined" % target) + + def get_all(self): + dict={} + (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) + if status < 0: + raise ValueError("Unable to list fcontexts") + + for idx in range(self.psize): + fcontext = semanage_fcontext_by_idx(self.plist, idx) + expr=semanage_fcontext_get_expr(fcontext) + ftype=semanage_fcontext_get_type_str(fcontext) + con = semanage_fcontext_get_con(fcontext) + if con: + dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) + else: + dict[expr, ftype]=con + + return dict + + def list(self, heading=1): + if heading: + print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") + dict=self.get_all() + keys=dict.keys() + for k in keys: + if dict[k]: + print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) + else: + print "%-50s %-18s <>" % (k[0], k[1]) + +class booleanRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) + + def add(self, target, type, ftype="", serange="s0", seuser="system_u"): + if seuser == "": + seuser="system_u" + + if serange == "": + serange="s0" + + if type == "": + raise ValueError("SELinux Type is required") + + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't create key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + print (rc, exists, target) + if exists: + raise ValueError("fcontext %s already defined" % target) + (rc,fcontext) = semanage_fcontext_create(self.sh) + if rc < 0: + raise ValueError("Could not create fcontext for %s" % target) + + rc = semanage_fcontext_set_expr(self.sh, fcontext, target) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % target) + + semanage_context_set_user(self.sh, con, seuser) + semanage_context_set_role(self.sh, con, "object_r") + semanage_context_set_type(self.sh, con, type) + semanage_context_set_mls(self.sh, con, serange) + semanage_fcontext_set_type(fcontext, self.file_types[ftype]) + semanage_begin_transaction(self.sh) + semanage_fcontext_set_con(fcontext, con) + semanage_fcontext_add_local(self.sh, k, fcontext) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add fcontext") + + def modify(self, target, setype, ftype, serange, seuser): + if serange == "" and setype == "" and seuser == "": + raise ValueError("Requires, setype, serange or seuser") + + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't creater key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + if exists: + (rc,p) = semanage_fcontext_query(self.sh, k) + else: + raise ValueError("fcontext %s is not defined." % target) + if rc < 0: + raise ValueError("Could not query fcontext for %s" % target) + con = semanage_fcontext_get_con(p) + if rc < 0: + raise ValueError("Could not get fcontext context for %s" % target) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if seuser != "": + semanage_context_set_user(self.sh, con, seuser) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + + semanage_begin_transaction(self.sh) + semanage_fcontext_modify_local(self.sh, k, p) + if semanage_commit(self.sh) < 0: + raise ValueError("Failed to add fcontext") + + def delete(self, target): + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: + raise ValueError("Can't create key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) + if not exists: + raise ValueError("fcontext %s is not defined." % target) + else: + (rc,exists) = semanage_fcontext_exists_local(self.sh, k) + if not exists: + raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) + + semanage_begin_transaction(self.sh) + semanage_fcontext_del_local(self.sh, k) + if semanage_commit(self.sh) < 0: + raise ValueError("fcontext %s not defined" % target) + + def get_all(self): + dict={} + (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) + if status < 0: + raise ValueError("Unable to list fcontexts") + + for idx in range(self.psize): + fcontext = semanage_fcontext_by_idx(self.plist, idx) + expr=semanage_fcontext_get_expr(fcontext) + ftype=semanage_fcontext_get_type_str(fcontext) + con = semanage_fcontext_get_con(fcontext) + if con: + dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) + else: + dict[expr, ftype]=con + + return dict + + def list(self, heading=1): + if heading: + print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") + dict=self.get_all() + keys=dict.keys() + for k in keys: + if dict[k]: + print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) + else: + print "%-50s %-18s <>" % (k[0], k[1]) + +