diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2006-01-13 09:47:40.000000000 -0500 +++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-14 08:39:02.000000000 -0500 @@ -327,6 +327,9 @@ sys.stderr.write("%s: %s\n" % ( sys.argv[0], error )) +if os.getuid() > 0 or os.geteuid() > 0: + print "You must be root to run %s." % sys.argv[0] + sys.exit(0) # # This script will generate home dir file context diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500 +++ policycoreutils-1.29.7/semanage/semanage 2006-01-14 08:38:35.000000000 -0500 @@ -20,10 +20,13 @@ # 02111-1307 USA # # -import sys, getopt +import os, sys, getopt import seobject if __name__ == '__main__': + if os.getuid() > 0 or os.geteuid() > 0: + print "You must be root to run %s." % sys.argv[0] + sys.exit(0) def usage(message = ""): print '\ @@ -186,6 +189,7 @@ if object == "fcontext": OBJECT.add(target, setype, ftype, serange, seuser) + sys.exit(0); if modify: @@ -210,8 +214,13 @@ if delete: if object == "port": OBJECT.delete(target, proto) + + if object == "fcontext": + OBJECT.delete(target, ftype) + else: OBJECT.delete(target) + sys.exit(0); usage() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500 +++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-14 01:50:09.000000000 -0500 @@ -46,7 +46,7 @@ (rc,exists) = semanage_seuser_exists(self.sh, k) if exists: - raise ValueError("SELinux User %s mapping already defined" % name) + raise ValueError("Login mapping for %s is already defined" % name) try: pwd.getpwnam(name) except: @@ -54,40 +54,65 @@ (rc,u) = semanage_seuser_create(self.sh) if rc < 0: - raise ValueError("Could not create seuser for %s" % name) + raise ValueError("Could not create login mapping for %s" % name) - semanage_seuser_set_name(self.sh, u, name) - semanage_seuser_set_mlsrange(self.sh, u, serange) - semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) - semanage_seuser_add(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user mapping") + rc = semanage_seuser_set_name(self.sh, u, name) + if rc < 0: + raise ValueError("Could not set name for %s" % name) + + rc = semanage_seuser_set_mlsrange(self.sh, u, serange) + if rc < 0: + raise ValueError("Could not set MLS range for %s" % name) + + rc = semanage_seuser_set_sename(self.sh, u, sename) + if rc < 0: + raise ValueError("Could not set SELinux user for %s" % name) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_seuser_modify(self.sh, k, u) + if rc < 0: + raise ValueError("Failed to add login mapping for %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add login mapping for %s" % name) def modify(self, name, sename = "", serange = ""): + if sename == "" and serange == "": + raise ValueError("Requires seuser or serange") + (rc,k) = semanage_seuser_key_create(self.sh, name) if rc < 0: raise ValueError("Could not create a key for %s" % name) - if sename == "" and serange == "": - raise ValueError("Requires, seuser or serange") - (rc,exists) = semanage_seuser_exists(self.sh, k) - if exists: - (rc,u) = semanage_seuser_query(self.sh, k) - if rc < 0: - raise ValueError("Could not query seuser for %s" % name) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) + if not exists: + raise ValueError("Login mapping for %s is not defined" % name) + + (rc,u) = semanage_seuser_query(self.sh, k) + if rc < 0: + raise ValueError("Could not query seuser for %s" % name) if serange != "": semanage_seuser_set_mlsrange(self.sh, u, serange) if sename != "": semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) - semanage_seuser_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user mapping") + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not srart semanage transaction") + + rc = semanage_seuser_modify(self.sh, k, u) + if rc < 0: + raise ValueError("Failed to modify login mapping for %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to modify login mapping for %s" % name) + def delete(self, name): (rc,k) = semanage_seuser_key_create(self.sh, name) if rc < 0: @@ -95,15 +120,26 @@ (rc,exists) = semanage_seuser_exists(self.sh, k) if not exists: - raise ValueError("SELinux user %s mapping is not defined." % name) - semanage_begin_transaction(self.sh) - semanage_seuser_del(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("SELinux User %s mapping not defined" % name) + raise ValueError("Login mapping for %s is not defined" % name) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_seuser_del(self.sh, k) + if rc < 0: + raise ValueError("Failed to delete login mapping for %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to delete login mapping for %s" % name) def get_all(self): dict={} - (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) + (rc, self.ulist, self.usize) = semanage_seuser_list(self.sh) + if rc < 0: + raise ValueError("Could not list login mappings") + for idx in range(self.usize): u = semanage_seuser_by_idx(self.ulist, idx) name = semanage_seuser_get_name(u) @@ -134,40 +170,59 @@ raise ValueError("Could not create a key for %s" % name) (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("SELinux user %s is already defined." % name) + if exists: + raise ValueError("SELinux user %s is already defined" % name) (rc,u) = semanage_user_create(self.sh) if rc < 0: - raise ValueError("Could not create login mapping for %s" % name) + raise ValueError("Could not create SELinux user for %s" % name) + + rc = semanage_user_set_name(self.sh, u, name) + if rc < 0: + raise ValueError("Could not set name for %s" % name) - semanage_user_set_name(self.sh, u, name) for r in roles: - semanage_user_add_role(self.sh, u, r) - semanage_user_set_mlsrange(self.sh, u, serange) - semanage_user_set_mlslevel(self.sh, u, selevel) + rc = semanage_user_add_role(self.sh, u, r) + if rc < 0: + raise ValueError("Could not add role %s for %s" % (r, name)) + + rc = semanage_user_set_mlsrange(self.sh, u, serange) + if rc < 0: + raise ValueError("Could not set MLS range for %s" % name) + + rc = semanage_user_set_mlslevel(self.sh, u, selevel) + if rc < 0: + raise ValueError("Could not set MLS level for %s" % name) + (rc,key) = semanage_user_key_extract(self.sh,u) if rc < 0: raise ValueError("Could not extract key for %s" % name) - semanage_begin_transaction(self.sh) - semanage_user_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user") + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_user_modify_local(self.sh, k, u) + if rc < 0: + raise ValueError("Failed to add SELinux user %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add SELinux user %s" % name) def modify(self, name, roles = [], selevel = "", serange = ""): if len(roles) == 0 and serange == "" and selevel == "": - raise ValueError("Requires, roles, level or range") + raise ValueError("Requires roles, level or range") (rc,k) = semanage_user_key_create(self.sh, name) if rc < 0: raise ValueError("Could not create a key for %s" % name) (rc,exists) = semanage_user_exists(self.sh, k) - if exists: - (rc,u) = semanage_user_query(self.sh, k) - else: - raise ValueError("SELinux user %s mapping is not defined locally." % name) + if not exists: + raise ValueError("SELinux user %s is not defined" % name) + + (rc,u) = semanage_user_query(self.sh, k) if rc < 0: raise ValueError("Could not query user for %s" % name) @@ -178,35 +233,57 @@ if len(roles) != 0: for r in roles: semanage_user_add_role(self.sh, u, r) - semanage_begin_transaction(self.sh) - semanage_user_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user") + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_user_modify_local(self.sh, k, u) + if rc < 0: + raise ValueError("Failed to modify SELinux user %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to modify SELinux user %s" % name) def delete(self, name): (rc,k) = semanage_user_key_create(self.sh, name) if rc < 0: - raise ValueError("Could not crpppeate a key for %s" % name) + raise ValueError("Could not create a key for %s" % name) + (rc,exists) = semanage_user_exists(self.sh, k) if not exists: - raise ValueError("user %s is not defined" % name) - else: - (rc,exists) = semanage_user_exists_local(self.sh, k) - if not exists: - raise ValueError("user %s is not defined locally, can not delete " % name) - - semanage_begin_transaction(self.sh) - semanage_user_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Login User %s not defined" % name) + raise ValueError("SELinux user %s is not defined" % name) + + (rc,exists) = semanage_user_exists_local(self.sh, k) + if not exists: + raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_user_del_local(self.sh, k) + if rc < 0: + raise ValueError("Failed to delete SELinux user %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to delete SELinux user %s" % name) def get_all(self): dict={} - (status, self.ulist, self.usize) = semanage_user_list(self.sh) + (rc, self.ulist, self.usize) = semanage_user_list(self.sh) + if rc < 0: + raise ValueError("Could not list SELinux users") + for idx in range(self.usize): u = semanage_user_by_idx(self.ulist, idx) name = semanage_user_get_name(u) - (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) + (rc, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) + if rc < 0: + raise ValueError("Could not list roles for user %s" % name) + roles = "" if rlist_size: @@ -278,62 +355,97 @@ if rc < 0: raise ValueError("Could not create context for %s/%s" % (proto, port)) - semanage_context_set_user(self.sh, con, "system_u") - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) - semanage_begin_transaction(self.sh) + rc = semanage_context_set_user(self.sh, con, "system_u") + if rc < 0: + raise ValueError("Could not set user in port context for %s/%s" % (proto, port)) + + rc = semanage_context_set_role(self.sh, con, "object_r") + if rc < 0: + raise ValueError("Could not set role in port context for %s/%s" % (proto, port)) + + rc = semanage_context_set_type(self.sh, con, type) + if rc < 0: + raise ValueError("Could not set type in port context for %s/%s" % (proto, port)) + + rc = semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError("Could not set mls fields in port context for %s/%s" % (proto, port)) + semanage_port_set_con(p, con) - semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_port_modify_local(self.sh, k, p) + if rc < 0: + raise ValueError("Failed to add port %s/%s" % (proto, port)) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add port %s/%s" % (proto, port)) def modify(self, port, proto, serange, setype): if serange == "" and setype == "": - raise ValueError("Requires, setype or serange") + raise ValueError("Requires setype or serange") ( k, proto_d, low, high ) = self.__genkey(port, proto) (rc,exists) = semanage_port_exists(self.sh, k) - if exists: - (rc,p) = semanage_port_query(self.sh, k) - else: - raise ValueError("port %s/%s is not defined." % (proto,port)) - + if not exists: + raise ValueError("Port %s/%s is not defined" % (proto,port)) + + (rc,p) = semanage_port_query(self.sh, k) if rc < 0: - raise ValueError("Could not query port for %s/%s" % (proto, port)) + raise ValueError("Could not query port %s/%s" % (proto, port)) con = semanage_port_get_con(p) - if rc < 0: - raise ValueError("Could not get port context for %s/%s" % (proto, port)) if serange != "": semanage_context_set_mls(self.sh, con, serange) if setype != "": semanage_context_set_type(self.sh, con, setype) - semanage_begin_transaction(self.sh) - semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_port_modify_local(self.sh, k, p) + if rc < 0: + raise ValueError("Failed to modify port %s/%s" % (proto, port)) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add port %s/%s" % (proto, port)) def delete(self, port, proto): ( k, proto_d, low, high ) = self.__genkey(port, proto) (rc,exists) = semanage_port_exists(self.sh, k) if not exists: - raise ValueError("port %s/%s is not defined." % (proto,port)) - else: - (rc,exists) = semanage_port_exists_local(self.sh, k) - if not exists: - raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) - - semanage_begin_transaction(self.sh) - semanage_port_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Port %s/%s not defined" % (proto,port)) + raise ValueError("Port %s/%s is not defined" % (proto, port)) + + (rc,exists) = semanage_port_exists_local(self.sh, k) + if not exists: + raise ValueError("Port %s/%s is defined in policy, cannot be deleted" % (proto, port)) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_port_del_local(self.sh, k) + if rc < 0: + raise ValueError("Could not delete port %s/%s" % (proto, port)) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Could not delete port %s/%s" % (proto, port)) def get_all(self): dict={} - (status, self.plist, self.psize) = semanage_port_list(self.sh) + (rc, self.plist, self.psize) = semanage_port_list(self.sh) + if rc < 0: + raise ValueError("Could not list ports") + for idx in range(self.psize): u = semanage_port_by_idx(self.plist, idx) con = semanage_port_get_con(u) @@ -375,83 +487,122 @@ (rc,k) = semanage_iface_key_create(self.sh, interface) if rc < 0: - raise ValueError("Can't create key for %s" % interface) + raise ValueError("Could not create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) if exists: raise ValueError("Interface %s already defined" % interface) (rc,iface) = semanage_iface_create(self.sh) if rc < 0: - raise ValueError("Could not create interface for %s" % (interface)) + raise ValueError("Could not create interface for %s" % interface) rc = semanage_iface_set_name(self.sh, iface, interface) (rc, con) = semanage_context_create(self.sh) if rc < 0: raise ValueError("Could not create context for %s" % interface) - semanage_context_set_user(self.sh, con, "system_u") - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) - semanage_begin_transaction(self.sh) + rc = semanage_context_set_user(self.sh, con, "system_u") + if rc < 0: + raise ValueError("Could not set user in interface context for %s" % interface) + + rc = semanage_context_set_role(self.sh, con, "object_r") + if rc < 0: + raise ValueError("Could not set role in interface context for %s" % interface) + + rc = semanage_context_set_type(self.sh, con, type) + if rc < 0: + raise ValueError("Could not set type in interface context for %s" % interface) + + rc = semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError("Could not set mls fields in interface context for %s" % interface) + + (rc, con2) = semanage_context_clone(self.sh, con) + if rc < 0: + raise ValueError("Could not clone interface context for %s" % interface) + semanage_iface_set_ifcon(iface, con) - semanage_iface_set_msgcon(iface, con) - semanage_iface_add_local(self.sh, k, iface) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add interface") + semanage_iface_set_msgcon(iface, con2) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_iface_modify_local(self.sh, k, iface) + if rc < 0: + raise ValueError("Failed to add interface %s" % interface) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add interface %s" % interface) def modify(self, interface, serange, setype): if serange == "" and setype == "": - raise ValueError("Requires, setype or serange") + raise ValueError("Requires setype or serange") (rc,k) = semanage_iface_key_create(self.sh, interface) if rc < 0: - raise ValueError("Can't creater key for %s" % interface) - (rc,exists) = semanage_iface_exists(self.sh, k) - if exists: - (rc,p) = semanage_iface_query(self.sh, k) - else: - raise ValueError("interface %s is not defined." % interface) + raise ValueError("Could not create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) + if not exists: + raise ValueError("Interface %s is not defined" % interface) + + (rc,p) = semanage_iface_query(self.sh, k) if rc < 0: - raise ValueError("Could not query interface for %s" % interface) + raise ValueError("Could not query interface %s" % interface) con = semanage_iface_get_ifcon(p) - if rc < 0: - raise ValueError("Could not get interface context for %s" % interface) if serange != "": semanage_context_set_mls(self.sh, con, serange) if setype != "": semanage_context_set_type(self.sh, con, setype) - semanage_begin_transaction(self.sh) - semanage_iface_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add interface") + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_iface_modify_local(self.sh, k, p) + if rc < 0: + raise ValueError("Failed to modify interface %s" % interface) + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add interface %s" % interface) + def delete(self, interface): (rc,k) = semanage_iface_key_create(self.sh, interface) if rc < 0: - raise ValueError("Can't create key for %s" % interface) + raise ValueError("Could not create key for %s" % interface) + (rc,exists) = semanage_iface_exists(self.sh, k) if not exists: - raise ValueError("interface %s is not defined." % interface) - else: - (rc,exists) = semanage_iface_exists_local(self.sh, k) - if not exists: - raise ValueError("interface %s is not defined localy, can not be deleted." % interface) - - semanage_begin_transaction(self.sh) - semanage_iface_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Interface %s not defined" % interface) + raise ValueError("Interface %s is not defined" % interface) + + (rc,exists) = semanage_iface_exists_local(self.sh, k) + if not exists: + raise ValueError("Interface %s is defined in policy, cannot be deleted" % interface) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_iface_del_local(self.sh, k) + if rc < 0: + raise ValueError("Failed to delete interface %s" % interface) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to delete interface %s" % interface) def get_all(self): dict={} - (status, self.plist, self.psize) = semanage_iface_list(self.sh) - if status < 0: - raise ValueError("Unable to list interfaces") + (rc, self.plist, self.psize) = semanage_iface_list(self.sh) + if rc < 0: + raise ValueError("Could not list interfaces") + for idx in range(self.psize): interface = semanage_iface_by_idx(self.plist, idx) con = semanage_iface_get_ifcon(interface) @@ -501,48 +652,69 @@ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) if rc < 0: - raise ValueError("Can't create key for %s" % target) + raise ValueError("Could not create key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) - print (rc, exists, target) if exists: - raise ValueError("fcontext %s already defined" % target) + raise ValueError("File context for %s already defined" % target) + (rc,fcontext) = semanage_fcontext_create(self.sh) if rc < 0: - raise ValueError("Could not create fcontext for %s" % target) + raise ValueError("Could not create file context for %s" % target) rc = semanage_fcontext_set_expr(self.sh, fcontext, target) (rc, con) = semanage_context_create(self.sh) if rc < 0: raise ValueError("Could not create context for %s" % target) - semanage_context_set_user(self.sh, con, seuser) - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) + rc = semanage_context_set_user(self.sh, con, seuser) + if rc < 0: + raise ValueError("Could not set user in file context for %s" % target) + + rc = semanage_context_set_role(self.sh, con, "object_r") + if rc < 0: + raise ValueError("Could not set role in file context for %s" % target) + + rc = semanage_context_set_type(self.sh, con, type) + if rc < 0: + raise ValueError("Could not set type in file context for %s" % target) + + rc = semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError("Could not set mls fields in file context for %s" % target) + semanage_fcontext_set_type(fcontext, self.file_types[ftype]) - semanage_begin_transaction(self.sh) semanage_fcontext_set_con(fcontext, con) - semanage_fcontext_add_local(self.sh, k, fcontext) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add fcontext") + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_fcontext_modify_local(self.sh, k, fcontext) + if rc < 0: + raise ValueError("Failed to add file context for %s" % target) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add file context for %s" % target) def modify(self, target, setype, ftype, serange, seuser): if serange == "" and setype == "" and seuser == "": - raise ValueError("Requires, setype, serange or seuser") + raise ValueError("Requires setype, serange or seuser") (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) if rc < 0: - raise ValueError("Can't creater key for %s" % target) + raise ValueError("Could not create a key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) - if exists: - (rc,p) = semanage_fcontext_query(self.sh, k) - else: - raise ValueError("fcontext %s is not defined." % target) + if not exists: + raise ValueError("File context for %s is not defined" % target) + + (rc,p) = semanage_fcontext_query(self.sh, k) if rc < 0: - raise ValueError("Could not query fcontext for %s" % target) + raise ValueError("Could not query file context for %s" % target) + con = semanage_fcontext_get_con(p) - if rc < 0: - raise ValueError("Could not get fcontext context for %s" % target) if serange != "": semanage_context_set_mls(self.sh, con, serange) @@ -551,33 +723,48 @@ if setype != "": semanage_context_set_type(self.sh, con, setype) - semanage_begin_transaction(self.sh) - semanage_fcontext_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add fcontext") + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_fcontext_modify_local(self.sh, k, p) + if rc < 0: + raise ValueError("Failed to modify file context for %s" % target) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to add file context for %s" % target) - def delete(self, target): + def delete(self, target, ftype): (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) if rc < 0: - raise ValueError("Can't create key for %s" % target) + raise ValueError("Could not create a key for %s" % target) + (rc,exists) = semanage_fcontext_exists(self.sh, k) if not exists: - raise ValueError("fcontext %s is not defined." % target) - else: - (rc,exists) = semanage_fcontext_exists_local(self.sh, k) - if not exists: - raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) - - semanage_begin_transaction(self.sh) - semanage_fcontext_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("fcontext %s not defined" % target) + raise ValueError("File context for %s is not defined" % target) + + (rc,exists) = semanage_fcontext_exists_local(self.sh, k) + if not exists: + raise ValueError("File context for %s is defined in policy, cannot be deleted" % target) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_fcontext_del_local(self.sh, k) + if rc < 0: + raise ValueError("Failed to delete file context for %s" % target) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to delete file context for %s" % target) def get_all(self): dict={} - (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) - if status < 0: - raise ValueError("Unable to list fcontexts") + (rc, self.plist, self.psize) = semanage_fcontext_list(self.sh) + if rc < 0: + raise ValueError("Could not list file contexts") for idx in range(self.psize): fcontext = semanage_fcontext_by_idx(self.plist, idx) @@ -606,117 +793,82 @@ def __init__(self): semanageRecords.__init__(self) - def add(self, target, type, ftype="", serange="s0", seuser="system_u"): - if seuser == "": - seuser="system_u" - - if serange == "": - serange="s0" - - if type == "": - raise ValueError("SELinux Type is required") + def modify(self, name, value = ""): + if value == "": + raise ValueError("Requires value") - (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) - if rc < 0: - raise ValueError("Can't create key for %s" % target) - (rc,exists) = semanage_fcontext_exists(self.sh, k) - print (rc, exists, target) - if exists: - raise ValueError("fcontext %s already defined" % target) - (rc,fcontext) = semanage_fcontext_create(self.sh) + (rc,k) = semanage_bool_key_create(self.sh, name) if rc < 0: - raise ValueError("Could not create fcontext for %s" % target) - - rc = semanage_fcontext_set_expr(self.sh, fcontext, target) - (rc, con) = semanage_context_create(self.sh) - if rc < 0: - raise ValueError("Could not create context for %s" % target) - - semanage_context_set_user(self.sh, con, seuser) - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) - semanage_fcontext_set_type(fcontext, self.file_types[ftype]) - semanage_begin_transaction(self.sh) - semanage_fcontext_set_con(fcontext, con) - semanage_fcontext_add_local(self.sh, k, fcontext) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add fcontext") + raise ValueError("Could not create a key for %s" % name) - def modify(self, target, setype, ftype, serange, seuser): - if serange == "" and setype == "" and seuser == "": - raise ValueError("Requires, setype, serange or seuser") + (rc,exists) = semanage_bool_exists(self.sh, k) + if not exists: + raise ValueError("Boolean %s is not defined" % name) - (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + (rc,b) = semanage_bool_query(self.sh, k) if rc < 0: - raise ValueError("Can't creater key for %s" % target) - (rc,exists) = semanage_fcontext_exists(self.sh, k) - if exists: - (rc,p) = semanage_fcontext_query(self.sh, k) - else: - raise ValueError("fcontext %s is not defined." % target) + raise ValueError("Could not query file context %s" % name) + + if value != "": + nvalue = string.atoi(value) + semanage_bool_set_value(b, nvalue) + + rc = semanage_begin_transaction(self.sh) if rc < 0: - raise ValueError("Could not query fcontext for %s" % target) - con = semanage_fcontext_get_con(p) + raise ValueError("Could not start semanage transaction") + + rc = semanage_bool_modify_local(self.sh, k, b) if rc < 0: - raise ValueError("Could not get fcontext context for %s" % target) - - if serange != "": - semanage_context_set_mls(self.sh, con, serange) - if seuser != "": - semanage_context_set_user(self.sh, con, seuser) - if setype != "": - semanage_context_set_type(self.sh, con, setype) + raise ValueError("Failed to modify boolean %s" % name) - semanage_begin_transaction(self.sh) - semanage_fcontext_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add fcontext") + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to modify boolean %s" % name) - def delete(self, target): - (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + def delete(self, name): + (rc,k) = semanage_bool_key_create(self.sh, name) if rc < 0: - raise ValueError("Can't create key for %s" % target) - (rc,exists) = semanage_fcontext_exists(self.sh, k) + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_bool_exists(self.sh, k) if not exists: - raise ValueError("fcontext %s is not defined." % target) - else: - (rc,exists) = semanage_fcontext_exists_local(self.sh, k) - if not exists: - raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) - - semanage_begin_transaction(self.sh) - semanage_fcontext_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("fcontext %s not defined" % target) + raise ValueError("Boolean %s is not defined" % name) + + (rc,exists) = semanage_bool_exists_local(self.sh, k) + if not exists: + raise ValueError("Boolean %s is defined in policy, cannot be deleted" % name) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError("Could not start semanage transaction") + + rc = semanage_fcontext_del_local(self.sh, k) + if rc < 0: + raise ValueError("Failed to delete boolean %s" % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError("Failed to delete boolean %s" % name) def get_all(self): dict={} - (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) - if status < 0: - raise ValueError("Unable to list fcontexts") + (rc, self.blist, self.bsize) = semanage_bool_list(self.sh) + if rc < 0: + raise ValueError("Could not list booleans") - for idx in range(self.psize): - fcontext = semanage_fcontext_by_idx(self.plist, idx) - expr=semanage_fcontext_get_expr(fcontext) - ftype=semanage_fcontext_get_type_str(fcontext) - con = semanage_fcontext_get_con(fcontext) - if con: - dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) - else: - dict[expr, ftype]=con + for idx in range(self.bsize): + boolean = semanage_bool_by_idx(self.blist, idx) + name = semanage_bool_get_name(boolean) + value = semanage_bool_get_value(boolean) + dict[name] = value return dict def list(self, heading=1): if heading: - print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") + print "%-50s %-18s\n" % ("SELinux boolean", "value") dict=self.get_all() keys=dict.keys() for k in keys: if dict[k]: - print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) - else: - print "%-50s %-18s <>" % (k[0], k[1]) - - + print "%-50s %-18s " % (k[0], dict[k][0]) Binary files nsapolicycoreutils/semanage/seobject.pyc and policycoreutils-1.29.7/semanage/seobject.pyc differ