507 lines
14 KiB
Python
Executable File
507 lines
14 KiB
Python
Executable File
#!/usr/bin/python
|
|
|
|
# Author: Joshua Brindle <jbrindle@tresys.com>
|
|
#
|
|
# Copyright (C) 2003 - 2005 Tresys Technology, LLC
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 2.
|
|
|
|
"""
|
|
This module generates configuration files and documentation from the
|
|
SELinux reference policy XML format.
|
|
"""
|
|
|
|
import sys
|
|
import getopt
|
|
import pyplate
|
|
import os
|
|
import string
|
|
from xml.dom.minidom import parse, parseString
|
|
|
|
#modules enabled and disabled values
|
|
MOD_ENABLED = "on"
|
|
MOD_DISABLED = "off"
|
|
|
|
#tunables enabled and disabled values
|
|
TUN_ENABLED = "true"
|
|
TUN_DISABLED = "false"
|
|
|
|
|
|
def read_policy_xml(filename):
|
|
"""
|
|
Takes in XML from a file and returns a parsed file.
|
|
"""
|
|
|
|
try:
|
|
xml_fh = open(filename)
|
|
except:
|
|
error("error opening " + filename)
|
|
|
|
try:
|
|
doc = parseString(xml_fh.read())
|
|
except:
|
|
xml_fh.close()
|
|
error("Error while parsing xml")
|
|
|
|
xml_fh.close()
|
|
return doc
|
|
|
|
def gen_tunable_conf(doc, file, namevalue_list):
|
|
"""
|
|
Generates the tunable configuration file using the XML provided and the
|
|
previous tunable configuration.
|
|
"""
|
|
|
|
for node in doc.getElementsByTagName("tunable"):
|
|
s = string.split(format_txt_desc(node), "\n")
|
|
for line in s:
|
|
file.write("# %s\n" % line)
|
|
tun_name = tun_val = None
|
|
for (name, value) in node.attributes.items():
|
|
if name == "name":
|
|
tun_name = value
|
|
elif name == "dftval":
|
|
tun_val = value
|
|
|
|
if [tun_name,TUN_ENABLED] in namevalue_list:
|
|
tun_val = TUN_ENABLED
|
|
elif [tun_name,TUN_DISABLED] in namevalue_list:
|
|
tun_val = TUN_DISABLED
|
|
|
|
if tun_name and tun_val:
|
|
file.write("%s = %s\n\n" % (tun_name, tun_val))
|
|
tun_name = tun_val = None
|
|
|
|
def gen_module_conf(doc, file, namevalue_list):
|
|
"""
|
|
Generates the module configuration file using the XML provided and the
|
|
previous module configuration.
|
|
"""
|
|
# If file exists, preserve settings and modify if needed.
|
|
# Otherwise, create it.
|
|
|
|
file.write("#\n# This file contains a listing of available modules.\n")
|
|
file.write("# To prevent a module from being used in policy\n")
|
|
file.write("# creation, set the module name to %s.\n#\n" % MOD_DISABLED)
|
|
for node in doc.getElementsByTagName("module"):
|
|
mod_name = mod_layer = None
|
|
|
|
mod_name = node.attributes.items()[0][1]
|
|
mod_layer = node.parentNode.attributes.items()[0][1]
|
|
|
|
if mod_name and mod_layer:
|
|
file.write("# Layer: %s\n# Module: %s\n#\n" % (mod_layer,mod_name))
|
|
for desc in node.getElementsByTagName("summary"):
|
|
if not desc.parentNode == node:
|
|
continue
|
|
s = string.split(format_txt_desc(desc), "\n")
|
|
for line in s:
|
|
file.write("# %s\n" % line)
|
|
|
|
if [mod_name, MOD_DISABLED] in namevalue_list:
|
|
file.write("%s = %s\n\n" % (mod_name, MOD_DISABLED))
|
|
else:
|
|
file.write("%s = %s\n\n" % (mod_name, MOD_ENABLED))
|
|
|
|
def get_conf(conf):
|
|
"""
|
|
Returns a list of [name, value] pairs from a config file with the format
|
|
name = value
|
|
"""
|
|
|
|
conf_lines = conf.readlines()
|
|
|
|
namevalue_list = []
|
|
for i in range(0,len(conf_lines)):
|
|
line = conf_lines[i]
|
|
if line.strip() != '' and line.strip()[0] != "#":
|
|
namevalue = line.strip().split("=")
|
|
if len(namevalue) != 2:
|
|
warning("line %d: \"%s\" is not a valid line, skipping"\
|
|
% (i, line.strip()))
|
|
continue
|
|
|
|
namevalue[0] = namevalue[0].strip()
|
|
if len(namevalue[0].split()) > 1:
|
|
warning("line %d: \"%s\" is not a valid line, skipping"\
|
|
% (i, line.strip()))
|
|
continue
|
|
|
|
namevalue[1] = namevalue[1].strip()
|
|
if len(namevalue[1].split()) > 1:
|
|
warning("line %d: \"%s\" is not a valid line, skipping"\
|
|
% (i, line.strip()))
|
|
continue
|
|
|
|
namevalue_list.append(namevalue)
|
|
|
|
return namevalue_list
|
|
|
|
def first_cmp(a, b):
|
|
"""
|
|
Compares the two first elements of a list instead of the entire list.
|
|
"""
|
|
|
|
return cmp(a[0], b[0])
|
|
|
|
def int_cmp(a, b):
|
|
"""
|
|
Compares two interfaces.
|
|
"""
|
|
|
|
return cmp(a["interface_name"], b["interface_name"])
|
|
|
|
def gen_doc_menu(mod_layer, module_list):
|
|
"""
|
|
Generates the HTML document menu.
|
|
"""
|
|
|
|
menu = []
|
|
for layer, value in module_list.iteritems():
|
|
cur_menu = (layer, [])
|
|
menu.append(cur_menu)
|
|
if layer != mod_layer and mod_layer != None:
|
|
continue
|
|
#we are in our layer so fill in the other modules or we want them all
|
|
for mod, desc in value.iteritems():
|
|
cur_menu[1].append((mod, desc))
|
|
|
|
menu.sort(first_cmp)
|
|
for x in menu:
|
|
x[1].sort(first_cmp)
|
|
return menu
|
|
|
|
def format_html_desc(node):
|
|
"""
|
|
Formats a XML node into a HTML format.
|
|
"""
|
|
|
|
desc_buf = ''
|
|
for desc in node.childNodes:
|
|
if desc.nodeName == "#text":
|
|
if desc.data is not '':
|
|
desc_buf += "<p>" + desc.data + "</p>"
|
|
elif desc.nodeName == "p":
|
|
if desc.firstChild.data is not '':
|
|
desc_buf += "<p>" + desc.firstChild.data + "</p>"
|
|
for chld in desc.childNodes:
|
|
if chld.nodeName == "ul":
|
|
desc_buf += "<ul>"
|
|
for li in chld.getElementsByTagName("li"):
|
|
desc_buf += "<li>" + li.firstChild.data + "</li>"
|
|
desc_buf += "</ul>"
|
|
|
|
return desc_buf
|
|
|
|
def format_txt_desc(node):
|
|
"""
|
|
Formats a XML node into a plain text format.
|
|
"""
|
|
|
|
desc_buf = ''
|
|
for desc in node.childNodes:
|
|
if desc.nodeName == "#text":
|
|
desc_buf += desc.data + "\n"
|
|
elif desc.nodeName == "p":
|
|
desc_buf += desc.firstChild.data + "\n"
|
|
for chld in desc.childNodes:
|
|
if chld.nodeName == "ul":
|
|
desc_buf += "\n"
|
|
for li in chld.getElementsByTagName("li"):
|
|
desc_buf += "\t -" + li.firstChild.data + "\n"
|
|
|
|
return desc_buf
|
|
|
|
def gen_docs(doc, dir, templatedir):
|
|
"""
|
|
Generates all the documentation.
|
|
"""
|
|
|
|
try:
|
|
#get the template data ahead of time so we don't reopen them over and over
|
|
bodyfile = open(templatedir + "/header.html", "r")
|
|
bodydata = bodyfile.read()
|
|
bodyfile.close()
|
|
intfile = open(templatedir + "/interface.html", "r")
|
|
intdata = intfile.read()
|
|
intfile.close()
|
|
menufile = open(templatedir + "/menu.html", "r")
|
|
menudata = menufile.read()
|
|
menufile.close()
|
|
indexfile = open(templatedir + "/module_list.html","r")
|
|
indexdata = indexfile.read()
|
|
indexfile.close()
|
|
modulefile = open(templatedir + "/module.html","r")
|
|
moduledata = modulefile.read()
|
|
modulefile.close()
|
|
intlistfile = open(templatedir + "/int_list.html", "r")
|
|
intlistdata = intlistfile.read()
|
|
intlistfile.close()
|
|
except:
|
|
error("Could not open templates")
|
|
|
|
|
|
try:
|
|
os.chdir(dir)
|
|
except:
|
|
error("Could not chdir to target directory")
|
|
|
|
|
|
#arg, i have to go through this dom tree ahead of time to build up the menus
|
|
module_list = {}
|
|
for node in doc.getElementsByTagName("module"):
|
|
mod_name = mod_layer = interface_buf = ''
|
|
|
|
mod_name = node.attributes.items()[0][1]
|
|
mod_layer = node.parentNode.attributes.items()[0][1]
|
|
|
|
for desc in node.getElementsByTagName("summary"):
|
|
if desc.parentNode == node and desc:
|
|
mod_summary = format_html_desc(desc)
|
|
if not module_list.has_key(mod_layer):
|
|
module_list[mod_layer] = {}
|
|
|
|
module_list[mod_layer][mod_name] = mod_summary
|
|
|
|
#generate index pages
|
|
main_content_buf = ''
|
|
for mod_layer,modules in module_list.iteritems():
|
|
menu = gen_doc_menu(mod_layer, module_list)
|
|
|
|
menu_args = { "menulist" : menu,
|
|
"mod_layer" : mod_layer }
|
|
menu_tpl = pyplate.Template(menudata)
|
|
menu_buf = menu_tpl.execute_string(menu_args)
|
|
|
|
content_tpl = pyplate.Template(indexdata)
|
|
content_buf = content_tpl.execute_string(menu_args)
|
|
|
|
main_content_buf += content_buf
|
|
|
|
body_args = { "menu" : menu_buf,
|
|
"content" : content_buf }
|
|
|
|
index_file = mod_layer + ".html"
|
|
index_fh = open(index_file, "w")
|
|
body_tpl = pyplate.Template(bodydata)
|
|
body_tpl.execute(index_fh, body_args)
|
|
index_fh.close()
|
|
|
|
menu = gen_doc_menu(None, module_list)
|
|
menu_args = { "menulist" : menu,
|
|
"mod_layer" : None }
|
|
menu_tpl = pyplate.Template(menudata)
|
|
menu_buf = menu_tpl.execute_string(menu_args)
|
|
|
|
body_args = { "menu" : menu_buf,
|
|
"content" : main_content_buf }
|
|
|
|
index_file = "index.html"
|
|
index_fh = open(index_file, "w")
|
|
body_tpl = pyplate.Template(bodydata)
|
|
body_tpl.execute(index_fh, body_args)
|
|
index_fh.close()
|
|
#now generate the individual module pages
|
|
|
|
all_interfaces = []
|
|
for node in doc.getElementsByTagName("module"):
|
|
mod_name = mod_layer = mod_desc = interface_buf = ''
|
|
|
|
mod_name = node.attributes.items()[0][1]
|
|
mod_layer = node.parentNode.attributes.items()[0][1]
|
|
|
|
for desc in node.getElementsByTagName("summary"):
|
|
if desc.parentNode == node:
|
|
mod_summary = format_html_desc(desc)
|
|
for desc in node.getElementsByTagName("desc"):
|
|
if desc.parentNode == node:
|
|
mod_desc = format_html_desc(desc)
|
|
|
|
interfaces = []
|
|
for interface in node.getElementsByTagName("interface"):
|
|
interface_parameters = []
|
|
interface_desc = interface_secdesc = interface_summary = None
|
|
for i,v in interface.attributes.items():
|
|
interface_name = v
|
|
for desc in interface.getElementsByTagName("desc"):
|
|
interface_desc = format_html_desc(desc)
|
|
for desc in interface.getElementsByTagName("secdesc"):
|
|
if desc:
|
|
interface_secdesc = format_html_desc(desc)
|
|
for desc in interface.getElementsByTagName("summary"):
|
|
interface_summary = format_html_desc(desc)
|
|
|
|
for args in interface.getElementsByTagName("param"):
|
|
paramdesc = args.firstChild.data
|
|
paramname = None
|
|
paramopt = "No"
|
|
for name,val in args.attributes.items():
|
|
if name == "name":
|
|
paramname = val
|
|
if name == "optional":
|
|
if val == "true":
|
|
paramopt = "yes"
|
|
parameter = { "name" : paramname,
|
|
"desc" : paramdesc,
|
|
"optional" : paramopt }
|
|
interface_parameters.append(parameter)
|
|
interfaces.append( { "interface_name" : interface_name,
|
|
"interface_summary" : interface_summary,
|
|
"interface_desc" : interface_desc,
|
|
"interface_parameters" : interface_parameters,
|
|
"interface_secdesc" : interface_secdesc })
|
|
#all_interfaces is for the main interface index with all interfaces
|
|
all_interfaces.append( { "interface_name" : interface_name,
|
|
"interface_summary" : interface_summary,
|
|
"interface_desc" : interface_desc,
|
|
"interface_parameters" : interface_parameters,
|
|
"interface_secdesc" : interface_secdesc,
|
|
"mod_name": mod_name,
|
|
"mod_layer" : mod_layer })
|
|
interfaces.sort(int_cmp)
|
|
interface_tpl = pyplate.Template(intdata)
|
|
interface_buf = interface_tpl.execute_string({"interfaces" : interfaces})
|
|
|
|
menu = gen_doc_menu(mod_layer, module_list)
|
|
|
|
menu_tpl = pyplate.Template(menudata)
|
|
menu_buf = menu_tpl.execute_string({ "menulist" : menu })
|
|
|
|
module_args = { "mod_layer" : mod_layer,
|
|
"mod_name" : mod_name,
|
|
"mod_summary" : mod_summary,
|
|
"mod_desc" : mod_desc,
|
|
"interfaces" : interface_buf }
|
|
|
|
module_tpl = pyplate.Template(moduledata)
|
|
module_buf = module_tpl.execute_string(module_args)
|
|
|
|
body_args = { "menu" : menu_buf,
|
|
"content" : module_buf }
|
|
|
|
module_file = mod_layer + "_" + mod_name + ".html"
|
|
module_fh = open(module_file, "w")
|
|
body_tpl = pyplate.Template(bodydata)
|
|
body_tpl.execute(module_fh, body_args)
|
|
module_fh.close()
|
|
|
|
#and last build the interface index
|
|
|
|
menu = gen_doc_menu(None, module_list)
|
|
menu_args = { "menulist" : menu,
|
|
"mod_layer" : None }
|
|
menu_tpl = pyplate.Template(menudata)
|
|
menu_buf = menu_tpl.execute_string(menu_args)
|
|
|
|
all_interfaces.sort(int_cmp)
|
|
interface_tpl = pyplate.Template(intlistdata)
|
|
interface_buf = interface_tpl.execute_string({"interfaces" : all_interfaces})
|
|
int_file = "interfaces.html"
|
|
int_fh = open(int_file, "w")
|
|
body_tpl = pyplate.Template(bodydata)
|
|
|
|
body_args = { "menu" : menu_buf,
|
|
"content" : interface_buf }
|
|
|
|
body_tpl.execute(int_fh, body_args)
|
|
int_fh.close()
|
|
|
|
def error(error):
|
|
"""
|
|
Print an error message and exit.
|
|
"""
|
|
|
|
sys.stderr.write("%s exiting for: " % sys.argv[0])
|
|
sys.stderr.write("%s\n" % error)
|
|
sys.stderr.flush()
|
|
sys.exit(1)
|
|
|
|
def warning(warn):
|
|
"""
|
|
Print a warning message.
|
|
"""
|
|
|
|
sys.stderr.write("%s warning: " % sys.argv[0])
|
|
sys.stderr.write("%s\n" % warn)
|
|
|
|
def usage():
|
|
"""
|
|
Describes the proper usage of this tool.
|
|
"""
|
|
|
|
sys.stdout.write("%s [-tmdT] -x <xmlfile>\n\n" % sys.argv[0])
|
|
sys.stdout.write("Options:\n")
|
|
sys.stdout.write("-t --tunables <file> -- write tunable config to <file>\n")
|
|
sys.stdout.write("-m --modules <file> -- write module config to <file>\n")
|
|
sys.stdout.write("-d --docs <dir> -- write interface documentation to <dir>\n")
|
|
sys.stdout.write("-x --xml <file> -- filename to read xml data from\n")
|
|
sys.stdout.write("-T --templates <dir> -- template directory for documents\n")
|
|
|
|
|
|
# MAIN PROGRAM
|
|
try:
|
|
opts, args = getopt.getopt(sys.argv[1:], "t:m:d:x:T:", ["tunables","modules","docs","xml", "templates"])
|
|
except getopt.GetoptError:
|
|
usage()
|
|
sys.exit(1)
|
|
|
|
tunables = modules = docsdir = None
|
|
templatedir = "templates/"
|
|
xmlfile = "policy.xml"
|
|
|
|
for opt, val in opts:
|
|
if opt in ("-t", "--tunables"):
|
|
tunables = val
|
|
if opt in ("-m", "--modules"):
|
|
modules = val
|
|
if opt in ("-d", "--docs"):
|
|
docsdir = val
|
|
if opt in ("-x", "--xml"):
|
|
xmlfile = val
|
|
if opt in ("-T", "--templates"):
|
|
templatedir = val
|
|
|
|
doc = read_policy_xml(xmlfile)
|
|
|
|
if tunables:
|
|
namevalue_list = []
|
|
if os.path.exists(tunables):
|
|
try:
|
|
conf = open(tunables, 'r')
|
|
except:
|
|
error("Could not open tunables file for reading")
|
|
|
|
namevalue_list = get_conf(conf)
|
|
|
|
conf.close()
|
|
|
|
try:
|
|
conf = open(tunables, 'w')
|
|
except:
|
|
error("Could not open tunables file for writing")
|
|
|
|
gen_tunable_conf(doc, conf, namevalue_list)
|
|
conf.close()
|
|
|
|
|
|
if modules:
|
|
namevalue_list = []
|
|
if os.path.exists(modules):
|
|
try:
|
|
conf = open(modules, 'r')
|
|
except:
|
|
error("Could not open modules file for reading")
|
|
namevalue_list = get_conf(conf)
|
|
conf.close()
|
|
|
|
try:
|
|
conf = open(modules, 'w')
|
|
except:
|
|
error("Could not open modules file for writing")
|
|
gen_module_conf(doc, conf, namevalue_list)
|
|
conf.close()
|
|
|
|
if docsdir:
|
|
gen_docs(doc, docsdir, templatedir)
|