diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-05 10:35:49.000000000 -0500
+++ policycoreutils-1.29.5/scripts/genhomedircon 2006-01-10 12:11:48.000000000 -0500
@@ -144,7 +144,7 @@
for i in fd.read().split('\n'):
if i.find("HOME_ROOT") == 0:
i=i.replace("HOME_ROOT", homedir)
- ret = i+"\n"
+ ret += i+"\n"
fd.close()
if ret=="":
errorExit("No Home Root Context Found")
@@ -240,7 +240,7 @@
i=i.replace("HOME_DIR", home)
i=i.replace("ROLE", role)
i=i.replace("system_u", user)
- ret = ret+i+"\n"
+ ret += i+"\n"
fd.close()
return ret
@@ -252,7 +252,7 @@
i=i.replace("USER", user)
i=i.replace("ROLE", role)
i=i.replace("system_u", sel_user)
- ret=ret+i+"\n"
+ ret = i+"\n"
fd.close()
return ret
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile
--- nsapolicycoreutils/semanage/Makefile 2005-11-29 10:55:01.000000000 -0500
+++ policycoreutils-1.29.5/semanage/Makefile 2006-01-06 14:34:47.000000000 -0500
@@ -2,6 +2,8 @@
PREFIX ?= ${DESTDIR}/usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
+PYLIBVER ?= python2.4
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
TARGETS=semanage
@@ -12,6 +14,8 @@
-mkdir -p $(SBINDIR)
install -m 755 semanage $(SBINDIR)
install -m 644 semanage.8 $(MANDIR)/man8
+ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
clean:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500
+++ policycoreutils-1.29.5/semanage/semanage 2006-01-06 14:41:04.000000000 -0500
@@ -20,345 +20,9 @@
# 02111-1307 USA
#
#
-import commands, sys, os, pwd, string, getopt, pwd
-from semanage import *;
-class loginRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-
- def add(self, name, sename, serange):
- if serange == "":
- serange = "s0"
- if sename == "":
- sename = "user_u"
-
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if exists:
- raise ValueError("SELinux User %s mapping already defined" % name)
- try:
- pwd.getpwnam(name)
- except:
- raise ValueError("Linux User %s does not exist" % name)
-
- (rc,u) = semanage_seuser_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create seuser for %s" % name)
-
- semanage_seuser_set_name(self.sh, u, name)
- semanage_seuser_set_mlsrange(self.sh, u, serange)
- semanage_seuser_set_sename(self.sh, u, sename)
- semanage_begin_transaction(self.sh)
- semanage_seuser_add(self.sh, k, u)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to add SELinux user mapping")
-
- def modify(self, name, sename = "", serange = ""):
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- if sename == "" and serange == "":
- raise ValueError("Requires, seuser or serange")
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if exists:
- (rc,u) = semanage_seuser_query(self.sh, k)
- if rc < 0:
- raise ValueError("Could not query seuser for %s" % name)
- else:
- raise ValueError("SELinux user %s mapping is not defined." % name)
-
- if serange != "":
- semanage_seuser_set_mlsrange(self.sh, u, serange)
- if sename != "":
- semanage_seuser_set_sename(self.sh, u, sename)
- semanage_begin_transaction(self.sh)
- semanage_seuser_modify(self.sh, k, u)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to modify SELinux user mapping")
-
-
- def delete(self, name):
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if not exists:
- raise ValueError("SELinux user %s mapping is not defined." % name)
- semanage_begin_transaction(self.sh)
- semanage_seuser_del(self.sh, k)
- if semanage_commit(self.sh) < 0:
- raise ValueError("SELinux User %s mapping not defined" % name)
-
- def list(self,heading=1):
- if heading:
- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
- (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
- for idx in range(self.usize):
- u = semanage_seuser_by_idx(self.ulist, idx)
- name = semanage_seuser_get_name(u)
- print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
-
-class seluserRecords:
- def __init__(self):
- roles = []
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-
- def add(self, name, roles, selevel, serange):
- if serange == "":
- serange = "s0"
- if selevel == "":
- selevel = "s0"
-
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
- if not exists:
- (rc,exists) = semanage_user_exists(self.sh, k)
- if not exists:
- raise ValueError("SELinux user %s is already defined." % name)
-
- (rc,u) = semanage_user_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create login mapping for %s" % name)
-
- semanage_user_set_name(self.sh, u, name)
- for r in roles:
- semanage_user_add_role(self.sh, u, r)
- semanage_user_set_mlsrange(self.sh, u, serange)
- semanage_user_set_mlslevel(self.sh, u, selevel)
- (rc,key) = semanage_user_key_extract(self.sh,u)
- if rc < 0:
- raise ValueError("Could not extract key for %s" % name)
-
- semanage_begin_transaction(self.sh)
- semanage_user_add_local(self.sh, k, u)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to add SELinux user")
-
- def modify(self, name, roles = [], selevel = "", serange = ""):
- if len(roles) == 0 and serange == "" and selevel == "":
- raise ValueError("Requires, roles, level or range")
-
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
- if exists:
- (rc,u) = semanage_user_query_local(self.sh, k)
- else:
- (rc,exists) = semanage_user_exists(self.sh, k)
- if exists:
- (rc,u) = semanage_user_query(self.sh, k)
- else:
- raise ValueError("SELinux user %s mapping is not defined." % name)
- if rc < 0:
- raise ValueError("Could not query user for %s" % name)
-
- if serange != "":
- semanage_user_set_mlsrange(self.sh, u, serange)
- if selevel != "":
- semanage_user_set_mlslevel(self.sh, u, selevel)
- if len(roles) < 0:
- for r in roles:
- semanage_user_add_role(self.sh, u, r)
- semanage_begin_transaction(self.sh)
- semanage_user_modify_local(self.sh, k, u)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to modify SELinux user")
-
- def delete(self, name):
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not crpppeate a key for %s" % name)
-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
- if not exists:
- raise ValueError("user %s is not defined" % name)
- semanage_begin_transaction(self.sh)
- semanage_user_del_local(self.sh, k)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Login User %s not defined" % name)
-
- def list(self, heading=1):
- if heading:
- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
- (status, self.ulist, self.usize) = semanage_user_list(self.sh)
- for idx in range(self.usize):
- u = semanage_user_by_idx(self.ulist, idx)
- name = semanage_user_get_name(u)
- (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
- roles = ""
-
- if rlist_size:
- roles += char_by_idx(rlist, 0)
- for ridx in range (1,rlist_size):
- roles += " " + char_by_idx(rlist, ridx)
- print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
-
-class portRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-
- def __genkey(self, port, proto):
- if proto == "tcp":
- proto_d=SEMANAGE_PROTO_TCP
- else:
- if proto == "udp":
- proto_d=SEMANAGE_PROTO_UDP
- else:
- raise ValueError("Protocol udp or tcp is required")
- if port == "":
- raise ValueError("Port is required")
-
- ports=port.split("-")
- if len(ports) == 1:
- low=string.atoi(ports[0])
- high=string.atoi(ports[0])
- else:
- low=string.atoi(ports[0])
- high=string.atoi(ports[1])
-
- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
- if rc < 0:
- raise ValueError("Could not create a key for %s/%s" % (proto, port))
- return ( k, proto_d, low, high )
-
- def add(self, port, proto, serange, type):
- if serange == "":
- serange="s0"
-
- if type == "":
- raise ValueError("Type is required")
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
- (rc,exists) = semanage_port_exists(self.sh, k)
- if exists:
- raise ValueError("Port %s/%s already defined" % (proto, port))
-
- (rc,exists) = semanage_port_exists_local(self.sh, k)
- if exists:
- raise ValueError("Port %s/%s already defined locally" % (proto, port))
-
- (rc,p) = semanage_port_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create port for %s/%s" % (proto, port))
-
- semanage_port_set_proto(p, proto_d)
- semanage_port_set_range(p, low, high)
- (rc, con) = semanage_context_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create context for %s/%s" % (proto, port))
-
- semanage_context_set_user(self.sh, con, "system_u")
- semanage_context_set_role(self.sh, con, "object_r")
- semanage_context_set_type(self.sh, con, type)
- semanage_context_set_mls(self.sh, con, serange)
- semanage_port_set_con(p, con)
- semanage_begin_transaction(self.sh)
- semanage_port_add_local(self.sh, k, p)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to add port")
-
- def modify(self, port, proto, serange, setype):
- if serange == "" and setype == "":
- raise ValueError("Requires, setype or serange")
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
- (rc,exists) = semanage_port_exists_local(self.sh, k)
- if exists:
- (rc,p) = semanage_port_query_local(self.sh, k)
- (rc,exists) = semanage_port_exists(self.sh, k)
- if exists:
- (rc,p) = semanage_port_query(self.sh, k)
- else:
- raise ValueError("port %s/%s is not defined." % (proto,port))
+import sys, getopt
+import seobject
- if rc < 0:
- raise ValueError("Could not query port for %s/%s" % (proto, port))
-
- con = semanage_port_get_con(p)
- semanage_context_set_mls(self.sh, con, serange)
- if serange != "":
- semanage_context_set_mls(self.sh, con, serange)
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
- semanage_port_set_con(p, con)
- semanage_begin_transaction(self.sh)
- semanage_port_modify_local(self.sh, k, p)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to add port")
-
- def delete(self, port, proto):
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists_local(self.sh, k)
- if not exists:
- raise ValueError("port %s/%s is not defined localy." % (proto,port))
-
- semanage_begin_transaction(self.sh)
- semanage_port_del_local(self.sh, k)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Port %s/%s not defined" % (proto,port))
-
- def list(self, heading=1):
- (status, self.plist, self.psize) = semanage_port_list(self.sh)
- if heading:
- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
- dict={}
- for idx in range(self.psize):
- u = semanage_port_by_idx(self.plist, idx)
- con = semanage_port_get_con(u)
- name = semanage_context_get_type(con)
- proto=semanage_port_get_proto_str(u)
- low=semanage_port_get_low(u)
- high = semanage_port_get_high(u)
- if (name, proto) not in dict.keys():
- dict[(name,proto)]=[]
- if low == high:
- dict[(name,proto)].append("%d" % low)
- else:
- dict[(name,proto)].append("%d-%d" % (low, high))
- (status, self.plist, self.psize) = semanage_port_list_local(self.sh)
- for idx in range(self.psize):
- u = semanage_port_by_idx(self.plist, idx)
- con = semanage_port_get_con(u)
- name = semanage_context_get_type(con)
- proto=semanage_port_get_proto_str(u)
- low=semanage_port_get_low(u)
- high = semanage_port_get_high(u)
- if (name, proto) not in dict.keys():
- dict[(name,proto)]=[]
- if low == high:
- dict[(name,proto)].append("%d" % low)
- else:
- dict[(name,proto)].append("%d-%d" % (low, high))
- for i in dict.keys():
- rec = "%-30s %-8s " % i
- rec += "%s" % dict[i][0]
- for p in dict[i][1:]:
- rec += ", %s" % p
- print rec
-
if __name__ == '__main__':
def usage(message = ""):
@@ -366,8 +30,11 @@
semanage user [-admsRrh] SELINUX_USER\n\
semanage login [-admsrh] LOGIN_NAME\n\
semanage port [-admth] PORT | PORTRANGE\n\
+semanage interface [-admth] INTERFACE\n\
+semanage fcontext [-admhfst] INTERFACE\n\
-a, --add Add a OBJECT record NAME\n\
-d, --delete Delete a OBJECT record NAME\n\
+ -f, --ftype File Type of OBJECT \n\
-h, --help display this message\n\
-l, --list List the OBJECTS\n\
-n, --noheading Do not print heading when listing OBJECTS\n\
@@ -391,7 +58,7 @@
#
#
try:
- objectlist = ("login", "user", "port")
+ objectlist = ("login", "user", "port", "interface", "fcontext")
input = sys.stdin
output = sys.stdout
serange = ""
@@ -399,6 +66,7 @@
proto = ""
selevel = ""
setype = ""
+ ftype = ""
roles = ""
seuser = ""
heading=1
@@ -416,9 +84,10 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adlhmnp:P:s:R:r:t:v',
+ 'adf:lhmnp:P:s:R:r:t:v',
['add',
'delete',
+ 'ftype=',
'help',
'list',
'modify',
@@ -441,6 +110,8 @@
if modify or add:
usage()
delete = 1
+ if o == "-f" or o == "--ftype":
+ ftype=a
if o == "-h" or o == "--help":
usage()
@@ -474,13 +145,19 @@
verbose = 1
if object == "login":
- OBJECT = loginRecords()
+ OBJECT = seobject.loginRecords()
if object == "user":
- OBJECT = seluserRecords()
+ OBJECT = seobject.seluserRecords()
if object == "port":
- OBJECT = portRecords()
+ OBJECT = seobject.portRecords()
+
+ if object == "interface":
+ OBJECT = seobject.interfaceRecords()
+
+ if object == "fcontext":
+ OBJECT = seobject.fcontextRecords()
if list:
OBJECT.list(heading)
@@ -504,6 +181,11 @@
if object == "port":
OBJECT.add(target, proto, serange, setype)
+ if object == "interface":
+ OBJECT.add(target, serange, setype)
+
+ if object == "fcontext":
+ OBJECT.add(target, setype, ftype, serange, seuser)
sys.exit(0);
if modify:
@@ -516,7 +198,13 @@
if object == "port":
OBJECT.modify(target, proto, serange, setype)
- sys.exit(0);
+
+ if object == "interface":
+ OBJECT.modify(target, serange, setype)
+
+ if object == "fcontext":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+
sys.exit(0);
if delete:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.5/semanage/seobject.py 2006-01-06 14:30:39.000000000 -0500
@@ -0,0 +1,722 @@
+#! /usr/bin/env python
+# Copyright (C) 2005 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# semanage is a tool for managing SELinux configuration files
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+
+import pwd, string
+from semanage import *;
+class semanageRecords:
+ def __init__(self):
+ self.sh = semanage_handle_create()
+ self.semanaged = semanage_is_managed(self.sh)
+ if self.semanaged:
+ semanage_connect(self.sh)
+
+class loginRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+
+ def add(self, name, sename, serange):
+ if serange == "":
+ serange = "s0"
+ if sename == "":
+ sename = "user_u"
+
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s" % name)
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if exists:
+ raise ValueError("SELinux User %s mapping already defined" % name)
+ try:
+ pwd.getpwnam(name)
+ except:
+ raise ValueError("Linux User %s does not exist" % name)
+
+ (rc,u) = semanage_seuser_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create seuser for %s" % name)
+
+ semanage_seuser_set_name(self.sh, u, name)
+ semanage_seuser_set_mlsrange(self.sh, u, serange)
+ semanage_seuser_set_sename(self.sh, u, sename)
+ semanage_begin_transaction(self.sh)
+ semanage_seuser_add(self.sh, k, u)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add SELinux user mapping")
+
+ def modify(self, name, sename = "", serange = ""):
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s" % name)
+
+ if sename == "" and serange == "":
+ raise ValueError("Requires, seuser or serange")
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if exists:
+ (rc,u) = semanage_seuser_query(self.sh, k)
+ if rc < 0:
+ raise ValueError("Could not query seuser for %s" % name)
+ else:
+ raise ValueError("SELinux user %s mapping is not defined." % name)
+
+ if serange != "":
+ semanage_seuser_set_mlsrange(self.sh, u, serange)
+ if sename != "":
+ semanage_seuser_set_sename(self.sh, u, sename)
+ semanage_begin_transaction(self.sh)
+ semanage_seuser_modify_local(self.sh, k, u)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to modify SELinux user mapping")
+ def delete(self, name):
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s" % name)
+
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if not exists:
+ raise ValueError("SELinux user %s mapping is not defined." % name)
+ semanage_begin_transaction(self.sh)
+ semanage_seuser_del(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("SELinux User %s mapping not defined" % name)
+
+ def get_all(self):
+ dict={}
+ (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+ for idx in range(self.usize):
+ u = semanage_seuser_by_idx(self.ulist, idx)
+ name = semanage_seuser_get_name(u)
+ dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+ return dict
+
+ def list(self,heading=1):
+ if heading:
+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
+ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
+
+class seluserRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+
+ def add(self, name, roles, selevel, serange):
+ if serange == "":
+ serange = "s0"
+ if selevel == "":
+ selevel = "s0"
+
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s" % name)
+
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if not exists:
+ raise ValueError("SELinux user %s is already defined." % name)
+
+ (rc,u) = semanage_user_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create login mapping for %s" % name)
+
+ semanage_user_set_name(self.sh, u, name)
+ for r in roles:
+ semanage_user_add_role(self.sh, u, r)
+ semanage_user_set_mlsrange(self.sh, u, serange)
+ semanage_user_set_mlslevel(self.sh, u, selevel)
+ (rc,key) = semanage_user_key_extract(self.sh,u)
+ if rc < 0:
+ raise ValueError("Could not extract key for %s" % name)
+
+ semanage_begin_transaction(self.sh)
+ semanage_user_add_local(self.sh, k, u)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add SELinux user")
+
+ def modify(self, name, roles = [], selevel = "", serange = ""):
+ if len(roles) == 0 and serange == "" and selevel == "":
+ raise ValueError("Requires, roles, level or range")
+
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s" % name)
+
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if exists:
+ (rc,u) = semanage_user_query(self.sh, k)
+ else:
+ raise ValueError("SELinux user %s mapping is not defined locally." % name)
+ if rc < 0:
+ raise ValueError("Could not query user for %s" % name)
+
+ if serange != "":
+ semanage_user_set_mlsrange(self.sh, u, serange)
+ if selevel != "":
+ semanage_user_set_mlslevel(self.sh, u, selevel)
+ if len(roles) != 0:
+ for r in roles:
+ semanage_user_add_role(self.sh, u, r)
+ semanage_begin_transaction(self.sh)
+ semanage_user_modify_local(self.sh, k, u)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to modify SELinux user")
+
+ def delete(self, name):
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError("Could not crpppeate a key for %s" % name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if not exists:
+ raise ValueError("user %s is not defined" % name)
+ else:
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
+ if not exists:
+ raise ValueError("user %s is not defined locally, can not delete " % name)
+
+ semanage_begin_transaction(self.sh)
+ semanage_user_del_local(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Login User %s not defined" % name)
+
+ def get_all(self):
+ dict={}
+ (status, self.ulist, self.usize) = semanage_user_list(self.sh)
+ for idx in range(self.usize):
+ u = semanage_user_by_idx(self.ulist, idx)
+ name = semanage_user_get_name(u)
+ (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+ roles = ""
+
+ if rlist_size:
+ roles += char_by_idx(rlist, 0)
+ for ridx in range (1,rlist_size):
+ roles += " " + char_by_idx(rlist, ridx)
+ dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+
+ return dict
+
+ def list(self, heading=1):
+ if heading:
+ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
+ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
+
+class portRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+
+ def __genkey(self, port, proto):
+ if proto == "tcp":
+ proto_d=SEMANAGE_PROTO_TCP
+ else:
+ if proto == "udp":
+ proto_d=SEMANAGE_PROTO_UDP
+ else:
+ raise ValueError("Protocol udp or tcp is required")
+ if port == "":
+ raise ValueError("Port is required")
+
+ ports=port.split("-")
+ if len(ports) == 1:
+ low=string.atoi(ports[0])
+ high=string.atoi(ports[0])
+ else:
+ low=string.atoi(ports[0])
+ high=string.atoi(ports[1])
+
+ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
+ if rc < 0:
+ raise ValueError("Could not create a key for %s/%s" % (proto, port))
+ return ( k, proto_d, low, high )
+
+ def add(self, port, proto, serange, type):
+ if serange == "":
+ serange="s0"
+
+ if type == "":
+ raise ValueError("Type is required")
+
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if exists:
+ raise ValueError("Port %s/%s already defined" % (proto, port))
+
+ (rc,p) = semanage_port_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create port for %s/%s" % (proto, port))
+
+ semanage_port_set_proto(p, proto_d)
+ semanage_port_set_range(p, low, high)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create context for %s/%s" % (proto, port))
+
+ semanage_context_set_user(self.sh, con, "system_u")
+ semanage_context_set_role(self.sh, con, "object_r")
+ semanage_context_set_type(self.sh, con, type)
+ semanage_context_set_mls(self.sh, con, serange)
+ semanage_begin_transaction(self.sh)
+ semanage_port_set_con(p, con)
+ semanage_port_add_local(self.sh, k, p)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add port")
+
+ def modify(self, port, proto, serange, setype):
+ if serange == "" and setype == "":
+ raise ValueError("Requires, setype or serange")
+
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if exists:
+ (rc,p) = semanage_port_query(self.sh, k)
+ else:
+ raise ValueError("port %s/%s is not defined." % (proto,port))
+
+ if rc < 0:
+ raise ValueError("Could not query port for %s/%s" % (proto, port))
+
+ con = semanage_port_get_con(p)
+ if rc < 0:
+ raise ValueError("Could not get port context for %s/%s" % (proto, port))
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, serange)
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+ semanage_begin_transaction(self.sh)
+ semanage_port_modify_local(self.sh, k, p)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add port")
+
+ def delete(self, port, proto):
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if not exists:
+ raise ValueError("port %s/%s is not defined." % (proto,port))
+ else:
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
+ if not exists:
+ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
+
+ semanage_begin_transaction(self.sh)
+ semanage_port_del_local(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Port %s/%s not defined" % (proto,port))
+
+ def get_all(self):
+ dict={}
+ (status, self.plist, self.psize) = semanage_port_list(self.sh)
+ for idx in range(self.psize):
+ u = semanage_port_by_idx(self.plist, idx)
+ con = semanage_port_get_con(u)
+ name = semanage_context_get_type(con)
+ proto=semanage_port_get_proto_str(u)
+ low=semanage_port_get_low(u)
+ high = semanage_port_get_high(u)
+ if (name, proto) not in dict.keys():
+ dict[(name,proto)]=[]
+ if low == high:
+ dict[(name,proto)].append("%d" % low)
+ else:
+ dict[(name,proto)].append("%d-%d" % (low, high))
+ return dict
+
+ def list(self, heading=1):
+ if heading:
+ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
+ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for i in keys:
+ rec = "%-30s %-8s " % i
+ rec += "%s" % dict[i][0]
+ for p in dict[i][1:]:
+ rec += ", %s" % p
+ print rec
+
+class interfaceRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+
+ def add(self, interface, serange, type):
+ if serange == "":
+ serange="s0"
+
+ if type == "":
+ raise ValueError("SELinux Type is required")
+
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % interface)
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if exists:
+ raise ValueError("Interface %s already defined" % interface)
+
+ (rc,iface) = semanage_iface_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create interface for %s" % (interface))
+
+ rc = semanage_iface_set_name(self.sh, iface, interface)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create context for %s" % interface)
+
+ semanage_context_set_user(self.sh, con, "system_u")
+ semanage_context_set_role(self.sh, con, "object_r")
+ semanage_context_set_type(self.sh, con, type)
+ semanage_context_set_mls(self.sh, con, serange)
+ semanage_begin_transaction(self.sh)
+ semanage_iface_set_ifcon(iface, con)
+ semanage_iface_set_msgcon(iface, con)
+ semanage_iface_add_local(self.sh, k, iface)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add interface")
+
+ def modify(self, interface, serange, setype):
+ if serange == "" and setype == "":
+ raise ValueError("Requires, setype or serange")
+
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError("Can't creater key for %s" % interface)
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if exists:
+ (rc,p) = semanage_iface_query(self.sh, k)
+ else:
+ raise ValueError("interface %s is not defined." % interface)
+
+ if rc < 0:
+ raise ValueError("Could not query interface for %s" % interface)
+
+ con = semanage_iface_get_ifcon(p)
+ if rc < 0:
+ raise ValueError("Could not get interface context for %s" % interface)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, serange)
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ semanage_begin_transaction(self.sh)
+ semanage_iface_modify_local(self.sh, k, p)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add interface")
+
+ def delete(self, interface):
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % interface)
+ (rc,exists) = semanage_iface_exists(self.sh, k)
+ if not exists:
+ raise ValueError("interface %s is not defined." % interface)
+ else:
+ (rc,exists) = semanage_iface_exists_local(self.sh, k)
+ if not exists:
+ raise ValueError("interface %s is not defined localy, can not be deleted." % interface)
+
+ semanage_begin_transaction(self.sh)
+ semanage_iface_del_local(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Interface %s not defined" % interface)
+
+ def get_all(self):
+ dict={}
+ (status, self.plist, self.psize) = semanage_iface_list(self.sh)
+ if status < 0:
+ raise ValueError("Unable to list interfaces")
+ for idx in range(self.psize):
+ interface = semanage_iface_by_idx(self.plist, idx)
+ con = semanage_iface_get_ifcon(interface)
+ dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+
+ return dict
+
+ def list(self, heading=1):
+ if heading:
+ print "%-30s %s\n" % ("SELinux Interface", "Context")
+ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+
+class fcontextRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+ self.file_types={}
+ self.file_types[""] = SEMANAGE_FCONTEXT_ALL;
+ self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
+ self.file_types["--"] = SEMANAGE_FCONTEXT_REG;
+ self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
+ self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
+ self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
+ self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
+ self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
+ self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
+ self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
+ self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
+ self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
+ self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
+ self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
+ self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
+
+
+ def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
+ if seuser == "":
+ seuser="system_u"
+
+ if serange == "":
+ serange="s0"
+
+ if type == "":
+ raise ValueError("SELinux Type is required")
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ print (rc, exists, target)
+ if exists:
+ raise ValueError("fcontext %s already defined" % target)
+ (rc,fcontext) = semanage_fcontext_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create fcontext for %s" % target)
+
+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create context for %s" % target)
+
+ semanage_context_set_user(self.sh, con, seuser)
+ semanage_context_set_role(self.sh, con, "object_r")
+ semanage_context_set_type(self.sh, con, type)
+ semanage_context_set_mls(self.sh, con, serange)
+ semanage_fcontext_set_type(fcontext, self.file_types[ftype])
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_set_con(fcontext, con)
+ semanage_fcontext_add_local(self.sh, k, fcontext)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add fcontext")
+
+ def modify(self, target, setype, ftype, serange, seuser):
+ if serange == "" and setype == "" and seuser == "":
+ raise ValueError("Requires, setype, serange or seuser")
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't creater key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if exists:
+ (rc,p) = semanage_fcontext_query(self.sh, k)
+ else:
+ raise ValueError("fcontext %s is not defined." % target)
+ if rc < 0:
+ raise ValueError("Could not query fcontext for %s" % target)
+ con = semanage_fcontext_get_con(p)
+ if rc < 0:
+ raise ValueError("Could not get fcontext context for %s" % target)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, serange)
+ if seuser != "":
+ semanage_context_set_user(self.sh, con, seuser)
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_modify_local(self.sh, k, p)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add fcontext")
+
+ def delete(self, target):
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if not exists:
+ raise ValueError("fcontext %s is not defined." % target)
+ else:
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ if not exists:
+ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
+
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_del_local(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("fcontext %s not defined" % target)
+
+ def get_all(self):
+ dict={}
+ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
+ if status < 0:
+ raise ValueError("Unable to list fcontexts")
+
+ for idx in range(self.psize):
+ fcontext = semanage_fcontext_by_idx(self.plist, idx)
+ expr=semanage_fcontext_get_expr(fcontext)
+ ftype=semanage_fcontext_get_type_str(fcontext)
+ con = semanage_fcontext_get_con(fcontext)
+ if con:
+ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+ else:
+ dict[expr, ftype]=con
+
+ return dict
+
+ def list(self, heading=1):
+ if heading:
+ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
+ dict=self.get_all()
+ keys=dict.keys()
+ for k in keys:
+ if dict[k]:
+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+ else:
+ print "%-50s %-18s <<None>>" % (k[0], k[1])
+
+class booleanRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
+
+ def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
+ if seuser == "":
+ seuser="system_u"
+
+ if serange == "":
+ serange="s0"
+
+ if type == "":
+ raise ValueError("SELinux Type is required")
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ print (rc, exists, target)
+ if exists:
+ raise ValueError("fcontext %s already defined" % target)
+ (rc,fcontext) = semanage_fcontext_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create fcontext for %s" % target)
+
+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError("Could not create context for %s" % target)
+
+ semanage_context_set_user(self.sh, con, seuser)
+ semanage_context_set_role(self.sh, con, "object_r")
+ semanage_context_set_type(self.sh, con, type)
+ semanage_context_set_mls(self.sh, con, serange)
+ semanage_fcontext_set_type(fcontext, self.file_types[ftype])
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_set_con(fcontext, con)
+ semanage_fcontext_add_local(self.sh, k, fcontext)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add fcontext")
+
+ def modify(self, target, setype, ftype, serange, seuser):
+ if serange == "" and setype == "" and seuser == "":
+ raise ValueError("Requires, setype, serange or seuser")
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't creater key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if exists:
+ (rc,p) = semanage_fcontext_query(self.sh, k)
+ else:
+ raise ValueError("fcontext %s is not defined." % target)
+ if rc < 0:
+ raise ValueError("Could not query fcontext for %s" % target)
+ con = semanage_fcontext_get_con(p)
+ if rc < 0:
+ raise ValueError("Could not get fcontext context for %s" % target)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con, serange)
+ if seuser != "":
+ semanage_context_set_user(self.sh, con, seuser)
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_modify_local(self.sh, k, p)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Failed to add fcontext")
+
+ def delete(self, target):
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
+ if rc < 0:
+ raise ValueError("Can't create key for %s" % target)
+ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if not exists:
+ raise ValueError("fcontext %s is not defined." % target)
+ else:
+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ if not exists:
+ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
+
+ semanage_begin_transaction(self.sh)
+ semanage_fcontext_del_local(self.sh, k)
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("fcontext %s not defined" % target)
+
+ def get_all(self):
+ dict={}
+ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
+ if status < 0:
+ raise ValueError("Unable to list fcontexts")
+
+ for idx in range(self.psize):
+ fcontext = semanage_fcontext_by_idx(self.plist, idx)
+ expr=semanage_fcontext_get_expr(fcontext)
+ ftype=semanage_fcontext_get_type_str(fcontext)
+ con = semanage_fcontext_get_con(fcontext)
+ if con:
+ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
+ else:
+ dict[expr, ftype]=con
+
+ return dict
+
+ def list(self, heading=1):
+ if heading:
+ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
+ dict=self.get_all()
+ keys=dict.keys()
+ for k in keys:
+ if dict[k]:
+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+ else:
+ print "%-50s %-18s <<None>>" % (k[0], k[1])
+
+