diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 801bc5a..08b053d 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,44 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.49/gui/Makefile
---- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/Makefile 2008-06-23 07:03:37.000000000 -0400
-@@ -0,0 +1,34 @@
-+# Installation directories.
-+PREFIX ?= ${DESTDIR}/usr
-+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
-+
-+TARGETS= \
-+booleansPage.py \
-+fcontextPage.py \
-+loginsPage.py \
-+mappingsPage.py \
-+modulesPage.py \
-+polgen.py \
-+polgen.glade \
-+portsPage.py \
-+semanagePage.py \
-+statusPage.py \
-+system-config-selinux.glade \
-+translationsPage.py \
-+usersPage.py \
-+selinux.tbl
-+
-+all: $(TARGETS) system-config-selinux.py polgengui.py templates
-+
-+install: all
-+ -mkdir -p $(SHAREDIR)/templates
-+ install -m 755 system-config-selinux.py $(SHAREDIR)
-+ install -m 755 polgengui.py $(SHAREDIR)
-+ install -m 644 $(TARGETS) $(SHAREDIR)
-+ install -m 644 templates/*.py $(SHAREDIR)/templates/
-+
-+clean:
-+
-+indent:
-+
-+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.49/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.50/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/booleansPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/booleansPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,230 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -270,9 +232,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.49/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.50/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/fcontextPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/fcontextPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -491,9 +453,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.49/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.50/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/lockdown.glade 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/lockdown.glade 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,2065 @@
+
+
@@ -2560,9 +2522,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade.bak policycoreutils-2.0.49/gui/lockdown.glade.bak
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade.bak policycoreutils-2.0.50/gui/lockdown.glade.bak
--- nsapolicycoreutils/gui/lockdown.glade.bak 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/lockdown.glade.bak 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/lockdown.glade.bak 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,2065 @@
+
+
@@ -4629,9 +4591,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade.bak p
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.49/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.50/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/lockdown.gladep 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/lockdown.gladep 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,7 @@
+
+
@@ -4640,9 +4602,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep.bak policycoreutils-2.0.49/gui/lockdown.gladep.bak
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep.bak policycoreutils-2.0.50/gui/lockdown.gladep.bak
--- nsapolicycoreutils/gui/lockdown.gladep.bak 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/lockdown.gladep.bak 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/lockdown.gladep.bak 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,7 @@
+
+
@@ -4651,9 +4613,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep.bak
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.49/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.50/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/lockdown.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/lockdown.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,331 @@
+#!/usr/bin/python
+#
@@ -4986,9 +4948,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+
+ app = booleanWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.49/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.50/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/loginsPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/loginsPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5175,9 +5137,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.49/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.50/gui/Makefile
+--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.50/gui/Makefile 2008-07-01 21:56:24.000000000 -0400
+@@ -0,0 +1,37 @@
++# Installation directories.
++PREFIX ?= ${DESTDIR}/usr
++SHAREDIR ?= $(PREFIX)/share/system-config-selinux
++
++TARGETS= \
++booleansPage.py \
++fcontextPage.py \
++loginsPage.py \
++mappingsPage.py \
++modulesPage.py \
++polgen.py \
++polgen.glade \
++portsPage.py \
++lockdown.py \
++lockdown.glade \
++semanagePage.py \
++statusPage.py \
++system-config-selinux.glade \
++translationsPage.py \
++usersPage.py \
++selinux.tbl
++
++all: $(TARGETS) system-config-selinux.py polgengui.py templates
++
++install: all
++ -mkdir -p $(SHAREDIR)/templates
++ install -m 755 system-config-selinux.py $(SHAREDIR)
++ install -m 755 polgengui.py $(SHAREDIR)
++ install -m 755 lockdown.py $(SHAREDIR)
++ install -m 644 $(TARGETS) $(SHAREDIR)
++ install -m 644 templates/*.py $(SHAREDIR)/templates/
++
++clean:
++
++indent:
++
++relabel:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.50/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/mappingsPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/mappingsPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5235,9 +5238,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.49/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.50/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/modulesPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/modulesPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,195 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5434,9 +5437,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.49/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.50/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/polgen.glade 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/polgen.glade 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,3284 @@
+
+
@@ -8722,52 +8725,44 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.49/gui/polgen.py
---- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/polgen.py 2008-06-24 06:09:56.000000000 -0400
-@@ -0,0 +1,923 @@
-+#!/usr/bin/python
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.50/gui/polgengui.py
+--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.50/gui/polgengui.py 2008-07-01 14:59:58.000000000 -0400
+@@ -0,0 +1,623 @@
++#!/usr/bin/python -E
+#
-+# Copyright (C) 2007, 2008 Red Hat
-+# see file 'COPYING' for use and warranty information
++# polgengui.py - GUI for SELinux Config tool in system-config-selinux
+#
-+# policygentool is a tool for the initial generation of SELinux policy
++# Dan Walsh
+#
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License as
-+# published by the Free Software Foundation; either version 2 of
-+# the License, or (at your option) any later version.
++# Copyright 2007, 2008 Red Hat, Inc.
+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-+# 02111-1307 USA
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
+#
-+#
-+import os, sys, stat
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++#
++import signal
++import string
++import gtk
++import gtk.glade
++import os
++import gobject
++import gnome
++import sys
++import polgen
+import re
+import commands
+
-+from templates import executable
-+from templates import boolean
-+from templates import etc_rw
-+from templates import var_spool
-+from templates import var_lib
-+from templates import var_log
-+from templates import var_run
-+from templates import tmp
-+from templates import rw
-+from templates import network
-+from templates import script
-+from templates import user
-+import seobject
-+import sepolgen.interfaces as interfaces
-+import sepolgen.defaults as defaults
+
+##
+## I18N
@@ -8786,1499 +8781,1509 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
-+methods = []
-+fn = defaults.interface_info()
-+try:
-+ fd = open(fn)
-+ # List of per_role_template interfaces
-+ ifs = interfaces.InterfaceSet()
-+ ifs.from_file(fd)
-+ methods = ifs.interfaces.keys()
-+ fd.close()
-+except:
-+ sys.stderr.write("could not open interface info [%s]\n" % fn)
-+ sys.exit(1)
++gnome.program_init("SELinux Policy Generation Tool", "5")
+
-+def get_all_roles():
-+ roles = []
-+ roles = commands.getoutput("/usr/bin/seinfo -r 2> /dev/tty").split()[2:]
-+ roles.remove("object_r")
-+ roles.sort()
-+ return roles
++version = "1.0"
+
-+def get_all_types():
-+ all_types = []
-+ try:
-+ rc, output=commands.getstatusoutput("/usr/bin/seinfo --type 2> /dev/tty")
-+ if rc == 0:
-+ l = output.split()
-+ for i in l:
-+ all_types.append(i.split("_t")[0])
-+ except:
-+ pass
++sys.path.append('/usr/share/system-config-selinux')
++sys.path.append('.')
+
-+ return all_types
++# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
++def foreach(model, path, iter, selected):
++ selected.append(model.get_value(iter, 0))
+
-+def get_all_modules():
-+ try:
-+ all_modules = []
-+ rc, output=commands.getstatusoutput("semodule -l 2> /dev/tty")
-+ if rc == 0:
-+ l = output.split("\n")
-+ for i in l:
-+ all_modules.append(i.split()[0])
-+ except:
-+ pass
++##
++## Pull in the Glade file
++##
++if os.access("polgen.glade", os.F_OK):
++ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME)
++else:
++ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
+
-+ return all_modules
++FILE = 1
++DIR = 2
+
-+def get_all_users():
-+ users = seobject.seluserRecords().get_all().keys()
-+ users.remove("system_u")
-+ users.remove("root")
-+ users.sort()
-+ return users
++class childWindow:
++ START_PAGE = 0
++ SELECT_TYPE_PAGE = 1
++ APP_PAGE = 2
++ EXISTING_USER_PAGE = 3
++ TRANSITION_PAGE = 4
++ USER_TRANSITION_PAGE = 5
++ ADMIN_PAGE = 6
++ ROLE_PAGE = 7
++ IN_NET_PAGE = 8
++ OUT_NET_PAGE = 9
++ COMMON_APPS_PAGE = 10
++ FILES_PAGE = 11
++ BOOLEAN_PAGE = 12
++ SELECT_DIR_PAGE = 13
++ GEN_POLICY_PAGE = 14
++ GEN_USER_POLICY_PAGE = 15
++
++ def __init__(self):
++ self.xml = xml
++ self.all_types=polgen.get_all_types()
++ self.all_modules=polgen.get_all_modules()
++ self.name=""
++ xml.signal_connect("on_delete_clicked", self.delete)
++ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
++ xml.signal_connect("on_exec_select_clicked", self.exec_select)
++ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
++ xml.signal_connect("on_add_clicked", self.add)
++ xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
++ xml.signal_connect("on_add_dir_clicked", self.add_dir)
++ xml.signal_connect("on_about_clicked", self.on_about_clicked)
++ xml.get_widget ("cancel_button").connect("clicked",self.quit)
++ self.forward_button = xml.get_widget ("forward_button")
++ self.forward_button.connect("clicked",self.forward)
++ self.back_button = xml.get_widget ("back_button")
++ self.back_button.connect("clicked",self.back)
+
-+ALL = 0
-+RESERVED = 1
-+UNRESERVED = 2
-+PORTS = 3
-+ADMIN_TRANSITION_INTERFACE = "_admin$"
-+USER_TRANSITION_INTERFACE = "_per_role_template$"
++ self.boolean_dialog = xml.get_widget ("boolean_dialog")
++ self.boolean_name_entry = xml.get_widget ("boolean_name_entry")
++ self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
+
-+DAEMON = 0
-+INETD = 1
-+USER = 2
-+CGI = 3
-+XUSER = 4
-+TUSER = 5
-+LUSER = 6
-+AUSER = 7
-+EUSER = 8
-+RUSER = 9
++ self.notebook = xml.get_widget ("notebook1")
++ self.pages={}
++ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ]
++ for i in polgen.USERS:
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
-+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
-+USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
++ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
-+def verify_ports(ports):
-+ if ports == "":
-+ return []
-+ max_port=2**16
-+ try:
-+ temp = []
-+ for a in ports.split(","):
-+ r = a.split("-")
-+ if len(r) > 2:
-+ raise ValueError
-+ if len(r) == 1:
-+ begin = int (r[0])
-+ end = int (r[0])
-+ else:
-+ begin = int (r[0])
-+ end = int (r[1])
-+
-+ if begin > end:
-+ raise ValueError
-+
-+ for p in range(begin, end + 1):
-+ if p < 1 or p > max_port:
-+ raise ValueError
-+ temp.append(p)
-+ return temp
-+ except ValueError:
-+ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
++ for i in polgen.APPLICATIONS:
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
++ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
++
++ self.current_page = 0
++ self.back_button.set_sensitive(0)
+
-+class policy:
++ self.network_buttons = {}
+
-+ def __init__(self, name, type):
-+ ports = seobject.portRecords()
-+ self.ports = ports.get_all()
-+
-+ self.DEFAULT_DIRS = {}
-+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
-+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
-+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
-+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
-+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
-+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
-+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
++ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
++ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
++ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
++ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
++ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
+
-+ self.DEFAULT_TYPES = (\
-+( self.generate_daemon_types, self.generate_daemon_rules), \
-+( self.generate_inetd_types, self.generate_inetd_rules), \
-+( self.generate_userapp_types, self.generate_userapp_rules), \
-+( self.generate_cgi_types, self.generate_cgi_rules), \
-+( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
-+( self.generate_min_login_user_types, self.generate_login_user_rules), \
-+( self.generate_login_user_types, self.generate_login_user_rules), \
-+( self.generate_admin_user_types, self.generate_login_user_rules), \
-+( self.generate_existing_user_types, self.generate_existing_user_rules), \
-+( self.generate_root_user_types, self.generate_root_user_rules))
-+ if name == "":
-+ raise ValueError(_("You must enter a name for your confined process/user"))
-+ if type == CGI:
-+ self.name = "httpd_%s_script" % name
-+ else:
-+ self.name = name
-+ self.file_name = name
+
-+ self.type = type
-+ self.initscript = ""
-+ self.program = ""
-+ self.in_tcp = [False, False, False, []]
-+ self.in_udp = [False, False, False, []]
-+ self.out_tcp = [False, False, False, []]
-+ self.out_udp = [False, False, False, []]
-+ self.use_tmp = False
-+ self.use_uid = False
-+ self.use_syslog = False
-+ self.use_pam = False
-+ self.use_dbus = False
-+ self.use_audit = False
-+ self.use_terminal = False
-+ self.use_mail = False
-+ self.booleans = {}
-+ self.files = {}
-+ self.dirs = {}
-+ self.found_tcp_ports=[]
-+ self.found_udp_ports=[]
-+ self.need_tcp_type=False
-+ self.need_udp_type=False
-+ self.admin_domains = []
-+ self.transition_domains = []
-+ self.roles = []
-+ self.all_roles = get_all_roles()
++ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
++ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
++ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
++ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
+
-+ def __isnetset(self, l):
-+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
++ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
+
-+ def set_admin_domains(self, admin_domains):
-+ self.admin_domains = admin_domains
++ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
++ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
++ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
++ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
+
-+ def set_admin_roles(self, roles):
-+ self.roles = roles
++ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
+
-+ def set_transition_domains(self, transition_domains):
-+ self.transition_domains = transition_domains
++ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
++ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
++ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
+
-+ def set_transition_users(self, transition_users):
-+ self.transition_users = transition_users
++ for b in self.network_buttons.keys():
++ b.connect("clicked",self.network_all_clicked)
+
-+ def use_in_udp(self):
-+ return self.__isnetset(self.in_udp)
-+
-+ def use_out_udp(self):
-+ return self.__isnetset(self.out_udp)
-+
-+ def use_udp(self):
-+ return self.use_in_udp() or self.use_out_udp()
++ self.boolean_treeview = self.xml.get_widget("boolean_treeview")
++ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING)
++ self.boolean_treeview.set_model(self.boolean_store)
++ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0)
++ self.boolean_treeview.append_column(col)
++ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1)
++ self.boolean_treeview.append_column(col)
+
-+ def use_in_tcp(self):
-+ return self.__isnetset(self.in_tcp)
-+
-+ def use_out_tcp(self):
-+ return self.__isnetset(self.out_tcp)
-+
-+ def use_tcp(self):
-+ return self.use_in_tcp() or self.use_out_tcp()
++ self.role_treeview = self.xml.get_widget("role_treeview")
++ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.role_treeview.set_model(self.role_store)
++ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
++ self.role_treeview.append_column(col)
+
-+ def use_network(self):
-+ return self.use_tcp() or self.use_udp()
-+
-+ def find_port(self, port):
-+ for begin,end in self.ports.keys():
-+ if port >= begin and port <= end:
-+ return self.ports[begin,end]
-+ return None
++ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
++ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.existing_user_treeview.set_model(self.existing_user_store)
++ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
++ self.existing_user_treeview.append_column(col)
+
-+ def set_program(self, program):
-+ if self.type not in APPLICATIONS:
-+ raise ValueError(_("USER Types are not allowed executables"))
++ roles = polgen.get_all_roles()
++ for i in roles:
++ iter = self.role_store.append()
++ self.role_store.set_value(iter, 0, i[:-2])
+
-+ self.program = program
++ self.types = polgen.get_all_types()
+
-+ def set_init_script(self, initscript):
-+ if self.type != DAEMON:
-+ raise ValueError(_("Only DAEMON apps can use an init script"))
++ self.transition_treeview = self.xml.get_widget("transition_treeview")
++ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.transition_treeview.set_model(self.transition_store)
++ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.transition_treeview.append_column(col)
+
-+ self.initscript = initscript
++ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
++ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.user_transition_treeview.set_model(self.user_transition_store)
++ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.user_transition_treeview.append_column(col)
+
-+ def set_in_tcp(self, all, reserved, unreserved, ports):
-+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
++ for i in polgen.get_all_users():
++ iter = self.user_transition_store.append()
++ self.user_transition_store.set_value(iter, 0, i)
++ iter = self.existing_user_store.append()
++ self.existing_user_store.set_value(iter, 0, i)
+
-+ def set_in_udp(self, all, reserved, unreserved, ports):
-+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
++ self.admin_treeview = self.xml.get_widget("admin_treeview")
++ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.admin_treeview.set_model(self.admin_store)
++ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.admin_treeview.append_column(col)
+
-+ def set_out_tcp(self, all, ports):
-+ self.out_tcp = [ all , False, False, verify_ports(ports) ]
++ for i in polgen.methods:
++ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
++ if len(m) > 0:
++ if "%s_exec" % m[0] in self.types:
++ iter = self.transition_store.append()
++ self.transition_store.set_value(iter, 0, m[0])
++ continue
+
-+ def set_out_udp(self, all, ports):
-+ self.out_udp = [ all , False, False, verify_ports(ports) ]
++ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
++ if len(m) > 0:
++ iter = self.admin_store.append()
++ self.admin_store.set_value(iter, 0, m[0])
++ continue
++
++ def confine_application(self):
++ return self.get_type() in polgen.APPLICATIONS
+
-+ def set_use_syslog(self, val):
-+ if val != True and val != False:
-+ raise ValueError(_("use_syslog must be a boolean value "))
-+
-+ self.use_syslog = val
-+
-+ def set_use_pam(self, val):
-+ self.use_pam = val == True
-+
-+ def set_use_dbus(self, val):
-+ self.use_dbus = val == True
-+
-+ def set_use_audit(self, val):
-+ self.use_audit = val == True
-+
-+ def set_use_terminal(self, val):
-+ self.use_terminal = val == True
-+
-+ def set_use_mail(self, val):
-+ self.use_mail = val == True
-+
-+ def set_use_tmp(self, val):
-+ if self.type not in APPLICATIONS:
-+ raise ValueError(_("USER Types autoomatically get a tmp type"))
++ def forward(self, arg):
++ type = self.get_type()
++ if self.current_page == self.START_PAGE:
++ self.back_button.set_sensitive(1)
+
-+ if val:
-+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
-+ else:
-+ self.DEFAULT_DIRS["tmp"][1]=[]
-+
-+ def set_use_uid(self, val):
-+ self.use_uid = val == True
-+
-+ def generate_uid_rules(self):
-+ if self.use_uid:
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
-+ else:
-+ return ""
-+
-+ def generate_syslog_rules(self):
-+ if self.use_syslog:
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
-+ else:
-+ return ""
-+
-+ def generate_pam_rules(self):
-+ newte =""
-+ if self.use_pam:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
-+ return newte
-+
-+ def generate_audit_rules(self):
-+ newte =""
-+ if self.use_audit:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
-+ return newte
-+
-+ def generate_dbus_rules(self):
-+ newte =""
-+ if self.use_dbus:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
-+ return newte
++ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
++ if self.on_select_type_page_next():
++ return
+
-+ def generate_mail_rules(self):
-+ newte =""
-+ if self.use_mail:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
-+ return newte
++ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
++ if self.on_in_net_page_next():
++ return
+
-+ def generate_network_action(self, protocol, action, port_name):
-+ line = ""
-+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
-+ if method in methods:
-+ line = "%s(%s_t)\n" % (method, self.name)
-+ else:
-+ line = """
-+gen_require(`
-+ type %s_t;
-+')
-+allow %s_t %s_t:%s_socket name_%s;
-+""" % (port_name, self.name, port_name, protocol, action)
-+ return line
-+
-+ def generate_network_types(self):
-+ for i in self.in_tcp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_tcp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("tcp", "bind", port_name)
-+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_tcp_ports:
-+ self.found_tcp_ports.append(line)
++ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
++ if self.on_out_net_page_next():
++ return
+
-+ for i in self.out_tcp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_tcp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("tcp", "connect", port_name)
-+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_tcp_ports:
-+ self.found_tcp_ports.append(line)
-+
-+ for i in self.in_udp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_udp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("udp", "bind", port_name)
-+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_udp_ports:
-+ self.found_udp_ports.append(line)
-+
-+ if self.need_udp_type == True or self.need_tcp_type == True:
-+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
-+ return ""
-+
-+ def __find_path(self, file):
-+ for d in self.DEFAULT_DIRS:
-+ if file.find(d) == 0:
-+ self.DEFAULT_DIRS[d][1].append(file)
-+ return self.DEFAULT_DIRS[d]
-+ self.DEFAULT_DIRS["rw"][1].append(file)
-+ return self.DEFAULT_DIRS["rw"]
-+
-+ def add_boolean(self, name, description):
-+ self.booleans[name] = description
++ if self.pages[type][self.current_page] == self.APP_PAGE:
++ if self.on_name_page_next():
++ return
+
-+ def add_file(self, file):
-+ self.files[file] = self.__find_path(file)
++ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
++ if self.on_existing_user_page_next():
++ return
+
-+ def add_dir(self, file):
-+ self.dirs[file] = self.__find_path(file)
-+
-+ def generate_network_rules(self):
-+ newte = ""
-+ if self.use_network():
-+ newte = "\n"
++ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
++ outputdir = self.output_entry.get_text()
++ if not os.path.isdir(outputdir):
++ self.error(_("%s must be a directory") % outputdir )
++ return False
++
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.generate_policy()
++ else:
++ self.current_page = self.current_page + 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.forward_button.set_label(gtk.STOCK_APPLY)
++
++ def back(self,arg):
++ type = self.get_type()
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
+
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
-+
-+ if self.use_tcp():
-+ newte += "\n"
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
++ self.current_page = self.current_page - 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.current_page == 0:
++ self.back_button.set_sensitive(0)
++
++ def network_all_clicked(self, button):
++ active = button.get_active()
++ for b in self.network_buttons[button]:
++ b.set_sensitive(not active)
++
++ def verify(self, message, title="" ):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
++ gtk.BUTTONS_YES_NO,
++ message)
++ dlg.set_title(title)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ rc = dlg.run()
++ dlg.destroy()
++ return rc
+
-+ if self.use_in_tcp():
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
++ def info(self, message):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
++ gtk.BUTTONS_OK,
++ message)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ dlg.run()
++ dlg.destroy()
+
-+ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
++ def error(self, message):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
++ gtk.BUTTONS_CLOSE,
++ message)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ dlg.run()
++ dlg.destroy()
+
-+ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
++ def get_name(self):
++ if self.existing_user_radiobutton.get_active():
++ store, iter = self.existing_user_treeview.get_selection().get_selected()
++ if iter == None:
++ raise(_("You must select a user"))
++ return store.get_value(iter, 0)
++ else:
++ return self.name_entry.get_text()
+
++ def get_type(self):
++ if self.cgi_radiobutton.get_active():
++ return polgen.CGI
++ if self.user_radiobutton.get_active():
++ return polgen.USER
++ if self.init_radiobutton.get_active():
++ return polgen.DAEMON
++ if self.inetd_radiobutton.get_active():
++ return polgen.INETD
++ if self.login_user_radiobutton.get_active():
++ return polgen.LUSER
++ if self.admin_user_radiobutton.get_active():
++ return polgen.AUSER
++ if self.xwindows_user_radiobutton.get_active():
++ return polgen.XUSER
++ if self.terminal_user_radiobutton.get_active():
++ return polgen.TUSER
++ if self.root_user_radiobutton.get_active():
++ return polgen.RUSER
++ if self.existing_user_radiobutton.get_active():
++ return polgen.EUSER
+
-+ if self.in_tcp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
-+ if self.in_tcp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
-+ if self.in_tcp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
-+
-+ if self.out_tcp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
-+ if self.out_tcp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
-+ if self.out_tcp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
++ def generate_policy(self, *args):
++ outputdir = self.output_entry.get_text()
++ try:
++ my_policy=polgen.policy(self.get_name(), self.get_type())
++ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
++ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
++ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
++ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
+
-+ for i in self.found_tcp_ports:
-+ newte += i
++ iter= self.boolean_store.get_iter_first()
++ while(iter):
++ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
++ iter= self.boolean_store.iter_next(iter)
+
-+ if self.use_udp():
-+ newte += "\n"
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
++ if self.get_type() in polgen.APPLICATIONS:
++ my_policy.set_program(self.exec_entry.get_text())
++ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
++ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
++ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
++ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
+
-+ if self.need_udp_type:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
-+ if self.use_in_udp():
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
-+ if self.in_udp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
-+ if self.in_udp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
-+ if self.in_udp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
-+
-+ for i in self.found_udp_ports:
-+ newte += i
-+ return newte
-+
-+ def generate_transition_rules(self):
-+ newte = ""
-+ for app in self.transition_domains:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
-+ newte += re.sub("APPLICATION", app, tmp)
-+
-+ if self.type == USER:
-+ for u in self.transition_users:
-+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
-+ newte += re.sub("USER", u, temp)
++ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
++ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
++ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
++ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
++ if self.get_type() is polgen.DAEMON:
++ my_policy.set_init_script(self.init_script_entry.get_text())
++ if self.get_type() == polgen.USER:
++ selected = []
++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_users(selected)
++ else:
++ if self.get_type() == polgen.RUSER:
++ selected = []
++ self.admin_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_admin_domains(selected)
++ selected = []
++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_users(selected)
++ else:
++ selected = []
++ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_domains(selected)
++
++ selected = []
++ self.role_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_admin_roles(selected)
++
++ iter= self.store.get_iter_first()
++ while(iter):
++ if self.store.get_value(iter, 1) == FILE:
++ my_policy.add_file(self.store.get_value(iter, 0))
++ else:
++ my_policy.add_dir(self.store.get_value(iter, 0))
++ iter= self.store.iter_next(iter)
++
++ self.info(my_policy.generate(outputdir))
++ return False
++ except ValueError, e:
++ self.error(e.message)
++
++ def delete(self, args):
++ store, iter = self.view.get_selection().get_selected()
++ if iter != None:
++ store.remove(iter)
++ self.view.get_selection().select_path ((0,))
+
-+ return newte
++ def delete_boolean(self, args):
++ store, iter = self.boolean_treeview.get_selection().get_selected()
++ if iter != None:
++ store.remove(iter)
++ self.boolean_treeview.get_selection().select_path ((0,))
+
-+ def generate_admin_rules(self):
-+ newte = ""
-+ if self.type == RUSER:
-+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
-+
-+ for app in self.admin_domains:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
-+ newte += re.sub("APPLICATION", app, tmp)
++ def add_boolean(self,type):
++ self.boolean_name_entry.set_text("")
++ self.boolean_description_entry.set_text("")
++ rc = self.boolean_dialog.run()
++ self.boolean_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ iter = self.boolean_store.append()
++ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
++ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
++
++ def __add(self,type):
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ for i in self.file_dialog.get_filenames():
++ iter = self.store.append()
++ self.store.set_value(iter, 0, i)
++ self.store.set_value(iter, 1, type)
++
++ def exec_select(self, args):
++ self.file_dialog.set_select_multiple(0)
++ self.file_dialog.set_title(_("Select executable file to be confined."))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_current_folder("/usr/sbin")
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.exec_entry.set_text(self.file_dialog.get_filename())
+
-+ for u in self.transition_users:
-+ role = u[:-2]
-+ if (role + "_r") in self.all_roles:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
-+ newte += re.sub("USER", role, tmp)
++ def init_script_select(self, args):
++ self.file_dialog.set_select_multiple(0)
++ self.file_dialog.set_title(_("Select init script file to be confined."))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_current_folder("/etc/rc.d/init.d")
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.init_script_entry.set_text(self.file_dialog.get_filename())
+
-+ return newte
++ def add(self, args):
++ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
++ self.file_dialog.set_current_folder("/")
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_select_multiple(1)
++ self.__add(FILE)
+
-+ def generate_dbus_if(self):
-+ newif =""
-+ if self.use_dbus:
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
-+ return newif
++ def add_dir(self, args):
++ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
++ self.file_dialog.set_current_folder("/")
++ self.file_dialog.set_select_multiple(1)
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
++ self.__add(DIR)
++
++ def on_about_clicked(self, args):
++ dlg = xml.get_widget ("about_dialog")
++ dlg.run ()
++ dlg.hide ()
+
-+ def generate_admin_if(self):
-+ newif = ""
-+ if self.initscript != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
++ def quit(self, args):
++ gtk.main_quit()
+
-+ if newif != "":
-+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
-+ ret += newif
-+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
-+ return ret
-+
-+ return ""
-+
-+ def generate_cgi_types(self):
-+ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
-+
-+ def generate_userapp_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
-+
-+ def generate_inetd_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
-+
-+ def generate_min_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
-+
-+ def generate_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
-+
-+ def generate_admin_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
++ def setupScreen(self):
++ # Bring in widgets from glade file.
++ self.mainWindow = self.xml.get_widget("main_window")
++ self.druid = self.xml.get_widget("druid")
++ self.type = 0
++ self.name_entry = self.xml.get_widget("name_entry")
++ self.name_entry.connect("focus_out_event",self.on_name_entry_changed)
++ self.exec_entry = self.xml.get_widget("exec_entry")
++ self.exec_button = self.xml.get_widget("exec_button")
++ self.init_script_entry = self.xml.get_widget("init_script_entry")
++ self.init_script_button = self.xml.get_widget("init_script_button")
++ self.output_entry = self.xml.get_widget("output_entry")
++ self.output_entry.set_text(os.getcwd())
++ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
++
++ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
++ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
++ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
++ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
++ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
++ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
+
-+ def generate_existing_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
-+
-+ def generate_x_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
-+
-+ def generate_root_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
-+
-+ def generate_daemon_types(self):
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
-+ if self.initscript != "":
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
-+ return newte
-+
-+ def generate_tmp_types(self):
-+ if self.use_tmp:
-+ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
-+ else:
-+ return ""
-+
-+ def generate_booleans(self):
-+ newte = ""
-+ for b in self.booleans:
-+ tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
-+ newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
-+ return newte
++ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
++ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
++ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
++ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
++ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
++ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
++ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
++ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
++ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
++ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
++ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
++ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
++ self.view = self.xml.get_widget("write_treeview")
++ self.file_dialog = self.xml.get_widget("filechooserdialog")
+
-+ def generate_boolean_rules(self):
-+ newte = ""
-+ for b in self.booleans:
-+ newte += re.sub("BOOLEAN", b, boolean.te_rules)
-+ return newte
++ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
++ self.view.set_model(self.store)
++ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
++ col.set_resizable(True)
++ self.view.append_column(col)
++ self.view.get_selection().select_path ((0,))
+
-+ def generate_cgi_te(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
++ def output_button_clicked(self, *args):
++ self.file_dialog.set_title(_("Select directory to generate policy files in"))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
++ self.file_dialog.set_select_multiple(0)
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.output_entry.set_text(self.file_dialog.get_filename())
++
++ def on_name_entry_changed(self, entry, third):
++ name = entry.get_text()
++ if self.name != name:
++ if name in self.all_types:
++ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
++ entry.set_text("")
++ return False
++ if name in self.all_modules:
++ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
++ entry.set_text("")
++ return False
+
-+ def generate_daemon_rules(self):
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
++ file = "/etc/rc.d/init.d/" + name
++ if os.path.isfile(file) and self.init_script_entry.get_text() == "":
++ self.init_script_entry.set_text(file)
++
++ file = "/usr/sbin/" + name
++ if os.path.isfile(file) and self.exec_entry.get_text() == "":
++ self.exec_entry.set_text(file)
+
-+ return newif
-+
-+ def generate_login_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
-+
-+ def generate_existing_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
-+
-+ def generate_x_login_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
-+
-+ def generate_root_user_rules(self):
-+ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
-+ return newte
-+
-+ def generate_userapp_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
-+
-+ def generate_inetd_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
-+
-+ def generate_tmp_rules(self):
-+ if self.use_tmp:
-+ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
-+ else:
-+ return ""
-+
-+ def generate_cgi_rules(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
-+ return newte
-+
-+ def generate_user_if(self):
-+ newif =""
-+ if self.use_terminal or self.type == USER:
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
-+ return newif
++ self.name = name
++ return False
+
-+
-+ def generate_if(self):
-+ newif = ""
-+ if self.program != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
-+ if self.initscript != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
-+
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
-+ for i in self.DEFAULT_DIRS[d][1]:
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
-+ break
-+ newif += self.generate_user_if()
-+ newif += self.generate_dbus_if()
-+ newif += self.generate_admin_if()
-+
-+ return newif
++ def on_in_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.in_tcp_entry.get_text())
++ polgen.verify_ports(self.in_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
++ def on_out_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.out_tcp_entry.get_text())
++ polgen.verify_ports(self.out_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
++ def on_select_type_page_next(self, *args):
++ self.exec_entry.set_sensitive(self.confine_application())
++ self.exec_button.set_sensitive(self.confine_application())
++ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
++ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
+
-+ def generate_default_types(self):
-+ return self.DEFAULT_TYPES[self.type][0]()
-+
-+ def generate_default_rules(self):
-+ return self.DEFAULT_TYPES[self.type][1]()
-+
-+ def generate_roles_rules(self):
-+ newte = ""
-+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
-+ roles = ""
-+ if len(self.roles) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
-+ for role in self.roles:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
-+ newte += re.sub("ROLE", role, tmp)
-+ return newte
++ def on_existing_user_page_next(self, *args):
++ store, iter = self.view.get_selection().get_selected()
++ if iter != None:
++ self.error(_("You must select a user"))
++ return True
+
-+ def generate_te(self):
-+ newte = self.generate_default_types()
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ # CGI scripts already have a rw_t
-+ if self.type != CGI or d != "rw":
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
++ def on_name_page_next(self, *args):
++ name=self.name_entry.get_text()
++ if name == "":
++ self.error(_("You must enter a name"))
++ return True
++
++ if self.confine_application():
++ exe = self.exec_entry.get_text()
++ if exe == "":
++ self.error(_("You must enter a executable"))
++ return True
+
-+ newte += self.generate_network_types()
-+ newte += self.generate_tmp_types()
-+ newte += self.generate_booleans()
-+ newte += self.generate_default_rules()
-+ newte += self.generate_boolean_rules()
++ def stand_alone(self):
++ desktopName = _("Configue SELinux")
+
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
-+ for i in self.DEFAULT_DIRS[d][1]:
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
-+ break
++ self.setupScreen()
++ self.mainWindow.connect("destroy", self.quit)
+
-+ newte += self.generate_network_rules()
-+ newte += self.generate_tmp_rules()
-+ newte += self.generate_uid_rules()
-+ newte += self.generate_syslog_rules()
-+ newte += self.generate_pam_rules()
-+ newte += self.generate_dbus_rules()
-+ newte += self.generate_audit_rules()
-+ newte += self.generate_mail_rules()
-+ newte += self.generate_roles_rules()
-+ newte += self.generate_transition_rules()
-+ newte += self.generate_admin_rules()
-+ return newte
-+
-+ def generate_fc(self):
-+ newfc = ""
-+ if self.program == "":
-+ raise ValueError(_("You must enter the executable path for your confined process"))
++ self.mainWindow.show_all()
++ gtk.main()
+
-+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++if __name__ == "__main__":
++ signal.signal (signal.SIGINT, signal.SIG_DFL)
+
-+ if self.initscript != "":
-+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ app = childWindow()
++ app.stand_alone()
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.50/gui/polgen.py
+--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.50/gui/polgen.py 2008-07-01 21:48:14.000000000 -0400
+@@ -0,0 +1,925 @@
++#!/usr/bin/python
++#
++# Copyright (C) 2007, 2008 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# policygentool is a tool for the initial generation of SELinux policy
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
++#
++#
++import os, sys, stat
++import re
++import commands
+
-+ for i in self.files.keys():
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
-+ else:
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
-+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.files[i][0], t2)
++from templates import executable
++from templates import boolean
++from templates import etc_rw
++from templates import var_spool
++from templates import var_lib
++from templates import var_log
++from templates import var_run
++from templates import tmp
++from templates import rw
++from templates import network
++from templates import script
++from templates import user
++import seobject
++import sepolgen.interfaces as interfaces
++import sepolgen.defaults as defaults
+
-+ for i in self.dirs.keys():
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
-+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
++##
++## I18N
++##
++PROGNAME="system-config-selinux"
+
-+ return newfc
-+
-+ def generate_user_sh(self):
-+ newsh = ""
-+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
-+ roles = ""
-+ for role in self.roles:
-+ roles += " %s_r" % role
-+ if roles != "":
-+ roles += " system_r"
-+ if self.type == EUSER:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.eusers)
-+ else:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
-+ newsh += re.sub("ROLES", roles, tmp)
++import gettext
++gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
++gettext.textdomain(PROGNAME)
++try:
++ gettext.install(PROGNAME,
++ localedir="/usr/share/locale",
++ unicode=False,
++ codeset = 'utf-8')
++except IOError:
++ import __builtin__
++ __builtin__.__dict__['_'] = unicode
+
-+ if self.type == RUSER:
-+ for u in self.transition_users:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
-+ newsh += re.sub("USER", u, tmp)
-+ return newsh
-+
-+ def generate_sh(self):
-+ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
-+ if self.type == EUSER:
-+ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
-+ else:
-+ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
-+ if self.program != "":
-+ newsh += re.sub("FILENAME", self.program, script.restorecon)
-+ if self.initscript != "":
-+ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
++methods = []
++fn = defaults.interface_info()
++try:
++ fd = open(fn)
++ # List of per_role_template interfaces
++ ifs = interfaces.InterfaceSet()
++ ifs.from_file(fd)
++ methods = ifs.interfaces.keys()
++ fd.close()
++except:
++ sys.stderr.write("could not open interface info [%s]\n" % fn)
++ sys.exit(1)
+
-+ for i in self.files.keys():
-+ newsh += re.sub("FILENAME", i, script.restorecon)
++def get_all_roles():
++ roles = []
++ output = commands.getoutput("/usr/bin/seinfo -r").split()
++ for r in output:
++ if r != "object_r" and r.endswith("_r"):
++ roles.append(r)
++ roles.sort()
++ return roles
+
-+ for i in self.dirs.keys():
-+ newsh += re.sub("FILENAME", i, script.restorecon)
++def get_all_types():
++ all_types = []
++ try:
++ rc, output=commands.getstatusoutput("/usr/bin/seinfo --type")
++ output = commands.getoutput("/usr/bin/seinfo --type").split()
++ for t in output:
++ if t.endswith("_t"):
++ all_types.append(t[:-2])
++ except:
++ pass
+
-+ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
-+ if self.find_port(i) == None:
-+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
-+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
++ return all_types
+
-+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
-+ if self.find_port(i) == None:
-+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
-+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
++def get_all_modules():
++ try:
++ all_modules = []
++ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null")
++ if rc == 0:
++ l = output.split("\n")
++ for i in l:
++ all_modules.append(i.split()[0])
++ except:
++ pass
+
-+ newsh += self.generate_user_sh()
-+
-+ return newsh
-+
-+ def write_te(self, out_dir):
-+ if self.type == EUSER:
-+ tefile = "%s/my%s.te" % (out_dir, self.file_name)
-+ else:
-+ tefile = "%s/%s.te" % (out_dir, self.file_name)
-+ fd = open(tefile, "w")
-+ fd.write(self.generate_te())
-+ fd.close()
-+ return tefile
++ return all_modules
+
-+ def write_sh(self, out_dir):
-+ if self.type == EUSER:
-+ shfile = "%s/my%s.sh" % (out_dir, self.file_name)
-+ else:
-+ shfile = "%s/%s.sh" % (out_dir, self.file_name)
-+ fd = open(shfile, "w")
-+ fd.write(self.generate_sh())
-+ fd.close()
-+ os.chmod(shfile, 0750)
-+ return shfile
++def get_all_users():
++ users = seobject.seluserRecords().get_all().keys()
++ users.remove("system_u")
++ users.remove("root")
++ users.sort()
++ return users
+
-+ def write_if(self, out_dir):
-+ if self.type == EUSER:
-+ iffile = "%s/my%s.if" % (out_dir, self.file_name)
-+ else:
-+ iffile = "%s/%s.if" % (out_dir, self.file_name)
-+ fd = open(iffile, "w")
-+ fd.write(self.generate_if())
-+ fd.close()
-+ return iffile
++ALL = 0
++RESERVED = 1
++UNRESERVED = 2
++PORTS = 3
++ADMIN_TRANSITION_INTERFACE = "_admin$"
++USER_TRANSITION_INTERFACE = "_per_role_template$"
+
-+ def write_fc(self,out_dir):
-+ if self.type == EUSER:
-+ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
-+ else:
-+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
-+ if self.type in APPLICATIONS:
-+ fd = open(fcfile, "w")
-+ fd.write(self.generate_fc())
-+ fd.close()
-+ return fcfile
++DAEMON = 0
++INETD = 1
++USER = 2
++CGI = 3
++XUSER = 4
++TUSER = 5
++LUSER = 6
++AUSER = 7
++EUSER = 8
++RUSER = 9
+
-+ def generate(self, out_dir = "."):
-+ out = "Created the following files:\n"
-+ out += "%-25s %s\n" % (_("Type Enforcement file"), self.write_te(out_dir))
-+ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
-+ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir))
-+ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir))
-+ return out
++APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
++USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
+
-+def errorExit(error):
-+ sys.stderr.write("%s: " % sys.argv[0])
-+ sys.stderr.write("%s\n" % error)
-+ sys.stderr.flush()
-+ sys.exit(1)
++def verify_ports(ports):
++ if ports == "":
++ return []
++ max_port=2**16
++ try:
++ temp = []
++ for a in ports.split(","):
++ r = a.split("-")
++ if len(r) > 2:
++ raise ValueError
++ if len(r) == 1:
++ begin = int (r[0])
++ end = int (r[0])
++ else:
++ begin = int (r[0])
++ end = int (r[1])
++
++ if begin > end:
++ raise ValueError
++
++ for p in range(begin, end + 1):
++ if p < 1 or p > max_port:
++ raise ValueError
++ temp.append(p)
++ return temp
++ except ValueError:
++ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
+
++class policy:
+
-+if __name__ == '__main__':
-+ mypolicy = policy("mycgi", CGI)
-+ mypolicy.set_program("/var/www/cgi-bin/cgi")
-+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(False)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++ def __init__(self, name, type):
++ ports = seobject.portRecords()
++ self.ports = ports.get_all()
++
++ self.DEFAULT_DIRS = {}
++ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
++ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
++ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
++ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
++ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+
-+ mypolicy = policy("myuser", USER)
-+ mypolicy.set_program("/usr/bin/myuser")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
-+ mypolicy.set_out_tcp(0,"8000")
-+ mypolicy.set_transition_users(["unconfined", "staff"])
-+ print mypolicy.generate("/var/tmp")
-+
++ self.DEFAULT_TYPES = (\
++( self.generate_daemon_types, self.generate_daemon_rules), \
++( self.generate_inetd_types, self.generate_inetd_rules), \
++( self.generate_userapp_types, self.generate_userapp_rules), \
++( self.generate_cgi_types, self.generate_cgi_rules), \
++( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
++( self.generate_min_login_user_types, self.generate_login_user_rules), \
++( self.generate_login_user_types, self.generate_login_user_rules), \
++( self.generate_admin_user_types, self.generate_login_user_rules), \
++( self.generate_existing_user_types, self.generate_existing_user_rules), \
++( self.generate_root_user_types, self.generate_root_user_rules))
++ if name == "":
++ raise ValueError(_("You must enter a name for your confined process/user"))
++ if type == CGI:
++ self.name = "httpd_%s_script" % name
++ else:
++ self.name = name
++ self.file_name = name
++
++ self.type = type
++ self.initscript = ""
++ self.program = ""
++ self.in_tcp = [False, False, False, []]
++ self.in_udp = [False, False, False, []]
++ self.out_tcp = [False, False, False, []]
++ self.out_udp = [False, False, False, []]
++ self.use_tmp = False
++ self.use_uid = False
++ self.use_syslog = False
++ self.use_pam = False
++ self.use_dbus = False
++ self.use_audit = False
++ self.use_terminal = False
++ self.use_mail = False
++ self.booleans = {}
++ self.files = {}
++ self.dirs = {}
++ self.found_tcp_ports=[]
++ self.found_udp_ports=[]
++ self.need_tcp_type=False
++ self.need_udp_type=False
++ self.admin_domains = []
++ self.transition_domains = []
++ self.roles = []
++ self.all_roles = get_all_roles()
+
-+ mypolicy = policy("myrwho", DAEMON)
-+ mypolicy.set_program("/usr/sbin/myrwhod")
-+ mypolicy.set_init_script("/etc/init.d/myrwhod")
-+ mypolicy.add_dir("/etc/nasd")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_dir("/var/run/myrwho")
-+ mypolicy.add_dir("/var/lib/myrwho")
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("myinetd", INETD)
-+ mypolicy.set_program("/usr/bin/mytest")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_file("/var/lib/mysql/mysql.sock")
-+ mypolicy.add_file("/var/run/rpcbind.sock")
-+ mypolicy.add_file("/var/run/daemon.pub")
-+ mypolicy.add_file("/var/log/daemon.log")
-+ mypolicy.add_dir("/var/lib/daemon")
-+ mypolicy.add_dir("/etc/daemon")
-+ mypolicy.add_dir("/etc/daemon/special")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.set_use_audit(True)
-+ mypolicy.set_use_dbus(True)
-+ mypolicy.set_use_terminal(True)
-+ mypolicy.set_use_mail(True)
-+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++ def __isnetset(self, l):
++ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
+
-+ mypolicy = policy("mytuser", TUSER)
-+ mypolicy.set_transition_domains(["sudo"])
-+ mypolicy.set_admin_roles(["mydbadm"])
-+ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("myxuser", XUSER)
-+ mypolicy.set_in_tcp(1, 1, 1, "28920")
-+ mypolicy.set_in_udp(0, 0, 1, "1513")
-+ mypolicy.set_transition_domains(["mozilla"])
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("mydbadm", RUSER)
-+ mypolicy.set_admin_domains(["postgresql", "mysql"])
-+ print mypolicy.generate("/var/tmp")
-+
-+ sys.exit(0)
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.49/gui/polgengui.py
---- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/polgengui.py 2008-06-23 07:03:37.000000000 -0400
-@@ -0,0 +1,623 @@
-+#!/usr/bin/python -E
-+#
-+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
-+#
-+# Dan Walsh
-+#
-+# Copyright 2007, 2008 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+#
-+import signal
-+import string
-+import gtk
-+import gtk.glade
-+import os
-+import gobject
-+import gnome
-+import sys
-+import polgen
-+import re
-+import commands
++ def set_admin_domains(self, admin_domains):
++ self.admin_domains = admin_domains
+
++ def set_admin_roles(self, roles):
++ self.roles = roles
+
-+##
-+## I18N
-+##
-+PROGNAME="system-config-selinux"
++ def set_transition_domains(self, transition_domains):
++ self.transition_domains = transition_domains
+
-+import gettext
-+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
-+gettext.textdomain(PROGNAME)
-+try:
-+ gettext.install(PROGNAME,
-+ localedir="/usr/share/locale",
-+ unicode=False,
-+ codeset = 'utf-8')
-+except IOError:
-+ import __builtin__
-+ __builtin__.__dict__['_'] = unicode
++ def set_transition_users(self, transition_users):
++ self.transition_users = transition_users
+
-+gnome.program_init("SELinux Policy Generation Tool", "5")
++ def use_in_udp(self):
++ return self.__isnetset(self.in_udp)
++
++ def use_out_udp(self):
++ return self.__isnetset(self.out_udp)
++
++ def use_udp(self):
++ return self.use_in_udp() or self.use_out_udp()
+
-+version = "1.0"
++ def use_in_tcp(self):
++ return self.__isnetset(self.in_tcp)
++
++ def use_out_tcp(self):
++ return self.__isnetset(self.out_tcp)
++
++ def use_tcp(self):
++ return self.use_in_tcp() or self.use_out_tcp()
+
-+sys.path.append('/usr/share/system-config-selinux')
-+sys.path.append('.')
++ def use_network(self):
++ return self.use_tcp() or self.use_udp()
++
++ def find_port(self, port):
++ for begin,end in self.ports.keys():
++ if port >= begin and port <= end:
++ return self.ports[begin,end]
++ return None
+
-+# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
-+def foreach(model, path, iter, selected):
-+ selected.append(model.get_value(iter, 0))
++ def set_program(self, program):
++ if self.type not in APPLICATIONS:
++ raise ValueError(_("USER Types are not allowed executables"))
+
-+##
-+## Pull in the Glade file
-+##
-+if os.access("polgen.glade", os.F_OK):
-+ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME)
-+else:
-+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
++ self.program = program
+
-+FILE = 1
-+DIR = 2
++ def set_init_script(self, initscript):
++ if self.type != DAEMON:
++ raise ValueError(_("Only DAEMON apps can use an init script"))
+
-+class childWindow:
-+ START_PAGE = 0
-+ SELECT_TYPE_PAGE = 1
-+ APP_PAGE = 2
-+ EXISTING_USER_PAGE = 3
-+ TRANSITION_PAGE = 4
-+ USER_TRANSITION_PAGE = 5
-+ ADMIN_PAGE = 6
-+ ROLE_PAGE = 7
-+ IN_NET_PAGE = 8
-+ OUT_NET_PAGE = 9
-+ COMMON_APPS_PAGE = 10
-+ FILES_PAGE = 11
-+ BOOLEAN_PAGE = 12
-+ SELECT_DIR_PAGE = 13
-+ GEN_POLICY_PAGE = 14
-+ GEN_USER_POLICY_PAGE = 15
-+
-+ def __init__(self):
-+ self.xml = xml
-+ self.all_types=polgen.get_all_types()
-+ self.all_modules=polgen.get_all_modules()
-+ self.name=""
-+ xml.signal_connect("on_delete_clicked", self.delete)
-+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
-+ xml.signal_connect("on_exec_select_clicked", self.exec_select)
-+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
-+ xml.signal_connect("on_add_clicked", self.add)
-+ xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
-+ xml.signal_connect("on_add_dir_clicked", self.add_dir)
-+ xml.signal_connect("on_about_clicked", self.on_about_clicked)
-+ xml.get_widget ("cancel_button").connect("clicked",self.quit)
-+ self.forward_button = xml.get_widget ("forward_button")
-+ self.forward_button.connect("clicked",self.forward)
-+ self.back_button = xml.get_widget ("back_button")
-+ self.back_button.connect("clicked",self.back)
++ self.initscript = initscript
+
-+ self.boolean_dialog = xml.get_widget ("boolean_dialog")
-+ self.boolean_name_entry = xml.get_widget ("boolean_name_entry")
-+ self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
++ def set_in_tcp(self, all, reserved, unreserved, ports):
++ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
+
-+ self.notebook = xml.get_widget ("notebook1")
-+ self.pages={}
-+ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ]
-+ for i in polgen.USERS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
-+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
-+ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ def set_in_udp(self, all, reserved, unreserved, ports):
++ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
+
-+ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ def set_out_tcp(self, all, ports):
++ self.out_tcp = [ all , False, False, verify_ports(ports) ]
++
++ def set_out_udp(self, all, ports):
++ self.out_udp = [ all , False, False, verify_ports(ports) ]
++
++ def set_use_syslog(self, val):
++ if val != True and val != False:
++ raise ValueError(_("use_syslog must be a boolean value "))
++
++ self.use_syslog = val
++
++ def set_use_pam(self, val):
++ self.use_pam = val == True
++
++ def set_use_dbus(self, val):
++ self.use_dbus = val == True
++
++ def set_use_audit(self, val):
++ self.use_audit = val == True
++
++ def set_use_terminal(self, val):
++ self.use_terminal = val == True
++
++ def set_use_mail(self, val):
++ self.use_mail = val == True
++
++ def set_use_tmp(self, val):
++ if self.type not in APPLICATIONS:
++ raise ValueError(_("USER Types autoomatically get a tmp type"))
++
++ if val:
++ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
++ else:
++ self.DEFAULT_DIRS["tmp"][1]=[]
++
++ def set_use_uid(self, val):
++ self.use_uid = val == True
++
++ def generate_uid_rules(self):
++ if self.use_uid:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
++ else:
++ return ""
+
-+ for i in polgen.APPLICATIONS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
-+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
-+
-+ self.current_page = 0
-+ self.back_button.set_sensitive(0)
++ def generate_syslog_rules(self):
++ if self.use_syslog:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
++ else:
++ return ""
+
-+ self.network_buttons = {}
++ def generate_pam_rules(self):
++ newte =""
++ if self.use_pam:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
++ return newte
+
-+ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
-+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
-+ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
-+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
-+ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
++ def generate_audit_rules(self):
++ newte =""
++ if self.use_audit:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
++ return newte
+
++ def generate_dbus_rules(self):
++ newte =""
++ if self.use_dbus:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
++ return newte
+
-+ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
-+ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
-+ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
-+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
++ def generate_mail_rules(self):
++ newte =""
++ if self.use_mail:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
++ return newte
+
-+ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
++ def generate_network_action(self, protocol, action, port_name):
++ line = ""
++ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
++ if method in methods:
++ line = "%s(%s_t)\n" % (method, self.name)
++ else:
++ line = """
++gen_require(`
++ type %s_t;
++')
++allow %s_t %s_t:%s_socket name_%s;
++""" % (port_name, self.name, port_name, protocol, action)
++ return line
++
++ def generate_network_types(self):
++ for i in self.in_tcp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_tcp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("tcp", "bind", port_name)
++# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_tcp_ports:
++ self.found_tcp_ports.append(line)
+
-+ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
-+ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
-+ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
-+ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
++ for i in self.out_tcp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_tcp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("tcp", "connect", port_name)
++# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_tcp_ports:
++ self.found_tcp_ports.append(line)
++
++ for i in self.in_udp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_udp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("udp", "bind", port_name)
++# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_udp_ports:
++ self.found_udp_ports.append(line)
++
++ if self.need_udp_type == True or self.need_tcp_type == True:
++ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
++ return ""
++
++ def __find_path(self, file):
++ for d in self.DEFAULT_DIRS:
++ if file.find(d) == 0:
++ self.DEFAULT_DIRS[d][1].append(file)
++ return self.DEFAULT_DIRS[d]
++ self.DEFAULT_DIRS["rw"][1].append(file)
++ return self.DEFAULT_DIRS["rw"]
++
++ def add_boolean(self, name, description):
++ self.booleans[name] = description
+
-+ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
++ def add_file(self, file):
++ self.files[file] = self.__find_path(file)
+
-+ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
-+ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
-+ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
++ def add_dir(self, file):
++ self.dirs[file] = self.__find_path(file)
++
++ def generate_network_rules(self):
++ newte = ""
++ if self.use_network():
++ newte = "\n"
+
-+ for b in self.network_buttons.keys():
-+ b.connect("clicked",self.network_all_clicked)
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
++
++ if self.use_tcp():
++ newte += "\n"
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
+
-+ self.boolean_treeview = self.xml.get_widget("boolean_treeview")
-+ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING)
-+ self.boolean_treeview.set_model(self.boolean_store)
-+ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0)
-+ self.boolean_treeview.append_column(col)
-+ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1)
-+ self.boolean_treeview.append_column(col)
++ if self.use_in_tcp():
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
+
-+ self.role_treeview = self.xml.get_widget("role_treeview")
-+ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.role_treeview.set_model(self.role_store)
-+ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
-+ self.role_treeview.append_column(col)
++ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
+
-+ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
-+ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.existing_user_treeview.set_model(self.existing_user_store)
-+ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
-+ self.existing_user_treeview.append_column(col)
++ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
+
-+ roles = polgen.get_all_roles()
-+ for i in roles:
-+ iter = self.role_store.append()
-+ self.role_store.set_value(iter, 0, i[:-2])
+
-+ self.types = polgen.get_all_types()
++ if self.in_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
++ if self.in_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
++ if self.in_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
++
++ if self.out_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
++ if self.out_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
++ if self.out_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
+
-+ self.transition_treeview = self.xml.get_widget("transition_treeview")
-+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.transition_treeview.set_model(self.transition_store)
-+ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.transition_treeview.append_column(col)
++ for i in self.found_tcp_ports:
++ newte += i
+
-+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
-+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.user_transition_treeview.set_model(self.user_transition_store)
-+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.user_transition_treeview.append_column(col)
++ if self.use_udp():
++ newte += "\n"
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
+
-+ for i in polgen.get_all_users():
-+ iter = self.user_transition_store.append()
-+ self.user_transition_store.set_value(iter, 0, i)
-+ iter = self.existing_user_store.append()
-+ self.existing_user_store.set_value(iter, 0, i)
++ if self.need_udp_type:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
++ if self.use_in_udp():
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
++ if self.in_udp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
++ if self.in_udp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
++ if self.in_udp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
+
-+ self.admin_treeview = self.xml.get_widget("admin_treeview")
-+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.admin_treeview.set_model(self.admin_store)
-+ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.admin_treeview.append_column(col)
++ for i in self.found_udp_ports:
++ newte += i
++ return newte
++
++ def generate_transition_rules(self):
++ newte = ""
++ for app in self.transition_domains:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
++ newte += re.sub("APPLICATION", app, tmp)
+
-+ for i in polgen.methods:
-+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
-+ if len(m) > 0:
-+ if "%s_exec" % m[0] in self.types:
-+ iter = self.transition_store.append()
-+ self.transition_store.set_value(iter, 0, m[0])
-+ continue
++ if self.type == USER:
++ for u in self.transition_users:
++ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
++ newte += re.sub("USER", u, temp)
+
-+ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
-+ if len(m) > 0:
-+ iter = self.admin_store.append()
-+ self.admin_store.set_value(iter, 0, m[0])
-+ continue
-+
-+ def confine_application(self):
-+ return self.get_type() in polgen.APPLICATIONS
++ return newte
+
-+ def forward(self, arg):
-+ type = self.get_type()
-+ if self.current_page == self.START_PAGE:
-+ self.back_button.set_sensitive(1)
++ def generate_admin_rules(self):
++ newte = ""
++ if self.type == RUSER:
++ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
++
++ for app in self.admin_domains:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
++ newte += re.sub("APPLICATION", app, tmp)
+
-+ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
-+ if self.on_select_type_page_next():
-+ return
++ for u in self.transition_users:
++ role = u[:-2]
++ if (role + "_r") in self.all_roles:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
++ newte += re.sub("USER", role, tmp)
+
-+ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
-+ if self.on_in_net_page_next():
-+ return
++ return newte
+
-+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
-+ if self.on_out_net_page_next():
-+ return
++ def generate_dbus_if(self):
++ newif =""
++ if self.use_dbus:
++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
++ return newif
+
-+ if self.pages[type][self.current_page] == self.APP_PAGE:
-+ if self.on_name_page_next():
-+ return
++ def generate_admin_if(self):
++ newif = ""
++ if self.initscript != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
+
-+ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
-+ if self.on_existing_user_page_next():
-+ return
++ if newif != "":
++ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
++ ret += newif
++ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
++ return ret
++
++ return ""
++
++ def generate_cgi_types(self):
++ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
++
++ def generate_userapp_types(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
++
++ def generate_inetd_types(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
++
++ def generate_min_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
++
++ def generate_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
++
++ def generate_admin_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
+
-+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
-+ outputdir = self.output_entry.get_text()
-+ if not os.path.isdir(outputdir):
-+ self.error(_("%s must be a directory") % outputdir )
-+ return False
-+
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.generate_policy()
-+ else:
-+ self.current_page = self.current_page + 1
-+ self.notebook.set_current_page(self.pages[type][self.current_page])
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.forward_button.set_label(gtk.STOCK_APPLY)
-+
-+ def back(self,arg):
-+ type = self.get_type()
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
++ def generate_existing_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
++
++ def generate_x_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
++
++ def generate_root_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
++
++ def generate_daemon_types(self):
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
++ if self.initscript != "":
++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
++ return newte
++
++ def generate_tmp_types(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
++ else:
++ return ""
++
++ def generate_booleans(self):
++ newte = ""
++ for b in self.booleans:
++ tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
++ newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
++ return newte
+
-+ self.current_page = self.current_page - 1
-+ self.notebook.set_current_page(self.pages[type][self.current_page])
-+ if self.current_page == 0:
-+ self.back_button.set_sensitive(0)
-+
-+ def network_all_clicked(self, button):
-+ active = button.get_active()
-+ for b in self.network_buttons[button]:
-+ b.set_sensitive(not active)
-+
-+ def verify(self, message, title="" ):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
-+ gtk.BUTTONS_YES_NO,
-+ message)
-+ dlg.set_title(title)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ rc = dlg.run()
-+ dlg.destroy()
-+ return rc
++ def generate_boolean_rules(self):
++ newte = ""
++ for b in self.booleans:
++ newte += re.sub("BOOLEAN", b, boolean.te_rules)
++ return newte
+
-+ def info(self, message):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
-+ gtk.BUTTONS_OK,
-+ message)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ dlg.run()
-+ dlg.destroy()
++ def generate_cgi_te(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
-+ def error(self, message):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
-+ gtk.BUTTONS_CLOSE,
-+ message)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ dlg.run()
-+ dlg.destroy()
++ def generate_daemon_rules(self):
++ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
+
-+ def get_name(self):
-+ if self.existing_user_radiobutton.get_active():
-+ store, iter = self.existing_user_treeview.get_selection().get_selected()
-+ if iter == None:
-+ raise(_("You must select a user"))
-+ return store.get_value(iter, 0)
-+ else:
-+ return self.name_entry.get_text()
++ return newif
++
++ def generate_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
++
++ def generate_existing_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
++
++ def generate_x_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
++
++ def generate_root_user_rules(self):
++ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
++ return newte
++
++ def generate_userapp_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
++
++ def generate_inetd_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
++
++ def generate_tmp_rules(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
++ else:
++ return ""
++
++ def generate_cgi_rules(self):
++ newte = ""
++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
++ return newte
++
++ def generate_user_if(self):
++ newif =""
++ if self.use_terminal or self.type == USER:
++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
++ return newif
+
-+ def get_type(self):
-+ if self.cgi_radiobutton.get_active():
-+ return polgen.CGI
-+ if self.user_radiobutton.get_active():
-+ return polgen.USER
-+ if self.init_radiobutton.get_active():
-+ return polgen.DAEMON
-+ if self.inetd_radiobutton.get_active():
-+ return polgen.INETD
-+ if self.login_user_radiobutton.get_active():
-+ return polgen.LUSER
-+ if self.admin_user_radiobutton.get_active():
-+ return polgen.AUSER
-+ if self.xwindows_user_radiobutton.get_active():
-+ return polgen.XUSER
-+ if self.terminal_user_radiobutton.get_active():
-+ return polgen.TUSER
-+ if self.root_user_radiobutton.get_active():
-+ return polgen.RUSER
-+ if self.existing_user_radiobutton.get_active():
-+ return polgen.EUSER
++
++ def generate_if(self):
++ newif = ""
++ if self.program != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
++ if self.initscript != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
++
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
++ for i in self.DEFAULT_DIRS[d][1]:
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
++ break
++ newif += self.generate_user_if()
++ newif += self.generate_dbus_if()
++ newif += self.generate_admin_if()
++
++ return newif
++
++ def generate_default_types(self):
++ return self.DEFAULT_TYPES[self.type][0]()
++
++ def generate_default_rules(self):
++ return self.DEFAULT_TYPES[self.type][1]()
++
++ def generate_roles_rules(self):
++ newte = ""
++ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
++ roles = ""
++ if len(self.roles) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
++ for role in self.roles:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
++ newte += re.sub("ROLE", role, tmp)
++ return newte
++
++ def generate_te(self):
++ newte = self.generate_default_types()
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ # CGI scripts already have a rw_t
++ if self.type != CGI or d != "rw":
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
+
-+ def generate_policy(self, *args):
-+ outputdir = self.output_entry.get_text()
-+ try:
-+ my_policy=polgen.policy(self.get_name(), self.get_type())
-+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
-+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
-+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
-+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
++ newte += self.generate_network_types()
++ newte += self.generate_tmp_types()
++ newte += self.generate_booleans()
++ newte += self.generate_default_rules()
++ newte += self.generate_boolean_rules()
+
-+ iter= self.boolean_store.get_iter_first()
-+ while(iter):
-+ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
-+ iter= self.boolean_store.iter_next(iter)
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
++ for i in self.DEFAULT_DIRS[d][1]:
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
++ break
+
-+ if self.get_type() in polgen.APPLICATIONS:
-+ my_policy.set_program(self.exec_entry.get_text())
-+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
-+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
-+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
-+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
++ newte += self.generate_network_rules()
++ newte += self.generate_tmp_rules()
++ newte += self.generate_uid_rules()
++ newte += self.generate_syslog_rules()
++ newte += self.generate_pam_rules()
++ newte += self.generate_dbus_rules()
++ newte += self.generate_audit_rules()
++ newte += self.generate_mail_rules()
++ newte += self.generate_roles_rules()
++ newte += self.generate_transition_rules()
++ newte += self.generate_admin_rules()
++ return newte
++
++ def generate_fc(self):
++ newfc = ""
++ if self.program == "":
++ raise ValueError(_("You must enter the executable path for your confined process"))
+
-+ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
-+ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
-+ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
-+ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
-+ if self.get_type() is polgen.DAEMON:
-+ my_policy.set_init_script(self.init_script_entry.get_text())
-+ if self.get_type() == polgen.USER:
-+ selected = []
-+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_users(selected)
-+ else:
-+ if self.get_type() == polgen.RUSER:
-+ selected = []
-+ self.admin_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_admin_domains(selected)
-+ selected = []
-+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_users(selected)
-+ else:
-+ selected = []
-+ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_domains(selected)
-+
-+ selected = []
-+ self.role_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_admin_roles(selected)
-+
-+ iter= self.store.get_iter_first()
-+ while(iter):
-+ if self.store.get_value(iter, 1) == FILE:
-+ my_policy.add_file(self.store.get_value(iter, 0))
-+ else:
-+ my_policy.add_dir(self.store.get_value(iter, 0))
-+ iter= self.store.iter_next(iter)
-+
-+ self.info(my_policy.generate(outputdir))
-+ return False
-+ except ValueError, e:
-+ self.error(e.message)
-+
-+ def delete(self, args):
-+ store, iter = self.view.get_selection().get_selected()
-+ if iter != None:
-+ store.remove(iter)
-+ self.view.get_selection().select_path ((0,))
++ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
++ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ def delete_boolean(self, args):
-+ store, iter = self.boolean_treeview.get_selection().get_selected()
-+ if iter != None:
-+ store.remove(iter)
-+ self.boolean_treeview.get_selection().select_path ((0,))
++ if self.initscript != "":
++ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
++ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ def add_boolean(self,type):
-+ self.boolean_name_entry.set_text("")
-+ self.boolean_description_entry.set_text("")
-+ rc = self.boolean_dialog.run()
-+ self.boolean_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ iter = self.boolean_store.append()
-+ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
-+ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
-+
-+ def __add(self,type):
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ for i in self.file_dialog.get_filenames():
-+ iter = self.store.append()
-+ self.store.set_value(iter, 0, i)
-+ self.store.set_value(iter, 1, type)
-+
-+ def exec_select(self, args):
-+ self.file_dialog.set_select_multiple(0)
-+ self.file_dialog.set_title(_("Select executable file to be confined."))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_current_folder("/usr/sbin")
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.exec_entry.set_text(self.file_dialog.get_filename())
++ for i in self.files.keys():
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
++ else:
++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
++ t2 = re.sub("FILENAME", i, t1)
++ newfc += re.sub("FILETYPE", self.files[i][0], t2)
+
-+ def init_script_select(self, args):
-+ self.file_dialog.set_select_multiple(0)
-+ self.file_dialog.set_title(_("Select init script file to be confined."))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_current_folder("/etc/rc.d/init.d")
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.init_script_entry.set_text(self.file_dialog.get_filename())
++ for i in self.dirs.keys():
++ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
++ t2 = re.sub("FILENAME", i, t1)
++ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
+
-+ def add(self, args):
-+ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
-+ self.file_dialog.set_current_folder("/")
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_select_multiple(1)
-+ self.__add(FILE)
++ return newfc
++
++ def generate_user_sh(self):
++ newsh = ""
++ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
++ roles = ""
++ for role in self.roles:
++ roles += " %s_r" % role
++ if roles != "":
++ roles += " system_r"
++ if self.type == EUSER:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.eusers)
++ else:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
++ newsh += re.sub("ROLES", roles, tmp)
+
-+ def add_dir(self, args):
-+ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
-+ self.file_dialog.set_current_folder("/")
-+ self.file_dialog.set_select_multiple(1)
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
-+ self.__add(DIR)
++ if self.type == RUSER:
++ for u in self.transition_users:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
++ newsh += re.sub("USER", u, tmp)
++ return newsh
+
-+ def on_about_clicked(self, args):
-+ dlg = xml.get_widget ("about_dialog")
-+ dlg.run ()
-+ dlg.hide ()
++ def generate_sh(self):
++ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
++ if self.type == EUSER:
++ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
++ else:
++ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
++ if self.program != "":
++ newsh += re.sub("FILENAME", self.program, script.restorecon)
++ if self.initscript != "":
++ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
+
-+ def quit(self, args):
-+ gtk.main_quit()
++ for i in self.files.keys():
++ newsh += re.sub("FILENAME", i, script.restorecon)
+
-+ def setupScreen(self):
-+ # Bring in widgets from glade file.
-+ self.mainWindow = self.xml.get_widget("main_window")
-+ self.druid = self.xml.get_widget("druid")
-+ self.type = 0
-+ self.name_entry = self.xml.get_widget("name_entry")
-+ self.name_entry.connect("focus_out_event",self.on_name_entry_changed)
-+ self.exec_entry = self.xml.get_widget("exec_entry")
-+ self.exec_button = self.xml.get_widget("exec_button")
-+ self.init_script_entry = self.xml.get_widget("init_script_entry")
-+ self.init_script_button = self.xml.get_widget("init_script_button")
-+ self.output_entry = self.xml.get_widget("output_entry")
-+ self.output_entry.set_text(os.getcwd())
-+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
-+
-+ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
-+ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
-+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
-+ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
-+ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
-+ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
++ for i in self.dirs.keys():
++ newsh += re.sub("FILENAME", i, script.restorecon)
+
-+ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
-+ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
-+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
-+ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
-+ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
-+ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
-+ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
-+ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
-+ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
-+ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
-+ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
-+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
-+ self.view = self.xml.get_widget("write_treeview")
-+ self.file_dialog = self.xml.get_widget("filechooserdialog")
++ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
++ if self.find_port(i) == None:
++ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
++ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
-+ self.view.set_model(self.store)
-+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
-+ col.set_resizable(True)
-+ self.view.append_column(col)
-+ self.view.get_selection().select_path ((0,))
++ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
++ if self.find_port(i) == None:
++ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
++ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ def output_button_clicked(self, *args):
-+ self.file_dialog.set_title(_("Select directory to generate policy files in"))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
-+ self.file_dialog.set_select_multiple(0)
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.output_entry.set_text(self.file_dialog.get_filename())
-+
-+ def on_name_entry_changed(self, entry, third):
-+ name = entry.get_text()
-+ if self.name != name:
-+ if name in self.all_types:
-+ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
-+ entry.set_text("")
-+ return False
-+ if name in self.all_modules:
-+ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
-+ entry.set_text("")
-+ return False
++ newsh += self.generate_user_sh()
++
++ return newsh
++
++ def write_te(self, out_dir):
++ if self.type == EUSER:
++ tefile = "%s/my%s.te" % (out_dir, self.file_name)
++ else:
++ tefile = "%s/%s.te" % (out_dir, self.file_name)
++ fd = open(tefile, "w")
++ fd.write(self.generate_te())
++ fd.close()
++ return tefile
+
-+ file = "/etc/rc.d/init.d/" + name
-+ if os.path.isfile(file) and self.init_script_entry.get_text() == "":
-+ self.init_script_entry.set_text(file)
-+
-+ file = "/usr/sbin/" + name
-+ if os.path.isfile(file) and self.exec_entry.get_text() == "":
-+ self.exec_entry.set_text(file)
++ def write_sh(self, out_dir):
++ if self.type == EUSER:
++ shfile = "%s/my%s.sh" % (out_dir, self.file_name)
++ else:
++ shfile = "%s/%s.sh" % (out_dir, self.file_name)
++ fd = open(shfile, "w")
++ fd.write(self.generate_sh())
++ fd.close()
++ os.chmod(shfile, 0750)
++ return shfile
+
-+ self.name = name
-+ return False
++ def write_if(self, out_dir):
++ if self.type == EUSER:
++ iffile = "%s/my%s.if" % (out_dir, self.file_name)
++ else:
++ iffile = "%s/%s.if" % (out_dir, self.file_name)
++ fd = open(iffile, "w")
++ fd.write(self.generate_if())
++ fd.close()
++ return iffile
+
-+ def on_in_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.in_tcp_entry.get_text())
-+ polgen.verify_ports(self.in_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
-+ def on_out_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.out_tcp_entry.get_text())
-+ polgen.verify_ports(self.out_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
-+ def on_select_type_page_next(self, *args):
-+ self.exec_entry.set_sensitive(self.confine_application())
-+ self.exec_button.set_sensitive(self.confine_application())
-+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
-+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
++ def write_fc(self,out_dir):
++ if self.type == EUSER:
++ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
++ else:
++ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
++ if self.type in APPLICATIONS:
++ fd = open(fcfile, "w")
++ fd.write(self.generate_fc())
++ fd.close()
++ return fcfile
+
-+ def on_existing_user_page_next(self, *args):
-+ store, iter = self.view.get_selection().get_selected()
-+ if iter != None:
-+ self.error(_("You must select a user"))
-+ return True
-+
-+ def on_name_page_next(self, *args):
-+ name=self.name_entry.get_text()
-+ if name == "":
-+ self.error(_("You must enter a name"))
-+ return True
-+
-+ if self.confine_application():
-+ exe = self.exec_entry.get_text()
-+ if exe == "":
-+ self.error(_("You must enter a executable"))
-+ return True
++ def generate(self, out_dir = "."):
++ out = "Created the following files:\n"
++ out += "%-25s %s\n" % (_("Type Enforcement file"), self.write_te(out_dir))
++ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
++ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir))
++ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir))
++ return out
+
-+ def stand_alone(self):
-+ desktopName = _("Configue SELinux")
++def errorExit(error):
++ sys.stderr.write("%s: " % sys.argv[0])
++ sys.stderr.write("%s\n" % error)
++ sys.stderr.flush()
++ sys.exit(1)
+
-+ self.setupScreen()
-+ self.mainWindow.connect("destroy", self.quit)
+
-+ self.mainWindow.show_all()
-+ gtk.main()
++if __name__ == '__main__':
++ mypolicy = policy("mycgi", CGI)
++ mypolicy.set_program("/var/www/cgi-bin/cgi")
++ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(False)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.set_out_tcp(0,"8000")
++ print mypolicy.generate("/var/tmp")
+
-+if __name__ == "__main__":
-+ signal.signal (signal.SIGINT, signal.SIG_DFL)
++ mypolicy = policy("myuser", USER)
++ mypolicy.set_program("/usr/bin/myuser")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_file("/var/lib/myuser/myuser.sock")
++ mypolicy.set_out_tcp(0,"8000")
++ mypolicy.set_transition_users(["unconfined", "staff"])
++ print mypolicy.generate("/var/tmp")
++
+
-+ app = childWindow()
-+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.49/gui/portsPage.py
++ mypolicy = policy("myrwho", DAEMON)
++ mypolicy.set_program("/usr/sbin/myrwhod")
++ mypolicy.set_init_script("/etc/init.d/myrwhod")
++ mypolicy.add_dir("/etc/nasd")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_dir("/var/run/myrwho")
++ mypolicy.add_dir("/var/lib/myrwho")
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("myinetd", INETD)
++ mypolicy.set_program("/usr/bin/mytest")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_file("/var/lib/mysql/mysql.sock")
++ mypolicy.add_file("/var/run/rpcbind.sock")
++ mypolicy.add_file("/var/run/daemon.pub")
++ mypolicy.add_file("/var/log/daemon.log")
++ mypolicy.add_dir("/var/lib/daemon")
++ mypolicy.add_dir("/etc/daemon")
++ mypolicy.add_dir("/etc/daemon/special")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.set_use_audit(True)
++ mypolicy.set_use_dbus(True)
++ mypolicy.set_use_terminal(True)
++ mypolicy.set_use_mail(True)
++ mypolicy.set_out_tcp(0,"8000")
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("mytuser", TUSER)
++ mypolicy.set_transition_domains(["sudo"])
++ mypolicy.set_admin_roles(["mydbadm"])
++ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("myxuser", XUSER)
++ mypolicy.set_in_tcp(1, 1, 1, "28920")
++ mypolicy.set_in_udp(0, 0, 1, "1513")
++ mypolicy.set_transition_domains(["mozilla"])
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("mydbadm", RUSER)
++ mypolicy.set_admin_domains(["postgresql", "mysql"])
++ print mypolicy.generate("/var/tmp")
++
++ sys.exit(0)
++
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.50/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/portsPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/portsPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,258 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -10538,9 +10543,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.49/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.50/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/selinux.tbl 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/selinux.tbl 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -10776,9 +10781,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.49/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.50/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/semanagePage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/semanagePage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,170 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -10950,9 +10955,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.49/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.50/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/statusPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/statusPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,191 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -11145,9 +11150,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.49/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.50/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/system-config-selinux.glade 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/system-config-selinux.glade 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,3203 @@
+
+
@@ -14352,9 +14357,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.49/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.50/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/system-config-selinux.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/system-config-selinux.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
@@ -14543,31 +14548,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.49/gui/templates/__init__.py
---- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/__init__.py 2008-06-23 07:03:37.000000000 -0400
-@@ -0,0 +1,18 @@
-+#
-+# Copyright (C) 2007 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+#
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.49/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.50/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/boolean.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/boolean.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14609,9 +14592,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py
+')
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.49/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.50/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/etc_rw.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/etc_rw.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14742,9 +14725,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.49/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.50/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/executable.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/executable.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,327 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15073,9 +15056,31 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.49/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.50/gui/templates/__init__.py
+--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.50/gui/templates/__init__.py 2008-07-01 14:59:58.000000000 -0400
+@@ -0,0 +1,18 @@
++#
++# Copyright (C) 2007 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++#
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.50/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/network.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/network.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -15157,9 +15162,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.49/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.50/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/rw.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/rw.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15289,9 +15294,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.49/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.50/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/script.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/script.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,105 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15398,9 +15403,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+# Adding roles to SELinux user USER
+/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.49/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.50/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/semodule.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/semodule.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15443,9 +15448,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.49/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.50/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/tmp.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/tmp.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15544,9 +15549,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+ TEMPLATETYPE_manage_tmp($1)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.49/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.50/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/user.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/user.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15730,9 +15735,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.49/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.50/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/var_lib.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/var_lib.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,158 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15892,9 +15897,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.49/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.50/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/var_log.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/var_log.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,110 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16006,9 +16011,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.49/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.50/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/var_run.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/var_run.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,118 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16128,9 +16133,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.49/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.50/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/templates/var_spool.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/templates/var_spool.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16261,9 +16266,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.49/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.50/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/translationsPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/translationsPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -16383,9 +16388,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.49/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.50/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/gui/usersPage.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.50/gui/usersPage.py 2008-07-01 14:59:58.000000000 -0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 861c70d..8cd274f 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.51
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -194,6 +194,7 @@ fi
%changelog
* Tue Jul 1 2008 Dan Walsh 2.0.50-2
- Remove semodule use within semanage
+- Fix launching of polgengui from toolbar
* Mon Jun 30 2008 Dan Walsh 2.0.50-1
- Update to upstream