Example #1
0
def generate(args):
    from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS, NEWTYPE
    cmd = None
    if args.policytype not in USERS +  [ SANDBOX, NEWTYPE]:
        if not args.command:
            raise ValueError(_("Command required for this type of policy"))
        cmd = os.path.realpath(args.command)
        if not args.name:
            args.name = os.path.basename(cmd).replace("-","_")

    mypolicy = policy(args.name, args.policytype)
    if cmd:
        mypolicy.set_program(cmd)

    if args.types:
        mypolicy.set_types(args.types)

    for p in args.writepaths:
        if os.path.isdir(p):
            mypolicy.add_dir(p)
        else:
            mypolicy.add_file(p)

    mypolicy.set_transition_users(args.user)
    mypolicy.set_admin_domains(args.admin_domain)
    mypolicy.set_existing_domains(args.domain)

    if args.policytype in APPLICATIONS:
        mypolicy.gen_writeable()
        mypolicy.gen_symbols()
    print mypolicy.generate(args.path)
Example #2
0
def generate(args):
    from sepolicy.generate import policy, AUSER, RUSER, EUSER, APPLICATIONS, NEWTYPE
    cmd = None
# numbers present POLTYPE defined in sepolicy.generate
    conflict_args = {'TYPES': (NEWTYPE,), 'DOMAIN': (EUSER,), 'ADMIN_DOMAIN': (AUSER, RUSER, EUSER,)}
    error_text = ""

    if args.policytype is None:
        generate_usage = generate_custom_usage(usage, usage_dict)
        for k in usage_dict:
            error_text += "%s" % (k)
        print(generate_usage)
        print((_("sepolicy generate: error: one of the arguments %s is required") % error_text))
        sys.exit(1)

    if args.policytype in APPLICATIONS:
        if not args.command:
            raise ValueError(_("Command required for this type of policy"))
        cmd = os.path.realpath(args.command)
        if not args.name:
            args.name = os.path.basename(cmd).replace("-", "_")

    mypolicy = policy(args.name, args.policytype)
    if cmd:
        mypolicy.set_program(cmd)

    if args.types:
        if args.policytype not in conflict_args['TYPES']:
            raise ValueError(_("-t option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype])
        mypolicy.set_types(args.types)

    if args.domain:
        if args.policytype not in conflict_args['DOMAIN']:
            raise ValueError(_("-d option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype])

    if args.admin_domain:
        if args.policytype not in conflict_args['ADMIN_DOMAIN']:
            raise ValueError(_("-a option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype])

    if len(args.writepaths) > 0 and args.policytype == NEWTYPE:

        raise ValueError(_("-w option can not be used with the --newtype option"))

    for p in args.writepaths:
        if os.path.isdir(p):
            mypolicy.add_dir(p)
        else:
            mypolicy.add_file(p)

    mypolicy.set_transition_users(args.user)
    mypolicy.set_admin_roles(args.role)
    mypolicy.set_admin_domains(args.admin_domain)
    mypolicy.set_existing_domains(args.domain)

    if args.policytype in APPLICATIONS:
        mypolicy.gen_writeable()
        mypolicy.gen_symbols()
    print(mypolicy.generate(args.path))
Example #3
0
    def on_name_page_next(self, *args):
        name=self.name_entry.get_text()
        if not name.isalnum():
            self.error(_("You must add a name made up of letters and numbers and containing no spaces."))
            return True

        for i in self.label_dict:
            text = '<b>%s</b>' % (self.label_dict[i] % ("'" + name + "'"))
            i.set_markup(text)

        for i in self.tooltip_dict:
            text = self.tooltip_dict[i] % ("'" + name + "'")
            i.set_tooltip_text(text)

        if self.confine_application():
            exe = self.exec_entry.get_text()
            if exe == "":
                self.error(_("You must enter a executable"))
                return True
            policy=generate.policy(name, self.get_type())
            policy.set_program(exe)
            policy.gen_writeable()
            policy.gen_symbols()
            for f in policy.files.keys():
                iter = self.store.append()
                self.store.set_value(iter, 0, f)
                self.store.set_value(iter, 1, FILE)

            for f in policy.dirs.keys():
                iter = self.store.append()
                self.store.set_value(iter, 0, f)
                self.store.set_value(iter, 1, DIR)
            self.tmp_checkbutton.set_active(policy.use_tmp)
            self.uid_checkbutton.set_active(policy.use_uid)
            self.pam_checkbutton.set_active(policy.use_pam)
            self.dbus_checkbutton.set_active(policy.use_dbus)
            self.audit_checkbutton.set_active(policy.use_audit)
            self.terminal_checkbutton.set_active(policy.use_terminal)
            self.mail_checkbutton.set_active(policy.use_mail)
            self.syslog_checkbutton.set_active(policy.use_syslog)
Example #4
0
    def generate_policy(self, *args):
        outputdir = self.output_entry.get_text()
        try:
            my_policy=generate.policy(self.get_name(), self.get_type())

            iter= self.boolean_store.get_iter_first()
            while(iter):
                my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
                iter= self.boolean_store.iter_next(iter)

            if self.get_type() in generate.APPLICATIONS:
                my_policy.set_program(self.exec_entry.get_text())
                my_policy.gen_symbols()

                my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
                my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
                my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
                my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)

                my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
                my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
                my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
                my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
                if self.get_type() is generate.DAEMON:
                    my_policy.set_init_script(self.init_script_entry.get_text())
                if self.get_type() == generate.USER:
                    selected = []
                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_users(selected)
            else:
                if self.get_type() == generate.RUSER:
                    selected = []
                    self.admin_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_admin_domains(selected)
                    selected = []
                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_users(selected)
                else:
                    selected = []
                    self.transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_domains(selected)

                    selected = []
                    self.role_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_admin_roles(selected)

            my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
            my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
            my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
            my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())

            iter= self.store.get_iter_first()
            while(iter):
                if self.store.get_value(iter, 1) == FILE:
                    my_policy.add_file(self.store.get_value(iter, 0))
                else:
                    my_policy.add_dir(self.store.get_value(iter, 0))
                iter= self.store.iter_next(iter)

            self.info(my_policy.generate(outputdir))
            return False
        except ValueError, e:
            self.error(e.message)