def main(): global preserve_environment, cmd, args, debug try: opts, args = getopt.getopt(sys.argv[1:], "l:m:t:cdnuf:shb", [ "level=", "max-level-or-clearance=", "title=", "current-level", "debug", "no-environment", "use-execv", "file-level=", "selinux-user-range", "clearance", "dont-background" ]) except getopt.GetoptError: error_dialog( _("An error occurred while processing command line arguments.")) print "usage: ml-launch [--level=<level> --max-level-or-clearance=<level> --title=<window title> --current-level --debug --no-environment --use-execv --file-level=<file name> --selinux-user-range --clearance --dont-background] <command> <command arguments ...>" sys.exit(-1) if len(args) == 0: error_dialog( "usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] {--dont-background] <command> <command arguments ...>" ) sys.exit(-1) level = None title = None use_execv = False dont_background = False argptr = 0 for o, a in opts: if o in ("-l", "--level"): if level == None: level = a else: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) argptr = argptr + 1 elif o in ("-b", "--dont-background"): dont_background = True argptr = argptr + 1 elif o in ("-t", "--title"): title = a argptr = argptr + 1 elif o in ("-f", "--file-level"): if level == None: level = get_file_level(a) if level.startswith("Cancel"): error_dialog("ml-launch: error getting file level for %s" % level.split(" - ")[1]) sys.exit(-1) else: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) argptr = argptr + 1 elif o in ("-d", "--debug"): debug = True argptr = argptr + 1 elif o in ("-n", "--no-environment"): preserve_environment = False argptr = argptr + 1 elif o in ("-u", "--use-execv"): use_execv = True argptr = argptr + 1 elif o in ("-c", "--current-level"): if level != None: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) (rc, context) = selinux.getcon() context_array = context.split(":") range = context_array[3] range_array = range.split("-") level = range_array[0] argptr = argptr + 1 elif o in ("-s", "--selinux-user-range"): if level != None: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) user = pwd.getpwuid(os.getuid()).pw_name (rc, seuser, level) = selinux.getseuserbyname(user) (rc, tcon) = selinux_raw_to_trans_context("a:b:c:" + level) context_array = tcon.split(":") level = context_array[3] argptr = argptr + 1 elif o in ("-h", "--clearance"): if level != None: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) user_range = get_trans_range() range_array = user_range.split("-") level = range_array[1] argptr = argptr + 1 elif o in ("-m", "--max-level-or-clearance"): if level != None: error_dialog( "ml-launch: use only one level setting command argument") sys.exit(-1) level = a # if the users clearance doesn't dominate the specified level use the clearance if check_level_dominance(level): user_range = get_trans_range() range_array = user_range.split("-") level = range_array[1] argptr = argptr + 1 else: error_dialog( "usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] [--dont-background] <command> <command arguments ...>" ) sys.exit(-1) cmd = sys.argv[argptr + 1] args = sys.argv[argptr + 2:] if debug: print >> sys.stderr, ("cmd: %s\nargc: %s") % (cmd, args) signal.signal(signal.SIGCLD, signal.SIG_DFL) if level == None: p = subprocess.Popen(["/usr/share/mls-tools/label-dialog"], stderr=subprocess.PIPE, stdout=subprocess.PIPE, close_fds=True) level = p.communicate()[0].strip() if debug: logging.debug("label-dialog: %s" % (level)) if level == "Cancel": sys.exit(1) if check_level_dominance(level): error_dialog( "ml-launch: attempting to run a command at a level beyond your clearance." ) sys.exit(1) if dont_background: pid = 0 else: try: pid = os.fork() except e: print >> sys.stderr, _("Failed to fork new process: %d (%s)") % ( e.errno, e.strerror) sys.exit(1) if not pid: if debug: logging.basicConfig( level=logging.DEBUG, format='%(asctime)s %(levelname)s %(message)s %(filename)s', filename='/tmp/ml-launch.log', filemode='w') if use_execv: return newrole_execv(level, cmd, args, dont_background) else: return newrole(level, cmd, args, None)
def get_range(): user = pwd.getpwuid(os.getuid()).pw_name (rc, seuser, level) = selinux.getseuserbyname(user) logging.debug("get_range: " + user + " " + seuser + " " + level) return level
def main(): global preserve_environment, cmd, args, debug try: opts, args = getopt.getopt(sys.argv[1:], "l:m:t:cdnuf:shb", ["level=", "max-level-or-clearance=", "title=","current-level", "debug", "no-environment", "use-execv", "file-level=", "selinux-user-range", "clearance", "dont-background"]) except getopt.GetoptError: error_dialog( _("An error occurred while processing command line arguments.")) print "usage: ml-launch [--level=<level> --max-level-or-clearance=<level> --title=<window title> --current-level --debug --no-environment --use-execv --file-level=<file name> --selinux-user-range --clearance --dont-background] <command> <command arguments ...>" sys.exit(-1) if len(args) == 0: error_dialog("usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] {--dont-background] <command> <command arguments ...>") sys.exit(-1) level = None title = None use_execv = False dont_background = False argptr = 0 for o, a in opts: if o in ("-l", "--level"): if level == None: level = a else: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) argptr = argptr + 1 elif o in ("-b", "--dont-background"): dont_background = True argptr = argptr + 1 elif o in ("-t", "--title"): title = a argptr = argptr + 1 elif o in ("-f", "--file-level"): if level == None: level = get_file_level(a) if level.startswith("Cancel"): error_dialog("ml-launch: error getting file level for %s" % level.split(" - ")[1]) sys.exit(-1) else: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) argptr = argptr + 1 elif o in ("-d", "--debug"): debug = True argptr = argptr + 1 elif o in ("-n", "--no-environment"): preserve_environment = False argptr = argptr + 1 elif o in ("-u", "--use-execv"): use_execv = True argptr = argptr + 1 elif o in ("-c", "--current-level"): if level != None: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) (rc, context) = selinux.getcon() context_array = context.split(":") range = context_array[3] range_array = range.split("-") level = range_array[0] argptr = argptr + 1 elif o in ("-s", "--selinux-user-range"): if level != None: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) user = pwd.getpwuid(os.getuid()).pw_name (rc, seuser, level) = selinux.getseuserbyname(user) (rc, tcon) = selinux_raw_to_trans_context("a:b:c:" + level) context_array = tcon.split(":") level = context_array[3] argptr = argptr + 1 elif o in ("-h", "--clearance"): if level != None: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) user_range = get_trans_range() range_array = user_range.split("-") level = range_array[1] argptr = argptr + 1 elif o in ("-m", "--max-level-or-clearance"): if level != None: error_dialog("ml-launch: use only one level setting command argument") sys.exit(-1) level = a # if the users clearance doesn't dominate the specified level use the clearance if check_level_dominance(level): user_range = get_trans_range() range_array = user_range.split("-") level = range_array[1] argptr = argptr + 1 else: error_dialog("usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] [--dont-background] <command> <command arguments ...>") sys.exit(-1) cmd = sys.argv[argptr+1] args = sys.argv[argptr+2:] if debug: print >>sys.stderr, ("cmd: %s\nargc: %s") % (cmd, args) signal.signal(signal.SIGCLD, signal.SIG_DFL) if level == None: p = subprocess.Popen(["/usr/share/mls-tools/label-dialog"], stderr=subprocess.PIPE, stdout=subprocess.PIPE, close_fds=True) level = p.communicate()[0].strip() if debug: logging.debug("label-dialog: %s" % (level)) if level == "Cancel": sys.exit(1) if check_level_dominance(level): error_dialog("ml-launch: attempting to run a command at a level beyond your clearance.") sys.exit(1) if dont_background: pid = 0 else: try: pid = os.fork() except e: print >>sys.stderr, _("Failed to fork new process: %d (%s)") % (e.errno, e.strerror) sys.exit(1) if not pid: if debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(levelname)s %(message)s %(filename)s', filename='/tmp/ml-launch.log', filemode='w') if use_execv: return newrole_execv(level, cmd, args, dont_background) else: return newrole(level, cmd, args, None)