コード例 #1
0
    def _potential_policies():
        """Generate a list of potential policies to use."""
        # try libselinux for current policy
        if selinux.selinuxfs_exists():
            yield selinux.selinux_current_policy_path()

        # otherwise look through the supported policy versions
        base_policy_path = selinux.selinux_binary_policy_path()
        for version in range(qpol.QPOL_POLICY_MAX_VERSION, qpol.QPOL_POLICY_MIN_VERSION-1, -1):
            yield "{0}.{1}".format(base_policy_path, version)
コード例 #2
0
    def _potential_policies():
        """Generate a list of potential policies to use."""
        # try libselinux for current policy
        if selinux.selinuxfs_exists():
            yield selinux.selinux_current_policy_path()

        # otherwise look through the supported policy versions
        base_policy_path = selinux.selinux_binary_policy_path()
        for version in range(qpol.QPOL_POLICY_MAX_VERSION, qpol.QPOL_POLICY_MIN_VERSION-1, -1):
            yield "{0}.{1}".format(base_policy_path, version)
コード例 #3
0
    def _potential_policies():
        """Generate a list of potential policies to use."""
        # Start with binary policies in the standard location
        base_policy_path = selinux.selinux_binary_policy_path()
        for version in range(qpol.QPOL_POLICY_MAX_VERSION,
                             qpol.QPOL_POLICY_MIN_VERSION - 1, -1):
            yield "{0}.{1}".format(base_policy_path, version)

        # Last chance, try selinuxfs. This is not first, to avoid
        # holding kernel memory for a long time
        if selinux.selinuxfs_exists():
            yield selinux.selinux_current_policy_path()
コード例 #4
0
ファイル: __init__.py プロジェクト: jbrindle/selinux
all_attributes = None
def get_all_attributes():
	global all_attributes
	if not all_attributes:
		all_attributes = map(lambda x: x['name'], info(ATTRIBUTE))
	return all_attributes

def policy(policy_file):
    try:
        _policy.policy(policy_file)
    except:
        raise ValueError(_("Failed to read %s policy file") % policy_file)


policy_file = selinux.selinux_current_policy_path()
if not policy_file:
    policy_file = __get_installed_policy()

try:
    policy(policy_file)
except ValueError, e:
    if selinux.is_selinux_enabled() == 1:
        raise e

def search(types, info = {} ):
    valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
    for type in types:
        if type not in valid_types:
            raise ValueError("Type has to be in %s" % valid_types)
        info[type] = True