def generate(args): from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS, NEWTYPE cmd = None if args.policytype not in USERS + [ SANDBOX, NEWTYPE]: if not args.command: raise ValueError(_("Command required for this type of policy")) cmd = os.path.realpath(args.command) if not args.name: args.name = os.path.basename(cmd).replace("-","_") mypolicy = policy(args.name, args.policytype) if cmd: mypolicy.set_program(cmd) if args.types: mypolicy.set_types(args.types) for p in args.writepaths: if os.path.isdir(p): mypolicy.add_dir(p) else: mypolicy.add_file(p) mypolicy.set_transition_users(args.user) mypolicy.set_admin_domains(args.admin_domain) mypolicy.set_existing_domains(args.domain) if args.policytype in APPLICATIONS: mypolicy.gen_writeable() mypolicy.gen_symbols() print mypolicy.generate(args.path)
def generate(args): from sepolicy.generate import policy, AUSER, RUSER, EUSER, APPLICATIONS, NEWTYPE cmd = None # numbers present POLTYPE defined in sepolicy.generate conflict_args = {'TYPES': (NEWTYPE,), 'DOMAIN': (EUSER,), 'ADMIN_DOMAIN': (AUSER, RUSER, EUSER,)} error_text = "" if args.policytype is None: generate_usage = generate_custom_usage(usage, usage_dict) for k in usage_dict: error_text += "%s" % (k) print(generate_usage) print((_("sepolicy generate: error: one of the arguments %s is required") % error_text)) sys.exit(1) if args.policytype in APPLICATIONS: if not args.command: raise ValueError(_("Command required for this type of policy")) cmd = os.path.realpath(args.command) if not args.name: args.name = os.path.basename(cmd).replace("-", "_") mypolicy = policy(args.name, args.policytype) if cmd: mypolicy.set_program(cmd) if args.types: if args.policytype not in conflict_args['TYPES']: raise ValueError(_("-t option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) mypolicy.set_types(args.types) if args.domain: if args.policytype not in conflict_args['DOMAIN']: raise ValueError(_("-d option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) if args.admin_domain: if args.policytype not in conflict_args['ADMIN_DOMAIN']: raise ValueError(_("-a option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) if len(args.writepaths) > 0 and args.policytype == NEWTYPE: raise ValueError(_("-w option can not be used with the --newtype option")) for p in args.writepaths: if os.path.isdir(p): mypolicy.add_dir(p) else: mypolicy.add_file(p) mypolicy.set_transition_users(args.user) mypolicy.set_admin_roles(args.role) mypolicy.set_admin_domains(args.admin_domain) mypolicy.set_existing_domains(args.domain) if args.policytype in APPLICATIONS: mypolicy.gen_writeable() mypolicy.gen_symbols() print(mypolicy.generate(args.path))
def generate(args): from sepolicy.generate import policy, AUSER, RUSER, EUSER, USERS, SANDBOX, APPLICATIONS, NEWTYPE cmd = None # numbers present POLTYPE defined in sepolicy.generate conflict_args = {'TYPES': (NEWTYPE,), 'DOMAIN': (EUSER,), 'ADMIN_DOMAIN': (AUSER, RUSER, EUSER,)} error_text = "" if args.policytype is None: generate_usage = generate_custom_usage(usage, usage_dict) for k in usage_dict: error_text += "%s" % (k) print(generate_usage) print(_("sepolicy generate: error: one of the arguments %s is required") % error_text) sys.exit(1) if args.policytype in APPLICATIONS: if not args.command: raise ValueError(_("Command required for this type of policy")) cmd = os.path.realpath(args.command) if not args.name: args.name = os.path.basename(cmd).replace("-", "_") mypolicy = policy(args.name, args.policytype) if cmd: mypolicy.set_program(cmd) if args.types: if args.policytype not in conflict_args['TYPES']: raise ValueError(_("-t option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) mypolicy.set_types(args.types) if args.domain: if args.policytype not in conflict_args['DOMAIN']: raise ValueError(_("-d option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) if args.admin_domain: if args.policytype not in conflict_args['ADMIN_DOMAIN']: raise ValueError(_("-a option can not be used with '%s' domains. Read usage for more details.") % sepolicy.generate.poltype[args.policytype]) if len(args.writepaths) > 0 and args.policytype == NEWTYPE: raise ValueError(_("-w option can not be used with the --newtype option")) for p in args.writepaths: if os.path.isdir(p): mypolicy.add_dir(p) else: mypolicy.add_file(p) mypolicy.set_transition_users(args.user) mypolicy.set_admin_roles(args.role) mypolicy.set_admin_domains(args.admin_domain) mypolicy.set_existing_domains(args.domain) if args.policytype in APPLICATIONS: mypolicy.gen_writeable() mypolicy.gen_symbols() print(mypolicy.generate(args.path))
def on_name_page_next(self, *args): name = self.name_entry.get_text() if not name.isalnum(): self.error( _("You must add a name made up of letters and numbers and containing no spaces." )) return True for i in self.label_dict: text = '<b>%s</b>' % (self.label_dict[i] % ("'" + name + "'")) i.set_markup(text) for i in self.tooltip_dict: text = self.tooltip_dict[i] % ("'" + name + "'") i.set_tooltip_text(text) if self.confine_application(): exe = self.exec_entry.get_text() if exe == "": self.error(_("You must enter a executable")) return True policy = generate.policy(name, self.get_type()) policy.set_program(exe) policy.gen_writeable() policy.gen_symbols() for f in list(policy.files.keys()): iter = self.store.append() self.store.set_value(iter, 0, f) self.store.set_value(iter, 1, FILE) for f in list(policy.dirs.keys()): iter = self.store.append() self.store.set_value(iter, 0, f) self.store.set_value(iter, 1, DIR) self.tmp_checkbutton.set_active(policy.use_tmp) self.uid_checkbutton.set_active(policy.use_uid) self.pam_checkbutton.set_active(policy.use_pam) self.dbus_checkbutton.set_active(policy.use_dbus) self.audit_checkbutton.set_active(policy.use_audit) self.terminal_checkbutton.set_active(policy.use_terminal) self.mail_checkbutton.set_active(policy.use_mail) self.syslog_checkbutton.set_active(policy.use_syslog)
def on_name_page_next(self, *args): name=self.name_entry.get_text() if not name.isalnum(): self.error(_("You must add a name made up of letters and numbers and containing no spaces.")) return True for i in self.label_dict: text = '<b>%s</b>' % (self.label_dict[i] % ("'" + name + "'")) i.set_markup(text) for i in self.tooltip_dict: text = self.tooltip_dict[i] % ("'" + name + "'") i.set_tooltip_text(text) if self.confine_application(): exe = self.exec_entry.get_text() if exe == "": self.error(_("You must enter a executable")) return True policy=generate.policy(name, self.get_type()) policy.set_program(exe) policy.gen_writeable() policy.gen_symbols() for f in policy.files.keys(): iter = self.store.append() self.store.set_value(iter, 0, f) self.store.set_value(iter, 1, FILE) for f in policy.dirs.keys(): iter = self.store.append() self.store.set_value(iter, 0, f) self.store.set_value(iter, 1, DIR) self.tmp_checkbutton.set_active(policy.use_tmp) self.uid_checkbutton.set_active(policy.use_uid) self.pam_checkbutton.set_active(policy.use_pam) self.dbus_checkbutton.set_active(policy.use_dbus) self.audit_checkbutton.set_active(policy.use_audit) self.terminal_checkbutton.set_active(policy.use_terminal) self.mail_checkbutton.set_active(policy.use_mail) self.syslog_checkbutton.set_active(policy.use_syslog)
def generate_policy(self, *args): outputdir = self.output_entry.get_text() try: my_policy=generate.policy(self.get_name(), self.get_type()) iter= self.boolean_store.get_iter_first() while(iter): my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) iter= self.boolean_store.iter_next(iter) if self.get_type() in generate.APPLICATIONS: my_policy.set_program(self.exec_entry.get_text()) my_policy.gen_symbols() my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1) my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1) my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1) my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) if self.get_type() is generate.DAEMON: my_policy.set_init_script(self.init_script_entry.get_text()) if self.get_type() == generate.USER: selected = [] self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_transition_users(selected) else: if self.get_type() == generate.RUSER: selected = [] self.admin_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_admin_domains(selected) selected = [] self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_transition_users(selected) else: selected = [] self.transition_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_transition_domains(selected) selected = [] self.role_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_admin_roles(selected) my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text()) my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text()) my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) iter= self.store.get_iter_first() while(iter): if self.store.get_value(iter, 1) == FILE: my_policy.add_file(self.store.get_value(iter, 0)) else: my_policy.add_dir(self.store.get_value(iter, 0)) iter= self.store.iter_next(iter) self.info(my_policy.generate(outputdir)) return False except ValueError, e: self.error(e.message)
def generate_policy(self, *args): outputdir = self.output_entry.get_text() try: my_policy = generate.policy(self.get_name(), self.get_type()) iter = self.boolean_store.get_iter_first() while (iter): my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) iter = self.boolean_store.iter_next(iter) if self.get_type() in generate.APPLICATIONS: my_policy.set_program(self.exec_entry.get_text()) my_policy.gen_symbols() my_policy.set_use_syslog( self.syslog_checkbutton.get_active() == 1) my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1) my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1) my_policy.set_use_audit( self.audit_checkbutton.get_active() == 1) my_policy.set_use_terminal( self.terminal_checkbutton.get_active() == 1) my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) if self.get_type() is generate.DAEMON: my_policy.set_init_script( self.init_script_entry.get_text()) if self.get_type() == generate.USER: selected = [] self.user_transition_treeview.get_selection( ).selected_foreach(foreach, selected) my_policy.set_transition_users(selected) else: if self.get_type() == generate.RUSER: selected = [] self.admin_treeview.get_selection().selected_foreach( foreach, selected) my_policy.set_admin_domains(selected) selected = [] self.user_transition_treeview.get_selection( ).selected_foreach(foreach, selected) my_policy.set_transition_users(selected) else: selected = [] self.transition_treeview.get_selection().selected_foreach( foreach, selected) my_policy.set_transition_domains(selected) selected = [] self.role_treeview.get_selection().selected_foreach( foreach, selected) my_policy.set_admin_roles(selected) my_policy.set_in_tcp( self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) my_policy.set_in_udp( self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text()) my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text()) my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) iter = self.store.get_iter_first() while (iter): if self.store.get_value(iter, 1) == FILE: my_policy.add_file(self.store.get_value(iter, 0)) else: my_policy.add_dir(self.store.get_value(iter, 0)) iter = self.store.iter_next(iter) self.info(my_policy.generate(outputdir)) return False except ValueError as e: self.error(e.message)