def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False): self.html = html self.source_files = source_files self.root = root self.portrecs = sepolicy.gen_port_dict()[0] self.domains = gen_domains() self.all_domains = sepolicy.get_all_domains() self.all_attributes = sepolicy.get_all_attributes() self.all_bools = sepolicy.get_all_bools() self.all_port_types = sepolicy.get_all_port_types() self.all_roles = sepolicy.get_all_roles() self.all_users = get_all_users_info()[0] self.all_users_range = get_all_users_info()[1] self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() if self.source_files: self.fcpath = self.root + "file_contexts" else: self.fcpath = self.root + selinux.selinux_file_context_path() self.fcdict = sepolicy.get_fcdict(self.fcpath) if not os.path.exists(path): os.makedirs(path) self.path = path if self.source_files: self.xmlpath = self.root + "policy.xml" else: self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml" self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath) self.domainname, self.short_name = sepolicy.gen_short_name(domainname) self.type = self.domainname + "_t" self._gen_bools() self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) self.fd = open(self.man_page_path, 'w') if self.domainname + "_r" in self.all_roles: self.__gen_user_man_page() if self.html: manpage_roles.append(self.man_page_path) else: if self.html: manpage_domains.append(self.man_page_path) self.__gen_man_page() self.fd.close() for k in equiv_dict.keys(): if k == self.domainname: for alias in equiv_dict[k]: self.__gen_man_page_link(alias)
def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False): self.html = html self.source_files = source_files self.root = root self.portrecs = sepolicy.gen_port_dict()[0] self.domains = gen_domains() self.all_domains = sepolicy.get_all_domains() self.all_attributes = sepolicy.get_all_attributes() self.all_bools = sepolicy.get_all_bools() self.all_port_types = sepolicy.get_all_port_types() self.all_roles = sepolicy.get_all_roles() self.all_users = get_all_users_info()[0] self.all_users_range = get_all_users_info()[1] self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() self.exec_types = _gen_exec_types() self.entry_types = _gen_entry_types() self.mcs_constrained_types = _gen_mcs_constrained_types() if self.source_files: self.fcpath = self.root + "file_contexts" else: self.fcpath = self.root + selinux.selinux_file_context_path() self.fcdict = sepolicy.get_fcdict(self.fcpath) if not os.path.exists(path): os.makedirs(path) self.path = path if self.source_files: self.xmlpath = self.root + "policy.xml" else: self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml" self.booleans_dict = sepolicy.gen_bool_dict(self.xmlpath) self.domainname, self.short_name = sepolicy.gen_short_name(domainname) self.type = self.domainname + "_t" self._gen_bools() self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) self.fd = open(self.man_page_path, 'w') if self.domainname + "_r" in self.all_roles: self.__gen_user_man_page() if self.html: manpage_roles.append(self.man_page_path) else: if self.html: manpage_domains.append(self.man_page_path) self.__gen_man_page() self.fd.close() for k in equiv_dict.keys(): if k == self.domainname: for alias in equiv_dict[k]: self.__gen_man_page_link(alias)
def __call__(self, parser, namespace, value, option_string=None): newval = getattr(namespace, self.dest) if not newval: newval = [] roles = sepolicy.get_all_roles() if value not in roles: raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (value, ", ".join(roles))) newval.append(value[:-2]) setattr(namespace, self.dest, newval)
def gen_domains(): global domains if domains: return domains domains = [] for d in sepolicy.get_all_domains(): found = False domain = d[:-2] # if domain + "_exec_t" not in get_entrypoints(): # continue if domain in domains: continue domains.append(domain) for role in sepolicy.get_all_roles(): if role[:-2] in domains or role == "system_r": continue domains.append(role[:-2]) domains.sort() return domains