Google Git
Sign in
nest-open-source / nest-cam / 4320010 / selinux / 84611b88a457ada0e571c2222a747ffa5b71164a / . / selinux / policycoreutils / sepolicy / sepolicy / gui.py
blob: 313b77f61c8a6f6b211976a6699da7f0cfd0e0c9 [file] [log] [blame]
#!/usr/bin/python -Es
#
# Copyright (C) 2013 Red Hat
# see file 'COPYING' for use and warranty information
#
# selinux gui is a tool for the examining and modifying SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA
#
# author: Ryan Hallisey rhallisey@redhat.com
# author: Dan Walsh dwalsh@redhat.com
# author: Miroslav Grepl mgrepl@redhat.com
#
#
from gi.repository import Gtk
from gi.repository import Gdk
from gi.repository import GLib
from sepolicy.sedbus import SELinuxDBus
import sys
import sepolicy
import selinux
from selinux import DISABLED, PERMISSIVE, ENFORCING
import sepolicy.network
import sepolicy.manpage
import dbus
import time
import os
import re
import gettext
import unicodedata
PROGNAME = "policycoreutils"
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
try:
gettext.install(PROGNAME,
localedir="/usr/share/locale",
unicode=False,
codeset='utf-8')
except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
reverse_file_type_str = {}
for f in sepolicy.file_type_str:
reverse_file_type_str[sepolicy.file_type_str[f]] = f
enabled = [_("No"), _("Yes")]
action = [_("Disable"), _("Enable")]
def compare(a, b):
return cmp(a.lower(), b.lower())
import distutils.sysconfig
ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<"))
ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<"))
OUTBOUND_PAGE = 0
INBOUND_PAGE = 1
TRANSITIONS_FROM_PAGE = 0
TRANSITIONS_TO_PAGE = 1
TRANSITIONS_FILE_PAGE = 2
EXE_PAGE = 0
WRITABLE_PAGE = 1
APP_PAGE = 2
BOOLEANS_PAGE = 0
FILES_PAGE = 1
NETWORK_PAGE = 2
TRANSITIONS_PAGE = 3
LOGIN_PAGE = 4
USER_PAGE = 5
LOCKDOWN_PAGE = 6
SYSTEM_PAGE = 7
FILE_EQUIV_PAGE = 8
START_PAGE = 9
keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"]
DISABLED_TEXT = _("""<small>
To change from Disabled to Enforcing mode
- Change the system mode from Disabled to Permissive
- Reboot, so that the system can relabel
- Once the system is working as planned
* Change the system mode to Enforcing</small>
""")
class SELinuxGui():
def __init__(self, app=None, test=False):
self.finish_init = False
self.opage = START_PAGE
self.dbus = SELinuxDBus()
try:
customized = self.dbus.customized()
except dbus.exceptions.DBusException, e:
print e
self.quit()
sepolicy_domains = sepolicy.get_all_domains()
sepolicy_domains.sort(compare)
if app and app not in sepolicy_domains:
self.error(_("%s is not a valid domain" % app))
self.quit()
self.init_cur()
self.application = app
self.filter_txt = ""
builder = Gtk.Builder() # BUILDER OBJ
self.code_path = distutils.sysconfig.get_python_lib(plat_specific=True) + "/sepolicy/"
glade_file = self.code_path + "sepolicy.glade"
builder.add_from_file(glade_file)
self.outer_notebook = builder.get_object("outer_notebook")
self.window = builder.get_object("SELinux_window")
self.main_selection_window = builder.get_object("Main_selection_menu")
self.main_advanced_label = builder.get_object("main_advanced_label")
self.popup = 0
self.applications_selection_button = builder.get_object("applications_selection_button")
self.revert_button = builder.get_object("Revert_button")
self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH)
self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR)
self.initialtype = selinux.selinux_getpolicytype()[1]
self.current_popup = None
self.import_export = None
self.clear_entry = True
self.files_add = False
self.network_add = False
self.all_list = []
self.installed_list = []
self.previously_modified = {}
# file dialog
self.file_dialog = builder.get_object("add_path_dialog")
# Error check ***************************************
self.error_check_window = builder.get_object("error_check_window")
self.error_check_label = builder.get_object("error_check_label")
self.invalid_entry = False
# Advanced search window ****************************
self.advanced_search_window = builder.get_object("advanced_search_window")
self.advanced_search_liststore = builder.get_object("Advanced_search_liststore")
self.advanced_search_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.advanced_search_filter = builder.get_object("advanced_filter")
self.advanced_search_filter.set_visible_func(self.filter_the_data)
self.advanced_filter_entry = builder.get_object("advanced_filter_entry")
self.advanced_search_treeview = builder.get_object("advanced_search_treeview")
self.advanced_search = False
# Login Items **************************************
self.login_label = builder.get_object("Login_label")
self.login_seuser_combobox = builder.get_object("login_seuser_combobox")
self.login_seuser_combolist = builder.get_object("login_seuser_liststore")
self.login_name_entry = builder.get_object("login_name_entry")
self.login_mls_label = builder.get_object("login_mls_label")
self.login_mls_entry = builder.get_object("login_mls_entry")
self.login_radio_button = builder.get_object("Login_button")
self.login_treeview = builder.get_object("login_treeview")
self.login_liststore = builder.get_object("login_liststore")
self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.login_filter = builder.get_object("login_filter")
self.login_filter.set_visible_func(self.filter_the_data)
self.login_popup_window = builder.get_object("login_popup_window")
self.login_delete_liststore = builder.get_object("login_delete_liststore")
self.login_delete_window = builder.get_object("login_delete_window")
# Users Items **************************************
self.user_popup_window = builder.get_object("user_popup_window")
self.user_radio_button = builder.get_object("User_button")
self.user_liststore = builder.get_object("user_liststore")
self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.user_filter = builder.get_object("user_filter")
self.user_filter.set_visible_func(self.filter_the_data)
self.user_treeview = builder.get_object("user_treeview")
self.user_roles_combobox = builder.get_object("user_roles_combobox")
self.user_roles_combolist = builder.get_object("user_roles_liststore")
self.user_label = builder.get_object("User_label")
self.user_name_entry = builder.get_object("user_name_entry")
self.user_mls_label = builder.get_object("user_mls_label")
self.user_mls_level_entry = builder.get_object("user_mls_level_entry")
self.user_mls_entry = builder.get_object("user_mls_entry")
self.user_combobox = builder.get_object("selinux_user_combobox")
self.user_delete_liststore = builder.get_object("user_delete_liststore")
self.user_delete_window = builder.get_object("user_delete_window")
# File Equiv Items **************************************
self.file_equiv_label = builder.get_object("file_equiv_label")
self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry")
self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry")
self.file_equiv_radio_button = builder.get_object("file_equiv_button")
self.file_equiv_treeview = builder.get_object("file_equiv_treeview")
self.file_equiv_liststore = builder.get_object("file_equiv_liststore")
self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window")
self.file_equiv_treefilter = builder.get_object("file_equiv_filter")
self.file_equiv_treefilter.set_visible_func(self.filter_the_data)
self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore")
self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window")
# System Items **************************************
self.app_system_button = builder.get_object("app_system_button")
self.system_radio_button = builder.get_object("System_button")
self.lockdown_radio_button = builder.get_object("Lockdown_button")
self.systems_box = builder.get_object("Systems_box")
self.relabel_button = builder.get_object("Relabel_button")
self.relabel_button_no = builder.get_object("Relabel_button_no")
self.advanced_system = builder.get_object("advanced_system")
self.outer_notebook_frame = builder.get_object("outer_notebook_frame")
self.system_policy_label = builder.get_object("system_policy_type_label")
# Browse Items **************************************
self.select_button_browse = builder.get_object("select_button_browse")
self.cancel_button_browse = builder.get_object("cancel_button_browse")
# More types window items ***************************
self.moreTypes_window_files = builder.get_object("moreTypes_window_files")
self.more_types_files_liststore = builder.get_object("more_types_file_liststore")
self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files")
# System policy type ********************************
self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore")
self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox")
self.policy_list = []
if self.populate_system_policy() < 2:
self.advanced_system.set_visible(False)
self.system_policy_label.set_visible(False)
self.system_policy_type_combobox.set_visible(False)
self.enforcing_button_default = builder.get_object("Enforcing_button_default")
self.permissive_button_default = builder.get_object("Permissive_button_default")
self.disabled_button_default = builder.get_object("Disabled_button_default")
self.initialize_system_default_mode()
# Lockdown Window *********************************
self.enable_unconfined_button = builder.get_object("enable_unconfined")
self.disable_unconfined_button = builder.get_object("disable_unconfined")
self.enable_permissive_button = builder.get_object("enable_permissive")
self.disable_permissive_button = builder.get_object("disable_permissive")
self.enable_ptrace_button = builder.get_object("enable_ptrace")
self.disable_ptrace_button = builder.get_object("disable_ptrace")
# Help Window *********************************
self.help_window = builder.get_object("help_window")
self.help_text = builder.get_object("help_textv")
self.info_text = builder.get_object("info_text")
self.help_image = builder.get_object("help_image")
self.forward_button = builder.get_object("forward_button")
self.back_button = builder.get_object("back_button")
# Update menu items *********************************
self.update_window = builder.get_object("update_window")
self.update_treeview = builder.get_object("update_treeview")
self.update_treestore = builder.get_object("Update_treestore")
self.apply_button = builder.get_object("apply_button")
self.update_button = builder.get_object("Update_button")
# Add button objects ********************************
self.add_button = builder.get_object("Add_button")
self.delete_button = builder.get_object("Delete_button")
self.files_path_entry = builder.get_object("files_path_entry")
self.network_ports_entry = builder.get_object("network_ports_entry")
self.files_popup_window = builder.get_object("files_popup_window")
self.network_popup_window = builder.get_object("network_popup_window")
self.popup_network_label = builder.get_object("Network_label")
self.popup_files_label = builder.get_object("files_label")
self.recursive_path_toggle = builder.get_object("make_path_recursive")
self.files_type_combolist = builder.get_object("files_type_combo_store")
self.files_class_combolist = builder.get_object("files_class_combo_store")
self.files_type_combobox = builder.get_object("files_type_combobox")
self.files_class_combobox = builder.get_object("files_class_combobox")
self.files_mls_label = builder.get_object("files_mls_label")
self.files_mls_entry = builder.get_object("files_mls_entry")
self.advanced_text_files = builder.get_object("Advanced_text_files")
self.files_cancel_button = builder.get_object("cancel_delete_files")
self.network_tcp_button = builder.get_object("tcp_button")
self.network_udp_button = builder.get_object("udp_button")
self.network_port_type_combolist = builder.get_object("network_type_combo_store")
self.network_port_type_combobox = builder.get_object("network_type_combobox")
self.network_mls_label = builder.get_object("network_mls_label")
self.network_mls_entry = builder.get_object("network_mls_entry")
self.advanced_text_network = builder.get_object("Advanced_text_network")
self.network_cancel_button = builder.get_object("cancel_network_delete")
# Add button objects ********************************
# Modify items **************************************
self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files")
self.mislabeled_files_label = builder.get_object("mislabeled_files_label")
self.warning_files = builder.get_object("warning_files")
self.modify_button = builder.get_object("Modify_button")
self.modify_button.set_sensitive(False)
# Modify items **************************************
# Fix label *****************************************
self.fix_label_window = builder.get_object("fix_label_window")
self.fixlabel_label = builder.get_object("fixlabel_label")
self.fix_label_cancel = builder.get_object("fix_label_cancel")
# Fix label *****************************************
# Delete items **************************************
self.files_delete_window = builder.get_object("files_delete_window")
self.files_delete_treeview = builder.get_object("files_delete_treeview")
self.files_delete_liststore = builder.get_object("files_delete_liststore")
self.network_delete_window = builder.get_object("network_delete_window")
self.network_delete_treeview = builder.get_object("network_delete_treeview")
self.network_delete_liststore = builder.get_object("network_delete_liststore")
# Delete items **************************************
# Progress bar **************************************
self.progress_bar = builder.get_object("progress_bar")
# Progress bar **************************************
# executable_files items ****************************
self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view
self.executable_files_filter = builder.get_object("executable_files_filter")
self.executable_files_filter.set_visible_func(self.filter_the_data)
self.executable_files_tab = builder.get_object("Executable_files_tab")
self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text()
self.executable_files_liststore = builder.get_object("executable_files_treestore")
self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.files_radio_button = builder.get_object("files_button")
self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text()
# executable_files items ****************************
# writable files items ******************************
self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view
self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class
self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.writable_files_filter = builder.get_object("writable_files_filter")
self.writable_files_filter.set_visible_func(self.filter_the_data)
self.writable_files_tab = builder.get_object("Writable_files_tab")
self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text()
# writable files items ******************************
# Application File Types ****************************
self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view
self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class
self.application_files_filter.set_visible_func(self.filter_the_data)
self.application_files_tab = builder.get_object("Application_files_tab")
self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text()
self.application_files_liststore = builder.get_object("application_files_treestore")
self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.application_files_tab = builder.get_object("Application_files_tab")
self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text()
# Application File Type *****************************
# network items *************************************
self.network_radio_button = builder.get_object("network_button")
self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text()
self.network_out_treeview = builder.get_object("outbound_treeview")
self.network_out_liststore = builder.get_object("network_out_liststore")
self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.network_out_filter = builder.get_object("network_out_filter")
self.network_out_filter.set_visible_func(self.filter_the_data)
self.network_out_tab = builder.get_object("network_out_tab")
self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text()
self.network_in_treeview = builder.get_object("inbound_treeview")
self.network_in_liststore = builder.get_object("network_in_liststore")
self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.network_in_filter = builder.get_object("network_in_filter")
self.network_in_filter.set_visible_func(self.filter_the_data)
self.network_in_tab = builder.get_object("network_in_tab")
self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text()
# network items *************************************
# boolean items ************************************
self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list
self.boolean_liststore = builder.get_object("boolean_liststore")
self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
self.boolean_filter = builder.get_object("boolean_filter")
self.boolean_filter.set_visible_func(self.filter_the_data)
self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window")
self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview")
self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore")
self.boolean_radio_button = builder.get_object("Booleans_button")
self.active_button = self.boolean_radio_button
self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text()
# boolean items ************************************
# transitions items ************************************
self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File
self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with
self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING)
self.transitions_into_filter = builder.get_object("transitions_into_filter")
self.transitions_into_filter.set_visible_func(self.filter_the_data)
self.transitions_into_tab = builder.get_object("Transitions_into_tab")
self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text()
self.transitions_radio_button = builder.get_object("Transitions_button")
self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text()
self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list
self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype
self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
self.transitions_from_filter = builder.get_object("transitions_from_filter")
self.transitions_from_filter.set_visible_func(self.filter_the_data)
self.transitions_from_tab = builder.get_object("Transitions_from_tab")
self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text()
self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list
self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype
self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
self.transitions_file_filter = builder.get_object("file_transitions_filter")
self.transitions_file_filter.set_visible_func(self.filter_the_data)
self.transitions_file_tab = builder.get_object("file_transitions")
self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text()
# transitions items ************************************
# Combobox and Entry items **************************
self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar
self.combobox_menu_model = builder.get_object("application_liststore")
self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child()
self.completion_entry_model = builder.get_object("application_liststore")
self.entrycompletion_obj = builder.get_object("entrycompletion_obj")
#self.entrycompletion_obj = Gtk.EntryCompletion()
self.entrycompletion_obj.set_model(self.completion_entry_model)
self.entrycompletion_obj.set_minimum_key_length(0)
self.entrycompletion_obj.set_text_column(0)
self.entrycompletion_obj.set_match_func(self.match_func, None)
self.completion_entry.set_completion(self.entrycompletion_obj)
self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND)
# Combobox and Entry items **************************
# Modify buttons ************************************
self.show_modified_only = builder.get_object("Show_modified_only_toggle")
# Modify button *************************************
# status bar *****************************************
self.current_status_label = builder.get_object("Enforcing_label")
self.current_status_enforcing = builder.get_object("Enforcing_button")
self.current_status_permissive = builder.get_object("Permissive_button")
self.status_bar = builder.get_object("status_bar")
self.context_id = self.status_bar.get_context_id("SELinux status")
# filters *********************************************
self.filter_entry = builder.get_object("filter_entry")
self.filter_box = builder.get_object("filter_box")
self.add_modify_delete_box = builder.get_object("add_modify_delete_box")
# Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it)
# Toggle button ****************************************
self.cell = builder.get_object("activate")
self.del_cell_files = builder.get_object("files_toggle_delete")
self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore)
self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1")
self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore)
self.del_cell_user = builder.get_object("user_toggle_delete")
self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore)
self.del_cell_login = builder.get_object("login_toggle_delete")
self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore)
self.del_cell_network = builder.get_object("network_toggle_delete")
self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore)
self.update_cell = builder.get_object("toggle_update")
# Notebook items ***************************************
self.outer_notebook = builder.get_object("outer_notebook")
self.inner_notebook_files = builder.get_object("files_inner_notebook")
self.inner_notebook_network = builder.get_object("network_inner_notebook")
self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook")
# logind gui ***************************************
loading_gui = builder.get_object("loading_gui")
self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore)
self.all_entries = []
# Need to connect button on code because the tree view model is a treeviewsort
self.cell.connect("toggled", self.on_toggle, self.boolean_liststore)
self.loading = 1
path = None
if test:
domains = ["httpd_t", "abrt_t"]
if app and app not in domains:
domains.append(app)
else:
domains = sepolicy_domains
loading_gui.show()
length = len(domains)
for domain in domains:
# After the user selects a path in the drop down menu call
# get_init_entrypoint_target(entrypoint) to get the transtype
# which will give you the application
self.combo_box_initialize(domain, None)
self.advanced_search_initialize(domain)
self.all_list.append(domain)
self.percentage = float(float(self.loading) / float(length))
self.progress_bar.set_fraction(self.percentage)
self.progress_bar.set_pulse_step(self.percentage)
self.idle_func()
entrypoint = sepolicy.get_init_entrypoint(domain)
if entrypoint:
path = sepolicy.find_entrypoint_path(entrypoint)
if path:
self.combo_box_initialize(path, None)
# Adds all files entrypoint paths that exists on disc
# into the combobox
self.advanced_search_initialize(path)
self.installed_list.append(path)
self.loading += 1
loading_gui.hide()
dic = {
"on_combo_button_clicked": self.open_combo_menu,
"on_disable_ptrace_toggled": self.on_disable_ptrace,
"on_SELinux_window_configure_event": self.hide_combo_menu,
"on_entrycompletion_obj_match_selected": self.set_application_label,
"on_filter_changed": self.get_filter_data,
"on_save_changes_file_equiv_clicked": self.update_to_file_equiv,
"on_save_changes_login_clicked": self.update_to_login,
"on_save_changes_user_clicked": self.update_to_user,
"on_save_changes_files_clicked": self.update_to_files,
"on_save_changes_network_clicked": self.update_to_network,
"on_Advanced_text_files_button_press_event": self.reveal_advanced,
"item_in_tree_selected": self.cursor_changed,
"on_Application_file_types_treeview_configure_event": self.resize_wrap,
"on_save_delete_clicked": self.on_save_delete_clicked,
"on_moreTypes_treeview_files_row_activated": self.populate_type_combo,
"on_retry_button_files_clicked": self.invalid_entry_retry,
"on_make_path_recursive_toggled": self.recursive_path,
"on_files_path_entry_button_press_event": self.highlight_entry_text,
"on_files_path_entry_changed": self.autofill_add_files_entry,
"on_select_type_files_clicked": self.select_type_more,
"on_choose_file": self.on_browse_select,
"on_Enforcing_button_toggled": self.set_enforce,
"on_confirmation_close": self.confirmation_close,
"on_column_clicked": self.column_clicked,
"on_tab_switch": self.clear_filters,
"on_file_equiv_button_clicked": self.show_file_equiv_page,
"on_app/system_button_clicked": self.system_interface,
"on_app/users_button_clicked": self.users_interface,
"on_main_advanced_label_button_press_event": self.advanced_label_main,
"on_Show_mislabeled_files_toggled": self.show_mislabeled_files,
"on_Browse_button_files_clicked": self.browse_for_files,
"on_cancel_popup_clicked": self.close_popup,
"on_treeview_cursor_changed": self.cursor_changed,
"on_login_seuser_combobox_changed": self.login_seuser_combobox_change,
"on_user_roles_combobox_changed": self.user_roles_combobox_change,
"on_cancel_button_browse_clicked": self.close_config_window,
"on_apply_button_clicked": self.apply_changes_button_press,
"on_Revert_button_clicked": self.update_or_revert_changes,
"on_Update_button_clicked": self.update_or_revert_changes,
"on_advanced_filter_entry_changed": self.get_advanced_filter_data,
"on_advanced_search_treeview_row_activated": self.advanced_item_selected,
"on_Select_advanced_search_clicked": self.advanced_item_button_push,
"on_All_advanced_button_toggled": self.advanced_radio_select,
"on_Installed_advanced_button_toggled": self.advanced_radio_select,
"on_info_button_button_press_event": self.on_help_button,
"on_back_button_clicked": self.on_help_back_clicked,
"on_forward_button_clicked": self.on_help_forward_clicked,
"on_Boolean_treeview_columns_changed": self.resize_columns,
"on_completion_entry_changed": self.application_selected,
"on_Add_button_clicked": self.add_button_clicked,
"on_Delete_button_clicked": self.delete_button_clicked,
"on_Modify_button_clicked": self.modify_button_clicked,
"on_Show_modified_only_toggled": self.on_show_modified_only,
"on_cancel_button_config_clicked": self.close_config_window,
"on_Import_button_clicked": self.import_config_show,
"on_Export_button_clicked": self.export_config_show,
"on_enable_unconfined_toggled": self.unconfined_toggle,
"on_enable_permissive_toggled": self.permissive_toggle,
"on_system_policy_type_combobox_changed": self.change_default_policy,
"on_Enforcing_button_default_toggled": self.change_default_mode,
"on_Permissive_button_default_toggled": self.change_default_mode,
"on_Disabled_button_default_toggled": self.change_default_mode,
"on_Relabel_button_toggled_cb": self.relabel_on_reboot,
"on_advanced_system_button_press_event": self.reveal_advanced_system,
"on_files_type_combobox_changed": self.show_more_types,
"on_filter_row_changed": self.filter_the_data,
"on_button_toggled": self.tab_change,
"gtk_main_quit": self.closewindow
}
self.previously_modified_initialize(customized)
builder.connect_signals(dic)
self.window.show() # Show the gui to the screen
GLib.timeout_add_seconds(5, self.selinux_status)
self.selinux_status()
self.lockdown_inited = False
self.add_modify_delete_box.hide()
self.filter_box.hide()
if self.status == DISABLED:
self.show_system_page()
else:
if self.application:
self.applications_selection_button.set_label(self.application)
self.completion_entry.set_text(self.application)
self.show_applications_page()
self.tab_change()
else:
self.clearbuttons()
self.outer_notebook.set_current_page(START_PAGE)
self.reinit()
self.finish_init = True
Gtk.main()
def init_cur(self):
self.cur_dict = {}
for k in keys:
self.cur_dict[k] = {}
def remove_cur(self, ctr):
i = 0
for k in self.cur_dict:
for j in self.cur_dict[k]:
if i == ctr:
del(self.cur_dict[k][j])
return
i += 1
def selinux_status(self):
try:
self.status = selinux.security_getenforce()
except OSError:
self.status = DISABLED
if self.status == DISABLED:
self.current_status_label.set_sensitive(False)
self.current_status_enforcing.set_sensitive(False)
self.current_status_permissive.set_sensitive(False)
self.enforcing_button_default.set_sensitive(False)
self.status_bar.push(self.context_id, _("System Status: Disabled"))
self.info_text.set_label(DISABLED_TEXT)
else:
self.set_enforce_text(self.status)
if os.path.exists('/.autorelabel'):
self.relabel_button.set_active(True)
else:
self.relabel_button_no.set_active(True)
policytype = selinux.selinux_getpolicytype()[1]
mode = selinux.selinux_getenforcemode()[1]
if mode == ENFORCING:
self.enforcing_button_default.set_active(True)
if mode == PERMISSIVE:
self.permissive_button_default.set_active(True)
if mode == DISABLED:
self.disabled_button_default.set_active(True)
return True
def lockdown_init(self):
if self.lockdown_inited:
return
self.wait_mouse()
self.lockdown_inited = True
self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace"))
self.module_dict = {}
for m in self.dbus.semodule_list().split("\n"):
mod = m.split()
if len(mod) < 2:
continue
self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)}
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])
self.ready_mouse()
def column_clicked(self, treeview, treepath, treecol, *args):
iter = self.get_selected_iter()
if not iter:
return
if self.opage == BOOLEANS_PAGE:
if treecol.get_name() == "more_detail_col":
self.display_more_detail(self.window, treepath)
if self.opage == FILES_PAGE:
visible = self.liststore.get_value(iter, 3)
# If visible is true then fix mislabeled will be visible
if treecol.get_name() == "restorecon_col" and visible:
self.fix_mislabeled(self.liststore.get_value(iter, 0))
if self.opage == TRANSITIONS_PAGE:
bool_name = self.liststore.get_value(iter, 1)
if bool_name:
self.boolean_radio_button.clicked()
self.filter_entry.set_text(bool_name)
def idle_func(self):
while Gtk.events_pending():
Gtk.main_iteration()
def match_func(self, completion, key_string, iter, func_data):
try:
if self.combobox_menu_model.get_value(iter, 0).find(key_string) != -1:
return True
return False
except AttributeError:
pass
def help_show_page(self):
self.back_button.set_sensitive(self.help_page != 0)
self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1))
try:
fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r")
buf = fd.read()
fd.close()
except IOError:
buf = ""
help_text = self.help_text.get_buffer()
help_text.set_text(buf % {"APP": self.application})
self.help_text.set_buffer(help_text)
self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page]))
self.show_popup(self.help_window)
def on_help_back_clicked(self, *args):
self.help_page -= 1
self.help_show_page()
def on_help_forward_clicked(self, *args):
self.help_page += 1
self.help_show_page()
def on_help_button(self, *args):
self.help_page = 0
self.help_list = []
if self.opage == START_PAGE:
self.help_window.set_title(_("Help: Start Page"))
self.help_list = ["start"]
if self.opage == BOOLEANS_PAGE:
self.help_window.set_title(_("Help: Booleans Page"))
self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"]
if self.opage == FILES_PAGE:
ipage = self.inner_notebook_files.get_current_page()
if ipage == EXE_PAGE:
self.help_window.set_title(_("Help: Executable Files Page"))
self.help_list = ["files_exec"]
if ipage == WRITABLE_PAGE:
self.help_window.set_title(_("Help: Writable Files Page"))
self.help_list = ["files_write"]
if ipage == APP_PAGE:
self.help_window.set_title(_("Help: Application Types Page"))
self.help_list = ["files_app"]
if self.opage == NETWORK_PAGE:
ipage = self.inner_notebook_network.get_current_page()
if ipage == OUTBOUND_PAGE:
self.help_window.set_title(_("Help: Outbound Network Connections Page"))
self.help_list = ["ports_outbound"]
if ipage == INBOUND_PAGE:
self.help_window.set_title(_("Help: Inbound Network Connections Page"))
self.help_list = ["ports_inbound"]
if self.opage == TRANSITIONS_PAGE:
ipage = self.inner_notebook_transitions.get_current_page()
if ipage == TRANSITIONS_FROM_PAGE:
self.help_window.set_title(_("Help: Transition from application Page"))
self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"]
if ipage == TRANSITIONS_TO_PAGE:
self.help_window.set_title(_("Help: Transition into application Page"))
self.help_list = ["transition_to"]
if ipage == TRANSITIONS_FILE_PAGE:
self.help_window.set_title(_("Help: Transition application file Page"))
self.help_list = ["transition_file"]
if self.opage == SYSTEM_PAGE:
self.help_window.set_title(_("Help: Systems Page"))
self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"]
if self.opage == LOCKDOWN_PAGE:
self.help_window.set_title(_("Help: Lockdown Page"))
self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"]
if self.opage == LOGIN_PAGE:
self.help_window.set_title(_("Help: Login Page"))
self.help_list = ["login", "login_default"]
if self.opage == USER_PAGE:
self.help_window.set_title(_("Help: SELinux User Page"))
self.help_list = ["users"]
if self.opage == FILE_EQUIV_PAGE:
self.help_window.set_title(_("Help: File Equivalence Page"))
self.help_list = ["file_equiv"]
return self.help_show_page()
def open_combo_menu(self, *args):
if self.popup == 0:
self.popup = 1
location = self.window.get_position()
self.main_selection_window.move(location[0] + 2, location[1] + 65)
self.main_selection_window.show()
else:
self.main_selection_window.hide()
self.popup = 0
def hide_combo_menu(self, *args):
self.main_selection_window.hide()
self.popup = 0
def set_application_label(self, *args):
self.set_application_label = True
def resize_wrap(self, *args):
print args
def initialize_system_default_mode(self):
self.enforce_mode = selinux.selinux_getenforcemode()[1]
if self.enforce_mode == ENFORCING:
self.enforce_button = self.enforcing_button_default
if self.enforce_mode == PERMISSIVE:
self.enforce_button = self.permissive_button_default
if self.enforce_mode == DISABLED:
self.enforce_button = self.disabled_button_default
def populate_system_policy(self):
selinux_path = selinux.selinux_path()
types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0]
types.sort()
ctr = 0
for item in types:
iter = self.system_policy_type_liststore.append()
self.system_policy_type_liststore.set_value(iter, 0, item)
if item == self.initialtype:
self.system_policy_type_combobox.set_active(ctr)
self.typeHistory = ctr
ctr += 1
return ctr
def filter_the_data(self, list, iter, *args):
# When there is no txt in the box show all items in the tree
if self.filter_txt == "":
return True
try:
for x in range(0, list.get_n_columns()):
try:
val = list.get_value(iter, x)
if val == True or val == False or val == None:
continue
# Returns true if filter_txt exists within the val
if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1):
return True
except AttributeError, TypeError:
pass
except: # ValueError:
pass
return False
def net_update(self, app, netd, protocol, direction, model):
for k in netd.keys():
for t, ports in netd[k]:
pkey = (",".join(ports), protocol)
if pkey in self.cur_dict["port"]:
if self.cur_dict["port"][pkey]["action"] == "-d":
continue
if t != self.cur_dict["port"][pkey]["type"]:
continue
self.network_initial_data_insert(model, ", ".join(ports), t, protocol)
def file_equiv_initialize(self):
self.wait_mouse()
edict = sepolicy.get_file_equiv()
self.file_equiv_liststore.clear()
for f in edict:
iter = self.file_equiv_liststore.append()
if edict[f]["modify"]:
name = self.markup(f)
equiv = self.markup(edict[f]["equiv"])
else:
name = f
equiv = edict[f]["equiv"]
self.file_equiv_liststore.set_value(iter, 0, name)
self.file_equiv_liststore.set_value(iter, 1, equiv)
self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"])
self.ready_mouse()
def user_initialize(self):
self.wait_mouse()
self.user_liststore.clear()
for u in sepolicy.get_selinux_users():
iter = self.user_liststore.append()
self.user_liststore.set_value(iter, 0, str(u["name"]))
roles = u["roles"]
if "object_r" in roles:
roles.remove("object_r")
self.user_liststore.set_value(iter, 1, ", ".join(roles))
self.user_liststore.set_value(iter, 2, u["level"])
self.user_liststore.set_value(iter, 3, u["range"])
self.user_liststore.set_value(iter, 4, True)
self.ready_mouse()
def login_initialize(self):
self.wait_mouse()
self.login_liststore.clear()
for u in sepolicy.get_login_mappings():
iter = self.login_liststore.append()
self.login_liststore.set_value(iter, 0, u["name"])
self.login_liststore.set_value(iter, 1, u["seuser"])
self.login_liststore.set_value(iter, 2, u["mls"])
self.login_liststore.set_value(iter, 3, True)
self.ready_mouse()
def network_initialize(self, app):
netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect")
self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore)
netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind")
self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore)
netd = sepolicy.network.get_network_connect(app, "udp", "name_bind")
self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore)
def network_initial_data_insert(self, model, ports, portType, protocol):
iter = model.append()
model.set_value(iter, 0, ports)
model.set_value(iter, 1, protocol)
model.set_value(iter, 2, portType)
model.set_value(iter, 4, True)
def combo_set_active_text(self, combobox, val):
ctr = 0
liststore = combobox.get_model()
for i in liststore:
if i[0] == val:
combobox.set_active(ctr)
return
ctr += 1
niter = liststore.get_iter(ctr - 1)
if liststore.get_value(niter, 0) == _("More..."):
iter = liststore.insert_before(niter)
ctr = ctr - 1
else:
iter = liststore.append()
liststore.set_value(iter, 0, val)
combobox.set_active(ctr)
def combo_get_active_text(self, combobox):
liststore = combobox.get_model()
index = combobox.get_active()
if index < 0:
return None
iter = liststore.get_iter(index)
return liststore.get_value(iter, 0)
def combo_box_initialize(self, val, desc):
if val == None:
return
iter = self.combobox_menu_model.append()
for f in val:
self.combobox_menu_model.set_value(iter, 0, val)
def select_type_more(self, *args):
app = self.moreTypes_treeview.get_selection()
iter = app.get_selected()[1]
if iter == None:
return
app = self.more_types_files_liststore.get_value(iter, 0)
self.combo_set_active_text(self.files_type_combobox, app)
self.closewindow(self.moreTypes_window_files)
def advanced_item_button_push(self, *args):
row = self.advanced_search_treeview.get_selection()
model, iter = row.get_selected()
iter = model.convert_iter_to_child_iter(iter)
iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
app = self.advanced_search_liststore.get_value(iter, 1)
if app == None:
return
self.advanced_filter_entry.set_text('')
self.advanced_search_window.hide()
self.reveal_advanced(self.main_advanced_label)
self.completion_entry.set_text(app)
self.application_selected()
def advanced_item_selected(self, treeview, path, *args):
iter = self.advanced_search_filter.get_iter(path)
iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
app = self.advanced_search_liststore.get_value(iter, 1)
self.advanced_filter_entry.set_text('')
self.advanced_search_window.hide()
self.reveal_advanced(self.main_advanced_label)
self.completion_entry.set_text(app)
self.application_selected()
def find_application(self, app):
if app and len(app) > 0:
for items in self.combobox_menu_model:
if app == items[0]:
return True
return False
def application_selected(self, *args):
self.show_mislabeled_files_only.set_visible(False)
self.mislabeled_files_label.set_visible(False)
self.warning_files.set_visible(False)
self.filter_entry.set_text('')
app = self.completion_entry.get_text()
if not self.find_application(app):
return
self.show_applications_page()
self.add_button.set_sensitive(True)
self.delete_button.set_sensitive(True)
# Clear the tree to prepare for a new selection otherwise
self.executable_files_liststore.clear()
# data will pile up everytime the user selects a new item from the drop down menu
self.network_in_liststore.clear()
self.network_out_liststore.clear()
self.boolean_liststore.clear()
self.transitions_into_liststore.clear()
self.transitions_from_treestore.clear()
self.application_files_liststore.clear()
self.writable_files_liststore.clear()
self.transitions_file_liststore.clear()
try:
if app[0] == '/':
app = sepolicy.get_init_transtype(app)
if not app:
return
self.application = app
except IndexError:
pass
self.wait_mouse()
self.previously_modified_initialize(self.dbus.customized())
self.reinit()
self.boolean_initialize(app)
self.mislabeled_files = False
self.executable_files_initialize(app)
self.network_initialize(app)
self.writable_files_initialize(app)
self.transitions_into_initialize(app)
self.transitions_from_initialize(app)
self.application_files_initialize(app)
self.transitions_files_initialize(app)
self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app))
self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app))
self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app))
self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app))
self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app))
self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app))
self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app))
self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app))
self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app))
self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app))
self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app))
self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to the '%s', when executing a selected domains entrypoint.") % app)
self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when the '%s' executes them.") % app)
self.transitions_file_tab.set_tooltip_text(_("Files by '%s' will transitions to a different label." % app))
self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app))
self.application = app
self.applications_selection_button.set_label(self.application)
self.ready_mouse()
def reinit(self):
sepolicy.reinit()
self.fcdict = sepolicy.get_fcdict()
self.local_file_paths = sepolicy.get_local_file_paths()
def previously_modified_initialize(self, buf):
self.cust_dict = {}
for i in buf.split("\n"):
rec = i.split()
if len(rec) == 0:
continue
if rec[1] == "-D":
continue
if rec[0] not in self.cust_dict:
self.cust_dict[rec[0]] = {}
if rec[0] == "boolean":
self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"}
if rec[0] == "login":
self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]}
if rec[0] == "interface":
self.cust_dict["interface"][rec[-1]] = {"type": rec[3]}
if rec[0] == "user":
self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]}
if rec[0] == "port":
self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]}
if rec[0] == "node":
self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]}
if rec[0] == "fcontext":
if rec[2] == "-e":
if "fcontext-equiv" not in self.cust_dict:
self.cust_dict["fcontext-equiv"] = {}
self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]}
else:
self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]}
if rec[0] == "module":
self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"}
if "module" not in self.cust_dict:
return
for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]:
if semodule in self.cust_dict["module"]:
button.set_active(self.cust_dict["module"][semodule]["enabled"])
for i in keys:
if i not in self.cust_dict:
self.cust_dict.update({i: {}})
def executable_files_initialize(self, application):
self.entrypoints = sepolicy.get_entrypoints(application)
for exe in self.entrypoints.keys():
if len(self.entrypoints[exe]) == 0:
continue
file_class = self.entrypoints[exe][1]
for path in self.entrypoints[exe][0]:
if (path, file_class) in self.cur_dict["fcontext"]:
if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d":
continue
if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]:
continue
self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class)
def mislabeled(self, path):
try:
con = selinux.matchpathcon(path, 0)[1]
cur = selinux.getfilecon(path)[1]
return con != cur
except OSError:
return False
def set_mislabeled(self, tree, path, iter, niter):
if not self.mislabeled(path):
return
con = selinux.matchpathcon(path, 0)[1]
cur = selinux.getfilecon(path)[1]
self.mislabeled_files = True
# Set visibility of label
tree.set_value(niter, 3, True)
# Has a mislabel
tree.set_value(iter, 4, True)
tree.set_value(niter, 4, True)
tree.set_value(iter, 5, con.split(":")[2])
tree.set_value(iter, 6, cur.split(":")[2])
def writable_files_initialize(self, application):
# Traversing the dictionary data struct
self.writable_files = sepolicy.get_writable_files(application)
for write in self.writable_files.keys():
if len(self.writable_files[write]) < 2:
self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files"))
continue
file_class = self.writable_files[write][1]
for path in self.writable_files[write][0]:
if (path, file_class) in self.cur_dict["fcontext"]:
if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d":
continue
if write != self.cur_dict["fcontext"][(path, file_class)]["type"]:
continue
self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class)
def files_initial_data_insert(self, liststore, path, seLinux_label, file_class):
iter = liststore.append(None)
if path == None:
path = _("MISSING FILE PATH")
modify = False
else:
modify = (path, file_class) in self.local_file_paths
for p in sepolicy.find_file(path):
niter = liststore.append(iter)
liststore.set_value(niter, 0, p)
self.set_mislabeled(liststore, p, iter, niter)
if modify:
path = self.markup(path)
file_class = self.markup(selinux_label)
file_class = self.markup(file_class)
liststore.set_value(iter, 0, path)
liststore.set_value(iter, 1, seLinux_label)
liststore.set_value(iter, 2, file_class)
liststore.set_value(iter, 7, modify)
def markup(self, f):
return "<b>%s</b>" % f
def unmarkup(self, f):
if f:
return re.sub("</b>$", "", re.sub("^<b>", "", f))
return None
def application_files_initialize(self, application):
self.file_types = sepolicy.get_file_types(application)
for app in self.file_types.keys():
if len(self.file_types[app]) == 0:
continue
file_class = self.file_types[app][1]
for path in self.file_types[app][0]:
desc = sepolicy.get_description(app, markup=self.markup)
if (path, file_class) in self.cur_dict["fcontext"]:
if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d":
continue
if app != self.cur_dict["fcontext"][(path, file_class)]["type"]:
continue
self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class)
def modified(self):
i = 0
for k in self.cur_dict:
if len(self.cur_dict[k]) > 0:
return True
return False
def boolean_initialize(self, application):
for blist in sepolicy.get_bools(application):
for b, active in blist:
if b in self.cur_dict["boolean"]:
active = self.cur_dict["boolean"][b]['active']
desc = sepolicy.boolean_desc(b)
self.boolean_initial_data_insert(b, desc, active)
def boolean_initial_data_insert(self, val, desc, active):
# Insert data from data source into tree
iter = self.boolean_liststore.append()
self.boolean_liststore.set_value(iter, 0, active)
self.boolean_liststore.set_value(iter, 1, desc)
self.boolean_liststore.set_value(iter, 2, val)
self.boolean_liststore.set_value(iter, 3, _('More...'))
def transitions_into_initialize(self, application):
for x in sepolicy.get_transitions_into(application):
active = None
executable = None
source = None
if "boolean" in x:
active = x["boolean"]
if "target" in x:
executable = x["target"]
if "source" in x:
source = x["source"]
self.transitions_into_initial_data_insert(active, executable, source)
def transitions_into_initial_data_insert(self, active, executable, source):
iter = self.transitions_into_liststore.append()
if active != None:
self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top)
else:
self.transitions_into_liststore.set_value(iter, 0, "Default")
self.transitions_into_liststore.set_value(iter, 2, executable)
self.transitions_into_liststore.set_value(iter, 1, source)
def transitions_from_initialize(self, application):
for x in sepolicy.get_transitions(application):
active = None
executable = None
transtype = None
if "boolean" in x:
active = x["boolean"]
if "target" in x:
executable_type = x["target"]
if "transtype" in x:
transtype = x["transtype"]
self.transitions_from_initial_data_insert(active, executable_type, transtype)
try:
for executable in self.fcdict[executable_type]["regex"]:
self.transitions_from_initial_data_insert(active, executable, transtype)
except KeyError:
pass
def transitions_from_initial_data_insert(self, active, executable, transtype):
iter = self.transitions_from_treestore.append(None)
if active == None:
self.transitions_from_treestore.set_value(iter, 0, "Default")
self.transitions_from_treestore.set_value(iter, 5, False)
else:
niter = self.transitions_from_treestore.append(iter)
# active[0][1] is either T or F (enabled is all the way at the top)
self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]])
markup = '<span foreground="blue"><u>%s</u></span>'
if active[0][1]:
self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section."))))
else:
self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section."))))
# active[0][0] is the Bool Name
self.transitions_from_treestore.set_value(niter, 1, active[0][0])
self.transitions_from_treestore.set_value(niter, 5, True)
self.transitions_from_treestore.set_value(iter, 2, executable)
self.transitions_from_treestore.set_value(iter, 3, transtype)
def transitions_files_initialize(self, application):
for i in sepolicy.get_file_transitions(application):
if 'filename' in i:
filename = i['filename']
else:
filename = None
self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename)
def transitions_files_inital_data_insert(self, path, tclass, dest, name):
iter = self.transitions_file_liststore.append()
self.transitions_file_liststore.set_value(iter, 0, path)
self.transitions_file_liststore.set_value(iter, 1, tclass)
self.transitions_file_liststore.set_value(iter, 2, dest)
if name == None:
name = '*'
self.transitions_file_liststore.set_value(iter, 3, name)
def tab_change(self, *args):
self.clear_filters()
self.treeview = None
self.treesort = None
self.treefilter = None
self.liststore = None
self.modify_button.set_sensitive(False)
self.add_modify_delete_box.hide()
self.show_modified_only.set_visible(False)
self.show_mislabeled_files_only.set_visible(False)
self.mislabeled_files_label.set_visible(False)
self.warning_files.set_visible(False)
if self.boolean_radio_button.get_active():
self.outer_notebook.set_current_page(BOOLEANS_PAGE)
self.treeview = self.boolean_treeview
self.show_modified_only.set_visible(True)
if self.files_radio_button.get_active():
self.show_popup(self.add_modify_delete_box)
self.show_modified_only.set_visible(True)
self.show_mislabeled_files_only.set_visible(self.mislabeled_files)
self.mislabeled_files_label.set_visible(self.mislabeled_files)
self.warning_files.set_visible(self.mislabeled_files)
self.outer_notebook.set_current_page(FILES_PAGE)
if args[0] == self.inner_notebook_files:
ipage = args[2]
else:
ipage = self.inner_notebook_files.get_current_page()
if ipage == EXE_PAGE:
self.treeview = self.executable_files_treeview
category = _("executable")
elif ipage == WRITABLE_PAGE:
self.treeview = self.writable_files_treeview
category = _("writable")
elif ipage == APP_PAGE:
self.treeview = self.application_files_treeview
category = _("application")
self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application})
self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application})
self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application})
if self.network_radio_button.get_active():
self.add_modify_delete_box.show()
self.show_modified_only.set_visible(True)
self.outer_notebook.set_current_page(NETWORK_PAGE)
if args[0] == self.inner_notebook_network:
ipage = args[2]
else:
ipage = self.inner_notebook_network.get_current_page()
if ipage == OUTBOUND_PAGE:
self.treeview = self.network_out_treeview
category = _("connect")
if ipage == INBOUND_PAGE:
self.treeview = self.network_in_treeview
category = _("listen for inbound connections")
self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category})
self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category})
self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
if self.transitions_radio_button.get_active():
self.outer_notebook.set_current_page(TRANSITIONS_PAGE)
if args[0] == self.inner_notebook_transitions:
ipage = args[2]
else:
ipage = self.inner_notebook_transitions.get_current_page()
if ipage == TRANSITIONS_FROM_PAGE:
self.treeview = self.transitions_from_treeview
if ipage == TRANSITIONS_TO_PAGE:
self.treeview = self.transitions_into_treeview
if ipage == TRANSITIONS_FILE_PAGE:
self.treeview = self.transitions_file_treeview
if self.system_radio_button.get_active():
self.outer_notebook.set_current_page(SYSTEM_PAGE)
self.filter_box.hide()
if self.lockdown_radio_button.get_active():
self.lockdown_init()
self.outer_notebook.set_current_page(LOCKDOWN_PAGE)
self.filter_box.hide()
if self.user_radio_button.get_active():
self.outer_notebook.set_current_page(USER_PAGE)
self.add_modify_delete_box.show()
self.show_modified_only.set_visible(True)
self.treeview = self.user_treeview
self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition."))
self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions."))
self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions."))
if self.login_radio_button.get_active():
self.outer_notebook.set_current_page(LOGIN_PAGE)
self.add_modify_delete_box.show()
self.show_modified_only.set_visible(True)
self.treeview = self.login_treeview
self.add_button.set_tooltip_text(_("Add new Login Mapping definition."))
self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions."))
self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions."))
if self.file_equiv_radio_button.get_active():
self.outer_notebook.set_current_page(FILE_EQUIV_PAGE)
self.add_modify_delete_box.show()
self.show_modified_only.set_visible(True)
self.treeview = self.file_equiv_treeview
self.add_button.set_tooltip_text(_("Add new File Equivalence definition."))
self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions."))
self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously."))
self.opage = self.outer_notebook.get_current_page()
if self.treeview:
self.filter_box.show()
self.treesort = self.treeview.get_model()
self.treefilter = self.treesort.get_model()
self.liststore = self.treefilter.get_model()
for x in range(0, self.liststore.get_n_columns()):
col = self.treeview.get_column(x)
if col:
cell = col.get_cells()[0]
if isinstance(cell, Gtk.CellRendererText):
self.liststore.set_sort_func(x, self.stripsort, None)
self.treeview.get_selection().unselect_all()
self.modify_button.set_sensitive(False)
def stripsort(self, model, row1, row2, user_data):
sort_column, _ = model.get_sort_column_id()
val1 = self.unmarkup(model.get_value(row1, sort_column))
val2 = self.unmarkup(model.get_value(row2, sort_column))
return cmp(val1, val2)
def display_more_detail(self, windows, path):
it = self.boolean_filter.get_iter(path)
it = self.boolean_filter.convert_iter_to_child_iter(it)
self.boolean_more_detail_tree_data_set.clear()
self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2))
blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2))
for b in blist:
self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"])
self.show_popup(self.boolean_more_detail_window)
def display_more_detail_init(self, source, target, class_type, permission):
iter = self.boolean_more_detail_tree_data_set.append()
self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission)))
def add_button_clicked(self, *args):
self.modify = False
if self.opage == NETWORK_PAGE:
self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application)
self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application)
self.init_network_dialog(args)
return
if self.opage == FILES_PAGE:
self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application)
self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application)
self.init_files_dialog(args)
ipage = self.inner_notebook_files.get_current_page()
if ipage == EXE_PAGE:
self.files_path_entry.set_text("ex: /usr/sbin/Foobar")
else:
self.files_path_entry.set_text("ex: /var/lib/Foobar")
self.clear_entry = True
if self.opage == LOGIN_PAGE:
self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied.")))
self.login_popup_window.set_title(_("Add Login Mapping"))
self.login_init_dialog(args)
self.clear_entry = True
if self.opage == USER_PAGE:
self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied.")))
self.user_popup_window.set_title(_("Add SELinux Users"))
self.user_init_dialog(args)
self.clear_entry = True
if self.opage == FILE_EQUIV_PAGE:
self.file_equiv_source_entry.set_text("")
self.file_equiv_dest_entry.set_text("")
self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied.")))
self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency"))
self.clear_entry = True
self.show_popup(self.file_equiv_popup_window)
self.new_updates()
def show_popup(self, window):
self.current_popup = window
window.show()
def close_popup(self, *args):
self.current_popup.hide()
self.window.set_sensitive(True)
return True
def modify_button_clicked(self, *args):
iter = None
if self.treeview:
iter = self.get_selected_iter()
if not iter:
self.modify_button.set_sensitive(False)
return
self.modify = True
if self.opage == NETWORK_PAGE:
self.modify_button_network_clicked(args)
if self.opage == FILES_PAGE:
self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application)
self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application)
self.delete_old_item = None
self.init_files_dialog(args)
self.modify = True
operation = "Modify"
mls = 1
ipage = self.inner_notebook_files.get_current_page()
if ipage == EXE_PAGE:
iter = self.executable_files_filter.convert_iter_to_child_iter(iter)
self.delete_old_item = iter
path = self.executable_files_liststore.get_value(iter, 0)
self.files_path_entry.set_text(path)
ftype = self.executable_files_liststore.get_value(iter, 1)
if type != None:
self.combo_set_active_text(self.files_type_combobox, ftype)
tclass = self.executable_files_liststore.get_value(iter, 2)
if tclass != None:
self.combo_set_active_text(self.files_class_combobox, tclass)
if ipage == WRITABLE_PAGE:
iter = self.writable_files_filter.convert_iter_to_child_iter(iter)
self.delete_old_item = iter
path = self.writable_files_liststore.get_value(iter, 0)
self.files_path_entry.set_text(path)
type = self.writable_files_liststore.get_value(iter, 1)
if type != None:
self.combo_set_active_text(self.files_type_combobox, type)
tclass = self.writable_files_liststore.get_value(iter, 2)
if tclass != None:
self.combo_set_active_text(self.files_class_combobox, tclass)
if ipage == APP_PAGE:
iter = self.application_files_filter.convert_iter_to_child_iter(iter)
self.delete_old_item = iter
path = self.application_files_liststore.get_value(iter, 0)
self.files_path_entry.set_text(path)
try:
get_type = self.application_files_liststore.get_value(iter, 1)
get_type = get_type.split("<b>")[1].split("</b>")
except AttributeError:
pass
type = self.application_files_liststore.get_value(iter, 2)
if type != None:
self.combo_set_active_text(self.files_type_combobox, type)
tclass = get_type[0]
if tclass != None:
self.combo_set_active_text(self.files_class_combobox, tclass)
if self.opage == USER_PAGE:
self.user_init_dialog(args)
self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0))
self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2))
self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3))
self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1))
self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied.")))
self.user_popup_window.set_title(_("Modify SELinux Users"))
self.show_popup(self.user_popup_window)
if self.opage == LOGIN_PAGE:
self.login_init_dialog(args)
self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0))
self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2))
self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1))
self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied.")))
self.login_popup_window.set_title(_("Modify Login Mapping"))
self.show_popup(self.login_popup_window)
if self.opage == FILE_EQUIV_PAGE:
self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter, 0))
self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter, 1))
self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied.")))
self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency"))
self.clear_entry = True
self.show_popup(self.file_equiv_popup_window)
def populate_type_combo(self, tree, loc, *args):
iter = self.more_types_files_liststore.get_iter(loc)
ftype = self.more_types_files_liststore.get_value(iter, 0)
self.combo_set_active_text(self.files_type_combobox, ftype)
self.show_popup(self.files_popup_window)
self.moreTypes_window_files.hide()
def strip_domain(self, domain):
if domain == None:
return
if domain.endswith("_script_t"):
split_char = "_script_t"
else:
split_char = "_t"
return domain.split(split_char)[0]
def exclude_type(self, type, exclude_list):
for e in exclude_list:
if type.startswith(e):
return True
return False
def init_files_dialog(self, *args):
exclude_list = []
self.files_class_combobox.set_sensitive(True)
self.show_popup(self.files_popup_window)
ipage = self.inner_notebook_files.get_current_page()
self.files_type_combolist.clear()
self.files_class_combolist.clear()
compare = self.strip_domain(self.application)
for d in self.completion_entry_model:
if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"):
exclude_list.append(self.strip_domain(d[0]))
self.more_types_files_liststore.clear()
try:
for files in sepolicy.file_type_str:
iter = self.files_class_combolist.append()
self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files])
if ipage == EXE_PAGE and self.entrypoints != None:
for exe in self.entrypoints.keys():
if exe.startswith(compare):
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, exe)
iter = self.more_types_files_liststore.append()
self.more_types_files_liststore.set_value(iter, 0, exe)
self.files_class_combobox.set_active(4)
self.files_class_combobox.set_sensitive(False)
elif ipage == WRITABLE_PAGE and self.writable_files != None:
for write in self.writable_files.keys():
if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types:
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, write)
iter = self.more_types_files_liststore.append()
self.more_types_files_liststore.set_value(iter, 0, write)
self.files_class_combobox.set_active(0)
elif ipage == APP_PAGE and self.file_types != None:
for app in sepolicy.get_all_file_types():
if app.startswith(compare):
if app.startswith(compare) and not self.exclude_type(app, exclude_list):
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, app)
iter = self.more_types_files_liststore.append()
self.more_types_files_liststore.set_value(iter, 0, app)
self.files_class_combobox.set_active(0)
except AttributeError:
print "error"
pass
self.files_type_combobox.set_active(0)
self.files_mls_entry.set_text("s0")
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, _('More...'))
def modify_button_network_clicked(self, *args):
iter = self.get_selected_iter()
if not iter:
self.modify_button.set_sensitive(False)
return
self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application)
self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application)
self.delete_old_item = None
self.init_network_dialog(args)
operation = "Modify"
mls = 1
self.modify = True
iter = self.get_selected_iter()
port = self.liststore.get_value(iter, 0)
self.network_ports_entry.set_text(port)
protocol = self.liststore.get_value(iter, 1)
if protocol == "tcp":
self.network_tcp_button.set_active(True)
elif protocol == "udp":
self.network_udp_button.set_active(True)
type = self.liststore.get_value(iter, 2)
if type != None:
self.combo_set_active_text(self.network_port_type_combobox, type)
self.delete_old_item = iter
def init_network_dialog(self, *args):
self.show_popup(self.network_popup_window)
ipage = self.inner_notebook_network.get_current_page()
self.network_port_type_combolist.clear()
self.network_ports_entry.set_text("")
try:
if ipage == OUTBOUND_PAGE:
netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect")
elif ipage == INBOUND_PAGE:
netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind")
netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind")
port_types = []
for k in netd.keys():
for t, ports in netd[k]:
if t not in port_types + ["port_t", "unreserved_port_t"]:
if t.endswith("_type"):
continue
port_types.append(t)
port_types.sort()
short_domain = self.strip_domain(self.application)
if short_domain[-1] == "d":
short_domain = short_domain[:-1]
short_domain = short_domain + "_"
ctr = 0
found = 0
for t in port_types:
if t.startswith(short_domain):
found = ctr
iter = self.network_port_type_combolist.append()
self.network_port_type_combolist.set_value(iter, 0, t)
ctr += 1
self.network_port_type_combobox.set_active(found)
except AttributeError:
pass
self.network_tcp_button.set_active(True)
self.network_mls_entry.set_text("s0")
def login_seuser_combobox_change(self, combo, *args):
seuser = self.combo_get_active_text(combo)
if self.login_mls_entry.get_text() == "":
for u in sepolicy.get_selinux_users():
if seuser == u['name']:
self.login_mls_entry.set_text(u['range'])
def user_roles_combobox_change(self, combo, *args):
serole = self.combo_get_active_text(combo)
if self.user_mls_entry.get_text() == "":
for u in sepolicy.get_all_roles():
if serole == u['name']:
self.user_mls_entry.set_text(u['range'])
def get_selected_iter(self):
iter = None
if not self.treeview:
return None
row = self.treeview.get_selection()
if not row:
return None
treesort, iter = row.get_selected()
if iter:
iter = treesort.convert_iter_to_child_iter(iter)
if iter:
iter = self.treefilter.convert_iter_to_child_iter(iter)
return iter
def cursor_changed(self, *args):
self.modify_button.set_sensitive(False)
iter = self.get_selected_iter()
if iter == None:
self.modify_button.set_sensitive(False)
return
if not self.liststore[iter] or not self.liststore[iter][-1]:
return
self.modify_button.set_sensitive(self.liststore[iter][-1])
def login_init_dialog(self, *args):
self.show_popup(self.login_popup_window)
self.login_seuser_combolist.clear()
users = sepolicy.get_all_users()
users.sort()
for u in users:
iter = self.login_seuser_combolist.append()
self.login_seuser_combolist.set_value(iter, 0, str(u))
self.login_name_entry.set_text("")
self.login_mls_entry.set_text("")
def user_init_dialog(self, *args):
self.show_popup(self.user_popup_window)
self.user_roles_combolist.clear()
roles = sepolicy.get_all_roles()
roles.sort()
for r in roles:
iter = self.user_roles_combolist.append()
self.user_roles_combolist.set_value(iter, 0, str(r))
self.user_name_entry.set_text("")
self.user_mls_entry.set_text("")
def on_disable_ptrace(self, checkbutton):
if self.finish_init:
update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active()
self.wait_mouse()
try:
self.dbus.semanage(update_buffer)
except dbus.exceptions.DBusException, e:
self.error(e)
self.ready_mouse()
def on_show_modified_only(self, checkbutton):
length = self.liststore.get_n_columns()
def dup_row(row):
l = []
for i in range(0, length):
l.append(row[i])
return l
append_list = []
if self.opage == BOOLEANS_PAGE:
if not checkbutton.get_active():
return self.boolean_initialize(self.application)
for row in self.liststore:
if row[2] in self.cust_dict["boolean"]:
append_list.append(dup_row(row))
if self.opage == FILES_PAGE:
ipage = self.inner_notebook_files.get_current_page()
if not checkbutton.get_active():
if ipage == EXE_PAGE:
return self.executable_files_initialize(self.application)
if ipage == WRITABLE_PAGE:
return self.writable_files_initialize(self.application)
if ipage == APP_PAGE:
return self.application_files_initialize(self.application)
for row in self.liststore:
if (row[0], row[2]) in self.cust_dict["fcontext"]:
append_list.append(row)
if self.opage == NETWORK_PAGE:
if not checkbutton.get_active():
return self.network_initialize(self.application)
for row in self.liststore:
if (row[0], row[1]) in self.cust_dict["port"]:
append_list.append(dup_row(row))
if self.opage == FILE_EQUIV_PAGE:
if not checkbutton.get_active() == True:
return self.file_equiv_initialize()
for row in self.liststore:
if row[0] in self.cust_dict["fcontext-equiv"]:
append_list.append(dup_row(row))
if self.opage == USER_PAGE:
if not checkbutton.get_active():
return self.user_initialize()
for row in self.liststore:
if row[0] in self.cust_dict["user"]:
append_list.append(dup_row(row))
if self.opage == LOGIN_PAGE:
if not checkbutton.get_active() == True:
return self.login_initialize()
for row in self.liststore:
if row[0] in self.cust_dict["login"]:
append_list.append(dup_row(row))
self.liststore.clear()
for row in append_list:
iter = self.liststore.append()
for i in range(0, length):
self.liststore.set_value(iter, i, row[i])
def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype):
iter = tree.append(None)
tree.set_value(iter, 0, path)
tree.set_value(iter, 1, ftype)
tree.set_value(iter, 2, fclass)
def restore_to_default(self, *args):
print "restore to defualt clicked..."
def invalid_entry_retry(self, *args):
self.closewindow(self.error_check_window)
self.files_popup_window.set_sensitive(True)
self.network_popup_window.set_sensitive(True)
def error_check_files(self, insert_txt):
if len(insert_txt) == 0 or insert_txt[0] != '/':
self.error_check_window.show()
self.files_popup_window.set_sensitive(False)
self.network_popup_window.set_sensitive(False)
self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt)
return True
return False
def error_check_network(self, port):
try:
pnum = int(port)
if pnum < 1 or pnum > 65536:
raise ValueError
except ValueError:
self.error_check_window.show()
self.files_popup_window.set_sensitive(False)
self.network_popup_window.set_sensitive(False)
self.error_check_label.set_text((_("Port number must be between 1 and 65536")))
return True
return False
def show_more_types(self, *args):
if self.finish_init:
if self.combo_get_active_text(self.files_type_combobox) == _('More...'):
self.files_popup_window.hide()
self.moreTypes_window_files.show()
def update_to_login(self, *args):
self.close_popup()
seuser = self.combo_get_active_text(self.login_seuser_combobox)
mls_range = self.login_mls_entry.get_text()
name = self.login_name_entry.get_text()
if self.modify:
iter = self.get_selected_iter()
oldname = self.login_liststore.get_value(iter, 0)
oldseuser = self.login_liststore.get_value(iter, 1)
oldrange = self.login_liststore.get_value(iter, 2)
self.liststore.set_value(iter, 0, oldname)
self.liststore.set_value(iter, 1, oldseuser)
self.liststore.set_value(iter, 2, oldrange)
self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname}
else:
iter = self.liststore.append(None)
self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser}
self.liststore.set_value(iter, 0, name)
self.liststore.set_value(iter, 1, seuser)
self.liststore.set_value(iter, 2, mls_range)
self.new_updates()
def update_to_user(self, *args):
self.close_popup()
roles = self.combo_get_active_text(self.user_roles_combobox)
level = self.user_mls_level_entry.get_text()
mls_range = self.user_mls_entry.get_text()
name = self.user_name_entry.get_text()
if self.modify:
iter = self.get_selected_iter()
oldname = self.user_liststore.get_value(iter, 0)
oldroles = self.user_liststore.get_value(iter, 1)
oldlevel = self.user_liststore.get_value(iter, 1)
oldrange = self.user_liststore.get_value(iter, 3)
self.liststore.set_value(iter, 0, oldname)
self.liststore.set_value(iter, 1, oldroles)
self.liststore.set_value(iter, 2, oldlevel)
self.liststore.set_value(iter, 3, oldrange)
self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
else:
iter = self.liststore.append(None)
self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
self.liststore.set_value(iter, 0, name)
self.liststore.set_value(iter, 1, roles)
self.liststore.set_value(iter, 2, level)
self.liststore.set_value(iter, 3, mls_range)
self.new_updates()
def update_to_file_equiv(self, *args):
self.close_popup()
dest = self.file_equiv_dest_entry.get_text()
src = self.file_equiv_source_entry.get_text()
if self.modify:
iter = self.get_selected_iter()
olddest = self.unmarkup(self.liststore.set_value(iter, 0))
oldsrc = self.unmarkup(self.liststore.set_value(iter, 1))
self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest}
else:
iter = self.liststore.append(None)
self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src}
self.liststore.set_value(iter, 0, self.markup(dest))
self.liststore.set_value(iter, 1, self.markup(src))
def update_to_files(self, *args):
self.close_popup()
self.files_add = True
# Insert Function will be used in the future
path = self.files_path_entry.get_text()
if self.error_check_files(path):
return
setype = self.combo_get_active_text(self.files_type_combobox)
mls = self.files_mls_entry.get_text()
tclass = self.combo_get_active_text(self.files_class_combobox)
if self.modify:
iter = self.get_selected_iter()
oldpath = self.unmark(self.liststore.get_value(iter, 0))
setype = self.unmark(self.liststore.set_value(iter, 1))
oldtclass = self.liststore.get_value(iter, 2)
self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass}
else:
iter = self.liststore.append(None)
self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype}
self.liststore.set_value(iter, 0, self.markup(path))
self.liststore.set_value(iter, 1, self.markup(setype))
self.liststore.set_value(iter, 2, self.markup(tclass))
self.files_add = False
self.recursive_path_toggle.set_active(False)
self.new_updates()
def update_to_network(self, *args):
self.network_add = True
ports = self.network_ports_entry.get_text()
if self.error_check_network(ports):
return
if self.network_tcp_button.get_active():
protocol = "tcp"
else:
protocol = "udp"
setype = self.combo_get_active_text(self.network_port_type_combobox)
mls = self.network_mls_entry.get_text()
if self.modify:
iter = self.get_selected_iter()
oldports = self.unmark(self.liststore.get_value(iter, 0))
oldprotocol = self.unmark(self.liststore.get_value(iter, 1))
oldsetype = self.unmark(self.liststore.set_value(iter, 2))
self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports}
else:
iter = self.liststore.append(None)
self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls}
self.liststore.set_value(iter, 0, ports)
self.liststore.set_value(iter, 1, protocol)
self.liststore.set_value(iter, 2, setype)
self.network_add = False
self.network_popup_window.hide()
self.window.set_sensitive(True)
self.new_updates()
def delete_button_clicked(self, *args):
operation = "Add"
self.window.set_sensitive(False)
if self.opage == NETWORK_PAGE:
self.network_delete_liststore.clear()
port_dict = self.cust_dict["port"]
for ports, protocol in port_dict:
setype = port_dict[(ports, protocol)]["type"]
iter = self.network_delete_liststore.append()
self.network_delete_liststore.set_value(iter, 1, ports)
self.network_delete_liststore.set_value(iter, 2, protocol)
self.network_delete_liststore.set_value(iter, 3, setype)
self.show_popup(self.network_delete_window)
return
if self.opage == FILES_PAGE:
self.files_delete_liststore.clear()
fcontext_dict = self.cust_dict["fcontext"]
for path, tclass in fcontext_dict:
setype = fcontext_dict[(path, tclass)]["type"]
iter = self.files_delete_liststore.append()
self.files_delete_liststore.set_value(iter, 1, path)
self.files_delete_liststore.set_value(iter, 2, setype)
self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass])
self.show_popup(self.files_delete_window)
return
if self.opage == USER_PAGE:
self.user_delete_liststore.clear()
user_dict = self.cust_dict["user"]
for user in user_dict:
roles = user_dict[user]["role"]
mls = user_dict[user]["range"]
level = user_dict[user]["level"]
iter = self.user_delete_liststore.append()
self.user_delete_liststore.set_value(iter, 1, user)
self.user_delete_liststore.set_value(iter, 2, roles)
self.user_delete_liststore.set_value(iter, 3, level)
self.user_delete_liststore.set_value(iter, 4, mls)
self.show_popup(self.user_delete_window)
return
if self.opage == LOGIN_PAGE:
self.login_delete_liststore.clear()
login_dict = self.cust_dict["login"]
for login in login_dict:
seuser = login_dict[login]["seuser"]
mls = login_dict[login]["range"]
iter = self.login_delete_liststore.append()
self.login_delete_liststore.set_value(iter, 1, seuser)
self.login_delete_liststore.set_value(iter, 2, login)
self.login_delete_liststore.set_value(iter, 3, mls)
self.show_popup(self.login_delete_window)
return
if self.opage == FILE_EQUIV_PAGE:
self.file_equiv_delete_liststore.clear()
for items in self.file_equiv_liststore:
if items[2]:
iter = self.file_equiv_delete_liststore.append()
self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0]))
self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1]))
self.show_popup(self.file_equiv_delete_window)
return
def on_save_delete_clicked(self, *args):
self.close_popup()
if self.opage == NETWORK_PAGE:
for delete in self.network_delete_liststore:
if delete[0]:
self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]}
if self.opage == FILES_PAGE:
for delete in self.files_delete_liststore:
if delete[0]:
self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]}
if self.opage == USER_PAGE:
for delete in self.user_delete_liststore:
if delete[0]:
self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]}
if self.opage == LOGIN_PAGE:
for delete in self.login_delete_liststore:
if delete[0]:
self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]}
if self.opage == FILE_EQUIV_PAGE:
for delete in self.file_equiv_delete_liststore:
if delete[0]:
self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]}
self.new_updates()
def on_save_delete_file_equiv_clicked(self, *args):
for delete in self.files_delete_liststore:
print delete[0], delete[1], delete[2],
def on_toggle_update(self, cell, path, model):
model[path][0] = not model[path][0]
def ipage_delete(self, liststore, key):
ctr = 0
for items in liststore:
if items[0] == key[0] and items[2] == key[1]:
iter = liststore.get_iter(ctr)
liststore.remove(iter)
return
ctr += 1
def on_toggle(self, cell, path, model):
if not path:
return
iter = self.boolean_filter.get_iter(path)
iter = self.boolean_filter.convert_iter_to_child_iter(iter)
name = model.get_value(iter, 2)
model.set_value(iter, 0, not model.get_value(iter, 0))
active = model.get_value(iter, 0)
if name in self.cur_dict["boolean"]:
del(self.cur_dict["boolean"][name])
else:
self.cur_dict["boolean"][name] = {"active": active}
self.new_updates()
def get_advanced_filter_data(self, entry, *args):
self.filter_txt = entry.get_text()
self.advanced_search_filter.refilter()
def get_filter_data(self, windows, *args):
#search for desired item
# The txt that the use rinputs into the filter is stored in filter_txt
self.filter_txt = windows.get_text()
self.treefilter.refilter()
def update_gui(self, *args):
self.update = True
self.update_treestore.clear()
for bools in self.cur_dict["boolean"]:
operation = self.cur_dict["boolean"][bools]["action"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools))
self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']])
self.update_treestore.set_value(iter, 3, True)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools)
self.update_treestore.set_value(niter, 3, False)
for path, tclass in self.cur_dict["fcontext"]:
operation = self.cur_dict["fcontext"][(path, tclass)]["action"]
setype = self.cur_dict["fcontext"][(path, tclass)]["type"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 2, operation)
self.update_treestore.set_value(iter, 0, True)
if operation == "-a":
self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application)
if operation == "-d":
self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application)
if operation == "-m":
self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass])
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype)
for port, protocol in self.cur_dict["port"]:
operation = self.cur_dict["port"][(port, protocol)]["action"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 2, operation)
self.update_treestore.set_value(iter, 3, True)
if operation == "-a":
self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application)
if operation == "-d":
self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application)
if operation == "-m":
self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port)
self.update_treestore.set_value(niter, 3, False)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol)
self.update_treestore.set_value(niter, 3, False)
setype = self.cur_dict["port"][(port, protocol)]["type"]
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype)
for user in self.cur_dict["user"]:
operation = self.cur_dict["user"][user]["action"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 2, operation)
self.update_treestore.set_value(iter, 0, True)
if operation == "-a":
self.update_treestore.set_value(iter, 1, _("Add user"))
if operation == "-d":
self.update_treestore.set_value(iter, 1, _("Delete user"))
if operation == "-m":
self.update_treestore.set_value(iter, 1, _("Modify user"))
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user)
self.update_treestore.set_value(niter, 3, False)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
roles = self.cur_dict["user"][user]["role"]
self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles)
mls = self.cur_dict["user"][user]["range"]
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
for login in self.cur_dict["login"]:
operation = self.cur_dict["login"][login]["action"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 2, operation)
self.update_treestore.set_value(iter, 0, True)
if operation == "-a":
self.update_treestore.set_value(iter, 1, _("Add login mapping"))
if operation == "-d":
self.update_treestore.set_value(iter, 1, _("Delete login mapping"))
if operation == "-m":
self.update_treestore.set_value(iter, 1, _("Modify login mapping"))
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
seuser = self.cur_dict["login"][login]["seuser"]
self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser)
mls = self.cur_dict["login"][login]["range"]
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
for path in self.cur_dict["fcontext-equiv"]:
operation = self.cur_dict["fcontext-equiv"][path]["action"]
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 2, operation)
self.update_treestore.set_value(iter, 0, True)
if operation == "-a":
self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling.")))
if operation == "-d":
self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling.")))
if operation == "-m":
self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling.")))
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path)
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
src = self.cur_dict["fcontext-equiv"][path]["src"]
self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src)
self.show_popup(self.update_window)
def set_active_application_button(self):
if self.boolean_radio_button.get_active():
self.active_button = self.boolean_radio_button
if self.files_radio_button.get_active():
self.active_button = self.files_radio_button
if self.transitions_radio_button.get_active():
self.active_button = self.transitions_radio_button
if self.network_radio_button.get_active():
self.active_button = self.network_radio_button
def clearbuttons(self, clear=True):
self.main_selection_window.hide()
self.boolean_radio_button.set_visible(False)
self.files_radio_button.set_visible(False)
self.network_radio_button.set_visible(False)
self.transitions_radio_button.set_visible(False)
self.system_radio_button.set_visible(False)
self.lockdown_radio_button.set_visible(False)
self.user_radio_button.set_visible(False)
self.login_radio_button.set_visible(False)
if clear:
self.completion_entry.set_text("")
def show_system_page(self):
self.clearbuttons()
self.system_radio_button.set_visible(True)
self.lockdown_radio_button.set_visible(True)
self.applications_selection_button.set_label(_("System"))
self.system_radio_button.set_active(True)
self.tab_change()
self.idle_func()
def show_file_equiv_page(self, *args):
self.clearbuttons()
self.file_equiv_initialize()
self.file_equiv_radio_button.set_active(True)
self.applications_selection_button.set_label(_("File Equivalence"))
self.tab_change()
self.idle_func()
self.add_button.set_sensitive(True)
self.delete_button.set_sensitive(True)
def show_users_page(self):
self.clearbuttons()
self.login_radio_button.set_visible(True)
self.user_radio_button.set_visible(True)
self.applications_selection_button.set_label(_("Users"))
self.login_radio_button.set_active(True)
self.tab_change()
self.user_initialize()
self.login_initialize()
self.idle_func()
self.add_button.set_sensitive(True)
self.delete_button.set_sensitive(True)
def show_applications_page(self):
self.clearbuttons(False)
self.boolean_radio_button.set_visible(True)
self.files_radio_button.set_visible(True)
self.network_radio_button.set_visible(True)
self.transitions_radio_button.set_visible(True)
self.boolean_radio_button.set_active(True)
self.tab_change()
self.idle_func()
def system_interface(self, *args):
self.show_system_page()
def users_interface(self, *args):
self.show_users_page()
def show_mislabeled_files(self, checkbutton, *args):
iterlist = []
ctr = 0
ipage = self.inner_notebook_files.get_current_page()
if checkbutton.get_active() == True:
for items in self.liststore:
iter = self.treesort.get_iter(ctr)
iter = self.treesort.convert_iter_to_child_iter(iter)
iter = self.treefilter.convert_iter_to_child_iter(iter)
if iter != None:
if self.liststore.get_value(iter, 4) == False:
iterlist.append(iter)
ctr += 1
for iters in iterlist:
self.liststore.remove(iters)
elif self.application != None:
self.liststore.clear()
if ipage == EXE_PAGE:
self.executable_files_initialize(self.application)
elif ipage == WRITABLE_PAGE:
self.writable_files_initialize(self.application)
elif ipage == APP_PAGE:
self.application_files_initialize(self.application)
def fix_mislabeled(self, path):
cur = selinux.getfilecon(path)[1].split(":")[2]
con = selinux.matchpathcon(path, 0)[1].split(":")[2]
if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES:
self.dbus.restorecon(path)
self.application_selected()
def new_updates(self, *args):
self.update_button.set_sensitive(self.modified())
self.revert_button.set_sensitive(self.modified())
def update_or_revert_changes(self, button, *args):
self.update_gui()
self.update = (button.get_label() == _("Update"))
if self.update:
self.update_window.set_title(_("Update Changes"))
else:
self.update_window.set_title(_("Revert Changes"))
def apply_changes_button_press(self, *args):
self.close_popup()
if self.update:
self.update_the_system()
else:
self.revert_data()
self.finish_init = False
self.previously_modified_initialize(self.dbus.customized())
self.finish_init = True
self.clear_filters()
self.application_selected()
self.new_updates()
self.update_treestore.clear()
def update_the_system(self, *args):
self.close_popup()
update_buffer = self.format_update()
self.wait_mouse()
try:
self.dbus.semanage(update_buffer)
except dbus.exceptions.DBusException, e:
print e
self.ready_mouse()
self.init_cur()
def ipage_value_lookup(self, lookup):
ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0}
for value in ipage_values:
if value == lookup:
return ipage_values[value]
return "Booleans"
def get_attributes_update(self, attribute):
attribute = attribute.split(": ")[1]
bool_id = attribute.split(": ")[0]
if bool_id == "SELinux name":
self.bool_revert = attribute
else:
return attribute
def format_update(self):
self.revert_data()
update_buffer = ""
for k in self.cur_dict:
if k in "boolean":
for b in self.cur_dict[k]:
update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b)
if k in "login":
for l in self.cur_dict[k]:
if self.cur_dict[k][l]["action"] == "-d":
update_buffer += "login -d %s\n" % l
else:
update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l)
if k in "user":
for u in self.cur_dict[k]:
if self.cur_dict[k][u]["action"] == "-d":
update_buffer += "user -d %s\n" % u
else:
update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
if k in "fcontext-equiv":
for f in self.cur_dict[k]:
if self.cur_dict[k][f]["action"] == "-d":
update_buffer += "fcontext -d %s\n" % f
else:
update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f)
if k in "fcontext":
for f in self.cur_dict[k]:
if self.cur_dict[k][f]["action"] == "-d":
update_buffer += "fcontext -d %s\n" % f
else:
update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f)
if k in "port":
for port, protocol in self.cur_dict[k]:
if self.cur_dict[k][(port, protocol)]["action"] == "-d":
update_buffer += "port -d -p %s %s\n" % (protocol, port)
else:
update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port)
return update_buffer
def revert_data(self):
ctr = 0
remove_list = []
update_buffer = ""
for items in self.update_treestore:
if not self.update_treestore[ctr][0]:
remove_list.append(ctr)
ctr += 1
remove_list.reverse()
for ctr in remove_list:
self.remove_cur(ctr)
def reveal_advanced_system(self, label, *args):
advanced = label.get_text() == ADVANCED_LABEL[0]
if advanced:
label.set_text(ADVANCED_LABEL[1])
else:
label.set_text(ADVANCED_LABEL[0])
self.system_policy_label.set_visible(advanced)
self.system_policy_type_combobox.set_visible(advanced)
def reveal_advanced(self, label, *args):
advanced = label.get_text() == ADVANCED_LABEL[0]
if advanced:
label.set_text(ADVANCED_LABEL[1])
else:
label.set_text(ADVANCED_LABEL[0])
self.files_mls_label.set_visible(advanced)
self.files_mls_entry.set_visible(advanced)
self.network_mls_label.set_visible(advanced)
self.network_mls_entry.set_visible(advanced)
def advanced_search_initialize(self, path):
try:
if path[0] == '/':
domain = sepolicy.get_init_transtype(path)
else:
domain = path
except IndexError:
return
except OSError:
return
iter = self.advanced_search_liststore.append()
self.advanced_search_liststore.set_value(iter, 0, path)
self.advanced_search_liststore.set_value(iter, 1, domain)
user_types = sepolicy.get_user_types()
if domain in user_types + ['initrc_t']:
return
entrypoints = sepolicy.get_entrypoints(domain)
# From entry_point = 0 to the number of keys in the dic
for exe in entrypoints:
if len(entrypoints[exe]):
file_class = entrypoints[exe][1]
for path in entrypoints[exe][0]:
iter = self.advanced_search_liststore.append()
self.advanced_search_liststore.set_value(iter, 1, domain)
self.advanced_search_liststore.set_value(iter, 0, path)
def advanced_label_main(self, label, *args):
if label.get_text() == ADVANCED_SEARCH_LABEL[1]:
label.set_text(ADVANCED_SEARCH_LABEL[0])
self.close_popup()
else:
label.set_text(ADVANCED_SEARCH_LABEL[1])
self.show_popup(self.advanced_search_window)
def advanced_radio_select(self, button):
label = ""
if button.get_active():
label = button.get_label()
if label == '':
return
self.advanced_search_liststore.clear()
if label == "All":
for items in self.all_list:
self.advanced_search_initialize(items)
self.idle_func()
elif label == "Installed":
if self.installed_list == []:
return
for items in self.installed_list:
self.advanced_search_initialize(items)
self.idle_func()
def set_enforce_text(self, value):
if value:
self.status_bar.push(self.context_id, _("System Status: Enforcing"))
else:
self.status_bar.push(self.context_id, _("System Status: Permissive"))
self.current_status_permissive.set_active(True)
def set_enforce(self, button):
self.dbus.setenforce(button.get_active())
self.set_enforce_text(button.get_active())
def on_browse_select(self, *args):
filename = self.file_dialog.get_filename()
if filename == None:
return
self.clear_entry = False
self.file_dialog.hide()
self.files_path_entry.set_text(filename)
if self.import_export == 'Import':
self.import_config(filename)
elif self.import_export == 'Export':
self.export_config(filename)
def recursive_path(self, *args):
path = self.files_path_entry.get_text()
if self.recursive_path_toggle.get_active():
if not path.endswith("(/.*)?"):
self.files_path_entry.set_text(path + "(/.*)?")
elif path.endswith("(/.*)?"):
path = path.split("(/.*)?")[0]
self.files_path_entry.set_text(path)
def highlight_entry_text(self, entry_obj, *args):
txt = entry_obj.get_text()
if self.clear_entry:
entry_obj.set_text('')
self.clear_entry = False
def autofill_add_files_entry(self, entry):
text = entry.get_text()
if text == '':
return
if text.endswith("(/.*)?"):
self.recursive_path_toggle.set_active(True)
for d in sepolicy.DEFAULT_DIRS:
if text.startswith(d):
for t in self.files_type_combolist:
if t[0].endswith(sepolicy.DEFAULT_DIRS[d]):
self.combo_set_active_text(self.files_type_combobox, t[0])
def resize_columns(self, *args):
self.boolean_column_1 = self.boolean_treeview.get_col(1)
width = self.boolean_column_1.get_width()
renderer = self.boolean_column_1.get_cell_renderers()
def browse_for_files(self, *args):
self.file_dialog.show()
def close_config_window(self, *args):
self.file_dialog.hide()
def change_default_policy(self, *args):
if self.typeHistory == self.system_policy_type_combobox.get_active():
return
if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO:
self.system_policy_type_combobox.set_active(self.typeHistory)
return None
self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox))
self.dbus.relabel_on_boot(True)
self.typeHistory = self.system_policy_type_combobox.get_active()
def change_default_mode(self, button):
if not self.finish_init:
return
self.enabled_changed(button)
if button.get_active():
self.dbus.change_default_mode(button.get_label().lower())
def import_config_show(self, *args):
self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
self.file_dialog.set_title("Import Configuration")
self.file_dialog.show()
#self.file_dialog.set_uri('/tmp')
self.import_export = 'Import'
def export_config_show(self, *args):
self.file_dialog.set_action(Gtk.FileChooserAction.SAVE)
self.file_dialog.set_title("Export Configuration")
self.file_dialog.show()
self.import_export = 'Export'
def export_config(self, filename):
self.wait_mouse()
buf = self.dbus.customized()
fd = open(filename, 'w')
fd.write(buf)
fd.close()
self.ready_mouse()
def import_config(self, filename):
fd = open(filename, "r")
buf = fd.read()
fd.close()
self.wait_mouse()
try:
self.dbus.semanage(buf)
except OSError:
pass
self.ready_mouse()
def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old):
if (app, ipage, operation) not in dic:
dic[app, ipage, operation] = {}
if (p, q) not in dic[app, ipage, operation]:
dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old}
def translate_bool(self, b):
b = b.split('-')[1]
if b == '0':
return False
if b == '1':
return True
def relabel_on_reboot(self, *args):
active = self.relabel_button.get_active()
exists = os.path.exists("/.autorelabel")
if active and exists:
return
if not active and not exists:
return
try:
self.dbus.relabel_on_boot(active)
except dbus.exceptions.DBusException, e:
self.error(e)
def closewindow(self, window, *args):
window.hide()
self.recursive_path_toggle.set_active(False)
self.window.set_sensitive(True)
if self.moreTypes_window_files == window:
self.show_popup(self.files_popup_window)
if self.combo_get_active_text(self.files_type_combobox) == _('More...'):
self.files_type_combobox.set_active(0)
if self.error_check_window == window:
if self.files_add:
self.show_popup(self.files_popup_window)
elif self.network_add:
self.show_popup(self.network_popup_window)
if self.files_mls_label.get_visible() or self.network_mls_label.get_visible():
self.advanced_text_files.set_visible(True)
self.files_mls_label.set_visible(False)
self.files_mls_entry.set_visible(False)
self.advanced_text_network.set_visible(True)
self.network_mls_label.set_visible(False)
self.network_mls_entry.set_visible(False)
if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]:
self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0])
return True
def wait_mouse(self):
self.window.get_window().set_cursor(self.busy_cursor)
self.idle_func()
def ready_mouse(self):
self.window.get_window().set_cursor(self.ready_cursor)
self.idle_func()
def verify(self, message, title=""):
dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO,
Gtk.ButtonsType.YES_NO,
message)
dlg.set_title(title)
dlg.set_position(Gtk.WindowPosition.MOUSE)
dlg.show_all()
rc = dlg.run()
dlg.destroy()
return rc
def error(self, message):
dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR,
Gtk.ButtonsType.CLOSE,
message)
dlg.set_position(Gtk.WindowPosition.MOUSE)
dlg.show_all()
dlg.run()
dlg.destroy()
def enabled_changed(self, radio):
if not radio.get_active():
return
label = radio.get_label()
if label == 'Disabled' and self.enforce_mode != DISABLED:
if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO:
self.enforce_button.set_active(True)
if label != 'Disabled' and self.enforce_mode == DISABLED:
if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO:
self.enforce_button.set_active(True)
self.enforce_button = radio
def clear_filters(self, *args):
self.filter_entry.set_text('')
self.show_modified_only.set_active(False)
def unconfined_toggle(self, *args):
if not self.finish_init:
return
self.wait_mouse()
if self.enable_unconfined_button.get_active():
self.dbus.semanage("module -e unconfined")
else:
self.dbus.semanage("module -d unconfined")
self.ready_mouse()
def permissive_toggle(self, *args):
if not self.finish_init:
return
self.wait_mouse()
if self.enable_permissive_button.get_active():
self.dbus.semanage("module -e permissivedomains")
else:
self.dbus.semanage("module -d permissivedomains")
self.ready_mouse()
def confirmation_close(self, button, *args):
if len(self.update_treestore) > 0:
if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO:
return True
self.quit()
def quit(self, *args):
sys.exit(0)
if __name__ == '__main__':
start = SELinuxGui()