| #!/usr/bin/python -Es |
| # |
| # Copyright (C) 2013 Red Hat |
| # see file 'COPYING' for use and warranty information |
| # |
| # selinux gui is a tool for the examining and modifying SELinux policy |
| # |
| # This program is free software; you can redistribute it and/or |
| # modify it under the terms of the GNU General Public License as |
| # published by the Free Software Foundation; either version 2 of |
| # the License, or (at your option) any later version. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU General Public License for more details. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with this program; if not, write to the Free Software |
| # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA |
| # 02111-1307 USA |
| # |
| # author: Ryan Hallisey rhallisey@redhat.com |
| # author: Dan Walsh dwalsh@redhat.com |
| # author: Miroslav Grepl mgrepl@redhat.com |
| # |
| # |
| |
| from gi.repository import Gtk |
| from gi.repository import Gdk |
| from gi.repository import GLib |
| from sepolicy.sedbus import SELinuxDBus |
| import sys |
| import sepolicy |
| import selinux |
| from selinux import DISABLED, PERMISSIVE, ENFORCING |
| import sepolicy.network |
| import sepolicy.manpage |
| import dbus |
| import time |
| import os |
| import re |
| import gettext |
| import unicodedata |
| |
| PROGNAME = "policycoreutils" |
| gettext.bindtextdomain(PROGNAME, "/usr/share/locale") |
| gettext.textdomain(PROGNAME) |
| try: |
| gettext.install(PROGNAME, |
| localedir="/usr/share/locale", |
| unicode=False, |
| codeset='utf-8') |
| except IOError: |
| import __builtin__ |
| __builtin__.__dict__['_'] = unicode |
| |
| reverse_file_type_str = {} |
| for f in sepolicy.file_type_str: |
| reverse_file_type_str[sepolicy.file_type_str[f]] = f |
| |
| enabled = [_("No"), _("Yes")] |
| action = [_("Disable"), _("Enable")] |
| |
| |
| def compare(a, b): |
| return cmp(a.lower(), b.lower()) |
| |
| import distutils.sysconfig |
| ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) |
| ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) |
| OUTBOUND_PAGE = 0 |
| INBOUND_PAGE = 1 |
| |
| TRANSITIONS_FROM_PAGE = 0 |
| TRANSITIONS_TO_PAGE = 1 |
| TRANSITIONS_FILE_PAGE = 2 |
| |
| EXE_PAGE = 0 |
| WRITABLE_PAGE = 1 |
| APP_PAGE = 2 |
| |
| BOOLEANS_PAGE = 0 |
| FILES_PAGE = 1 |
| NETWORK_PAGE = 2 |
| TRANSITIONS_PAGE = 3 |
| LOGIN_PAGE = 4 |
| USER_PAGE = 5 |
| LOCKDOWN_PAGE = 6 |
| SYSTEM_PAGE = 7 |
| FILE_EQUIV_PAGE = 8 |
| START_PAGE = 9 |
| |
| keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] |
| |
| DISABLED_TEXT = _("""<small> |
| To change from Disabled to Enforcing mode |
| - Change the system mode from Disabled to Permissive |
| - Reboot, so that the system can relabel |
| - Once the system is working as planned |
| * Change the system mode to Enforcing</small> |
| """) |
| |
| |
| class SELinuxGui(): |
| |
| def __init__(self, app=None, test=False): |
| self.finish_init = False |
| self.opage = START_PAGE |
| self.dbus = SELinuxDBus() |
| try: |
| customized = self.dbus.customized() |
| except dbus.exceptions.DBusException, e: |
| print e |
| self.quit() |
| |
| sepolicy_domains = sepolicy.get_all_domains() |
| sepolicy_domains.sort(compare) |
| if app and app not in sepolicy_domains: |
| self.error(_("%s is not a valid domain" % app)) |
| self.quit() |
| |
| self.init_cur() |
| self.application = app |
| self.filter_txt = "" |
| builder = Gtk.Builder() # BUILDER OBJ |
| self.code_path = distutils.sysconfig.get_python_lib(plat_specific=True) + "/sepolicy/" |
| glade_file = self.code_path + "sepolicy.glade" |
| builder.add_from_file(glade_file) |
| self.outer_notebook = builder.get_object("outer_notebook") |
| self.window = builder.get_object("SELinux_window") |
| self.main_selection_window = builder.get_object("Main_selection_menu") |
| self.main_advanced_label = builder.get_object("main_advanced_label") |
| self.popup = 0 |
| self.applications_selection_button = builder.get_object("applications_selection_button") |
| self.revert_button = builder.get_object("Revert_button") |
| self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) |
| self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) |
| self.initialtype = selinux.selinux_getpolicytype()[1] |
| self.current_popup = None |
| self.import_export = None |
| self.clear_entry = True |
| self.files_add = False |
| self.network_add = False |
| |
| self.all_list = [] |
| self.installed_list = [] |
| self.previously_modified = {} |
| |
| # file dialog |
| self.file_dialog = builder.get_object("add_path_dialog") |
| # Error check *************************************** |
| self.error_check_window = builder.get_object("error_check_window") |
| self.error_check_label = builder.get_object("error_check_label") |
| self.invalid_entry = False |
| # Advanced search window **************************** |
| self.advanced_search_window = builder.get_object("advanced_search_window") |
| self.advanced_search_liststore = builder.get_object("Advanced_search_liststore") |
| self.advanced_search_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.advanced_search_filter = builder.get_object("advanced_filter") |
| self.advanced_search_filter.set_visible_func(self.filter_the_data) |
| self.advanced_filter_entry = builder.get_object("advanced_filter_entry") |
| self.advanced_search_treeview = builder.get_object("advanced_search_treeview") |
| self.advanced_search = False |
| |
| # Login Items ************************************** |
| self.login_label = builder.get_object("Login_label") |
| self.login_seuser_combobox = builder.get_object("login_seuser_combobox") |
| self.login_seuser_combolist = builder.get_object("login_seuser_liststore") |
| self.login_name_entry = builder.get_object("login_name_entry") |
| self.login_mls_label = builder.get_object("login_mls_label") |
| self.login_mls_entry = builder.get_object("login_mls_entry") |
| self.login_radio_button = builder.get_object("Login_button") |
| self.login_treeview = builder.get_object("login_treeview") |
| self.login_liststore = builder.get_object("login_liststore") |
| self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.login_filter = builder.get_object("login_filter") |
| self.login_filter.set_visible_func(self.filter_the_data) |
| self.login_popup_window = builder.get_object("login_popup_window") |
| self.login_delete_liststore = builder.get_object("login_delete_liststore") |
| self.login_delete_window = builder.get_object("login_delete_window") |
| |
| # Users Items ************************************** |
| self.user_popup_window = builder.get_object("user_popup_window") |
| self.user_radio_button = builder.get_object("User_button") |
| self.user_liststore = builder.get_object("user_liststore") |
| self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.user_filter = builder.get_object("user_filter") |
| self.user_filter.set_visible_func(self.filter_the_data) |
| self.user_treeview = builder.get_object("user_treeview") |
| self.user_roles_combobox = builder.get_object("user_roles_combobox") |
| self.user_roles_combolist = builder.get_object("user_roles_liststore") |
| self.user_label = builder.get_object("User_label") |
| self.user_name_entry = builder.get_object("user_name_entry") |
| self.user_mls_label = builder.get_object("user_mls_label") |
| self.user_mls_level_entry = builder.get_object("user_mls_level_entry") |
| self.user_mls_entry = builder.get_object("user_mls_entry") |
| self.user_combobox = builder.get_object("selinux_user_combobox") |
| self.user_delete_liststore = builder.get_object("user_delete_liststore") |
| self.user_delete_window = builder.get_object("user_delete_window") |
| |
| # File Equiv Items ************************************** |
| self.file_equiv_label = builder.get_object("file_equiv_label") |
| self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") |
| self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") |
| self.file_equiv_radio_button = builder.get_object("file_equiv_button") |
| self.file_equiv_treeview = builder.get_object("file_equiv_treeview") |
| self.file_equiv_liststore = builder.get_object("file_equiv_liststore") |
| self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") |
| self.file_equiv_treefilter = builder.get_object("file_equiv_filter") |
| self.file_equiv_treefilter.set_visible_func(self.filter_the_data) |
| self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") |
| self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") |
| |
| # System Items ************************************** |
| self.app_system_button = builder.get_object("app_system_button") |
| self.system_radio_button = builder.get_object("System_button") |
| self.lockdown_radio_button = builder.get_object("Lockdown_button") |
| self.systems_box = builder.get_object("Systems_box") |
| self.relabel_button = builder.get_object("Relabel_button") |
| self.relabel_button_no = builder.get_object("Relabel_button_no") |
| self.advanced_system = builder.get_object("advanced_system") |
| self.outer_notebook_frame = builder.get_object("outer_notebook_frame") |
| self.system_policy_label = builder.get_object("system_policy_type_label") |
| # Browse Items ************************************** |
| self.select_button_browse = builder.get_object("select_button_browse") |
| self.cancel_button_browse = builder.get_object("cancel_button_browse") |
| # More types window items *************************** |
| self.moreTypes_window_files = builder.get_object("moreTypes_window_files") |
| self.more_types_files_liststore = builder.get_object("more_types_file_liststore") |
| self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") |
| # System policy type ******************************** |
| self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") |
| self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") |
| self.policy_list = [] |
| if self.populate_system_policy() < 2: |
| self.advanced_system.set_visible(False) |
| self.system_policy_label.set_visible(False) |
| self.system_policy_type_combobox.set_visible(False) |
| |
| self.enforcing_button_default = builder.get_object("Enforcing_button_default") |
| self.permissive_button_default = builder.get_object("Permissive_button_default") |
| self.disabled_button_default = builder.get_object("Disabled_button_default") |
| self.initialize_system_default_mode() |
| |
| # Lockdown Window ********************************* |
| self.enable_unconfined_button = builder.get_object("enable_unconfined") |
| self.disable_unconfined_button = builder.get_object("disable_unconfined") |
| self.enable_permissive_button = builder.get_object("enable_permissive") |
| self.disable_permissive_button = builder.get_object("disable_permissive") |
| self.enable_ptrace_button = builder.get_object("enable_ptrace") |
| self.disable_ptrace_button = builder.get_object("disable_ptrace") |
| |
| # Help Window ********************************* |
| self.help_window = builder.get_object("help_window") |
| self.help_text = builder.get_object("help_textv") |
| self.info_text = builder.get_object("info_text") |
| self.help_image = builder.get_object("help_image") |
| self.forward_button = builder.get_object("forward_button") |
| self.back_button = builder.get_object("back_button") |
| # Update menu items ********************************* |
| self.update_window = builder.get_object("update_window") |
| self.update_treeview = builder.get_object("update_treeview") |
| self.update_treestore = builder.get_object("Update_treestore") |
| self.apply_button = builder.get_object("apply_button") |
| self.update_button = builder.get_object("Update_button") |
| # Add button objects ******************************** |
| self.add_button = builder.get_object("Add_button") |
| self.delete_button = builder.get_object("Delete_button") |
| |
| self.files_path_entry = builder.get_object("files_path_entry") |
| self.network_ports_entry = builder.get_object("network_ports_entry") |
| self.files_popup_window = builder.get_object("files_popup_window") |
| self.network_popup_window = builder.get_object("network_popup_window") |
| |
| self.popup_network_label = builder.get_object("Network_label") |
| self.popup_files_label = builder.get_object("files_label") |
| |
| self.recursive_path_toggle = builder.get_object("make_path_recursive") |
| self.files_type_combolist = builder.get_object("files_type_combo_store") |
| self.files_class_combolist = builder.get_object("files_class_combo_store") |
| self.files_type_combobox = builder.get_object("files_type_combobox") |
| self.files_class_combobox = builder.get_object("files_class_combobox") |
| self.files_mls_label = builder.get_object("files_mls_label") |
| self.files_mls_entry = builder.get_object("files_mls_entry") |
| self.advanced_text_files = builder.get_object("Advanced_text_files") |
| self.files_cancel_button = builder.get_object("cancel_delete_files") |
| |
| self.network_tcp_button = builder.get_object("tcp_button") |
| self.network_udp_button = builder.get_object("udp_button") |
| self.network_port_type_combolist = builder.get_object("network_type_combo_store") |
| self.network_port_type_combobox = builder.get_object("network_type_combobox") |
| self.network_mls_label = builder.get_object("network_mls_label") |
| self.network_mls_entry = builder.get_object("network_mls_entry") |
| self.advanced_text_network = builder.get_object("Advanced_text_network") |
| self.network_cancel_button = builder.get_object("cancel_network_delete") |
| |
| # Add button objects ******************************** |
| |
| # Modify items ************************************** |
| self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") |
| self.mislabeled_files_label = builder.get_object("mislabeled_files_label") |
| self.warning_files = builder.get_object("warning_files") |
| self.modify_button = builder.get_object("Modify_button") |
| self.modify_button.set_sensitive(False) |
| # Modify items ************************************** |
| |
| # Fix label ***************************************** |
| self.fix_label_window = builder.get_object("fix_label_window") |
| self.fixlabel_label = builder.get_object("fixlabel_label") |
| self.fix_label_cancel = builder.get_object("fix_label_cancel") |
| # Fix label ***************************************** |
| |
| # Delete items ************************************** |
| self.files_delete_window = builder.get_object("files_delete_window") |
| self.files_delete_treeview = builder.get_object("files_delete_treeview") |
| self.files_delete_liststore = builder.get_object("files_delete_liststore") |
| self.network_delete_window = builder.get_object("network_delete_window") |
| self.network_delete_treeview = builder.get_object("network_delete_treeview") |
| self.network_delete_liststore = builder.get_object("network_delete_liststore") |
| # Delete items ************************************** |
| |
| # Progress bar ************************************** |
| self.progress_bar = builder.get_object("progress_bar") |
| # Progress bar ************************************** |
| |
| # executable_files items **************************** |
| self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view |
| self.executable_files_filter = builder.get_object("executable_files_filter") |
| self.executable_files_filter.set_visible_func(self.filter_the_data) |
| self.executable_files_tab = builder.get_object("Executable_files_tab") |
| self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() |
| self.executable_files_liststore = builder.get_object("executable_files_treestore") |
| self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| |
| self.files_radio_button = builder.get_object("files_button") |
| self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() |
| # executable_files items **************************** |
| |
| # writable files items ****************************** |
| self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view |
| self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class |
| self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.writable_files_filter = builder.get_object("writable_files_filter") |
| self.writable_files_filter.set_visible_func(self.filter_the_data) |
| self.writable_files_tab = builder.get_object("Writable_files_tab") |
| self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() |
| # writable files items ****************************** |
| |
| # Application File Types **************************** |
| self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view |
| self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class |
| self.application_files_filter.set_visible_func(self.filter_the_data) |
| self.application_files_tab = builder.get_object("Application_files_tab") |
| self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() |
| self.application_files_liststore = builder.get_object("application_files_treestore") |
| self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.application_files_tab = builder.get_object("Application_files_tab") |
| self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() |
| # Application File Type ***************************** |
| |
| # network items ************************************* |
| self.network_radio_button = builder.get_object("network_button") |
| self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() |
| |
| self.network_out_treeview = builder.get_object("outbound_treeview") |
| self.network_out_liststore = builder.get_object("network_out_liststore") |
| self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.network_out_filter = builder.get_object("network_out_filter") |
| self.network_out_filter.set_visible_func(self.filter_the_data) |
| self.network_out_tab = builder.get_object("network_out_tab") |
| self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() |
| |
| self.network_in_treeview = builder.get_object("inbound_treeview") |
| self.network_in_liststore = builder.get_object("network_in_liststore") |
| self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.network_in_filter = builder.get_object("network_in_filter") |
| self.network_in_filter.set_visible_func(self.filter_the_data) |
| self.network_in_tab = builder.get_object("network_in_tab") |
| self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() |
| # network items ************************************* |
| |
| # boolean items ************************************ |
| self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list |
| self.boolean_liststore = builder.get_object("boolean_liststore") |
| self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) |
| self.boolean_filter = builder.get_object("boolean_filter") |
| self.boolean_filter.set_visible_func(self.filter_the_data) |
| |
| self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") |
| self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") |
| self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") |
| self.boolean_radio_button = builder.get_object("Booleans_button") |
| self.active_button = self.boolean_radio_button |
| self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() |
| # boolean items ************************************ |
| |
| # transitions items ************************************ |
| self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File |
| self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with |
| self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) |
| self.transitions_into_filter = builder.get_object("transitions_into_filter") |
| self.transitions_into_filter.set_visible_func(self.filter_the_data) |
| self.transitions_into_tab = builder.get_object("Transitions_into_tab") |
| self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() |
| |
| self.transitions_radio_button = builder.get_object("Transitions_button") |
| self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() |
| |
| self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list |
| self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype |
| self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) |
| self.transitions_from_filter = builder.get_object("transitions_from_filter") |
| self.transitions_from_filter.set_visible_func(self.filter_the_data) |
| self.transitions_from_tab = builder.get_object("Transitions_from_tab") |
| self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() |
| |
| self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list |
| self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype |
| self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) |
| self.transitions_file_filter = builder.get_object("file_transitions_filter") |
| self.transitions_file_filter.set_visible_func(self.filter_the_data) |
| self.transitions_file_tab = builder.get_object("file_transitions") |
| self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() |
| # transitions items ************************************ |
| |
| # Combobox and Entry items ************************** |
| self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar |
| self.combobox_menu_model = builder.get_object("application_liststore") |
| self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() |
| self.completion_entry_model = builder.get_object("application_liststore") |
| self.entrycompletion_obj = builder.get_object("entrycompletion_obj") |
| #self.entrycompletion_obj = Gtk.EntryCompletion() |
| self.entrycompletion_obj.set_model(self.completion_entry_model) |
| self.entrycompletion_obj.set_minimum_key_length(0) |
| self.entrycompletion_obj.set_text_column(0) |
| self.entrycompletion_obj.set_match_func(self.match_func, None) |
| self.completion_entry.set_completion(self.entrycompletion_obj) |
| self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) |
| # Combobox and Entry items ************************** |
| |
| # Modify buttons ************************************ |
| self.show_modified_only = builder.get_object("Show_modified_only_toggle") |
| # Modify button ************************************* |
| |
| # status bar ***************************************** |
| self.current_status_label = builder.get_object("Enforcing_label") |
| self.current_status_enforcing = builder.get_object("Enforcing_button") |
| self.current_status_permissive = builder.get_object("Permissive_button") |
| self.status_bar = builder.get_object("status_bar") |
| self.context_id = self.status_bar.get_context_id("SELinux status") |
| |
| # filters ********************************************* |
| self.filter_entry = builder.get_object("filter_entry") |
| self.filter_box = builder.get_object("filter_box") |
| self.add_modify_delete_box = builder.get_object("add_modify_delete_box") |
| # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) |
| |
| # Toggle button **************************************** |
| self.cell = builder.get_object("activate") |
| self.del_cell_files = builder.get_object("files_toggle_delete") |
| self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) |
| self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") |
| self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) |
| self.del_cell_user = builder.get_object("user_toggle_delete") |
| self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) |
| self.del_cell_login = builder.get_object("login_toggle_delete") |
| self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) |
| self.del_cell_network = builder.get_object("network_toggle_delete") |
| self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) |
| self.update_cell = builder.get_object("toggle_update") |
| # Notebook items *************************************** |
| self.outer_notebook = builder.get_object("outer_notebook") |
| self.inner_notebook_files = builder.get_object("files_inner_notebook") |
| self.inner_notebook_network = builder.get_object("network_inner_notebook") |
| self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") |
| # logind gui *************************************** |
| loading_gui = builder.get_object("loading_gui") |
| |
| self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) |
| self.all_entries = [] |
| |
| # Need to connect button on code because the tree view model is a treeviewsort |
| self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) |
| |
| self.loading = 1 |
| path = None |
| if test: |
| domains = ["httpd_t", "abrt_t"] |
| if app and app not in domains: |
| domains.append(app) |
| else: |
| domains = sepolicy_domains |
| loading_gui.show() |
| length = len(domains) |
| for domain in domains: |
| # After the user selects a path in the drop down menu call |
| # get_init_entrypoint_target(entrypoint) to get the transtype |
| # which will give you the application |
| self.combo_box_initialize(domain, None) |
| self.advanced_search_initialize(domain) |
| self.all_list.append(domain) |
| self.percentage = float(float(self.loading) / float(length)) |
| self.progress_bar.set_fraction(self.percentage) |
| self.progress_bar.set_pulse_step(self.percentage) |
| self.idle_func() |
| |
| entrypoint = sepolicy.get_init_entrypoint(domain) |
| if entrypoint: |
| path = sepolicy.find_entrypoint_path(entrypoint) |
| if path: |
| self.combo_box_initialize(path, None) |
| # Adds all files entrypoint paths that exists on disc |
| # into the combobox |
| self.advanced_search_initialize(path) |
| self.installed_list.append(path) |
| |
| self.loading += 1 |
| loading_gui.hide() |
| |
| dic = { |
| "on_combo_button_clicked": self.open_combo_menu, |
| "on_disable_ptrace_toggled": self.on_disable_ptrace, |
| "on_SELinux_window_configure_event": self.hide_combo_menu, |
| "on_entrycompletion_obj_match_selected": self.set_application_label, |
| "on_filter_changed": self.get_filter_data, |
| "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, |
| "on_save_changes_login_clicked": self.update_to_login, |
| "on_save_changes_user_clicked": self.update_to_user, |
| "on_save_changes_files_clicked": self.update_to_files, |
| "on_save_changes_network_clicked": self.update_to_network, |
| "on_Advanced_text_files_button_press_event": self.reveal_advanced, |
| "item_in_tree_selected": self.cursor_changed, |
| "on_Application_file_types_treeview_configure_event": self.resize_wrap, |
| "on_save_delete_clicked": self.on_save_delete_clicked, |
| "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, |
| "on_retry_button_files_clicked": self.invalid_entry_retry, |
| "on_make_path_recursive_toggled": self.recursive_path, |
| "on_files_path_entry_button_press_event": self.highlight_entry_text, |
| "on_files_path_entry_changed": self.autofill_add_files_entry, |
| "on_select_type_files_clicked": self.select_type_more, |
| "on_choose_file": self.on_browse_select, |
| "on_Enforcing_button_toggled": self.set_enforce, |
| "on_confirmation_close": self.confirmation_close, |
| "on_column_clicked": self.column_clicked, |
| "on_tab_switch": self.clear_filters, |
| |
| "on_file_equiv_button_clicked": self.show_file_equiv_page, |
| "on_app/system_button_clicked": self.system_interface, |
| "on_app/users_button_clicked": self.users_interface, |
| "on_main_advanced_label_button_press_event": self.advanced_label_main, |
| |
| "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, |
| "on_Browse_button_files_clicked": self.browse_for_files, |
| "on_cancel_popup_clicked": self.close_popup, |
| "on_treeview_cursor_changed": self.cursor_changed, |
| "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, |
| "on_user_roles_combobox_changed": self.user_roles_combobox_change, |
| |
| "on_cancel_button_browse_clicked": self.close_config_window, |
| "on_apply_button_clicked": self.apply_changes_button_press, |
| "on_Revert_button_clicked": self.update_or_revert_changes, |
| "on_Update_button_clicked": self.update_or_revert_changes, |
| "on_advanced_filter_entry_changed": self.get_advanced_filter_data, |
| "on_advanced_search_treeview_row_activated": self.advanced_item_selected, |
| "on_Select_advanced_search_clicked": self.advanced_item_button_push, |
| "on_All_advanced_button_toggled": self.advanced_radio_select, |
| "on_Installed_advanced_button_toggled": self.advanced_radio_select, |
| "on_info_button_button_press_event": self.on_help_button, |
| "on_back_button_clicked": self.on_help_back_clicked, |
| "on_forward_button_clicked": self.on_help_forward_clicked, |
| "on_Boolean_treeview_columns_changed": self.resize_columns, |
| "on_completion_entry_changed": self.application_selected, |
| "on_Add_button_clicked": self.add_button_clicked, |
| "on_Delete_button_clicked": self.delete_button_clicked, |
| "on_Modify_button_clicked": self.modify_button_clicked, |
| "on_Show_modified_only_toggled": self.on_show_modified_only, |
| "on_cancel_button_config_clicked": self.close_config_window, |
| "on_Import_button_clicked": self.import_config_show, |
| "on_Export_button_clicked": self.export_config_show, |
| "on_enable_unconfined_toggled": self.unconfined_toggle, |
| "on_enable_permissive_toggled": self.permissive_toggle, |
| "on_system_policy_type_combobox_changed": self.change_default_policy, |
| "on_Enforcing_button_default_toggled": self.change_default_mode, |
| "on_Permissive_button_default_toggled": self.change_default_mode, |
| "on_Disabled_button_default_toggled": self.change_default_mode, |
| |
| "on_Relabel_button_toggled_cb": self.relabel_on_reboot, |
| "on_advanced_system_button_press_event": self.reveal_advanced_system, |
| "on_files_type_combobox_changed": self.show_more_types, |
| "on_filter_row_changed": self.filter_the_data, |
| "on_button_toggled": self.tab_change, |
| "gtk_main_quit": self.closewindow |
| } |
| |
| self.previously_modified_initialize(customized) |
| builder.connect_signals(dic) |
| self.window.show() # Show the gui to the screen |
| GLib.timeout_add_seconds(5, self.selinux_status) |
| self.selinux_status() |
| self.lockdown_inited = False |
| self.add_modify_delete_box.hide() |
| self.filter_box.hide() |
| if self.status == DISABLED: |
| self.show_system_page() |
| else: |
| if self.application: |
| self.applications_selection_button.set_label(self.application) |
| self.completion_entry.set_text(self.application) |
| self.show_applications_page() |
| self.tab_change() |
| else: |
| self.clearbuttons() |
| self.outer_notebook.set_current_page(START_PAGE) |
| |
| self.reinit() |
| self.finish_init = True |
| Gtk.main() |
| |
| def init_cur(self): |
| self.cur_dict = {} |
| for k in keys: |
| self.cur_dict[k] = {} |
| |
| def remove_cur(self, ctr): |
| i = 0 |
| for k in self.cur_dict: |
| for j in self.cur_dict[k]: |
| if i == ctr: |
| del(self.cur_dict[k][j]) |
| return |
| i += 1 |
| |
| def selinux_status(self): |
| try: |
| self.status = selinux.security_getenforce() |
| except OSError: |
| self.status = DISABLED |
| if self.status == DISABLED: |
| self.current_status_label.set_sensitive(False) |
| self.current_status_enforcing.set_sensitive(False) |
| self.current_status_permissive.set_sensitive(False) |
| self.enforcing_button_default.set_sensitive(False) |
| self.status_bar.push(self.context_id, _("System Status: Disabled")) |
| self.info_text.set_label(DISABLED_TEXT) |
| else: |
| self.set_enforce_text(self.status) |
| if os.path.exists('/.autorelabel'): |
| self.relabel_button.set_active(True) |
| else: |
| self.relabel_button_no.set_active(True) |
| |
| policytype = selinux.selinux_getpolicytype()[1] |
| |
| mode = selinux.selinux_getenforcemode()[1] |
| if mode == ENFORCING: |
| self.enforcing_button_default.set_active(True) |
| if mode == PERMISSIVE: |
| self.permissive_button_default.set_active(True) |
| if mode == DISABLED: |
| self.disabled_button_default.set_active(True) |
| |
| return True |
| |
| def lockdown_init(self): |
| if self.lockdown_inited: |
| return |
| self.wait_mouse() |
| self.lockdown_inited = True |
| self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) |
| self.module_dict = {} |
| for m in self.dbus.semodule_list().split("\n"): |
| mod = m.split() |
| if len(mod) < 2: |
| continue |
| self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)} |
| |
| self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) |
| self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) |
| self.ready_mouse() |
| |
| def column_clicked(self, treeview, treepath, treecol, *args): |
| iter = self.get_selected_iter() |
| if not iter: |
| return |
| |
| if self.opage == BOOLEANS_PAGE: |
| if treecol.get_name() == "more_detail_col": |
| self.display_more_detail(self.window, treepath) |
| |
| if self.opage == FILES_PAGE: |
| visible = self.liststore.get_value(iter, 3) |
| # If visible is true then fix mislabeled will be visible |
| if treecol.get_name() == "restorecon_col" and visible: |
| self.fix_mislabeled(self.liststore.get_value(iter, 0)) |
| |
| if self.opage == TRANSITIONS_PAGE: |
| bool_name = self.liststore.get_value(iter, 1) |
| if bool_name: |
| self.boolean_radio_button.clicked() |
| self.filter_entry.set_text(bool_name) |
| |
| def idle_func(self): |
| while Gtk.events_pending(): |
| Gtk.main_iteration() |
| |
| def match_func(self, completion, key_string, iter, func_data): |
| try: |
| if self.combobox_menu_model.get_value(iter, 0).find(key_string) != -1: |
| return True |
| return False |
| except AttributeError: |
| pass |
| |
| def help_show_page(self): |
| self.back_button.set_sensitive(self.help_page != 0) |
| self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) |
| try: |
| fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") |
| buf = fd.read() |
| fd.close() |
| except IOError: |
| buf = "" |
| help_text = self.help_text.get_buffer() |
| help_text.set_text(buf % {"APP": self.application}) |
| self.help_text.set_buffer(help_text) |
| self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) |
| self.show_popup(self.help_window) |
| |
| def on_help_back_clicked(self, *args): |
| self.help_page -= 1 |
| self.help_show_page() |
| |
| def on_help_forward_clicked(self, *args): |
| self.help_page += 1 |
| self.help_show_page() |
| |
| def on_help_button(self, *args): |
| self.help_page = 0 |
| self.help_list = [] |
| if self.opage == START_PAGE: |
| self.help_window.set_title(_("Help: Start Page")) |
| self.help_list = ["start"] |
| |
| if self.opage == BOOLEANS_PAGE: |
| self.help_window.set_title(_("Help: Booleans Page")) |
| self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] |
| |
| if self.opage == FILES_PAGE: |
| ipage = self.inner_notebook_files.get_current_page() |
| if ipage == EXE_PAGE: |
| self.help_window.set_title(_("Help: Executable Files Page")) |
| self.help_list = ["files_exec"] |
| if ipage == WRITABLE_PAGE: |
| self.help_window.set_title(_("Help: Writable Files Page")) |
| self.help_list = ["files_write"] |
| if ipage == APP_PAGE: |
| self.help_window.set_title(_("Help: Application Types Page")) |
| self.help_list = ["files_app"] |
| if self.opage == NETWORK_PAGE: |
| ipage = self.inner_notebook_network.get_current_page() |
| if ipage == OUTBOUND_PAGE: |
| self.help_window.set_title(_("Help: Outbound Network Connections Page")) |
| self.help_list = ["ports_outbound"] |
| if ipage == INBOUND_PAGE: |
| self.help_window.set_title(_("Help: Inbound Network Connections Page")) |
| self.help_list = ["ports_inbound"] |
| |
| if self.opage == TRANSITIONS_PAGE: |
| ipage = self.inner_notebook_transitions.get_current_page() |
| if ipage == TRANSITIONS_FROM_PAGE: |
| self.help_window.set_title(_("Help: Transition from application Page")) |
| self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] |
| if ipage == TRANSITIONS_TO_PAGE: |
| self.help_window.set_title(_("Help: Transition into application Page")) |
| self.help_list = ["transition_to"] |
| if ipage == TRANSITIONS_FILE_PAGE: |
| self.help_window.set_title(_("Help: Transition application file Page")) |
| self.help_list = ["transition_file"] |
| |
| if self.opage == SYSTEM_PAGE: |
| self.help_window.set_title(_("Help: Systems Page")) |
| self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] |
| |
| if self.opage == LOCKDOWN_PAGE: |
| self.help_window.set_title(_("Help: Lockdown Page")) |
| self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] |
| |
| if self.opage == LOGIN_PAGE: |
| self.help_window.set_title(_("Help: Login Page")) |
| self.help_list = ["login", "login_default"] |
| |
| if self.opage == USER_PAGE: |
| self.help_window.set_title(_("Help: SELinux User Page")) |
| self.help_list = ["users"] |
| |
| if self.opage == FILE_EQUIV_PAGE: |
| self.help_window.set_title(_("Help: File Equivalence Page")) |
| self.help_list = ["file_equiv"] |
| return self.help_show_page() |
| |
| def open_combo_menu(self, *args): |
| if self.popup == 0: |
| self.popup = 1 |
| location = self.window.get_position() |
| self.main_selection_window.move(location[0] + 2, location[1] + 65) |
| self.main_selection_window.show() |
| else: |
| self.main_selection_window.hide() |
| self.popup = 0 |
| |
| def hide_combo_menu(self, *args): |
| self.main_selection_window.hide() |
| self.popup = 0 |
| |
| def set_application_label(self, *args): |
| self.set_application_label = True |
| |
| def resize_wrap(self, *args): |
| print args |
| |
| def initialize_system_default_mode(self): |
| self.enforce_mode = selinux.selinux_getenforcemode()[1] |
| if self.enforce_mode == ENFORCING: |
| self.enforce_button = self.enforcing_button_default |
| if self.enforce_mode == PERMISSIVE: |
| self.enforce_button = self.permissive_button_default |
| if self.enforce_mode == DISABLED: |
| self.enforce_button = self.disabled_button_default |
| |
| def populate_system_policy(self): |
| selinux_path = selinux.selinux_path() |
| types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0] |
| types.sort() |
| ctr = 0 |
| for item in types: |
| iter = self.system_policy_type_liststore.append() |
| self.system_policy_type_liststore.set_value(iter, 0, item) |
| if item == self.initialtype: |
| self.system_policy_type_combobox.set_active(ctr) |
| self.typeHistory = ctr |
| ctr += 1 |
| return ctr |
| |
| def filter_the_data(self, list, iter, *args): |
| # When there is no txt in the box show all items in the tree |
| if self.filter_txt == "": |
| return True |
| try: |
| for x in range(0, list.get_n_columns()): |
| try: |
| val = list.get_value(iter, x) |
| if val == True or val == False or val == None: |
| continue |
| # Returns true if filter_txt exists within the val |
| if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): |
| return True |
| except AttributeError, TypeError: |
| pass |
| except: # ValueError: |
| pass |
| return False |
| |
| def net_update(self, app, netd, protocol, direction, model): |
| for k in netd.keys(): |
| for t, ports in netd[k]: |
| pkey = (",".join(ports), protocol) |
| if pkey in self.cur_dict["port"]: |
| if self.cur_dict["port"][pkey]["action"] == "-d": |
| continue |
| if t != self.cur_dict["port"][pkey]["type"]: |
| continue |
| self.network_initial_data_insert(model, ", ".join(ports), t, protocol) |
| |
| def file_equiv_initialize(self): |
| self.wait_mouse() |
| edict = sepolicy.get_file_equiv() |
| self.file_equiv_liststore.clear() |
| for f in edict: |
| iter = self.file_equiv_liststore.append() |
| if edict[f]["modify"]: |
| name = self.markup(f) |
| equiv = self.markup(edict[f]["equiv"]) |
| else: |
| name = f |
| equiv = edict[f]["equiv"] |
| |
| self.file_equiv_liststore.set_value(iter, 0, name) |
| self.file_equiv_liststore.set_value(iter, 1, equiv) |
| self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) |
| self.ready_mouse() |
| |
| def user_initialize(self): |
| self.wait_mouse() |
| self.user_liststore.clear() |
| for u in sepolicy.get_selinux_users(): |
| iter = self.user_liststore.append() |
| self.user_liststore.set_value(iter, 0, str(u["name"])) |
| roles = u["roles"] |
| if "object_r" in roles: |
| roles.remove("object_r") |
| self.user_liststore.set_value(iter, 1, ", ".join(roles)) |
| self.user_liststore.set_value(iter, 2, u["level"]) |
| self.user_liststore.set_value(iter, 3, u["range"]) |
| self.user_liststore.set_value(iter, 4, True) |
| self.ready_mouse() |
| |
| def login_initialize(self): |
| self.wait_mouse() |
| self.login_liststore.clear() |
| for u in sepolicy.get_login_mappings(): |
| iter = self.login_liststore.append() |
| self.login_liststore.set_value(iter, 0, u["name"]) |
| self.login_liststore.set_value(iter, 1, u["seuser"]) |
| self.login_liststore.set_value(iter, 2, u["mls"]) |
| self.login_liststore.set_value(iter, 3, True) |
| self.ready_mouse() |
| |
| def network_initialize(self, app): |
| netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect") |
| self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) |
| netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind") |
| self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) |
| netd = sepolicy.network.get_network_connect(app, "udp", "name_bind") |
| self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) |
| |
| def network_initial_data_insert(self, model, ports, portType, protocol): |
| iter = model.append() |
| model.set_value(iter, 0, ports) |
| model.set_value(iter, 1, protocol) |
| model.set_value(iter, 2, portType) |
| model.set_value(iter, 4, True) |
| |
| def combo_set_active_text(self, combobox, val): |
| ctr = 0 |
| liststore = combobox.get_model() |
| for i in liststore: |
| if i[0] == val: |
| combobox.set_active(ctr) |
| return |
| ctr += 1 |
| |
| niter = liststore.get_iter(ctr - 1) |
| if liststore.get_value(niter, 0) == _("More..."): |
| iter = liststore.insert_before(niter) |
| ctr = ctr - 1 |
| else: |
| iter = liststore.append() |
| liststore.set_value(iter, 0, val) |
| combobox.set_active(ctr) |
| |
| def combo_get_active_text(self, combobox): |
| liststore = combobox.get_model() |
| index = combobox.get_active() |
| if index < 0: |
| return None |
| iter = liststore.get_iter(index) |
| return liststore.get_value(iter, 0) |
| |
| def combo_box_initialize(self, val, desc): |
| if val == None: |
| return |
| iter = self.combobox_menu_model.append() |
| for f in val: |
| self.combobox_menu_model.set_value(iter, 0, val) |
| |
| def select_type_more(self, *args): |
| app = self.moreTypes_treeview.get_selection() |
| iter = app.get_selected()[1] |
| if iter == None: |
| return |
| app = self.more_types_files_liststore.get_value(iter, 0) |
| self.combo_set_active_text(self.files_type_combobox, app) |
| self.closewindow(self.moreTypes_window_files) |
| |
| def advanced_item_button_push(self, *args): |
| row = self.advanced_search_treeview.get_selection() |
| model, iter = row.get_selected() |
| iter = model.convert_iter_to_child_iter(iter) |
| iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) |
| app = self.advanced_search_liststore.get_value(iter, 1) |
| if app == None: |
| return |
| self.advanced_filter_entry.set_text('') |
| self.advanced_search_window.hide() |
| self.reveal_advanced(self.main_advanced_label) |
| self.completion_entry.set_text(app) |
| self.application_selected() |
| |
| def advanced_item_selected(self, treeview, path, *args): |
| iter = self.advanced_search_filter.get_iter(path) |
| iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) |
| app = self.advanced_search_liststore.get_value(iter, 1) |
| self.advanced_filter_entry.set_text('') |
| self.advanced_search_window.hide() |
| self.reveal_advanced(self.main_advanced_label) |
| self.completion_entry.set_text(app) |
| self.application_selected() |
| |
| def find_application(self, app): |
| if app and len(app) > 0: |
| for items in self.combobox_menu_model: |
| if app == items[0]: |
| return True |
| return False |
| |
| def application_selected(self, *args): |
| self.show_mislabeled_files_only.set_visible(False) |
| self.mislabeled_files_label.set_visible(False) |
| self.warning_files.set_visible(False) |
| self.filter_entry.set_text('') |
| |
| app = self.completion_entry.get_text() |
| if not self.find_application(app): |
| return |
| self.show_applications_page() |
| self.add_button.set_sensitive(True) |
| self.delete_button.set_sensitive(True) |
| # Clear the tree to prepare for a new selection otherwise |
| self.executable_files_liststore.clear() |
| # data will pile up everytime the user selects a new item from the drop down menu |
| self.network_in_liststore.clear() |
| self.network_out_liststore.clear() |
| self.boolean_liststore.clear() |
| self.transitions_into_liststore.clear() |
| self.transitions_from_treestore.clear() |
| self.application_files_liststore.clear() |
| self.writable_files_liststore.clear() |
| self.transitions_file_liststore.clear() |
| |
| try: |
| if app[0] == '/': |
| app = sepolicy.get_init_transtype(app) |
| if not app: |
| return |
| self.application = app |
| except IndexError: |
| pass |
| |
| self.wait_mouse() |
| self.previously_modified_initialize(self.dbus.customized()) |
| self.reinit() |
| self.boolean_initialize(app) |
| self.mislabeled_files = False |
| self.executable_files_initialize(app) |
| self.network_initialize(app) |
| self.writable_files_initialize(app) |
| self.transitions_into_initialize(app) |
| self.transitions_from_initialize(app) |
| self.application_files_initialize(app) |
| self.transitions_files_initialize(app) |
| |
| self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) |
| self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) |
| self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) |
| self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) |
| self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) |
| self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) |
| self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) |
| self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) |
| self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) |
| self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) |
| self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) |
| self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to the '%s', when executing a selected domains entrypoint.") % app) |
| self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when the '%s' executes them.") % app) |
| self.transitions_file_tab.set_tooltip_text(_("Files by '%s' will transitions to a different label." % app)) |
| self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) |
| |
| self.application = app |
| self.applications_selection_button.set_label(self.application) |
| self.ready_mouse() |
| |
| def reinit(self): |
| sepolicy.reinit() |
| self.fcdict = sepolicy.get_fcdict() |
| self.local_file_paths = sepolicy.get_local_file_paths() |
| |
| def previously_modified_initialize(self, buf): |
| self.cust_dict = {} |
| for i in buf.split("\n"): |
| rec = i.split() |
| if len(rec) == 0: |
| continue |
| if rec[1] == "-D": |
| continue |
| if rec[0] not in self.cust_dict: |
| self.cust_dict[rec[0]] = {} |
| if rec[0] == "boolean": |
| self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} |
| if rec[0] == "login": |
| self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} |
| if rec[0] == "interface": |
| self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} |
| if rec[0] == "user": |
| self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} |
| if rec[0] == "port": |
| self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} |
| if rec[0] == "node": |
| self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} |
| if rec[0] == "fcontext": |
| if rec[2] == "-e": |
| if "fcontext-equiv" not in self.cust_dict: |
| self.cust_dict["fcontext-equiv"] = {} |
| self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} |
| else: |
| self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} |
| if rec[0] == "module": |
| self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} |
| |
| if "module" not in self.cust_dict: |
| return |
| for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: |
| if semodule in self.cust_dict["module"]: |
| button.set_active(self.cust_dict["module"][semodule]["enabled"]) |
| |
| for i in keys: |
| if i not in self.cust_dict: |
| self.cust_dict.update({i: {}}) |
| |
| def executable_files_initialize(self, application): |
| self.entrypoints = sepolicy.get_entrypoints(application) |
| for exe in self.entrypoints.keys(): |
| if len(self.entrypoints[exe]) == 0: |
| continue |
| file_class = self.entrypoints[exe][1] |
| for path in self.entrypoints[exe][0]: |
| if (path, file_class) in self.cur_dict["fcontext"]: |
| if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": |
| continue |
| if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: |
| continue |
| self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) |
| |
| def mislabeled(self, path): |
| try: |
| con = selinux.matchpathcon(path, 0)[1] |
| cur = selinux.getfilecon(path)[1] |
| return con != cur |
| except OSError: |
| return False |
| |
| def set_mislabeled(self, tree, path, iter, niter): |
| if not self.mislabeled(path): |
| return |
| con = selinux.matchpathcon(path, 0)[1] |
| cur = selinux.getfilecon(path)[1] |
| self.mislabeled_files = True |
| # Set visibility of label |
| tree.set_value(niter, 3, True) |
| # Has a mislabel |
| tree.set_value(iter, 4, True) |
| tree.set_value(niter, 4, True) |
| tree.set_value(iter, 5, con.split(":")[2]) |
| tree.set_value(iter, 6, cur.split(":")[2]) |
| |
| def writable_files_initialize(self, application): |
| # Traversing the dictionary data struct |
| self.writable_files = sepolicy.get_writable_files(application) |
| for write in self.writable_files.keys(): |
| if len(self.writable_files[write]) < 2: |
| self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) |
| continue |
| file_class = self.writable_files[write][1] |
| for path in self.writable_files[write][0]: |
| if (path, file_class) in self.cur_dict["fcontext"]: |
| if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": |
| continue |
| if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: |
| continue |
| self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) |
| |
| def files_initial_data_insert(self, liststore, path, seLinux_label, file_class): |
| iter = liststore.append(None) |
| if path == None: |
| path = _("MISSING FILE PATH") |
| modify = False |
| else: |
| modify = (path, file_class) in self.local_file_paths |
| for p in sepolicy.find_file(path): |
| niter = liststore.append(iter) |
| liststore.set_value(niter, 0, p) |
| self.set_mislabeled(liststore, p, iter, niter) |
| if modify: |
| path = self.markup(path) |
| file_class = self.markup(selinux_label) |
| file_class = self.markup(file_class) |
| liststore.set_value(iter, 0, path) |
| liststore.set_value(iter, 1, seLinux_label) |
| liststore.set_value(iter, 2, file_class) |
| liststore.set_value(iter, 7, modify) |
| |
| def markup(self, f): |
| return "<b>%s</b>" % f |
| |
| def unmarkup(self, f): |
| if f: |
| return re.sub("</b>$", "", re.sub("^<b>", "", f)) |
| return None |
| |
| def application_files_initialize(self, application): |
| self.file_types = sepolicy.get_file_types(application) |
| for app in self.file_types.keys(): |
| if len(self.file_types[app]) == 0: |
| continue |
| file_class = self.file_types[app][1] |
| for path in self.file_types[app][0]: |
| desc = sepolicy.get_description(app, markup=self.markup) |
| if (path, file_class) in self.cur_dict["fcontext"]: |
| if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": |
| continue |
| if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: |
| continue |
| self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) |
| |
| def modified(self): |
| i = 0 |
| for k in self.cur_dict: |
| if len(self.cur_dict[k]) > 0: |
| return True |
| return False |
| |
| def boolean_initialize(self, application): |
| for blist in sepolicy.get_bools(application): |
| for b, active in blist: |
| if b in self.cur_dict["boolean"]: |
| active = self.cur_dict["boolean"][b]['active'] |
| desc = sepolicy.boolean_desc(b) |
| self.boolean_initial_data_insert(b, desc, active) |
| |
| def boolean_initial_data_insert(self, val, desc, active): |
| # Insert data from data source into tree |
| iter = self.boolean_liststore.append() |
| self.boolean_liststore.set_value(iter, 0, active) |
| self.boolean_liststore.set_value(iter, 1, desc) |
| self.boolean_liststore.set_value(iter, 2, val) |
| self.boolean_liststore.set_value(iter, 3, _('More...')) |
| |
| def transitions_into_initialize(self, application): |
| for x in sepolicy.get_transitions_into(application): |
| active = None |
| executable = None |
| source = None |
| if "boolean" in x: |
| active = x["boolean"] |
| if "target" in x: |
| executable = x["target"] |
| if "source" in x: |
| source = x["source"] |
| self.transitions_into_initial_data_insert(active, executable, source) |
| |
| def transitions_into_initial_data_insert(self, active, executable, source): |
| iter = self.transitions_into_liststore.append() |
| if active != None: |
| self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) |
| else: |
| self.transitions_into_liststore.set_value(iter, 0, "Default") |
| |
| self.transitions_into_liststore.set_value(iter, 2, executable) |
| self.transitions_into_liststore.set_value(iter, 1, source) |
| |
| def transitions_from_initialize(self, application): |
| for x in sepolicy.get_transitions(application): |
| active = None |
| executable = None |
| transtype = None |
| if "boolean" in x: |
| active = x["boolean"] |
| if "target" in x: |
| executable_type = x["target"] |
| if "transtype" in x: |
| transtype = x["transtype"] |
| self.transitions_from_initial_data_insert(active, executable_type, transtype) |
| try: |
| for executable in self.fcdict[executable_type]["regex"]: |
| self.transitions_from_initial_data_insert(active, executable, transtype) |
| except KeyError: |
| pass |
| |
| def transitions_from_initial_data_insert(self, active, executable, transtype): |
| iter = self.transitions_from_treestore.append(None) |
| if active == None: |
| self.transitions_from_treestore.set_value(iter, 0, "Default") |
| self.transitions_from_treestore.set_value(iter, 5, False) |
| else: |
| niter = self.transitions_from_treestore.append(iter) |
| # active[0][1] is either T or F (enabled is all the way at the top) |
| self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) |
| markup = '<span foreground="blue"><u>%s</u></span>' |
| if active[0][1]: |
| self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section.")))) |
| else: |
| self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section.")))) |
| |
| # active[0][0] is the Bool Name |
| self.transitions_from_treestore.set_value(niter, 1, active[0][0]) |
| self.transitions_from_treestore.set_value(niter, 5, True) |
| |
| self.transitions_from_treestore.set_value(iter, 2, executable) |
| self.transitions_from_treestore.set_value(iter, 3, transtype) |
| |
| def transitions_files_initialize(self, application): |
| for i in sepolicy.get_file_transitions(application): |
| if 'filename' in i: |
| filename = i['filename'] |
| else: |
| filename = None |
| self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) |
| |
| def transitions_files_inital_data_insert(self, path, tclass, dest, name): |
| iter = self.transitions_file_liststore.append() |
| self.transitions_file_liststore.set_value(iter, 0, path) |
| self.transitions_file_liststore.set_value(iter, 1, tclass) |
| self.transitions_file_liststore.set_value(iter, 2, dest) |
| if name == None: |
| name = '*' |
| self.transitions_file_liststore.set_value(iter, 3, name) |
| |
| def tab_change(self, *args): |
| self.clear_filters() |
| self.treeview = None |
| self.treesort = None |
| self.treefilter = None |
| self.liststore = None |
| self.modify_button.set_sensitive(False) |
| self.add_modify_delete_box.hide() |
| self.show_modified_only.set_visible(False) |
| self.show_mislabeled_files_only.set_visible(False) |
| self.mislabeled_files_label.set_visible(False) |
| self.warning_files.set_visible(False) |
| |
| if self.boolean_radio_button.get_active(): |
| self.outer_notebook.set_current_page(BOOLEANS_PAGE) |
| self.treeview = self.boolean_treeview |
| self.show_modified_only.set_visible(True) |
| |
| if self.files_radio_button.get_active(): |
| self.show_popup(self.add_modify_delete_box) |
| self.show_modified_only.set_visible(True) |
| self.show_mislabeled_files_only.set_visible(self.mislabeled_files) |
| self.mislabeled_files_label.set_visible(self.mislabeled_files) |
| self.warning_files.set_visible(self.mislabeled_files) |
| self.outer_notebook.set_current_page(FILES_PAGE) |
| if args[0] == self.inner_notebook_files: |
| ipage = args[2] |
| else: |
| ipage = self.inner_notebook_files.get_current_page() |
| if ipage == EXE_PAGE: |
| self.treeview = self.executable_files_treeview |
| category = _("executable") |
| elif ipage == WRITABLE_PAGE: |
| self.treeview = self.writable_files_treeview |
| category = _("writable") |
| elif ipage == APP_PAGE: |
| self.treeview = self.application_files_treeview |
| category = _("application") |
| self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) |
| self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) |
| self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) |
| |
| if self.network_radio_button.get_active(): |
| self.add_modify_delete_box.show() |
| self.show_modified_only.set_visible(True) |
| self.outer_notebook.set_current_page(NETWORK_PAGE) |
| if args[0] == self.inner_notebook_network: |
| ipage = args[2] |
| else: |
| ipage = self.inner_notebook_network.get_current_page() |
| if ipage == OUTBOUND_PAGE: |
| self.treeview = self.network_out_treeview |
| category = _("connect") |
| if ipage == INBOUND_PAGE: |
| self.treeview = self.network_in_treeview |
| category = _("listen for inbound connections") |
| |
| self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) |
| self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) |
| self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) |
| |
| if self.transitions_radio_button.get_active(): |
| self.outer_notebook.set_current_page(TRANSITIONS_PAGE) |
| if args[0] == self.inner_notebook_transitions: |
| ipage = args[2] |
| else: |
| ipage = self.inner_notebook_transitions.get_current_page() |
| if ipage == TRANSITIONS_FROM_PAGE: |
| self.treeview = self.transitions_from_treeview |
| if ipage == TRANSITIONS_TO_PAGE: |
| self.treeview = self.transitions_into_treeview |
| if ipage == TRANSITIONS_FILE_PAGE: |
| self.treeview = self.transitions_file_treeview |
| |
| if self.system_radio_button.get_active(): |
| self.outer_notebook.set_current_page(SYSTEM_PAGE) |
| self.filter_box.hide() |
| |
| if self.lockdown_radio_button.get_active(): |
| self.lockdown_init() |
| self.outer_notebook.set_current_page(LOCKDOWN_PAGE) |
| self.filter_box.hide() |
| |
| if self.user_radio_button.get_active(): |
| self.outer_notebook.set_current_page(USER_PAGE) |
| self.add_modify_delete_box.show() |
| self.show_modified_only.set_visible(True) |
| self.treeview = self.user_treeview |
| self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) |
| self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) |
| self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) |
| |
| if self.login_radio_button.get_active(): |
| self.outer_notebook.set_current_page(LOGIN_PAGE) |
| self.add_modify_delete_box.show() |
| self.show_modified_only.set_visible(True) |
| self.treeview = self.login_treeview |
| self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) |
| self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) |
| self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) |
| |
| if self.file_equiv_radio_button.get_active(): |
| self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) |
| self.add_modify_delete_box.show() |
| self.show_modified_only.set_visible(True) |
| self.treeview = self.file_equiv_treeview |
| self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) |
| self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) |
| self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) |
| |
| self.opage = self.outer_notebook.get_current_page() |
| if self.treeview: |
| self.filter_box.show() |
| self.treesort = self.treeview.get_model() |
| self.treefilter = self.treesort.get_model() |
| self.liststore = self.treefilter.get_model() |
| for x in range(0, self.liststore.get_n_columns()): |
| col = self.treeview.get_column(x) |
| if col: |
| cell = col.get_cells()[0] |
| if isinstance(cell, Gtk.CellRendererText): |
| self.liststore.set_sort_func(x, self.stripsort, None) |
| self.treeview.get_selection().unselect_all() |
| self.modify_button.set_sensitive(False) |
| |
| def stripsort(self, model, row1, row2, user_data): |
| sort_column, _ = model.get_sort_column_id() |
| val1 = self.unmarkup(model.get_value(row1, sort_column)) |
| val2 = self.unmarkup(model.get_value(row2, sort_column)) |
| return cmp(val1, val2) |
| |
| def display_more_detail(self, windows, path): |
| it = self.boolean_filter.get_iter(path) |
| it = self.boolean_filter.convert_iter_to_child_iter(it) |
| |
| self.boolean_more_detail_tree_data_set.clear() |
| self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) |
| blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) |
| for b in blist: |
| self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) |
| self.show_popup(self.boolean_more_detail_window) |
| |
| def display_more_detail_init(self, source, target, class_type, permission): |
| iter = self.boolean_more_detail_tree_data_set.append() |
| self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) |
| |
| def add_button_clicked(self, *args): |
| self.modify = False |
| if self.opage == NETWORK_PAGE: |
| self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) |
| self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) |
| self.init_network_dialog(args) |
| return |
| |
| if self.opage == FILES_PAGE: |
| self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) |
| self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) |
| self.init_files_dialog(args) |
| ipage = self.inner_notebook_files.get_current_page() |
| if ipage == EXE_PAGE: |
| self.files_path_entry.set_text("ex: /usr/sbin/Foobar") |
| else: |
| self.files_path_entry.set_text("ex: /var/lib/Foobar") |
| self.clear_entry = True |
| |
| if self.opage == LOGIN_PAGE: |
| self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) |
| self.login_popup_window.set_title(_("Add Login Mapping")) |
| self.login_init_dialog(args) |
| self.clear_entry = True |
| |
| if self.opage == USER_PAGE: |
| self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) |
| self.user_popup_window.set_title(_("Add SELinux Users")) |
| self.user_init_dialog(args) |
| self.clear_entry = True |
| |
| if self.opage == FILE_EQUIV_PAGE: |
| self.file_equiv_source_entry.set_text("") |
| self.file_equiv_dest_entry.set_text("") |
| self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) |
| self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) |
| self.clear_entry = True |
| self.show_popup(self.file_equiv_popup_window) |
| |
| self.new_updates() |
| |
| def show_popup(self, window): |
| self.current_popup = window |
| window.show() |
| |
| def close_popup(self, *args): |
| self.current_popup.hide() |
| self.window.set_sensitive(True) |
| return True |
| |
| def modify_button_clicked(self, *args): |
| iter = None |
| if self.treeview: |
| iter = self.get_selected_iter() |
| if not iter: |
| self.modify_button.set_sensitive(False) |
| return |
| self.modify = True |
| if self.opage == NETWORK_PAGE: |
| self.modify_button_network_clicked(args) |
| |
| if self.opage == FILES_PAGE: |
| self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) |
| self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) |
| self.delete_old_item = None |
| self.init_files_dialog(args) |
| self.modify = True |
| operation = "Modify" |
| mls = 1 |
| ipage = self.inner_notebook_files.get_current_page() |
| |
| if ipage == EXE_PAGE: |
| iter = self.executable_files_filter.convert_iter_to_child_iter(iter) |
| self.delete_old_item = iter |
| path = self.executable_files_liststore.get_value(iter, 0) |
| self.files_path_entry.set_text(path) |
| ftype = self.executable_files_liststore.get_value(iter, 1) |
| if type != None: |
| self.combo_set_active_text(self.files_type_combobox, ftype) |
| tclass = self.executable_files_liststore.get_value(iter, 2) |
| if tclass != None: |
| self.combo_set_active_text(self.files_class_combobox, tclass) |
| |
| if ipage == WRITABLE_PAGE: |
| iter = self.writable_files_filter.convert_iter_to_child_iter(iter) |
| self.delete_old_item = iter |
| path = self.writable_files_liststore.get_value(iter, 0) |
| self.files_path_entry.set_text(path) |
| type = self.writable_files_liststore.get_value(iter, 1) |
| if type != None: |
| self.combo_set_active_text(self.files_type_combobox, type) |
| tclass = self.writable_files_liststore.get_value(iter, 2) |
| if tclass != None: |
| self.combo_set_active_text(self.files_class_combobox, tclass) |
| |
| if ipage == APP_PAGE: |
| iter = self.application_files_filter.convert_iter_to_child_iter(iter) |
| self.delete_old_item = iter |
| path = self.application_files_liststore.get_value(iter, 0) |
| self.files_path_entry.set_text(path) |
| try: |
| get_type = self.application_files_liststore.get_value(iter, 1) |
| get_type = get_type.split("<b>")[1].split("</b>") |
| except AttributeError: |
| pass |
| type = self.application_files_liststore.get_value(iter, 2) |
| if type != None: |
| self.combo_set_active_text(self.files_type_combobox, type) |
| tclass = get_type[0] |
| if tclass != None: |
| self.combo_set_active_text(self.files_class_combobox, tclass) |
| |
| if self.opage == USER_PAGE: |
| self.user_init_dialog(args) |
| self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) |
| self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) |
| self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) |
| self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) |
| self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) |
| self.user_popup_window.set_title(_("Modify SELinux Users")) |
| self.show_popup(self.user_popup_window) |
| |
| if self.opage == LOGIN_PAGE: |
| self.login_init_dialog(args) |
| self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) |
| self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) |
| self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) |
| self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) |
| self.login_popup_window.set_title(_("Modify Login Mapping")) |
| self.show_popup(self.login_popup_window) |
| |
| if self.opage == FILE_EQUIV_PAGE: |
| self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter, 0)) |
| self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter, 1)) |
| self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) |
| self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) |
| self.clear_entry = True |
| self.show_popup(self.file_equiv_popup_window) |
| |
| def populate_type_combo(self, tree, loc, *args): |
| iter = self.more_types_files_liststore.get_iter(loc) |
| ftype = self.more_types_files_liststore.get_value(iter, 0) |
| self.combo_set_active_text(self.files_type_combobox, ftype) |
| self.show_popup(self.files_popup_window) |
| self.moreTypes_window_files.hide() |
| |
| def strip_domain(self, domain): |
| if domain == None: |
| return |
| if domain.endswith("_script_t"): |
| split_char = "_script_t" |
| else: |
| split_char = "_t" |
| return domain.split(split_char)[0] |
| |
| def exclude_type(self, type, exclude_list): |
| for e in exclude_list: |
| if type.startswith(e): |
| return True |
| return False |
| |
| def init_files_dialog(self, *args): |
| exclude_list = [] |
| self.files_class_combobox.set_sensitive(True) |
| self.show_popup(self.files_popup_window) |
| ipage = self.inner_notebook_files.get_current_page() |
| self.files_type_combolist.clear() |
| self.files_class_combolist.clear() |
| compare = self.strip_domain(self.application) |
| for d in self.completion_entry_model: |
| if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): |
| exclude_list.append(self.strip_domain(d[0])) |
| |
| self.more_types_files_liststore.clear() |
| try: |
| for files in sepolicy.file_type_str: |
| iter = self.files_class_combolist.append() |
| self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) |
| |
| if ipage == EXE_PAGE and self.entrypoints != None: |
| for exe in self.entrypoints.keys(): |
| if exe.startswith(compare): |
| iter = self.files_type_combolist.append() |
| self.files_type_combolist.set_value(iter, 0, exe) |
| iter = self.more_types_files_liststore.append() |
| self.more_types_files_liststore.set_value(iter, 0, exe) |
| self.files_class_combobox.set_active(4) |
| self.files_class_combobox.set_sensitive(False) |
| |
| elif ipage == WRITABLE_PAGE and self.writable_files != None: |
| for write in self.writable_files.keys(): |
| if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: |
| iter = self.files_type_combolist.append() |
| self.files_type_combolist.set_value(iter, 0, write) |
| iter = self.more_types_files_liststore.append() |
| self.more_types_files_liststore.set_value(iter, 0, write) |
| self.files_class_combobox.set_active(0) |
| elif ipage == APP_PAGE and self.file_types != None: |
| for app in sepolicy.get_all_file_types(): |
| if app.startswith(compare): |
| if app.startswith(compare) and not self.exclude_type(app, exclude_list): |
| iter = self.files_type_combolist.append() |
| self.files_type_combolist.set_value(iter, 0, app) |
| iter = self.more_types_files_liststore.append() |
| self.more_types_files_liststore.set_value(iter, 0, app) |
| self.files_class_combobox.set_active(0) |
| except AttributeError: |
| print "error" |
| pass |
| self.files_type_combobox.set_active(0) |
| self.files_mls_entry.set_text("s0") |
| iter = self.files_type_combolist.append() |
| self.files_type_combolist.set_value(iter, 0, _('More...')) |
| |
| def modify_button_network_clicked(self, *args): |
| iter = self.get_selected_iter() |
| if not iter: |
| self.modify_button.set_sensitive(False) |
| return |
| |
| self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) |
| self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) |
| self.delete_old_item = None |
| self.init_network_dialog(args) |
| operation = "Modify" |
| mls = 1 |
| self.modify = True |
| iter = self.get_selected_iter() |
| port = self.liststore.get_value(iter, 0) |
| self.network_ports_entry.set_text(port) |
| protocol = self.liststore.get_value(iter, 1) |
| if protocol == "tcp": |
| self.network_tcp_button.set_active(True) |
| elif protocol == "udp": |
| self.network_udp_button.set_active(True) |
| type = self.liststore.get_value(iter, 2) |
| if type != None: |
| self.combo_set_active_text(self.network_port_type_combobox, type) |
| self.delete_old_item = iter |
| |
| def init_network_dialog(self, *args): |
| self.show_popup(self.network_popup_window) |
| ipage = self.inner_notebook_network.get_current_page() |
| self.network_port_type_combolist.clear() |
| self.network_ports_entry.set_text("") |
| |
| try: |
| if ipage == OUTBOUND_PAGE: |
| netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect") |
| elif ipage == INBOUND_PAGE: |
| netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind") |
| netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind") |
| |
| port_types = [] |
| for k in netd.keys(): |
| for t, ports in netd[k]: |
| if t not in port_types + ["port_t", "unreserved_port_t"]: |
| if t.endswith("_type"): |
| continue |
| |
| port_types.append(t) |
| |
| port_types.sort() |
| short_domain = self.strip_domain(self.application) |
| if short_domain[-1] == "d": |
| short_domain = short_domain[:-1] |
| short_domain = short_domain + "_" |
| ctr = 0 |
| found = 0 |
| for t in port_types: |
| if t.startswith(short_domain): |
| found = ctr |
| iter = self.network_port_type_combolist.append() |
| self.network_port_type_combolist.set_value(iter, 0, t) |
| ctr += 1 |
| self.network_port_type_combobox.set_active(found) |
| |
| except AttributeError: |
| pass |
| |
| self.network_tcp_button.set_active(True) |
| self.network_mls_entry.set_text("s0") |
| |
| def login_seuser_combobox_change(self, combo, *args): |
| seuser = self.combo_get_active_text(combo) |
| if self.login_mls_entry.get_text() == "": |
| for u in sepolicy.get_selinux_users(): |
| if seuser == u['name']: |
| self.login_mls_entry.set_text(u['range']) |
| |
| def user_roles_combobox_change(self, combo, *args): |
| serole = self.combo_get_active_text(combo) |
| if self.user_mls_entry.get_text() == "": |
| for u in sepolicy.get_all_roles(): |
| if serole == u['name']: |
| self.user_mls_entry.set_text(u['range']) |
| |
| def get_selected_iter(self): |
| iter = None |
| if not self.treeview: |
| return None |
| row = self.treeview.get_selection() |
| if not row: |
| return None |
| treesort, iter = row.get_selected() |
| if iter: |
| iter = treesort.convert_iter_to_child_iter(iter) |
| if iter: |
| iter = self.treefilter.convert_iter_to_child_iter(iter) |
| return iter |
| |
| def cursor_changed(self, *args): |
| self.modify_button.set_sensitive(False) |
| iter = self.get_selected_iter() |
| if iter == None: |
| self.modify_button.set_sensitive(False) |
| return |
| if not self.liststore[iter] or not self.liststore[iter][-1]: |
| return |
| self.modify_button.set_sensitive(self.liststore[iter][-1]) |
| |
| def login_init_dialog(self, *args): |
| self.show_popup(self.login_popup_window) |
| self.login_seuser_combolist.clear() |
| users = sepolicy.get_all_users() |
| users.sort() |
| for u in users: |
| iter = self.login_seuser_combolist.append() |
| self.login_seuser_combolist.set_value(iter, 0, str(u)) |
| self.login_name_entry.set_text("") |
| self.login_mls_entry.set_text("") |
| |
| def user_init_dialog(self, *args): |
| self.show_popup(self.user_popup_window) |
| self.user_roles_combolist.clear() |
| roles = sepolicy.get_all_roles() |
| roles.sort() |
| for r in roles: |
| iter = self.user_roles_combolist.append() |
| self.user_roles_combolist.set_value(iter, 0, str(r)) |
| self.user_name_entry.set_text("") |
| self.user_mls_entry.set_text("") |
| |
| def on_disable_ptrace(self, checkbutton): |
| if self.finish_init: |
| update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() |
| self.wait_mouse() |
| try: |
| self.dbus.semanage(update_buffer) |
| except dbus.exceptions.DBusException, e: |
| self.error(e) |
| self.ready_mouse() |
| |
| def on_show_modified_only(self, checkbutton): |
| length = self.liststore.get_n_columns() |
| |
| def dup_row(row): |
| l = [] |
| for i in range(0, length): |
| l.append(row[i]) |
| return l |
| |
| append_list = [] |
| if self.opage == BOOLEANS_PAGE: |
| if not checkbutton.get_active(): |
| return self.boolean_initialize(self.application) |
| |
| for row in self.liststore: |
| if row[2] in self.cust_dict["boolean"]: |
| append_list.append(dup_row(row)) |
| |
| if self.opage == FILES_PAGE: |
| ipage = self.inner_notebook_files.get_current_page() |
| if not checkbutton.get_active(): |
| if ipage == EXE_PAGE: |
| return self.executable_files_initialize(self.application) |
| if ipage == WRITABLE_PAGE: |
| return self.writable_files_initialize(self.application) |
| if ipage == APP_PAGE: |
| return self.application_files_initialize(self.application) |
| for row in self.liststore: |
| if (row[0], row[2]) in self.cust_dict["fcontext"]: |
| append_list.append(row) |
| |
| if self.opage == NETWORK_PAGE: |
| if not checkbutton.get_active(): |
| return self.network_initialize(self.application) |
| for row in self.liststore: |
| if (row[0], row[1]) in self.cust_dict["port"]: |
| append_list.append(dup_row(row)) |
| |
| if self.opage == FILE_EQUIV_PAGE: |
| if not checkbutton.get_active() == True: |
| return self.file_equiv_initialize() |
| |
| for row in self.liststore: |
| if row[0] in self.cust_dict["fcontext-equiv"]: |
| append_list.append(dup_row(row)) |
| |
| if self.opage == USER_PAGE: |
| if not checkbutton.get_active(): |
| return self.user_initialize() |
| |
| for row in self.liststore: |
| if row[0] in self.cust_dict["user"]: |
| append_list.append(dup_row(row)) |
| |
| if self.opage == LOGIN_PAGE: |
| if not checkbutton.get_active() == True: |
| return self.login_initialize() |
| |
| for row in self.liststore: |
| if row[0] in self.cust_dict["login"]: |
| append_list.append(dup_row(row)) |
| |
| self.liststore.clear() |
| for row in append_list: |
| iter = self.liststore.append() |
| for i in range(0, length): |
| self.liststore.set_value(iter, i, row[i]) |
| |
| def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): |
| iter = tree.append(None) |
| tree.set_value(iter, 0, path) |
| tree.set_value(iter, 1, ftype) |
| tree.set_value(iter, 2, fclass) |
| |
| def restore_to_default(self, *args): |
| print "restore to defualt clicked..." |
| |
| def invalid_entry_retry(self, *args): |
| self.closewindow(self.error_check_window) |
| self.files_popup_window.set_sensitive(True) |
| self.network_popup_window.set_sensitive(True) |
| |
| def error_check_files(self, insert_txt): |
| if len(insert_txt) == 0 or insert_txt[0] != '/': |
| self.error_check_window.show() |
| self.files_popup_window.set_sensitive(False) |
| self.network_popup_window.set_sensitive(False) |
| self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) |
| return True |
| return False |
| |
| def error_check_network(self, port): |
| try: |
| pnum = int(port) |
| if pnum < 1 or pnum > 65536: |
| raise ValueError |
| except ValueError: |
| self.error_check_window.show() |
| self.files_popup_window.set_sensitive(False) |
| self.network_popup_window.set_sensitive(False) |
| self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) |
| return True |
| return False |
| |
| def show_more_types(self, *args): |
| if self.finish_init: |
| if self.combo_get_active_text(self.files_type_combobox) == _('More...'): |
| self.files_popup_window.hide() |
| self.moreTypes_window_files.show() |
| |
| def update_to_login(self, *args): |
| self.close_popup() |
| seuser = self.combo_get_active_text(self.login_seuser_combobox) |
| mls_range = self.login_mls_entry.get_text() |
| name = self.login_name_entry.get_text() |
| if self.modify: |
| iter = self.get_selected_iter() |
| oldname = self.login_liststore.get_value(iter, 0) |
| oldseuser = self.login_liststore.get_value(iter, 1) |
| oldrange = self.login_liststore.get_value(iter, 2) |
| self.liststore.set_value(iter, 0, oldname) |
| self.liststore.set_value(iter, 1, oldseuser) |
| self.liststore.set_value(iter, 2, oldrange) |
| self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} |
| else: |
| iter = self.liststore.append(None) |
| self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} |
| |
| self.liststore.set_value(iter, 0, name) |
| self.liststore.set_value(iter, 1, seuser) |
| self.liststore.set_value(iter, 2, mls_range) |
| |
| self.new_updates() |
| |
| def update_to_user(self, *args): |
| self.close_popup() |
| roles = self.combo_get_active_text(self.user_roles_combobox) |
| level = self.user_mls_level_entry.get_text() |
| mls_range = self.user_mls_entry.get_text() |
| name = self.user_name_entry.get_text() |
| if self.modify: |
| iter = self.get_selected_iter() |
| oldname = self.user_liststore.get_value(iter, 0) |
| oldroles = self.user_liststore.get_value(iter, 1) |
| oldlevel = self.user_liststore.get_value(iter, 1) |
| oldrange = self.user_liststore.get_value(iter, 3) |
| self.liststore.set_value(iter, 0, oldname) |
| self.liststore.set_value(iter, 1, oldroles) |
| self.liststore.set_value(iter, 2, oldlevel) |
| self.liststore.set_value(iter, 3, oldrange) |
| self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} |
| else: |
| iter = self.liststore.append(None) |
| self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} |
| |
| self.liststore.set_value(iter, 0, name) |
| self.liststore.set_value(iter, 1, roles) |
| self.liststore.set_value(iter, 2, level) |
| self.liststore.set_value(iter, 3, mls_range) |
| |
| self.new_updates() |
| |
| def update_to_file_equiv(self, *args): |
| self.close_popup() |
| dest = self.file_equiv_dest_entry.get_text() |
| src = self.file_equiv_source_entry.get_text() |
| if self.modify: |
| iter = self.get_selected_iter() |
| olddest = self.unmarkup(self.liststore.set_value(iter, 0)) |
| oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) |
| self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} |
| else: |
| iter = self.liststore.append(None) |
| self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} |
| self.liststore.set_value(iter, 0, self.markup(dest)) |
| self.liststore.set_value(iter, 1, self.markup(src)) |
| |
| def update_to_files(self, *args): |
| self.close_popup() |
| self.files_add = True |
| # Insert Function will be used in the future |
| path = self.files_path_entry.get_text() |
| if self.error_check_files(path): |
| return |
| |
| setype = self.combo_get_active_text(self.files_type_combobox) |
| mls = self.files_mls_entry.get_text() |
| tclass = self.combo_get_active_text(self.files_class_combobox) |
| |
| if self.modify: |
| iter = self.get_selected_iter() |
| oldpath = self.unmark(self.liststore.get_value(iter, 0)) |
| setype = self.unmark(self.liststore.set_value(iter, 1)) |
| oldtclass = self.liststore.get_value(iter, 2) |
| self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass} |
| else: |
| iter = self.liststore.append(None) |
| self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} |
| self.liststore.set_value(iter, 0, self.markup(path)) |
| self.liststore.set_value(iter, 1, self.markup(setype)) |
| self.liststore.set_value(iter, 2, self.markup(tclass)) |
| |
| self.files_add = False |
| self.recursive_path_toggle.set_active(False) |
| self.new_updates() |
| |
| def update_to_network(self, *args): |
| self.network_add = True |
| ports = self.network_ports_entry.get_text() |
| if self.error_check_network(ports): |
| return |
| if self.network_tcp_button.get_active(): |
| protocol = "tcp" |
| else: |
| protocol = "udp" |
| |
| setype = self.combo_get_active_text(self.network_port_type_combobox) |
| mls = self.network_mls_entry.get_text() |
| |
| if self.modify: |
| iter = self.get_selected_iter() |
| oldports = self.unmark(self.liststore.get_value(iter, 0)) |
| oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) |
| oldsetype = self.unmark(self.liststore.set_value(iter, 2)) |
| self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports} |
| else: |
| iter = self.liststore.append(None) |
| self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} |
| self.liststore.set_value(iter, 0, ports) |
| self.liststore.set_value(iter, 1, protocol) |
| self.liststore.set_value(iter, 2, setype) |
| |
| self.network_add = False |
| self.network_popup_window.hide() |
| self.window.set_sensitive(True) |
| self.new_updates() |
| |
| def delete_button_clicked(self, *args): |
| operation = "Add" |
| self.window.set_sensitive(False) |
| if self.opage == NETWORK_PAGE: |
| self.network_delete_liststore.clear() |
| port_dict = self.cust_dict["port"] |
| for ports, protocol in port_dict: |
| setype = port_dict[(ports, protocol)]["type"] |
| iter = self.network_delete_liststore.append() |
| self.network_delete_liststore.set_value(iter, 1, ports) |
| self.network_delete_liststore.set_value(iter, 2, protocol) |
| self.network_delete_liststore.set_value(iter, 3, setype) |
| self.show_popup(self.network_delete_window) |
| return |
| |
| if self.opage == FILES_PAGE: |
| self.files_delete_liststore.clear() |
| fcontext_dict = self.cust_dict["fcontext"] |
| for path, tclass in fcontext_dict: |
| setype = fcontext_dict[(path, tclass)]["type"] |
| iter = self.files_delete_liststore.append() |
| self.files_delete_liststore.set_value(iter, 1, path) |
| self.files_delete_liststore.set_value(iter, 2, setype) |
| self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) |
| self.show_popup(self.files_delete_window) |
| return |
| |
| if self.opage == USER_PAGE: |
| self.user_delete_liststore.clear() |
| user_dict = self.cust_dict["user"] |
| for user in user_dict: |
| roles = user_dict[user]["role"] |
| mls = user_dict[user]["range"] |
| level = user_dict[user]["level"] |
| iter = self.user_delete_liststore.append() |
| self.user_delete_liststore.set_value(iter, 1, user) |
| self.user_delete_liststore.set_value(iter, 2, roles) |
| self.user_delete_liststore.set_value(iter, 3, level) |
| self.user_delete_liststore.set_value(iter, 4, mls) |
| self.show_popup(self.user_delete_window) |
| return |
| |
| if self.opage == LOGIN_PAGE: |
| self.login_delete_liststore.clear() |
| login_dict = self.cust_dict["login"] |
| for login in login_dict: |
| seuser = login_dict[login]["seuser"] |
| mls = login_dict[login]["range"] |
| iter = self.login_delete_liststore.append() |
| self.login_delete_liststore.set_value(iter, 1, seuser) |
| self.login_delete_liststore.set_value(iter, 2, login) |
| self.login_delete_liststore.set_value(iter, 3, mls) |
| self.show_popup(self.login_delete_window) |
| return |
| |
| if self.opage == FILE_EQUIV_PAGE: |
| self.file_equiv_delete_liststore.clear() |
| for items in self.file_equiv_liststore: |
| if items[2]: |
| iter = self.file_equiv_delete_liststore.append() |
| self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) |
| self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) |
| self.show_popup(self.file_equiv_delete_window) |
| return |
| |
| def on_save_delete_clicked(self, *args): |
| self.close_popup() |
| if self.opage == NETWORK_PAGE: |
| for delete in self.network_delete_liststore: |
| if delete[0]: |
| self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} |
| if self.opage == FILES_PAGE: |
| for delete in self.files_delete_liststore: |
| if delete[0]: |
| self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} |
| if self.opage == USER_PAGE: |
| for delete in self.user_delete_liststore: |
| if delete[0]: |
| self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} |
| if self.opage == LOGIN_PAGE: |
| for delete in self.login_delete_liststore: |
| if delete[0]: |
| self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} |
| if self.opage == FILE_EQUIV_PAGE: |
| for delete in self.file_equiv_delete_liststore: |
| if delete[0]: |
| self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} |
| self.new_updates() |
| |
| def on_save_delete_file_equiv_clicked(self, *args): |
| for delete in self.files_delete_liststore: |
| print delete[0], delete[1], delete[2], |
| |
| def on_toggle_update(self, cell, path, model): |
| model[path][0] = not model[path][0] |
| |
| def ipage_delete(self, liststore, key): |
| ctr = 0 |
| for items in liststore: |
| if items[0] == key[0] and items[2] == key[1]: |
| iter = liststore.get_iter(ctr) |
| liststore.remove(iter) |
| return |
| ctr += 1 |
| |
| def on_toggle(self, cell, path, model): |
| if not path: |
| return |
| iter = self.boolean_filter.get_iter(path) |
| iter = self.boolean_filter.convert_iter_to_child_iter(iter) |
| name = model.get_value(iter, 2) |
| model.set_value(iter, 0, not model.get_value(iter, 0)) |
| active = model.get_value(iter, 0) |
| if name in self.cur_dict["boolean"]: |
| del(self.cur_dict["boolean"][name]) |
| else: |
| self.cur_dict["boolean"][name] = {"active": active} |
| self.new_updates() |
| |
| def get_advanced_filter_data(self, entry, *args): |
| self.filter_txt = entry.get_text() |
| self.advanced_search_filter.refilter() |
| |
| def get_filter_data(self, windows, *args): |
| #search for desired item |
| # The txt that the use rinputs into the filter is stored in filter_txt |
| self.filter_txt = windows.get_text() |
| self.treefilter.refilter() |
| |
| def update_gui(self, *args): |
| self.update = True |
| self.update_treestore.clear() |
| for bools in self.cur_dict["boolean"]: |
| operation = self.cur_dict["boolean"][bools]["action"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) |
| self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) |
| self.update_treestore.set_value(iter, 3, True) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) |
| self.update_treestore.set_value(niter, 3, False) |
| |
| for path, tclass in self.cur_dict["fcontext"]: |
| operation = self.cur_dict["fcontext"][(path, tclass)]["action"] |
| setype = self.cur_dict["fcontext"][(path, tclass)]["type"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 2, operation) |
| self.update_treestore.set_value(iter, 0, True) |
| if operation == "-a": |
| self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) |
| if operation == "-d": |
| self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) |
| if operation == "-m": |
| self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) |
| |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) |
| |
| for port, protocol in self.cur_dict["port"]: |
| operation = self.cur_dict["port"][(port, protocol)]["action"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 2, operation) |
| self.update_treestore.set_value(iter, 3, True) |
| if operation == "-a": |
| self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) |
| if operation == "-d": |
| self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) |
| if operation == "-m": |
| self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) |
| |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) |
| self.update_treestore.set_value(niter, 3, False) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) |
| self.update_treestore.set_value(niter, 3, False) |
| setype = self.cur_dict["port"][(port, protocol)]["type"] |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) |
| |
| for user in self.cur_dict["user"]: |
| operation = self.cur_dict["user"][user]["action"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 2, operation) |
| self.update_treestore.set_value(iter, 0, True) |
| if operation == "-a": |
| self.update_treestore.set_value(iter, 1, _("Add user")) |
| if operation == "-d": |
| self.update_treestore.set_value(iter, 1, _("Delete user")) |
| if operation == "-m": |
| self.update_treestore.set_value(iter, 1, _("Modify user")) |
| |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) |
| self.update_treestore.set_value(niter, 3, False) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| roles = self.cur_dict["user"][user]["role"] |
| self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) |
| mls = self.cur_dict["user"][user]["range"] |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) |
| |
| for login in self.cur_dict["login"]: |
| operation = self.cur_dict["login"][login]["action"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 2, operation) |
| self.update_treestore.set_value(iter, 0, True) |
| if operation == "-a": |
| self.update_treestore.set_value(iter, 1, _("Add login mapping")) |
| if operation == "-d": |
| self.update_treestore.set_value(iter, 1, _("Delete login mapping")) |
| if operation == "-m": |
| self.update_treestore.set_value(iter, 1, _("Modify login mapping")) |
| |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| seuser = self.cur_dict["login"][login]["seuser"] |
| self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) |
| mls = self.cur_dict["login"][login]["range"] |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) |
| |
| for path in self.cur_dict["fcontext-equiv"]: |
| operation = self.cur_dict["fcontext-equiv"][path]["action"] |
| iter = self.update_treestore.append(None) |
| self.update_treestore.set_value(iter, 0, True) |
| self.update_treestore.set_value(iter, 2, operation) |
| self.update_treestore.set_value(iter, 0, True) |
| if operation == "-a": |
| self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) |
| if operation == "-d": |
| self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) |
| if operation == "-m": |
| self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) |
| |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) |
| niter = self.update_treestore.append(iter) |
| self.update_treestore.set_value(niter, 3, False) |
| src = self.cur_dict["fcontext-equiv"][path]["src"] |
| self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) |
| |
| self.show_popup(self.update_window) |
| |
| def set_active_application_button(self): |
| if self.boolean_radio_button.get_active(): |
| self.active_button = self.boolean_radio_button |
| if self.files_radio_button.get_active(): |
| self.active_button = self.files_radio_button |
| if self.transitions_radio_button.get_active(): |
| self.active_button = self.transitions_radio_button |
| if self.network_radio_button.get_active(): |
| self.active_button = self.network_radio_button |
| |
| def clearbuttons(self, clear=True): |
| self.main_selection_window.hide() |
| self.boolean_radio_button.set_visible(False) |
| self.files_radio_button.set_visible(False) |
| self.network_radio_button.set_visible(False) |
| self.transitions_radio_button.set_visible(False) |
| self.system_radio_button.set_visible(False) |
| self.lockdown_radio_button.set_visible(False) |
| self.user_radio_button.set_visible(False) |
| self.login_radio_button.set_visible(False) |
| if clear: |
| self.completion_entry.set_text("") |
| |
| def show_system_page(self): |
| self.clearbuttons() |
| self.system_radio_button.set_visible(True) |
| self.lockdown_radio_button.set_visible(True) |
| self.applications_selection_button.set_label(_("System")) |
| self.system_radio_button.set_active(True) |
| self.tab_change() |
| self.idle_func() |
| |
| def show_file_equiv_page(self, *args): |
| self.clearbuttons() |
| self.file_equiv_initialize() |
| self.file_equiv_radio_button.set_active(True) |
| self.applications_selection_button.set_label(_("File Equivalence")) |
| self.tab_change() |
| self.idle_func() |
| self.add_button.set_sensitive(True) |
| self.delete_button.set_sensitive(True) |
| |
| def show_users_page(self): |
| self.clearbuttons() |
| self.login_radio_button.set_visible(True) |
| self.user_radio_button.set_visible(True) |
| self.applications_selection_button.set_label(_("Users")) |
| self.login_radio_button.set_active(True) |
| self.tab_change() |
| self.user_initialize() |
| self.login_initialize() |
| self.idle_func() |
| self.add_button.set_sensitive(True) |
| self.delete_button.set_sensitive(True) |
| |
| def show_applications_page(self): |
| self.clearbuttons(False) |
| self.boolean_radio_button.set_visible(True) |
| self.files_radio_button.set_visible(True) |
| self.network_radio_button.set_visible(True) |
| self.transitions_radio_button.set_visible(True) |
| self.boolean_radio_button.set_active(True) |
| self.tab_change() |
| self.idle_func() |
| |
| def system_interface(self, *args): |
| self.show_system_page() |
| |
| def users_interface(self, *args): |
| self.show_users_page() |
| |
| def show_mislabeled_files(self, checkbutton, *args): |
| iterlist = [] |
| ctr = 0 |
| ipage = self.inner_notebook_files.get_current_page() |
| if checkbutton.get_active() == True: |
| for items in self.liststore: |
| iter = self.treesort.get_iter(ctr) |
| iter = self.treesort.convert_iter_to_child_iter(iter) |
| iter = self.treefilter.convert_iter_to_child_iter(iter) |
| if iter != None: |
| if self.liststore.get_value(iter, 4) == False: |
| iterlist.append(iter) |
| ctr += 1 |
| for iters in iterlist: |
| self.liststore.remove(iters) |
| |
| elif self.application != None: |
| self.liststore.clear() |
| if ipage == EXE_PAGE: |
| self.executable_files_initialize(self.application) |
| elif ipage == WRITABLE_PAGE: |
| self.writable_files_initialize(self.application) |
| elif ipage == APP_PAGE: |
| self.application_files_initialize(self.application) |
| |
| def fix_mislabeled(self, path): |
| cur = selinux.getfilecon(path)[1].split(":")[2] |
| con = selinux.matchpathcon(path, 0)[1].split(":")[2] |
| if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: |
| self.dbus.restorecon(path) |
| self.application_selected() |
| |
| def new_updates(self, *args): |
| self.update_button.set_sensitive(self.modified()) |
| self.revert_button.set_sensitive(self.modified()) |
| |
| def update_or_revert_changes(self, button, *args): |
| self.update_gui() |
| self.update = (button.get_label() == _("Update")) |
| if self.update: |
| self.update_window.set_title(_("Update Changes")) |
| else: |
| self.update_window.set_title(_("Revert Changes")) |
| |
| def apply_changes_button_press(self, *args): |
| self.close_popup() |
| if self.update: |
| self.update_the_system() |
| else: |
| self.revert_data() |
| self.finish_init = False |
| self.previously_modified_initialize(self.dbus.customized()) |
| self.finish_init = True |
| self.clear_filters() |
| self.application_selected() |
| self.new_updates() |
| self.update_treestore.clear() |
| |
| def update_the_system(self, *args): |
| self.close_popup() |
| update_buffer = self.format_update() |
| self.wait_mouse() |
| try: |
| self.dbus.semanage(update_buffer) |
| except dbus.exceptions.DBusException, e: |
| print e |
| self.ready_mouse() |
| self.init_cur() |
| |
| def ipage_value_lookup(self, lookup): |
| ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} |
| for value in ipage_values: |
| if value == lookup: |
| return ipage_values[value] |
| return "Booleans" |
| |
| def get_attributes_update(self, attribute): |
| attribute = attribute.split(": ")[1] |
| bool_id = attribute.split(": ")[0] |
| if bool_id == "SELinux name": |
| self.bool_revert = attribute |
| else: |
| return attribute |
| |
| def format_update(self): |
| self.revert_data() |
| update_buffer = "" |
| for k in self.cur_dict: |
| if k in "boolean": |
| for b in self.cur_dict[k]: |
| update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) |
| if k in "login": |
| for l in self.cur_dict[k]: |
| if self.cur_dict[k][l]["action"] == "-d": |
| update_buffer += "login -d %s\n" % l |
| else: |
| update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) |
| if k in "user": |
| for u in self.cur_dict[k]: |
| if self.cur_dict[k][u]["action"] == "-d": |
| update_buffer += "user -d %s\n" % u |
| else: |
| update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) |
| |
| if k in "fcontext-equiv": |
| for f in self.cur_dict[k]: |
| if self.cur_dict[k][f]["action"] == "-d": |
| update_buffer += "fcontext -d %s\n" % f |
| else: |
| update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) |
| |
| if k in "fcontext": |
| for f in self.cur_dict[k]: |
| if self.cur_dict[k][f]["action"] == "-d": |
| update_buffer += "fcontext -d %s\n" % f |
| else: |
| update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) |
| |
| if k in "port": |
| for port, protocol in self.cur_dict[k]: |
| if self.cur_dict[k][(port, protocol)]["action"] == "-d": |
| update_buffer += "port -d -p %s %s\n" % (protocol, port) |
| else: |
| update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port) |
| |
| return update_buffer |
| |
| def revert_data(self): |
| ctr = 0 |
| remove_list = [] |
| update_buffer = "" |
| for items in self.update_treestore: |
| if not self.update_treestore[ctr][0]: |
| remove_list.append(ctr) |
| ctr += 1 |
| remove_list.reverse() |
| for ctr in remove_list: |
| self.remove_cur(ctr) |
| |
| def reveal_advanced_system(self, label, *args): |
| advanced = label.get_text() == ADVANCED_LABEL[0] |
| if advanced: |
| label.set_text(ADVANCED_LABEL[1]) |
| else: |
| label.set_text(ADVANCED_LABEL[0]) |
| self.system_policy_label.set_visible(advanced) |
| self.system_policy_type_combobox.set_visible(advanced) |
| |
| def reveal_advanced(self, label, *args): |
| advanced = label.get_text() == ADVANCED_LABEL[0] |
| if advanced: |
| label.set_text(ADVANCED_LABEL[1]) |
| else: |
| label.set_text(ADVANCED_LABEL[0]) |
| self.files_mls_label.set_visible(advanced) |
| self.files_mls_entry.set_visible(advanced) |
| self.network_mls_label.set_visible(advanced) |
| self.network_mls_entry.set_visible(advanced) |
| |
| def advanced_search_initialize(self, path): |
| try: |
| if path[0] == '/': |
| domain = sepolicy.get_init_transtype(path) |
| else: |
| domain = path |
| except IndexError: |
| return |
| except OSError: |
| return |
| iter = self.advanced_search_liststore.append() |
| self.advanced_search_liststore.set_value(iter, 0, path) |
| self.advanced_search_liststore.set_value(iter, 1, domain) |
| user_types = sepolicy.get_user_types() |
| if domain in user_types + ['initrc_t']: |
| return |
| |
| entrypoints = sepolicy.get_entrypoints(domain) |
| # From entry_point = 0 to the number of keys in the dic |
| for exe in entrypoints: |
| if len(entrypoints[exe]): |
| file_class = entrypoints[exe][1] |
| for path in entrypoints[exe][0]: |
| iter = self.advanced_search_liststore.append() |
| self.advanced_search_liststore.set_value(iter, 1, domain) |
| self.advanced_search_liststore.set_value(iter, 0, path) |
| |
| def advanced_label_main(self, label, *args): |
| if label.get_text() == ADVANCED_SEARCH_LABEL[1]: |
| label.set_text(ADVANCED_SEARCH_LABEL[0]) |
| self.close_popup() |
| else: |
| label.set_text(ADVANCED_SEARCH_LABEL[1]) |
| self.show_popup(self.advanced_search_window) |
| |
| def advanced_radio_select(self, button): |
| label = "" |
| if button.get_active(): |
| label = button.get_label() |
| if label == '': |
| return |
| self.advanced_search_liststore.clear() |
| if label == "All": |
| for items in self.all_list: |
| self.advanced_search_initialize(items) |
| self.idle_func() |
| |
| elif label == "Installed": |
| if self.installed_list == []: |
| return |
| for items in self.installed_list: |
| self.advanced_search_initialize(items) |
| self.idle_func() |
| |
| def set_enforce_text(self, value): |
| if value: |
| self.status_bar.push(self.context_id, _("System Status: Enforcing")) |
| else: |
| self.status_bar.push(self.context_id, _("System Status: Permissive")) |
| self.current_status_permissive.set_active(True) |
| |
| def set_enforce(self, button): |
| self.dbus.setenforce(button.get_active()) |
| self.set_enforce_text(button.get_active()) |
| |
| def on_browse_select(self, *args): |
| filename = self.file_dialog.get_filename() |
| if filename == None: |
| return |
| self.clear_entry = False |
| self.file_dialog.hide() |
| self.files_path_entry.set_text(filename) |
| if self.import_export == 'Import': |
| self.import_config(filename) |
| elif self.import_export == 'Export': |
| self.export_config(filename) |
| |
| def recursive_path(self, *args): |
| path = self.files_path_entry.get_text() |
| if self.recursive_path_toggle.get_active(): |
| if not path.endswith("(/.*)?"): |
| self.files_path_entry.set_text(path + "(/.*)?") |
| elif path.endswith("(/.*)?"): |
| path = path.split("(/.*)?")[0] |
| self.files_path_entry.set_text(path) |
| |
| def highlight_entry_text(self, entry_obj, *args): |
| txt = entry_obj.get_text() |
| if self.clear_entry: |
| entry_obj.set_text('') |
| self.clear_entry = False |
| |
| def autofill_add_files_entry(self, entry): |
| text = entry.get_text() |
| if text == '': |
| return |
| if text.endswith("(/.*)?"): |
| self.recursive_path_toggle.set_active(True) |
| for d in sepolicy.DEFAULT_DIRS: |
| if text.startswith(d): |
| for t in self.files_type_combolist: |
| if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): |
| self.combo_set_active_text(self.files_type_combobox, t[0]) |
| |
| def resize_columns(self, *args): |
| self.boolean_column_1 = self.boolean_treeview.get_col(1) |
| width = self.boolean_column_1.get_width() |
| renderer = self.boolean_column_1.get_cell_renderers() |
| |
| def browse_for_files(self, *args): |
| self.file_dialog.show() |
| |
| def close_config_window(self, *args): |
| self.file_dialog.hide() |
| |
| def change_default_policy(self, *args): |
| if self.typeHistory == self.system_policy_type_combobox.get_active(): |
| return |
| |
| if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: |
| self.system_policy_type_combobox.set_active(self.typeHistory) |
| return None |
| |
| self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) |
| self.dbus.relabel_on_boot(True) |
| self.typeHistory = self.system_policy_type_combobox.get_active() |
| |
| def change_default_mode(self, button): |
| if not self.finish_init: |
| return |
| self.enabled_changed(button) |
| if button.get_active(): |
| self.dbus.change_default_mode(button.get_label().lower()) |
| |
| def import_config_show(self, *args): |
| self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) |
| self.file_dialog.set_title("Import Configuration") |
| self.file_dialog.show() |
| #self.file_dialog.set_uri('/tmp') |
| self.import_export = 'Import' |
| |
| def export_config_show(self, *args): |
| self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) |
| self.file_dialog.set_title("Export Configuration") |
| self.file_dialog.show() |
| self.import_export = 'Export' |
| |
| def export_config(self, filename): |
| self.wait_mouse() |
| buf = self.dbus.customized() |
| fd = open(filename, 'w') |
| fd.write(buf) |
| fd.close() |
| self.ready_mouse() |
| |
| def import_config(self, filename): |
| fd = open(filename, "r") |
| buf = fd.read() |
| fd.close() |
| self.wait_mouse() |
| try: |
| self.dbus.semanage(buf) |
| except OSError: |
| pass |
| self.ready_mouse() |
| |
| def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): |
| if (app, ipage, operation) not in dic: |
| dic[app, ipage, operation] = {} |
| if (p, q) not in dic[app, ipage, operation]: |
| dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} |
| |
| def translate_bool(self, b): |
| b = b.split('-')[1] |
| if b == '0': |
| return False |
| if b == '1': |
| return True |
| |
| def relabel_on_reboot(self, *args): |
| active = self.relabel_button.get_active() |
| exists = os.path.exists("/.autorelabel") |
| |
| if active and exists: |
| return |
| if not active and not exists: |
| return |
| try: |
| self.dbus.relabel_on_boot(active) |
| except dbus.exceptions.DBusException, e: |
| self.error(e) |
| |
| def closewindow(self, window, *args): |
| window.hide() |
| self.recursive_path_toggle.set_active(False) |
| self.window.set_sensitive(True) |
| if self.moreTypes_window_files == window: |
| self.show_popup(self.files_popup_window) |
| if self.combo_get_active_text(self.files_type_combobox) == _('More...'): |
| self.files_type_combobox.set_active(0) |
| if self.error_check_window == window: |
| if self.files_add: |
| self.show_popup(self.files_popup_window) |
| elif self.network_add: |
| self.show_popup(self.network_popup_window) |
| if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): |
| self.advanced_text_files.set_visible(True) |
| self.files_mls_label.set_visible(False) |
| self.files_mls_entry.set_visible(False) |
| self.advanced_text_network.set_visible(True) |
| self.network_mls_label.set_visible(False) |
| self.network_mls_entry.set_visible(False) |
| if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: |
| self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) |
| return True |
| |
| def wait_mouse(self): |
| self.window.get_window().set_cursor(self.busy_cursor) |
| self.idle_func() |
| |
| def ready_mouse(self): |
| self.window.get_window().set_cursor(self.ready_cursor) |
| self.idle_func() |
| |
| def verify(self, message, title=""): |
| dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, |
| Gtk.ButtonsType.YES_NO, |
| message) |
| dlg.set_title(title) |
| dlg.set_position(Gtk.WindowPosition.MOUSE) |
| dlg.show_all() |
| rc = dlg.run() |
| dlg.destroy() |
| return rc |
| |
| def error(self, message): |
| dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, |
| Gtk.ButtonsType.CLOSE, |
| message) |
| dlg.set_position(Gtk.WindowPosition.MOUSE) |
| dlg.show_all() |
| dlg.run() |
| dlg.destroy() |
| |
| def enabled_changed(self, radio): |
| if not radio.get_active(): |
| return |
| label = radio.get_label() |
| if label == 'Disabled' and self.enforce_mode != DISABLED: |
| if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: |
| self.enforce_button.set_active(True) |
| |
| if label != 'Disabled' and self.enforce_mode == DISABLED: |
| if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: |
| self.enforce_button.set_active(True) |
| self.enforce_button = radio |
| |
| def clear_filters(self, *args): |
| self.filter_entry.set_text('') |
| self.show_modified_only.set_active(False) |
| |
| def unconfined_toggle(self, *args): |
| if not self.finish_init: |
| return |
| self.wait_mouse() |
| if self.enable_unconfined_button.get_active(): |
| self.dbus.semanage("module -e unconfined") |
| else: |
| self.dbus.semanage("module -d unconfined") |
| self.ready_mouse() |
| |
| def permissive_toggle(self, *args): |
| if not self.finish_init: |
| return |
| self.wait_mouse() |
| if self.enable_permissive_button.get_active(): |
| self.dbus.semanage("module -e permissivedomains") |
| else: |
| self.dbus.semanage("module -d permissivedomains") |
| self.ready_mouse() |
| |
| def confirmation_close(self, button, *args): |
| if len(self.update_treestore) > 0: |
| if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: |
| return True |
| self.quit() |
| |
| def quit(self, *args): |
| sys.exit(0) |
| |
| if __name__ == '__main__': |
| start = SELinuxGui() |