1#!/usr/bin/python -Es 2# 3# Copyright (C) 2013 Red Hat 4# see file 'COPYING' for use and warranty information 5# 6# selinux gui is a tool for the examining and modifying SELinux policy 7# 8# This program is free software; you can redistribute it and/or 9# modify it under the terms of the GNU General Public License as 10# published by the Free Software Foundation; either version 2 of 11# the License, or (at your option) any later version. 12# 13# This program is distributed in the hope that it will be useful, 14# but WITHOUT ANY WARRANTY; without even the implied warranty of 15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16# GNU General Public License for more details. 17# 18# You should have received a copy of the GNU General Public License 19# along with this program; if not, write to the Free Software 20# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 21# 02111-1307 USA 22# 23# author: Ryan Hallisey rhallisey@redhat.com 24# author: Dan Walsh dwalsh@redhat.com 25# author: Miroslav Grepl mgrepl@redhat.com 26# 27# 28 29from gi.repository import Gtk 30from gi.repository import Gdk 31from gi.repository import GLib 32from sepolicy.sedbus import SELinuxDBus 33import sys 34import sepolicy 35import selinux 36from selinux import DISABLED, PERMISSIVE, ENFORCING 37import sepolicy.network 38import sepolicy.manpage 39import dbus 40import time 41import os 42import re 43import gettext 44import unicodedata 45 46PROGNAME = "policycoreutils" 47gettext.bindtextdomain(PROGNAME, "/usr/share/locale") 48gettext.textdomain(PROGNAME) 49try: 50 gettext.install(PROGNAME, 51 localedir="/usr/share/locale", 52 unicode=False, 53 codeset='utf-8') 54except IOError: 55 import __builtin__ 56 __builtin__.__dict__['_'] = unicode 57 58reverse_file_type_str = {} 59for f in sepolicy.file_type_str: 60 reverse_file_type_str[sepolicy.file_type_str[f]] = f 61 62enabled = [_("No"), _("Yes")] 63action = [_("Disable"), _("Enable")] 64 65 66def compare(a, b): 67 return cmp(a.lower(), b.lower()) 68 69import distutils.sysconfig 70ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 71ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 72OUTBOUND_PAGE = 0 73INBOUND_PAGE = 1 74 75TRANSITIONS_FROM_PAGE = 0 76TRANSITIONS_TO_PAGE = 1 77TRANSITIONS_FILE_PAGE = 2 78 79EXE_PAGE = 0 80WRITABLE_PAGE = 1 81APP_PAGE = 2 82 83BOOLEANS_PAGE = 0 84FILES_PAGE = 1 85NETWORK_PAGE = 2 86TRANSITIONS_PAGE = 3 87LOGIN_PAGE = 4 88USER_PAGE = 5 89LOCKDOWN_PAGE = 6 90SYSTEM_PAGE = 7 91FILE_EQUIV_PAGE = 8 92START_PAGE = 9 93 94keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 95 96DISABLED_TEXT = _("""<small> 97To change from Disabled to Enforcing mode 98- Change the system mode from Disabled to Permissive 99- Reboot, so that the system can relabel 100- Once the system is working as planned 101 * Change the system mode to Enforcing</small> 102""") 103 104 105class SELinuxGui(): 106 107 def __init__(self, app=None, test=False): 108 self.finish_init = False 109 self.opage = START_PAGE 110 self.dbus = SELinuxDBus() 111 try: 112 customized = self.dbus.customized() 113 except dbus.exceptions.DBusException, e: 114 print e 115 self.quit() 116 117 sepolicy_domains = sepolicy.get_all_domains() 118 sepolicy_domains.sort(compare) 119 if app and app not in sepolicy_domains: 120 self.error(_("%s is not a valid domain" % app)) 121 self.quit() 122 123 self.init_cur() 124 self.application = app 125 self.filter_txt = "" 126 builder = Gtk.Builder() # BUILDER OBJ 127 self.code_path = distutils.sysconfig.get_python_lib(plat_specific=True) + "/sepolicy/" 128 glade_file = self.code_path + "sepolicy.glade" 129 builder.add_from_file(glade_file) 130 self.outer_notebook = builder.get_object("outer_notebook") 131 self.window = builder.get_object("SELinux_window") 132 self.main_selection_window = builder.get_object("Main_selection_menu") 133 self.main_advanced_label = builder.get_object("main_advanced_label") 134 self.popup = 0 135 self.applications_selection_button = builder.get_object("applications_selection_button") 136 self.revert_button = builder.get_object("Revert_button") 137 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 138 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 139 self.initialtype = selinux.selinux_getpolicytype()[1] 140 self.current_popup = None 141 self.import_export = None 142 self.clear_entry = True 143 self.files_add = False 144 self.network_add = False 145 146 self.all_list = [] 147 self.installed_list = [] 148 self.previously_modified = {} 149 150 # file dialog 151 self.file_dialog = builder.get_object("add_path_dialog") 152 # Error check *************************************** 153 self.error_check_window = builder.get_object("error_check_window") 154 self.error_check_label = builder.get_object("error_check_label") 155 self.invalid_entry = False 156 # Advanced search window **************************** 157 self.advanced_search_window = builder.get_object("advanced_search_window") 158 self.advanced_search_liststore = builder.get_object("Advanced_search_liststore") 159 self.advanced_search_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 160 self.advanced_search_filter = builder.get_object("advanced_filter") 161 self.advanced_search_filter.set_visible_func(self.filter_the_data) 162 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 163 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 164 self.advanced_search = False 165 166 # Login Items ************************************** 167 self.login_label = builder.get_object("Login_label") 168 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 169 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 170 self.login_name_entry = builder.get_object("login_name_entry") 171 self.login_mls_label = builder.get_object("login_mls_label") 172 self.login_mls_entry = builder.get_object("login_mls_entry") 173 self.login_radio_button = builder.get_object("Login_button") 174 self.login_treeview = builder.get_object("login_treeview") 175 self.login_liststore = builder.get_object("login_liststore") 176 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 177 self.login_filter = builder.get_object("login_filter") 178 self.login_filter.set_visible_func(self.filter_the_data) 179 self.login_popup_window = builder.get_object("login_popup_window") 180 self.login_delete_liststore = builder.get_object("login_delete_liststore") 181 self.login_delete_window = builder.get_object("login_delete_window") 182 183 # Users Items ************************************** 184 self.user_popup_window = builder.get_object("user_popup_window") 185 self.user_radio_button = builder.get_object("User_button") 186 self.user_liststore = builder.get_object("user_liststore") 187 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 188 self.user_filter = builder.get_object("user_filter") 189 self.user_filter.set_visible_func(self.filter_the_data) 190 self.user_treeview = builder.get_object("user_treeview") 191 self.user_roles_combobox = builder.get_object("user_roles_combobox") 192 self.user_roles_combolist = builder.get_object("user_roles_liststore") 193 self.user_label = builder.get_object("User_label") 194 self.user_name_entry = builder.get_object("user_name_entry") 195 self.user_mls_label = builder.get_object("user_mls_label") 196 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 197 self.user_mls_entry = builder.get_object("user_mls_entry") 198 self.user_combobox = builder.get_object("selinux_user_combobox") 199 self.user_delete_liststore = builder.get_object("user_delete_liststore") 200 self.user_delete_window = builder.get_object("user_delete_window") 201 202 # File Equiv Items ************************************** 203 self.file_equiv_label = builder.get_object("file_equiv_label") 204 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 205 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 206 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 207 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 208 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 209 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 210 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 211 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 212 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 213 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 214 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 215 216 # System Items ************************************** 217 self.app_system_button = builder.get_object("app_system_button") 218 self.system_radio_button = builder.get_object("System_button") 219 self.lockdown_radio_button = builder.get_object("Lockdown_button") 220 self.systems_box = builder.get_object("Systems_box") 221 self.relabel_button = builder.get_object("Relabel_button") 222 self.relabel_button_no = builder.get_object("Relabel_button_no") 223 self.advanced_system = builder.get_object("advanced_system") 224 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 225 self.system_policy_label = builder.get_object("system_policy_type_label") 226 # Browse Items ************************************** 227 self.select_button_browse = builder.get_object("select_button_browse") 228 self.cancel_button_browse = builder.get_object("cancel_button_browse") 229 # More types window items *************************** 230 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 231 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 232 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 233 # System policy type ******************************** 234 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 235 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 236 self.policy_list = [] 237 if self.populate_system_policy() < 2: 238 self.advanced_system.set_visible(False) 239 self.system_policy_label.set_visible(False) 240 self.system_policy_type_combobox.set_visible(False) 241 242 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 243 self.permissive_button_default = builder.get_object("Permissive_button_default") 244 self.disabled_button_default = builder.get_object("Disabled_button_default") 245 self.initialize_system_default_mode() 246 247 # Lockdown Window ********************************* 248 self.enable_unconfined_button = builder.get_object("enable_unconfined") 249 self.disable_unconfined_button = builder.get_object("disable_unconfined") 250 self.enable_permissive_button = builder.get_object("enable_permissive") 251 self.disable_permissive_button = builder.get_object("disable_permissive") 252 self.enable_ptrace_button = builder.get_object("enable_ptrace") 253 self.disable_ptrace_button = builder.get_object("disable_ptrace") 254 255 # Help Window ********************************* 256 self.help_window = builder.get_object("help_window") 257 self.help_text = builder.get_object("help_textv") 258 self.info_text = builder.get_object("info_text") 259 self.help_image = builder.get_object("help_image") 260 self.forward_button = builder.get_object("forward_button") 261 self.back_button = builder.get_object("back_button") 262 # Update menu items ********************************* 263 self.update_window = builder.get_object("update_window") 264 self.update_treeview = builder.get_object("update_treeview") 265 self.update_treestore = builder.get_object("Update_treestore") 266 self.apply_button = builder.get_object("apply_button") 267 self.update_button = builder.get_object("Update_button") 268 # Add button objects ******************************** 269 self.add_button = builder.get_object("Add_button") 270 self.delete_button = builder.get_object("Delete_button") 271 272 self.files_path_entry = builder.get_object("files_path_entry") 273 self.network_ports_entry = builder.get_object("network_ports_entry") 274 self.files_popup_window = builder.get_object("files_popup_window") 275 self.network_popup_window = builder.get_object("network_popup_window") 276 277 self.popup_network_label = builder.get_object("Network_label") 278 self.popup_files_label = builder.get_object("files_label") 279 280 self.recursive_path_toggle = builder.get_object("make_path_recursive") 281 self.files_type_combolist = builder.get_object("files_type_combo_store") 282 self.files_class_combolist = builder.get_object("files_class_combo_store") 283 self.files_type_combobox = builder.get_object("files_type_combobox") 284 self.files_class_combobox = builder.get_object("files_class_combobox") 285 self.files_mls_label = builder.get_object("files_mls_label") 286 self.files_mls_entry = builder.get_object("files_mls_entry") 287 self.advanced_text_files = builder.get_object("Advanced_text_files") 288 self.files_cancel_button = builder.get_object("cancel_delete_files") 289 290 self.network_tcp_button = builder.get_object("tcp_button") 291 self.network_udp_button = builder.get_object("udp_button") 292 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 293 self.network_port_type_combobox = builder.get_object("network_type_combobox") 294 self.network_mls_label = builder.get_object("network_mls_label") 295 self.network_mls_entry = builder.get_object("network_mls_entry") 296 self.advanced_text_network = builder.get_object("Advanced_text_network") 297 self.network_cancel_button = builder.get_object("cancel_network_delete") 298 299 # Add button objects ******************************** 300 301 # Modify items ************************************** 302 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 303 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 304 self.warning_files = builder.get_object("warning_files") 305 self.modify_button = builder.get_object("Modify_button") 306 self.modify_button.set_sensitive(False) 307 # Modify items ************************************** 308 309 # Fix label ***************************************** 310 self.fix_label_window = builder.get_object("fix_label_window") 311 self.fixlabel_label = builder.get_object("fixlabel_label") 312 self.fix_label_cancel = builder.get_object("fix_label_cancel") 313 # Fix label ***************************************** 314 315 # Delete items ************************************** 316 self.files_delete_window = builder.get_object("files_delete_window") 317 self.files_delete_treeview = builder.get_object("files_delete_treeview") 318 self.files_delete_liststore = builder.get_object("files_delete_liststore") 319 self.network_delete_window = builder.get_object("network_delete_window") 320 self.network_delete_treeview = builder.get_object("network_delete_treeview") 321 self.network_delete_liststore = builder.get_object("network_delete_liststore") 322 # Delete items ************************************** 323 324 # Progress bar ************************************** 325 self.progress_bar = builder.get_object("progress_bar") 326 # Progress bar ************************************** 327 328 # executable_files items **************************** 329 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 330 self.executable_files_filter = builder.get_object("executable_files_filter") 331 self.executable_files_filter.set_visible_func(self.filter_the_data) 332 self.executable_files_tab = builder.get_object("Executable_files_tab") 333 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 334 self.executable_files_liststore = builder.get_object("executable_files_treestore") 335 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 336 337 self.files_radio_button = builder.get_object("files_button") 338 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 339 # executable_files items **************************** 340 341 # writable files items ****************************** 342 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 343 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 344 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 345 self.writable_files_filter = builder.get_object("writable_files_filter") 346 self.writable_files_filter.set_visible_func(self.filter_the_data) 347 self.writable_files_tab = builder.get_object("Writable_files_tab") 348 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 349 # writable files items ****************************** 350 351 # Application File Types **************************** 352 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 353 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 354 self.application_files_filter.set_visible_func(self.filter_the_data) 355 self.application_files_tab = builder.get_object("Application_files_tab") 356 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 357 self.application_files_liststore = builder.get_object("application_files_treestore") 358 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 359 self.application_files_tab = builder.get_object("Application_files_tab") 360 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 361 # Application File Type ***************************** 362 363 # network items ************************************* 364 self.network_radio_button = builder.get_object("network_button") 365 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 366 367 self.network_out_treeview = builder.get_object("outbound_treeview") 368 self.network_out_liststore = builder.get_object("network_out_liststore") 369 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 370 self.network_out_filter = builder.get_object("network_out_filter") 371 self.network_out_filter.set_visible_func(self.filter_the_data) 372 self.network_out_tab = builder.get_object("network_out_tab") 373 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 374 375 self.network_in_treeview = builder.get_object("inbound_treeview") 376 self.network_in_liststore = builder.get_object("network_in_liststore") 377 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 378 self.network_in_filter = builder.get_object("network_in_filter") 379 self.network_in_filter.set_visible_func(self.filter_the_data) 380 self.network_in_tab = builder.get_object("network_in_tab") 381 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 382 # network items ************************************* 383 384 # boolean items ************************************ 385 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 386 self.boolean_liststore = builder.get_object("boolean_liststore") 387 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 388 self.boolean_filter = builder.get_object("boolean_filter") 389 self.boolean_filter.set_visible_func(self.filter_the_data) 390 391 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 392 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 393 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 394 self.boolean_radio_button = builder.get_object("Booleans_button") 395 self.active_button = self.boolean_radio_button 396 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 397 # boolean items ************************************ 398 399 # transitions items ************************************ 400 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 401 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 402 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 403 self.transitions_into_filter = builder.get_object("transitions_into_filter") 404 self.transitions_into_filter.set_visible_func(self.filter_the_data) 405 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 406 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 407 408 self.transitions_radio_button = builder.get_object("Transitions_button") 409 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 410 411 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 412 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 413 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 414 self.transitions_from_filter = builder.get_object("transitions_from_filter") 415 self.transitions_from_filter.set_visible_func(self.filter_the_data) 416 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 417 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 418 419 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 420 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 421 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 422 self.transitions_file_filter = builder.get_object("file_transitions_filter") 423 self.transitions_file_filter.set_visible_func(self.filter_the_data) 424 self.transitions_file_tab = builder.get_object("file_transitions") 425 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 426 # transitions items ************************************ 427 428 # Combobox and Entry items ************************** 429 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 430 self.combobox_menu_model = builder.get_object("application_liststore") 431 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 432 self.completion_entry_model = builder.get_object("application_liststore") 433 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 434 #self.entrycompletion_obj = Gtk.EntryCompletion() 435 self.entrycompletion_obj.set_model(self.completion_entry_model) 436 self.entrycompletion_obj.set_minimum_key_length(0) 437 self.entrycompletion_obj.set_text_column(0) 438 self.entrycompletion_obj.set_match_func(self.match_func, None) 439 self.completion_entry.set_completion(self.entrycompletion_obj) 440 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 441 # Combobox and Entry items ************************** 442 443 # Modify buttons ************************************ 444 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 445 # Modify button ************************************* 446 447 # status bar ***************************************** 448 self.current_status_label = builder.get_object("Enforcing_label") 449 self.current_status_enforcing = builder.get_object("Enforcing_button") 450 self.current_status_permissive = builder.get_object("Permissive_button") 451 self.status_bar = builder.get_object("status_bar") 452 self.context_id = self.status_bar.get_context_id("SELinux status") 453 454 # filters ********************************************* 455 self.filter_entry = builder.get_object("filter_entry") 456 self.filter_box = builder.get_object("filter_box") 457 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 458 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 459 460 # Toggle button **************************************** 461 self.cell = builder.get_object("activate") 462 self.del_cell_files = builder.get_object("files_toggle_delete") 463 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 464 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 465 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 466 self.del_cell_user = builder.get_object("user_toggle_delete") 467 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 468 self.del_cell_login = builder.get_object("login_toggle_delete") 469 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 470 self.del_cell_network = builder.get_object("network_toggle_delete") 471 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 472 self.update_cell = builder.get_object("toggle_update") 473 # Notebook items *************************************** 474 self.outer_notebook = builder.get_object("outer_notebook") 475 self.inner_notebook_files = builder.get_object("files_inner_notebook") 476 self.inner_notebook_network = builder.get_object("network_inner_notebook") 477 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 478 # logind gui *************************************** 479 loading_gui = builder.get_object("loading_gui") 480 481 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 482 self.all_entries = [] 483 484 # Need to connect button on code because the tree view model is a treeviewsort 485 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 486 487 self.loading = 1 488 path = None 489 if test: 490 domains = ["httpd_t", "abrt_t"] 491 if app and app not in domains: 492 domains.append(app) 493 else: 494 domains = sepolicy_domains 495 loading_gui.show() 496 length = len(domains) 497 for domain in domains: 498 # After the user selects a path in the drop down menu call 499 # get_init_entrypoint_target(entrypoint) to get the transtype 500 # which will give you the application 501 self.combo_box_initialize(domain, None) 502 self.advanced_search_initialize(domain) 503 self.all_list.append(domain) 504 self.percentage = float(float(self.loading) / float(length)) 505 self.progress_bar.set_fraction(self.percentage) 506 self.progress_bar.set_pulse_step(self.percentage) 507 self.idle_func() 508 509 entrypoint = sepolicy.get_init_entrypoint(domain) 510 if entrypoint: 511 path = sepolicy.find_entrypoint_path(entrypoint) 512 if path: 513 self.combo_box_initialize(path, None) 514 # Adds all files entrypoint paths that exists on disc 515 # into the combobox 516 self.advanced_search_initialize(path) 517 self.installed_list.append(path) 518 519 self.loading += 1 520 loading_gui.hide() 521 522 dic = { 523 "on_combo_button_clicked": self.open_combo_menu, 524 "on_disable_ptrace_toggled": self.on_disable_ptrace, 525 "on_SELinux_window_configure_event": self.hide_combo_menu, 526 "on_entrycompletion_obj_match_selected": self.set_application_label, 527 "on_filter_changed": self.get_filter_data, 528 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 529 "on_save_changes_login_clicked": self.update_to_login, 530 "on_save_changes_user_clicked": self.update_to_user, 531 "on_save_changes_files_clicked": self.update_to_files, 532 "on_save_changes_network_clicked": self.update_to_network, 533 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 534 "item_in_tree_selected": self.cursor_changed, 535 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 536 "on_save_delete_clicked": self.on_save_delete_clicked, 537 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 538 "on_retry_button_files_clicked": self.invalid_entry_retry, 539 "on_make_path_recursive_toggled": self.recursive_path, 540 "on_files_path_entry_button_press_event": self.highlight_entry_text, 541 "on_files_path_entry_changed": self.autofill_add_files_entry, 542 "on_select_type_files_clicked": self.select_type_more, 543 "on_choose_file": self.on_browse_select, 544 "on_Enforcing_button_toggled": self.set_enforce, 545 "on_confirmation_close": self.confirmation_close, 546 "on_column_clicked": self.column_clicked, 547 "on_tab_switch": self.clear_filters, 548 549 "on_file_equiv_button_clicked": self.show_file_equiv_page, 550 "on_app/system_button_clicked": self.system_interface, 551 "on_app/users_button_clicked": self.users_interface, 552 "on_main_advanced_label_button_press_event": self.advanced_label_main, 553 554 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 555 "on_Browse_button_files_clicked": self.browse_for_files, 556 "on_cancel_popup_clicked": self.close_popup, 557 "on_treeview_cursor_changed": self.cursor_changed, 558 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 559 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 560 561 "on_cancel_button_browse_clicked": self.close_config_window, 562 "on_apply_button_clicked": self.apply_changes_button_press, 563 "on_Revert_button_clicked": self.update_or_revert_changes, 564 "on_Update_button_clicked": self.update_or_revert_changes, 565 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 566 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 567 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 568 "on_All_advanced_button_toggled": self.advanced_radio_select, 569 "on_Installed_advanced_button_toggled": self.advanced_radio_select, 570 "on_info_button_button_press_event": self.on_help_button, 571 "on_back_button_clicked": self.on_help_back_clicked, 572 "on_forward_button_clicked": self.on_help_forward_clicked, 573 "on_Boolean_treeview_columns_changed": self.resize_columns, 574 "on_completion_entry_changed": self.application_selected, 575 "on_Add_button_clicked": self.add_button_clicked, 576 "on_Delete_button_clicked": self.delete_button_clicked, 577 "on_Modify_button_clicked": self.modify_button_clicked, 578 "on_Show_modified_only_toggled": self.on_show_modified_only, 579 "on_cancel_button_config_clicked": self.close_config_window, 580 "on_Import_button_clicked": self.import_config_show, 581 "on_Export_button_clicked": self.export_config_show, 582 "on_enable_unconfined_toggled": self.unconfined_toggle, 583 "on_enable_permissive_toggled": self.permissive_toggle, 584 "on_system_policy_type_combobox_changed": self.change_default_policy, 585 "on_Enforcing_button_default_toggled": self.change_default_mode, 586 "on_Permissive_button_default_toggled": self.change_default_mode, 587 "on_Disabled_button_default_toggled": self.change_default_mode, 588 589 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 590 "on_advanced_system_button_press_event": self.reveal_advanced_system, 591 "on_files_type_combobox_changed": self.show_more_types, 592 "on_filter_row_changed": self.filter_the_data, 593 "on_button_toggled": self.tab_change, 594 "gtk_main_quit": self.closewindow 595 } 596 597 self.previously_modified_initialize(customized) 598 builder.connect_signals(dic) 599 self.window.show() # Show the gui to the screen 600 GLib.timeout_add_seconds(5, self.selinux_status) 601 self.selinux_status() 602 self.lockdown_inited = False 603 self.add_modify_delete_box.hide() 604 self.filter_box.hide() 605 if self.status == DISABLED: 606 self.show_system_page() 607 else: 608 if self.application: 609 self.applications_selection_button.set_label(self.application) 610 self.completion_entry.set_text(self.application) 611 self.show_applications_page() 612 self.tab_change() 613 else: 614 self.clearbuttons() 615 self.outer_notebook.set_current_page(START_PAGE) 616 617 self.reinit() 618 self.finish_init = True 619 Gtk.main() 620 621 def init_cur(self): 622 self.cur_dict = {} 623 for k in keys: 624 self.cur_dict[k] = {} 625 626 def remove_cur(self, ctr): 627 i = 0 628 for k in self.cur_dict: 629 for j in self.cur_dict[k]: 630 if i == ctr: 631 del(self.cur_dict[k][j]) 632 return 633 i += 1 634 635 def selinux_status(self): 636 try: 637 self.status = selinux.security_getenforce() 638 except OSError: 639 self.status = DISABLED 640 if self.status == DISABLED: 641 self.current_status_label.set_sensitive(False) 642 self.current_status_enforcing.set_sensitive(False) 643 self.current_status_permissive.set_sensitive(False) 644 self.enforcing_button_default.set_sensitive(False) 645 self.status_bar.push(self.context_id, _("System Status: Disabled")) 646 self.info_text.set_label(DISABLED_TEXT) 647 else: 648 self.set_enforce_text(self.status) 649 if os.path.exists('/.autorelabel'): 650 self.relabel_button.set_active(True) 651 else: 652 self.relabel_button_no.set_active(True) 653 654 policytype = selinux.selinux_getpolicytype()[1] 655 656 mode = selinux.selinux_getenforcemode()[1] 657 if mode == ENFORCING: 658 self.enforcing_button_default.set_active(True) 659 if mode == PERMISSIVE: 660 self.permissive_button_default.set_active(True) 661 if mode == DISABLED: 662 self.disabled_button_default.set_active(True) 663 664 return True 665 666 def lockdown_init(self): 667 if self.lockdown_inited: 668 return 669 self.wait_mouse() 670 self.lockdown_inited = True 671 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 672 self.module_dict = {} 673 for m in self.dbus.semodule_list().split("\n"): 674 mod = m.split() 675 if len(mod) < 2: 676 continue 677 self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)} 678 679 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 680 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 681 self.ready_mouse() 682 683 def column_clicked(self, treeview, treepath, treecol, *args): 684 iter = self.get_selected_iter() 685 if not iter: 686 return 687 688 if self.opage == BOOLEANS_PAGE: 689 if treecol.get_name() == "more_detail_col": 690 self.display_more_detail(self.window, treepath) 691 692 if self.opage == FILES_PAGE: 693 visible = self.liststore.get_value(iter, 3) 694 # If visible is true then fix mislabeled will be visible 695 if treecol.get_name() == "restorecon_col" and visible: 696 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 697 698 if self.opage == TRANSITIONS_PAGE: 699 bool_name = self.liststore.get_value(iter, 1) 700 if bool_name: 701 self.boolean_radio_button.clicked() 702 self.filter_entry.set_text(bool_name) 703 704 def idle_func(self): 705 while Gtk.events_pending(): 706 Gtk.main_iteration() 707 708 def match_func(self, completion, key_string, iter, func_data): 709 try: 710 if self.combobox_menu_model.get_value(iter, 0).find(key_string) != -1: 711 return True 712 return False 713 except AttributeError: 714 pass 715 716 def help_show_page(self): 717 self.back_button.set_sensitive(self.help_page != 0) 718 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 719 try: 720 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 721 buf = fd.read() 722 fd.close() 723 except IOError: 724 buf = "" 725 help_text = self.help_text.get_buffer() 726 help_text.set_text(buf % {"APP": self.application}) 727 self.help_text.set_buffer(help_text) 728 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 729 self.show_popup(self.help_window) 730 731 def on_help_back_clicked(self, *args): 732 self.help_page -= 1 733 self.help_show_page() 734 735 def on_help_forward_clicked(self, *args): 736 self.help_page += 1 737 self.help_show_page() 738 739 def on_help_button(self, *args): 740 self.help_page = 0 741 self.help_list = [] 742 if self.opage == START_PAGE: 743 self.help_window.set_title(_("Help: Start Page")) 744 self.help_list = ["start"] 745 746 if self.opage == BOOLEANS_PAGE: 747 self.help_window.set_title(_("Help: Booleans Page")) 748 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 749 750 if self.opage == FILES_PAGE: 751 ipage = self.inner_notebook_files.get_current_page() 752 if ipage == EXE_PAGE: 753 self.help_window.set_title(_("Help: Executable Files Page")) 754 self.help_list = ["files_exec"] 755 if ipage == WRITABLE_PAGE: 756 self.help_window.set_title(_("Help: Writable Files Page")) 757 self.help_list = ["files_write"] 758 if ipage == APP_PAGE: 759 self.help_window.set_title(_("Help: Application Types Page")) 760 self.help_list = ["files_app"] 761 if self.opage == NETWORK_PAGE: 762 ipage = self.inner_notebook_network.get_current_page() 763 if ipage == OUTBOUND_PAGE: 764 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 765 self.help_list = ["ports_outbound"] 766 if ipage == INBOUND_PAGE: 767 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 768 self.help_list = ["ports_inbound"] 769 770 if self.opage == TRANSITIONS_PAGE: 771 ipage = self.inner_notebook_transitions.get_current_page() 772 if ipage == TRANSITIONS_FROM_PAGE: 773 self.help_window.set_title(_("Help: Transition from application Page")) 774 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 775 if ipage == TRANSITIONS_TO_PAGE: 776 self.help_window.set_title(_("Help: Transition into application Page")) 777 self.help_list = ["transition_to"] 778 if ipage == TRANSITIONS_FILE_PAGE: 779 self.help_window.set_title(_("Help: Transition application file Page")) 780 self.help_list = ["transition_file"] 781 782 if self.opage == SYSTEM_PAGE: 783 self.help_window.set_title(_("Help: Systems Page")) 784 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 785 786 if self.opage == LOCKDOWN_PAGE: 787 self.help_window.set_title(_("Help: Lockdown Page")) 788 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 789 790 if self.opage == LOGIN_PAGE: 791 self.help_window.set_title(_("Help: Login Page")) 792 self.help_list = ["login", "login_default"] 793 794 if self.opage == USER_PAGE: 795 self.help_window.set_title(_("Help: SELinux User Page")) 796 self.help_list = ["users"] 797 798 if self.opage == FILE_EQUIV_PAGE: 799 self.help_window.set_title(_("Help: File Equivalence Page")) 800 self.help_list = ["file_equiv"] 801 return self.help_show_page() 802 803 def open_combo_menu(self, *args): 804 if self.popup == 0: 805 self.popup = 1 806 location = self.window.get_position() 807 self.main_selection_window.move(location[0] + 2, location[1] + 65) 808 self.main_selection_window.show() 809 else: 810 self.main_selection_window.hide() 811 self.popup = 0 812 813 def hide_combo_menu(self, *args): 814 self.main_selection_window.hide() 815 self.popup = 0 816 817 def set_application_label(self, *args): 818 self.set_application_label = True 819 820 def resize_wrap(self, *args): 821 print args 822 823 def initialize_system_default_mode(self): 824 self.enforce_mode = selinux.selinux_getenforcemode()[1] 825 if self.enforce_mode == ENFORCING: 826 self.enforce_button = self.enforcing_button_default 827 if self.enforce_mode == PERMISSIVE: 828 self.enforce_button = self.permissive_button_default 829 if self.enforce_mode == DISABLED: 830 self.enforce_button = self.disabled_button_default 831 832 def populate_system_policy(self): 833 selinux_path = selinux.selinux_path() 834 types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0] 835 types.sort() 836 ctr = 0 837 for item in types: 838 iter = self.system_policy_type_liststore.append() 839 self.system_policy_type_liststore.set_value(iter, 0, item) 840 if item == self.initialtype: 841 self.system_policy_type_combobox.set_active(ctr) 842 self.typeHistory = ctr 843 ctr += 1 844 return ctr 845 846 def filter_the_data(self, list, iter, *args): 847 # When there is no txt in the box show all items in the tree 848 if self.filter_txt == "": 849 return True 850 try: 851 for x in range(0, list.get_n_columns()): 852 try: 853 val = list.get_value(iter, x) 854 if val == True or val == False or val == None: 855 continue 856 # Returns true if filter_txt exists within the val 857 if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): 858 return True 859 except AttributeError, TypeError: 860 pass 861 except: # ValueError: 862 pass 863 return False 864 865 def net_update(self, app, netd, protocol, direction, model): 866 for k in netd.keys(): 867 for t, ports in netd[k]: 868 pkey = (",".join(ports), protocol) 869 if pkey in self.cur_dict["port"]: 870 if self.cur_dict["port"][pkey]["action"] == "-d": 871 continue 872 if t != self.cur_dict["port"][pkey]["type"]: 873 continue 874 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 875 876 def file_equiv_initialize(self): 877 self.wait_mouse() 878 edict = sepolicy.get_file_equiv() 879 self.file_equiv_liststore.clear() 880 for f in edict: 881 iter = self.file_equiv_liststore.append() 882 if edict[f]["modify"]: 883 name = self.markup(f) 884 equiv = self.markup(edict[f]["equiv"]) 885 else: 886 name = f 887 equiv = edict[f]["equiv"] 888 889 self.file_equiv_liststore.set_value(iter, 0, name) 890 self.file_equiv_liststore.set_value(iter, 1, equiv) 891 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 892 self.ready_mouse() 893 894 def user_initialize(self): 895 self.wait_mouse() 896 self.user_liststore.clear() 897 for u in sepolicy.get_selinux_users(): 898 iter = self.user_liststore.append() 899 self.user_liststore.set_value(iter, 0, str(u["name"])) 900 roles = u["roles"] 901 if "object_r" in roles: 902 roles.remove("object_r") 903 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 904 self.user_liststore.set_value(iter, 2, u["level"]) 905 self.user_liststore.set_value(iter, 3, u["range"]) 906 self.user_liststore.set_value(iter, 4, True) 907 self.ready_mouse() 908 909 def login_initialize(self): 910 self.wait_mouse() 911 self.login_liststore.clear() 912 for u in sepolicy.get_login_mappings(): 913 iter = self.login_liststore.append() 914 self.login_liststore.set_value(iter, 0, u["name"]) 915 self.login_liststore.set_value(iter, 1, u["seuser"]) 916 self.login_liststore.set_value(iter, 2, u["mls"]) 917 self.login_liststore.set_value(iter, 3, True) 918 self.ready_mouse() 919 920 def network_initialize(self, app): 921 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect") 922 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 923 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind") 924 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 925 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind") 926 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 927 928 def network_initial_data_insert(self, model, ports, portType, protocol): 929 iter = model.append() 930 model.set_value(iter, 0, ports) 931 model.set_value(iter, 1, protocol) 932 model.set_value(iter, 2, portType) 933 model.set_value(iter, 4, True) 934 935 def combo_set_active_text(self, combobox, val): 936 ctr = 0 937 liststore = combobox.get_model() 938 for i in liststore: 939 if i[0] == val: 940 combobox.set_active(ctr) 941 return 942 ctr += 1 943 944 niter = liststore.get_iter(ctr - 1) 945 if liststore.get_value(niter, 0) == _("More..."): 946 iter = liststore.insert_before(niter) 947 ctr = ctr - 1 948 else: 949 iter = liststore.append() 950 liststore.set_value(iter, 0, val) 951 combobox.set_active(ctr) 952 953 def combo_get_active_text(self, combobox): 954 liststore = combobox.get_model() 955 index = combobox.get_active() 956 if index < 0: 957 return None 958 iter = liststore.get_iter(index) 959 return liststore.get_value(iter, 0) 960 961 def combo_box_initialize(self, val, desc): 962 if val == None: 963 return 964 iter = self.combobox_menu_model.append() 965 for f in val: 966 self.combobox_menu_model.set_value(iter, 0, val) 967 968 def select_type_more(self, *args): 969 app = self.moreTypes_treeview.get_selection() 970 iter = app.get_selected()[1] 971 if iter == None: 972 return 973 app = self.more_types_files_liststore.get_value(iter, 0) 974 self.combo_set_active_text(self.files_type_combobox, app) 975 self.closewindow(self.moreTypes_window_files) 976 977 def advanced_item_button_push(self, *args): 978 row = self.advanced_search_treeview.get_selection() 979 model, iter = row.get_selected() 980 iter = model.convert_iter_to_child_iter(iter) 981 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 982 app = self.advanced_search_liststore.get_value(iter, 1) 983 if app == None: 984 return 985 self.advanced_filter_entry.set_text('') 986 self.advanced_search_window.hide() 987 self.reveal_advanced(self.main_advanced_label) 988 self.completion_entry.set_text(app) 989 self.application_selected() 990 991 def advanced_item_selected(self, treeview, path, *args): 992 iter = self.advanced_search_filter.get_iter(path) 993 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 994 app = self.advanced_search_liststore.get_value(iter, 1) 995 self.advanced_filter_entry.set_text('') 996 self.advanced_search_window.hide() 997 self.reveal_advanced(self.main_advanced_label) 998 self.completion_entry.set_text(app) 999 self.application_selected() 1000 1001 def find_application(self, app): 1002 if app and len(app) > 0: 1003 for items in self.combobox_menu_model: 1004 if app == items[0]: 1005 return True 1006 return False 1007 1008 def application_selected(self, *args): 1009 self.show_mislabeled_files_only.set_visible(False) 1010 self.mislabeled_files_label.set_visible(False) 1011 self.warning_files.set_visible(False) 1012 self.filter_entry.set_text('') 1013 1014 app = self.completion_entry.get_text() 1015 if not self.find_application(app): 1016 return 1017 self.show_applications_page() 1018 self.add_button.set_sensitive(True) 1019 self.delete_button.set_sensitive(True) 1020 # Clear the tree to prepare for a new selection otherwise 1021 self.executable_files_liststore.clear() 1022 # data will pile up everytime the user selects a new item from the drop down menu 1023 self.network_in_liststore.clear() 1024 self.network_out_liststore.clear() 1025 self.boolean_liststore.clear() 1026 self.transitions_into_liststore.clear() 1027 self.transitions_from_treestore.clear() 1028 self.application_files_liststore.clear() 1029 self.writable_files_liststore.clear() 1030 self.transitions_file_liststore.clear() 1031 1032 try: 1033 if app[0] == '/': 1034 app = sepolicy.get_init_transtype(app) 1035 if not app: 1036 return 1037 self.application = app 1038 except IndexError: 1039 pass 1040 1041 self.wait_mouse() 1042 self.previously_modified_initialize(self.dbus.customized()) 1043 self.reinit() 1044 self.boolean_initialize(app) 1045 self.mislabeled_files = False 1046 self.executable_files_initialize(app) 1047 self.network_initialize(app) 1048 self.writable_files_initialize(app) 1049 self.transitions_into_initialize(app) 1050 self.transitions_from_initialize(app) 1051 self.application_files_initialize(app) 1052 self.transitions_files_initialize(app) 1053 1054 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) 1055 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) 1056 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) 1057 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) 1058 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) 1059 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) 1060 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) 1061 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) 1062 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) 1063 self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) 1064 self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) 1065 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to the '%s', when executing a selected domains entrypoint.") % app) 1066 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when the '%s' executes them.") % app) 1067 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' will transitions to a different label." % app)) 1068 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) 1069 1070 self.application = app 1071 self.applications_selection_button.set_label(self.application) 1072 self.ready_mouse() 1073 1074 def reinit(self): 1075 sepolicy.reinit() 1076 self.fcdict = sepolicy.get_fcdict() 1077 self.local_file_paths = sepolicy.get_local_file_paths() 1078 1079 def previously_modified_initialize(self, buf): 1080 self.cust_dict = {} 1081 for i in buf.split("\n"): 1082 rec = i.split() 1083 if len(rec) == 0: 1084 continue 1085 if rec[1] == "-D": 1086 continue 1087 if rec[0] not in self.cust_dict: 1088 self.cust_dict[rec[0]] = {} 1089 if rec[0] == "boolean": 1090 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1091 if rec[0] == "login": 1092 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1093 if rec[0] == "interface": 1094 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1095 if rec[0] == "user": 1096 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1097 if rec[0] == "port": 1098 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1099 if rec[0] == "node": 1100 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1101 if rec[0] == "fcontext": 1102 if rec[2] == "-e": 1103 if "fcontext-equiv" not in self.cust_dict: 1104 self.cust_dict["fcontext-equiv"] = {} 1105 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1106 else: 1107 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1108 if rec[0] == "module": 1109 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1110 1111 if "module" not in self.cust_dict: 1112 return 1113 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1114 if semodule in self.cust_dict["module"]: 1115 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1116 1117 for i in keys: 1118 if i not in self.cust_dict: 1119 self.cust_dict.update({i: {}}) 1120 1121 def executable_files_initialize(self, application): 1122 self.entrypoints = sepolicy.get_entrypoints(application) 1123 for exe in self.entrypoints.keys(): 1124 if len(self.entrypoints[exe]) == 0: 1125 continue 1126 file_class = self.entrypoints[exe][1] 1127 for path in self.entrypoints[exe][0]: 1128 if (path, file_class) in self.cur_dict["fcontext"]: 1129 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1130 continue 1131 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1132 continue 1133 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1134 1135 def mislabeled(self, path): 1136 try: 1137 con = selinux.matchpathcon(path, 0)[1] 1138 cur = selinux.getfilecon(path)[1] 1139 return con != cur 1140 except OSError: 1141 return False 1142 1143 def set_mislabeled(self, tree, path, iter, niter): 1144 if not self.mislabeled(path): 1145 return 1146 con = selinux.matchpathcon(path, 0)[1] 1147 cur = selinux.getfilecon(path)[1] 1148 self.mislabeled_files = True 1149 # Set visibility of label 1150 tree.set_value(niter, 3, True) 1151 # Has a mislabel 1152 tree.set_value(iter, 4, True) 1153 tree.set_value(niter, 4, True) 1154 tree.set_value(iter, 5, con.split(":")[2]) 1155 tree.set_value(iter, 6, cur.split(":")[2]) 1156 1157 def writable_files_initialize(self, application): 1158 # Traversing the dictionary data struct 1159 self.writable_files = sepolicy.get_writable_files(application) 1160 for write in self.writable_files.keys(): 1161 if len(self.writable_files[write]) < 2: 1162 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1163 continue 1164 file_class = self.writable_files[write][1] 1165 for path in self.writable_files[write][0]: 1166 if (path, file_class) in self.cur_dict["fcontext"]: 1167 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1168 continue 1169 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1170 continue 1171 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1172 1173 def files_initial_data_insert(self, liststore, path, seLinux_label, file_class): 1174 iter = liststore.append(None) 1175 if path == None: 1176 path = _("MISSING FILE PATH") 1177 modify = False 1178 else: 1179 modify = (path, file_class) in self.local_file_paths 1180 for p in sepolicy.find_file(path): 1181 niter = liststore.append(iter) 1182 liststore.set_value(niter, 0, p) 1183 self.set_mislabeled(liststore, p, iter, niter) 1184 if modify: 1185 path = self.markup(path) 1186 file_class = self.markup(selinux_label) 1187 file_class = self.markup(file_class) 1188 liststore.set_value(iter, 0, path) 1189 liststore.set_value(iter, 1, seLinux_label) 1190 liststore.set_value(iter, 2, file_class) 1191 liststore.set_value(iter, 7, modify) 1192 1193 def markup(self, f): 1194 return "<b>%s</b>" % f 1195 1196 def unmarkup(self, f): 1197 if f: 1198 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1199 return None 1200 1201 def application_files_initialize(self, application): 1202 self.file_types = sepolicy.get_file_types(application) 1203 for app in self.file_types.keys(): 1204 if len(self.file_types[app]) == 0: 1205 continue 1206 file_class = self.file_types[app][1] 1207 for path in self.file_types[app][0]: 1208 desc = sepolicy.get_description(app, markup=self.markup) 1209 if (path, file_class) in self.cur_dict["fcontext"]: 1210 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1211 continue 1212 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1213 continue 1214 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1215 1216 def modified(self): 1217 i = 0 1218 for k in self.cur_dict: 1219 if len(self.cur_dict[k]) > 0: 1220 return True 1221 return False 1222 1223 def boolean_initialize(self, application): 1224 for blist in sepolicy.get_bools(application): 1225 for b, active in blist: 1226 if b in self.cur_dict["boolean"]: 1227 active = self.cur_dict["boolean"][b]['active'] 1228 desc = sepolicy.boolean_desc(b) 1229 self.boolean_initial_data_insert(b, desc, active) 1230 1231 def boolean_initial_data_insert(self, val, desc, active): 1232 # Insert data from data source into tree 1233 iter = self.boolean_liststore.append() 1234 self.boolean_liststore.set_value(iter, 0, active) 1235 self.boolean_liststore.set_value(iter, 1, desc) 1236 self.boolean_liststore.set_value(iter, 2, val) 1237 self.boolean_liststore.set_value(iter, 3, _('More...')) 1238 1239 def transitions_into_initialize(self, application): 1240 for x in sepolicy.get_transitions_into(application): 1241 active = None 1242 executable = None 1243 source = None 1244 if "boolean" in x: 1245 active = x["boolean"] 1246 if "target" in x: 1247 executable = x["target"] 1248 if "source" in x: 1249 source = x["source"] 1250 self.transitions_into_initial_data_insert(active, executable, source) 1251 1252 def transitions_into_initial_data_insert(self, active, executable, source): 1253 iter = self.transitions_into_liststore.append() 1254 if active != None: 1255 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1256 else: 1257 self.transitions_into_liststore.set_value(iter, 0, "Default") 1258 1259 self.transitions_into_liststore.set_value(iter, 2, executable) 1260 self.transitions_into_liststore.set_value(iter, 1, source) 1261 1262 def transitions_from_initialize(self, application): 1263 for x in sepolicy.get_transitions(application): 1264 active = None 1265 executable = None 1266 transtype = None 1267 if "boolean" in x: 1268 active = x["boolean"] 1269 if "target" in x: 1270 executable_type = x["target"] 1271 if "transtype" in x: 1272 transtype = x["transtype"] 1273 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1274 try: 1275 for executable in self.fcdict[executable_type]["regex"]: 1276 self.transitions_from_initial_data_insert(active, executable, transtype) 1277 except KeyError: 1278 pass 1279 1280 def transitions_from_initial_data_insert(self, active, executable, transtype): 1281 iter = self.transitions_from_treestore.append(None) 1282 if active == None: 1283 self.transitions_from_treestore.set_value(iter, 0, "Default") 1284 self.transitions_from_treestore.set_value(iter, 5, False) 1285 else: 1286 niter = self.transitions_from_treestore.append(iter) 1287 # active[0][1] is either T or F (enabled is all the way at the top) 1288 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1289 markup = '<span foreground="blue"><u>%s</u></span>' 1290 if active[0][1]: 1291 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section.")))) 1292 else: 1293 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section.")))) 1294 1295 # active[0][0] is the Bool Name 1296 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1297 self.transitions_from_treestore.set_value(niter, 5, True) 1298 1299 self.transitions_from_treestore.set_value(iter, 2, executable) 1300 self.transitions_from_treestore.set_value(iter, 3, transtype) 1301 1302 def transitions_files_initialize(self, application): 1303 for i in sepolicy.get_file_transitions(application): 1304 if 'filename' in i: 1305 filename = i['filename'] 1306 else: 1307 filename = None 1308 self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) 1309 1310 def transitions_files_inital_data_insert(self, path, tclass, dest, name): 1311 iter = self.transitions_file_liststore.append() 1312 self.transitions_file_liststore.set_value(iter, 0, path) 1313 self.transitions_file_liststore.set_value(iter, 1, tclass) 1314 self.transitions_file_liststore.set_value(iter, 2, dest) 1315 if name == None: 1316 name = '*' 1317 self.transitions_file_liststore.set_value(iter, 3, name) 1318 1319 def tab_change(self, *args): 1320 self.clear_filters() 1321 self.treeview = None 1322 self.treesort = None 1323 self.treefilter = None 1324 self.liststore = None 1325 self.modify_button.set_sensitive(False) 1326 self.add_modify_delete_box.hide() 1327 self.show_modified_only.set_visible(False) 1328 self.show_mislabeled_files_only.set_visible(False) 1329 self.mislabeled_files_label.set_visible(False) 1330 self.warning_files.set_visible(False) 1331 1332 if self.boolean_radio_button.get_active(): 1333 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1334 self.treeview = self.boolean_treeview 1335 self.show_modified_only.set_visible(True) 1336 1337 if self.files_radio_button.get_active(): 1338 self.show_popup(self.add_modify_delete_box) 1339 self.show_modified_only.set_visible(True) 1340 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1341 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1342 self.warning_files.set_visible(self.mislabeled_files) 1343 self.outer_notebook.set_current_page(FILES_PAGE) 1344 if args[0] == self.inner_notebook_files: 1345 ipage = args[2] 1346 else: 1347 ipage = self.inner_notebook_files.get_current_page() 1348 if ipage == EXE_PAGE: 1349 self.treeview = self.executable_files_treeview 1350 category = _("executable") 1351 elif ipage == WRITABLE_PAGE: 1352 self.treeview = self.writable_files_treeview 1353 category = _("writable") 1354 elif ipage == APP_PAGE: 1355 self.treeview = self.application_files_treeview 1356 category = _("application") 1357 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1358 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1359 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1360 1361 if self.network_radio_button.get_active(): 1362 self.add_modify_delete_box.show() 1363 self.show_modified_only.set_visible(True) 1364 self.outer_notebook.set_current_page(NETWORK_PAGE) 1365 if args[0] == self.inner_notebook_network: 1366 ipage = args[2] 1367 else: 1368 ipage = self.inner_notebook_network.get_current_page() 1369 if ipage == OUTBOUND_PAGE: 1370 self.treeview = self.network_out_treeview 1371 category = _("connect") 1372 if ipage == INBOUND_PAGE: 1373 self.treeview = self.network_in_treeview 1374 category = _("listen for inbound connections") 1375 1376 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) 1377 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) 1378 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1379 1380 if self.transitions_radio_button.get_active(): 1381 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1382 if args[0] == self.inner_notebook_transitions: 1383 ipage = args[2] 1384 else: 1385 ipage = self.inner_notebook_transitions.get_current_page() 1386 if ipage == TRANSITIONS_FROM_PAGE: 1387 self.treeview = self.transitions_from_treeview 1388 if ipage == TRANSITIONS_TO_PAGE: 1389 self.treeview = self.transitions_into_treeview 1390 if ipage == TRANSITIONS_FILE_PAGE: 1391 self.treeview = self.transitions_file_treeview 1392 1393 if self.system_radio_button.get_active(): 1394 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1395 self.filter_box.hide() 1396 1397 if self.lockdown_radio_button.get_active(): 1398 self.lockdown_init() 1399 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1400 self.filter_box.hide() 1401 1402 if self.user_radio_button.get_active(): 1403 self.outer_notebook.set_current_page(USER_PAGE) 1404 self.add_modify_delete_box.show() 1405 self.show_modified_only.set_visible(True) 1406 self.treeview = self.user_treeview 1407 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1408 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1409 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1410 1411 if self.login_radio_button.get_active(): 1412 self.outer_notebook.set_current_page(LOGIN_PAGE) 1413 self.add_modify_delete_box.show() 1414 self.show_modified_only.set_visible(True) 1415 self.treeview = self.login_treeview 1416 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1417 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1418 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1419 1420 if self.file_equiv_radio_button.get_active(): 1421 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1422 self.add_modify_delete_box.show() 1423 self.show_modified_only.set_visible(True) 1424 self.treeview = self.file_equiv_treeview 1425 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1426 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1427 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1428 1429 self.opage = self.outer_notebook.get_current_page() 1430 if self.treeview: 1431 self.filter_box.show() 1432 self.treesort = self.treeview.get_model() 1433 self.treefilter = self.treesort.get_model() 1434 self.liststore = self.treefilter.get_model() 1435 for x in range(0, self.liststore.get_n_columns()): 1436 col = self.treeview.get_column(x) 1437 if col: 1438 cell = col.get_cells()[0] 1439 if isinstance(cell, Gtk.CellRendererText): 1440 self.liststore.set_sort_func(x, self.stripsort, None) 1441 self.treeview.get_selection().unselect_all() 1442 self.modify_button.set_sensitive(False) 1443 1444 def stripsort(self, model, row1, row2, user_data): 1445 sort_column, _ = model.get_sort_column_id() 1446 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1447 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1448 return cmp(val1, val2) 1449 1450 def display_more_detail(self, windows, path): 1451 it = self.boolean_filter.get_iter(path) 1452 it = self.boolean_filter.convert_iter_to_child_iter(it) 1453 1454 self.boolean_more_detail_tree_data_set.clear() 1455 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1456 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1457 for b in blist: 1458 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1459 self.show_popup(self.boolean_more_detail_window) 1460 1461 def display_more_detail_init(self, source, target, class_type, permission): 1462 iter = self.boolean_more_detail_tree_data_set.append() 1463 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1464 1465 def add_button_clicked(self, *args): 1466 self.modify = False 1467 if self.opage == NETWORK_PAGE: 1468 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1469 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1470 self.init_network_dialog(args) 1471 return 1472 1473 if self.opage == FILES_PAGE: 1474 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1475 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1476 self.init_files_dialog(args) 1477 ipage = self.inner_notebook_files.get_current_page() 1478 if ipage == EXE_PAGE: 1479 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1480 else: 1481 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1482 self.clear_entry = True 1483 1484 if self.opage == LOGIN_PAGE: 1485 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1486 self.login_popup_window.set_title(_("Add Login Mapping")) 1487 self.login_init_dialog(args) 1488 self.clear_entry = True 1489 1490 if self.opage == USER_PAGE: 1491 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1492 self.user_popup_window.set_title(_("Add SELinux Users")) 1493 self.user_init_dialog(args) 1494 self.clear_entry = True 1495 1496 if self.opage == FILE_EQUIV_PAGE: 1497 self.file_equiv_source_entry.set_text("") 1498 self.file_equiv_dest_entry.set_text("") 1499 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1500 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1501 self.clear_entry = True 1502 self.show_popup(self.file_equiv_popup_window) 1503 1504 self.new_updates() 1505 1506 def show_popup(self, window): 1507 self.current_popup = window 1508 window.show() 1509 1510 def close_popup(self, *args): 1511 self.current_popup.hide() 1512 self.window.set_sensitive(True) 1513 return True 1514 1515 def modify_button_clicked(self, *args): 1516 iter = None 1517 if self.treeview: 1518 iter = self.get_selected_iter() 1519 if not iter: 1520 self.modify_button.set_sensitive(False) 1521 return 1522 self.modify = True 1523 if self.opage == NETWORK_PAGE: 1524 self.modify_button_network_clicked(args) 1525 1526 if self.opage == FILES_PAGE: 1527 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1528 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1529 self.delete_old_item = None 1530 self.init_files_dialog(args) 1531 self.modify = True 1532 operation = "Modify" 1533 mls = 1 1534 ipage = self.inner_notebook_files.get_current_page() 1535 1536 if ipage == EXE_PAGE: 1537 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1538 self.delete_old_item = iter 1539 path = self.executable_files_liststore.get_value(iter, 0) 1540 self.files_path_entry.set_text(path) 1541 ftype = self.executable_files_liststore.get_value(iter, 1) 1542 if type != None: 1543 self.combo_set_active_text(self.files_type_combobox, ftype) 1544 tclass = self.executable_files_liststore.get_value(iter, 2) 1545 if tclass != None: 1546 self.combo_set_active_text(self.files_class_combobox, tclass) 1547 1548 if ipage == WRITABLE_PAGE: 1549 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1550 self.delete_old_item = iter 1551 path = self.writable_files_liststore.get_value(iter, 0) 1552 self.files_path_entry.set_text(path) 1553 type = self.writable_files_liststore.get_value(iter, 1) 1554 if type != None: 1555 self.combo_set_active_text(self.files_type_combobox, type) 1556 tclass = self.writable_files_liststore.get_value(iter, 2) 1557 if tclass != None: 1558 self.combo_set_active_text(self.files_class_combobox, tclass) 1559 1560 if ipage == APP_PAGE: 1561 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1562 self.delete_old_item = iter 1563 path = self.application_files_liststore.get_value(iter, 0) 1564 self.files_path_entry.set_text(path) 1565 try: 1566 get_type = self.application_files_liststore.get_value(iter, 1) 1567 get_type = get_type.split("<b>")[1].split("</b>") 1568 except AttributeError: 1569 pass 1570 type = self.application_files_liststore.get_value(iter, 2) 1571 if type != None: 1572 self.combo_set_active_text(self.files_type_combobox, type) 1573 tclass = get_type[0] 1574 if tclass != None: 1575 self.combo_set_active_text(self.files_class_combobox, tclass) 1576 1577 if self.opage == USER_PAGE: 1578 self.user_init_dialog(args) 1579 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1580 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1581 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1582 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1583 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1584 self.user_popup_window.set_title(_("Modify SELinux Users")) 1585 self.show_popup(self.user_popup_window) 1586 1587 if self.opage == LOGIN_PAGE: 1588 self.login_init_dialog(args) 1589 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1590 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1591 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1592 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1593 self.login_popup_window.set_title(_("Modify Login Mapping")) 1594 self.show_popup(self.login_popup_window) 1595 1596 if self.opage == FILE_EQUIV_PAGE: 1597 self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter, 0)) 1598 self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter, 1)) 1599 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1600 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1601 self.clear_entry = True 1602 self.show_popup(self.file_equiv_popup_window) 1603 1604 def populate_type_combo(self, tree, loc, *args): 1605 iter = self.more_types_files_liststore.get_iter(loc) 1606 ftype = self.more_types_files_liststore.get_value(iter, 0) 1607 self.combo_set_active_text(self.files_type_combobox, ftype) 1608 self.show_popup(self.files_popup_window) 1609 self.moreTypes_window_files.hide() 1610 1611 def strip_domain(self, domain): 1612 if domain == None: 1613 return 1614 if domain.endswith("_script_t"): 1615 split_char = "_script_t" 1616 else: 1617 split_char = "_t" 1618 return domain.split(split_char)[0] 1619 1620 def exclude_type(self, type, exclude_list): 1621 for e in exclude_list: 1622 if type.startswith(e): 1623 return True 1624 return False 1625 1626 def init_files_dialog(self, *args): 1627 exclude_list = [] 1628 self.files_class_combobox.set_sensitive(True) 1629 self.show_popup(self.files_popup_window) 1630 ipage = self.inner_notebook_files.get_current_page() 1631 self.files_type_combolist.clear() 1632 self.files_class_combolist.clear() 1633 compare = self.strip_domain(self.application) 1634 for d in self.completion_entry_model: 1635 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1636 exclude_list.append(self.strip_domain(d[0])) 1637 1638 self.more_types_files_liststore.clear() 1639 try: 1640 for files in sepolicy.file_type_str: 1641 iter = self.files_class_combolist.append() 1642 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1643 1644 if ipage == EXE_PAGE and self.entrypoints != None: 1645 for exe in self.entrypoints.keys(): 1646 if exe.startswith(compare): 1647 iter = self.files_type_combolist.append() 1648 self.files_type_combolist.set_value(iter, 0, exe) 1649 iter = self.more_types_files_liststore.append() 1650 self.more_types_files_liststore.set_value(iter, 0, exe) 1651 self.files_class_combobox.set_active(4) 1652 self.files_class_combobox.set_sensitive(False) 1653 1654 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1655 for write in self.writable_files.keys(): 1656 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1657 iter = self.files_type_combolist.append() 1658 self.files_type_combolist.set_value(iter, 0, write) 1659 iter = self.more_types_files_liststore.append() 1660 self.more_types_files_liststore.set_value(iter, 0, write) 1661 self.files_class_combobox.set_active(0) 1662 elif ipage == APP_PAGE and self.file_types != None: 1663 for app in sepolicy.get_all_file_types(): 1664 if app.startswith(compare): 1665 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1666 iter = self.files_type_combolist.append() 1667 self.files_type_combolist.set_value(iter, 0, app) 1668 iter = self.more_types_files_liststore.append() 1669 self.more_types_files_liststore.set_value(iter, 0, app) 1670 self.files_class_combobox.set_active(0) 1671 except AttributeError: 1672 print "error" 1673 pass 1674 self.files_type_combobox.set_active(0) 1675 self.files_mls_entry.set_text("s0") 1676 iter = self.files_type_combolist.append() 1677 self.files_type_combolist.set_value(iter, 0, _('More...')) 1678 1679 def modify_button_network_clicked(self, *args): 1680 iter = self.get_selected_iter() 1681 if not iter: 1682 self.modify_button.set_sensitive(False) 1683 return 1684 1685 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1686 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1687 self.delete_old_item = None 1688 self.init_network_dialog(args) 1689 operation = "Modify" 1690 mls = 1 1691 self.modify = True 1692 iter = self.get_selected_iter() 1693 port = self.liststore.get_value(iter, 0) 1694 self.network_ports_entry.set_text(port) 1695 protocol = self.liststore.get_value(iter, 1) 1696 if protocol == "tcp": 1697 self.network_tcp_button.set_active(True) 1698 elif protocol == "udp": 1699 self.network_udp_button.set_active(True) 1700 type = self.liststore.get_value(iter, 2) 1701 if type != None: 1702 self.combo_set_active_text(self.network_port_type_combobox, type) 1703 self.delete_old_item = iter 1704 1705 def init_network_dialog(self, *args): 1706 self.show_popup(self.network_popup_window) 1707 ipage = self.inner_notebook_network.get_current_page() 1708 self.network_port_type_combolist.clear() 1709 self.network_ports_entry.set_text("") 1710 1711 try: 1712 if ipage == OUTBOUND_PAGE: 1713 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect") 1714 elif ipage == INBOUND_PAGE: 1715 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind") 1716 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind") 1717 1718 port_types = [] 1719 for k in netd.keys(): 1720 for t, ports in netd[k]: 1721 if t not in port_types + ["port_t", "unreserved_port_t"]: 1722 if t.endswith("_type"): 1723 continue 1724 1725 port_types.append(t) 1726 1727 port_types.sort() 1728 short_domain = self.strip_domain(self.application) 1729 if short_domain[-1] == "d": 1730 short_domain = short_domain[:-1] 1731 short_domain = short_domain + "_" 1732 ctr = 0 1733 found = 0 1734 for t in port_types: 1735 if t.startswith(short_domain): 1736 found = ctr 1737 iter = self.network_port_type_combolist.append() 1738 self.network_port_type_combolist.set_value(iter, 0, t) 1739 ctr += 1 1740 self.network_port_type_combobox.set_active(found) 1741 1742 except AttributeError: 1743 pass 1744 1745 self.network_tcp_button.set_active(True) 1746 self.network_mls_entry.set_text("s0") 1747 1748 def login_seuser_combobox_change(self, combo, *args): 1749 seuser = self.combo_get_active_text(combo) 1750 if self.login_mls_entry.get_text() == "": 1751 for u in sepolicy.get_selinux_users(): 1752 if seuser == u['name']: 1753 self.login_mls_entry.set_text(u['range']) 1754 1755 def user_roles_combobox_change(self, combo, *args): 1756 serole = self.combo_get_active_text(combo) 1757 if self.user_mls_entry.get_text() == "": 1758 for u in sepolicy.get_all_roles(): 1759 if serole == u['name']: 1760 self.user_mls_entry.set_text(u['range']) 1761 1762 def get_selected_iter(self): 1763 iter = None 1764 if not self.treeview: 1765 return None 1766 row = self.treeview.get_selection() 1767 if not row: 1768 return None 1769 treesort, iter = row.get_selected() 1770 if iter: 1771 iter = treesort.convert_iter_to_child_iter(iter) 1772 if iter: 1773 iter = self.treefilter.convert_iter_to_child_iter(iter) 1774 return iter 1775 1776 def cursor_changed(self, *args): 1777 self.modify_button.set_sensitive(False) 1778 iter = self.get_selected_iter() 1779 if iter == None: 1780 self.modify_button.set_sensitive(False) 1781 return 1782 if not self.liststore[iter] or not self.liststore[iter][-1]: 1783 return 1784 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1785 1786 def login_init_dialog(self, *args): 1787 self.show_popup(self.login_popup_window) 1788 self.login_seuser_combolist.clear() 1789 users = sepolicy.get_all_users() 1790 users.sort() 1791 for u in users: 1792 iter = self.login_seuser_combolist.append() 1793 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1794 self.login_name_entry.set_text("") 1795 self.login_mls_entry.set_text("") 1796 1797 def user_init_dialog(self, *args): 1798 self.show_popup(self.user_popup_window) 1799 self.user_roles_combolist.clear() 1800 roles = sepolicy.get_all_roles() 1801 roles.sort() 1802 for r in roles: 1803 iter = self.user_roles_combolist.append() 1804 self.user_roles_combolist.set_value(iter, 0, str(r)) 1805 self.user_name_entry.set_text("") 1806 self.user_mls_entry.set_text("") 1807 1808 def on_disable_ptrace(self, checkbutton): 1809 if self.finish_init: 1810 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1811 self.wait_mouse() 1812 try: 1813 self.dbus.semanage(update_buffer) 1814 except dbus.exceptions.DBusException, e: 1815 self.error(e) 1816 self.ready_mouse() 1817 1818 def on_show_modified_only(self, checkbutton): 1819 length = self.liststore.get_n_columns() 1820 1821 def dup_row(row): 1822 l = [] 1823 for i in range(0, length): 1824 l.append(row[i]) 1825 return l 1826 1827 append_list = [] 1828 if self.opage == BOOLEANS_PAGE: 1829 if not checkbutton.get_active(): 1830 return self.boolean_initialize(self.application) 1831 1832 for row in self.liststore: 1833 if row[2] in self.cust_dict["boolean"]: 1834 append_list.append(dup_row(row)) 1835 1836 if self.opage == FILES_PAGE: 1837 ipage = self.inner_notebook_files.get_current_page() 1838 if not checkbutton.get_active(): 1839 if ipage == EXE_PAGE: 1840 return self.executable_files_initialize(self.application) 1841 if ipage == WRITABLE_PAGE: 1842 return self.writable_files_initialize(self.application) 1843 if ipage == APP_PAGE: 1844 return self.application_files_initialize(self.application) 1845 for row in self.liststore: 1846 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1847 append_list.append(row) 1848 1849 if self.opage == NETWORK_PAGE: 1850 if not checkbutton.get_active(): 1851 return self.network_initialize(self.application) 1852 for row in self.liststore: 1853 if (row[0], row[1]) in self.cust_dict["port"]: 1854 append_list.append(dup_row(row)) 1855 1856 if self.opage == FILE_EQUIV_PAGE: 1857 if not checkbutton.get_active() == True: 1858 return self.file_equiv_initialize() 1859 1860 for row in self.liststore: 1861 if row[0] in self.cust_dict["fcontext-equiv"]: 1862 append_list.append(dup_row(row)) 1863 1864 if self.opage == USER_PAGE: 1865 if not checkbutton.get_active(): 1866 return self.user_initialize() 1867 1868 for row in self.liststore: 1869 if row[0] in self.cust_dict["user"]: 1870 append_list.append(dup_row(row)) 1871 1872 if self.opage == LOGIN_PAGE: 1873 if not checkbutton.get_active() == True: 1874 return self.login_initialize() 1875 1876 for row in self.liststore: 1877 if row[0] in self.cust_dict["login"]: 1878 append_list.append(dup_row(row)) 1879 1880 self.liststore.clear() 1881 for row in append_list: 1882 iter = self.liststore.append() 1883 for i in range(0, length): 1884 self.liststore.set_value(iter, i, row[i]) 1885 1886 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1887 iter = tree.append(None) 1888 tree.set_value(iter, 0, path) 1889 tree.set_value(iter, 1, ftype) 1890 tree.set_value(iter, 2, fclass) 1891 1892 def restore_to_default(self, *args): 1893 print "restore to defualt clicked..." 1894 1895 def invalid_entry_retry(self, *args): 1896 self.closewindow(self.error_check_window) 1897 self.files_popup_window.set_sensitive(True) 1898 self.network_popup_window.set_sensitive(True) 1899 1900 def error_check_files(self, insert_txt): 1901 if len(insert_txt) == 0 or insert_txt[0] != '/': 1902 self.error_check_window.show() 1903 self.files_popup_window.set_sensitive(False) 1904 self.network_popup_window.set_sensitive(False) 1905 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1906 return True 1907 return False 1908 1909 def error_check_network(self, port): 1910 try: 1911 pnum = int(port) 1912 if pnum < 1 or pnum > 65536: 1913 raise ValueError 1914 except ValueError: 1915 self.error_check_window.show() 1916 self.files_popup_window.set_sensitive(False) 1917 self.network_popup_window.set_sensitive(False) 1918 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1919 return True 1920 return False 1921 1922 def show_more_types(self, *args): 1923 if self.finish_init: 1924 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1925 self.files_popup_window.hide() 1926 self.moreTypes_window_files.show() 1927 1928 def update_to_login(self, *args): 1929 self.close_popup() 1930 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1931 mls_range = self.login_mls_entry.get_text() 1932 name = self.login_name_entry.get_text() 1933 if self.modify: 1934 iter = self.get_selected_iter() 1935 oldname = self.login_liststore.get_value(iter, 0) 1936 oldseuser = self.login_liststore.get_value(iter, 1) 1937 oldrange = self.login_liststore.get_value(iter, 2) 1938 self.liststore.set_value(iter, 0, oldname) 1939 self.liststore.set_value(iter, 1, oldseuser) 1940 self.liststore.set_value(iter, 2, oldrange) 1941 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1942 else: 1943 iter = self.liststore.append(None) 1944 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1945 1946 self.liststore.set_value(iter, 0, name) 1947 self.liststore.set_value(iter, 1, seuser) 1948 self.liststore.set_value(iter, 2, mls_range) 1949 1950 self.new_updates() 1951 1952 def update_to_user(self, *args): 1953 self.close_popup() 1954 roles = self.combo_get_active_text(self.user_roles_combobox) 1955 level = self.user_mls_level_entry.get_text() 1956 mls_range = self.user_mls_entry.get_text() 1957 name = self.user_name_entry.get_text() 1958 if self.modify: 1959 iter = self.get_selected_iter() 1960 oldname = self.user_liststore.get_value(iter, 0) 1961 oldroles = self.user_liststore.get_value(iter, 1) 1962 oldlevel = self.user_liststore.get_value(iter, 1) 1963 oldrange = self.user_liststore.get_value(iter, 3) 1964 self.liststore.set_value(iter, 0, oldname) 1965 self.liststore.set_value(iter, 1, oldroles) 1966 self.liststore.set_value(iter, 2, oldlevel) 1967 self.liststore.set_value(iter, 3, oldrange) 1968 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1969 else: 1970 iter = self.liststore.append(None) 1971 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1972 1973 self.liststore.set_value(iter, 0, name) 1974 self.liststore.set_value(iter, 1, roles) 1975 self.liststore.set_value(iter, 2, level) 1976 self.liststore.set_value(iter, 3, mls_range) 1977 1978 self.new_updates() 1979 1980 def update_to_file_equiv(self, *args): 1981 self.close_popup() 1982 dest = self.file_equiv_dest_entry.get_text() 1983 src = self.file_equiv_source_entry.get_text() 1984 if self.modify: 1985 iter = self.get_selected_iter() 1986 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1987 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1988 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1989 else: 1990 iter = self.liststore.append(None) 1991 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 1992 self.liststore.set_value(iter, 0, self.markup(dest)) 1993 self.liststore.set_value(iter, 1, self.markup(src)) 1994 1995 def update_to_files(self, *args): 1996 self.close_popup() 1997 self.files_add = True 1998 # Insert Function will be used in the future 1999 path = self.files_path_entry.get_text() 2000 if self.error_check_files(path): 2001 return 2002 2003 setype = self.combo_get_active_text(self.files_type_combobox) 2004 mls = self.files_mls_entry.get_text() 2005 tclass = self.combo_get_active_text(self.files_class_combobox) 2006 2007 if self.modify: 2008 iter = self.get_selected_iter() 2009 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2010 setype = self.unmark(self.liststore.set_value(iter, 1)) 2011 oldtclass = self.liststore.get_value(iter, 2) 2012 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass} 2013 else: 2014 iter = self.liststore.append(None) 2015 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2016 self.liststore.set_value(iter, 0, self.markup(path)) 2017 self.liststore.set_value(iter, 1, self.markup(setype)) 2018 self.liststore.set_value(iter, 2, self.markup(tclass)) 2019 2020 self.files_add = False 2021 self.recursive_path_toggle.set_active(False) 2022 self.new_updates() 2023 2024 def update_to_network(self, *args): 2025 self.network_add = True 2026 ports = self.network_ports_entry.get_text() 2027 if self.error_check_network(ports): 2028 return 2029 if self.network_tcp_button.get_active(): 2030 protocol = "tcp" 2031 else: 2032 protocol = "udp" 2033 2034 setype = self.combo_get_active_text(self.network_port_type_combobox) 2035 mls = self.network_mls_entry.get_text() 2036 2037 if self.modify: 2038 iter = self.get_selected_iter() 2039 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2040 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2041 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2042 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports} 2043 else: 2044 iter = self.liststore.append(None) 2045 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2046 self.liststore.set_value(iter, 0, ports) 2047 self.liststore.set_value(iter, 1, protocol) 2048 self.liststore.set_value(iter, 2, setype) 2049 2050 self.network_add = False 2051 self.network_popup_window.hide() 2052 self.window.set_sensitive(True) 2053 self.new_updates() 2054 2055 def delete_button_clicked(self, *args): 2056 operation = "Add" 2057 self.window.set_sensitive(False) 2058 if self.opage == NETWORK_PAGE: 2059 self.network_delete_liststore.clear() 2060 port_dict = self.cust_dict["port"] 2061 for ports, protocol in port_dict: 2062 setype = port_dict[(ports, protocol)]["type"] 2063 iter = self.network_delete_liststore.append() 2064 self.network_delete_liststore.set_value(iter, 1, ports) 2065 self.network_delete_liststore.set_value(iter, 2, protocol) 2066 self.network_delete_liststore.set_value(iter, 3, setype) 2067 self.show_popup(self.network_delete_window) 2068 return 2069 2070 if self.opage == FILES_PAGE: 2071 self.files_delete_liststore.clear() 2072 fcontext_dict = self.cust_dict["fcontext"] 2073 for path, tclass in fcontext_dict: 2074 setype = fcontext_dict[(path, tclass)]["type"] 2075 iter = self.files_delete_liststore.append() 2076 self.files_delete_liststore.set_value(iter, 1, path) 2077 self.files_delete_liststore.set_value(iter, 2, setype) 2078 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2079 self.show_popup(self.files_delete_window) 2080 return 2081 2082 if self.opage == USER_PAGE: 2083 self.user_delete_liststore.clear() 2084 user_dict = self.cust_dict["user"] 2085 for user in user_dict: 2086 roles = user_dict[user]["role"] 2087 mls = user_dict[user]["range"] 2088 level = user_dict[user]["level"] 2089 iter = self.user_delete_liststore.append() 2090 self.user_delete_liststore.set_value(iter, 1, user) 2091 self.user_delete_liststore.set_value(iter, 2, roles) 2092 self.user_delete_liststore.set_value(iter, 3, level) 2093 self.user_delete_liststore.set_value(iter, 4, mls) 2094 self.show_popup(self.user_delete_window) 2095 return 2096 2097 if self.opage == LOGIN_PAGE: 2098 self.login_delete_liststore.clear() 2099 login_dict = self.cust_dict["login"] 2100 for login in login_dict: 2101 seuser = login_dict[login]["seuser"] 2102 mls = login_dict[login]["range"] 2103 iter = self.login_delete_liststore.append() 2104 self.login_delete_liststore.set_value(iter, 1, seuser) 2105 self.login_delete_liststore.set_value(iter, 2, login) 2106 self.login_delete_liststore.set_value(iter, 3, mls) 2107 self.show_popup(self.login_delete_window) 2108 return 2109 2110 if self.opage == FILE_EQUIV_PAGE: 2111 self.file_equiv_delete_liststore.clear() 2112 for items in self.file_equiv_liststore: 2113 if items[2]: 2114 iter = self.file_equiv_delete_liststore.append() 2115 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2116 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2117 self.show_popup(self.file_equiv_delete_window) 2118 return 2119 2120 def on_save_delete_clicked(self, *args): 2121 self.close_popup() 2122 if self.opage == NETWORK_PAGE: 2123 for delete in self.network_delete_liststore: 2124 if delete[0]: 2125 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2126 if self.opage == FILES_PAGE: 2127 for delete in self.files_delete_liststore: 2128 if delete[0]: 2129 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2130 if self.opage == USER_PAGE: 2131 for delete in self.user_delete_liststore: 2132 if delete[0]: 2133 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2134 if self.opage == LOGIN_PAGE: 2135 for delete in self.login_delete_liststore: 2136 if delete[0]: 2137 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2138 if self.opage == FILE_EQUIV_PAGE: 2139 for delete in self.file_equiv_delete_liststore: 2140 if delete[0]: 2141 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2142 self.new_updates() 2143 2144 def on_save_delete_file_equiv_clicked(self, *args): 2145 for delete in self.files_delete_liststore: 2146 print delete[0], delete[1], delete[2], 2147 2148 def on_toggle_update(self, cell, path, model): 2149 model[path][0] = not model[path][0] 2150 2151 def ipage_delete(self, liststore, key): 2152 ctr = 0 2153 for items in liststore: 2154 if items[0] == key[0] and items[2] == key[1]: 2155 iter = liststore.get_iter(ctr) 2156 liststore.remove(iter) 2157 return 2158 ctr += 1 2159 2160 def on_toggle(self, cell, path, model): 2161 if not path: 2162 return 2163 iter = self.boolean_filter.get_iter(path) 2164 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2165 name = model.get_value(iter, 2) 2166 model.set_value(iter, 0, not model.get_value(iter, 0)) 2167 active = model.get_value(iter, 0) 2168 if name in self.cur_dict["boolean"]: 2169 del(self.cur_dict["boolean"][name]) 2170 else: 2171 self.cur_dict["boolean"][name] = {"active": active} 2172 self.new_updates() 2173 2174 def get_advanced_filter_data(self, entry, *args): 2175 self.filter_txt = entry.get_text() 2176 self.advanced_search_filter.refilter() 2177 2178 def get_filter_data(self, windows, *args): 2179 #search for desired item 2180 # The txt that the use rinputs into the filter is stored in filter_txt 2181 self.filter_txt = windows.get_text() 2182 self.treefilter.refilter() 2183 2184 def update_gui(self, *args): 2185 self.update = True 2186 self.update_treestore.clear() 2187 for bools in self.cur_dict["boolean"]: 2188 operation = self.cur_dict["boolean"][bools]["action"] 2189 iter = self.update_treestore.append(None) 2190 self.update_treestore.set_value(iter, 0, True) 2191 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2192 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2193 self.update_treestore.set_value(iter, 3, True) 2194 niter = self.update_treestore.append(iter) 2195 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2196 self.update_treestore.set_value(niter, 3, False) 2197 2198 for path, tclass in self.cur_dict["fcontext"]: 2199 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2200 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2201 iter = self.update_treestore.append(None) 2202 self.update_treestore.set_value(iter, 0, True) 2203 self.update_treestore.set_value(iter, 2, operation) 2204 self.update_treestore.set_value(iter, 0, True) 2205 if operation == "-a": 2206 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2207 if operation == "-d": 2208 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2209 if operation == "-m": 2210 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2211 2212 niter = self.update_treestore.append(iter) 2213 self.update_treestore.set_value(niter, 3, False) 2214 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2215 niter = self.update_treestore.append(iter) 2216 self.update_treestore.set_value(niter, 3, False) 2217 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2218 niter = self.update_treestore.append(iter) 2219 self.update_treestore.set_value(niter, 3, False) 2220 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2221 2222 for port, protocol in self.cur_dict["port"]: 2223 operation = self.cur_dict["port"][(port, protocol)]["action"] 2224 iter = self.update_treestore.append(None) 2225 self.update_treestore.set_value(iter, 0, True) 2226 self.update_treestore.set_value(iter, 2, operation) 2227 self.update_treestore.set_value(iter, 3, True) 2228 if operation == "-a": 2229 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2230 if operation == "-d": 2231 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2232 if operation == "-m": 2233 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2234 2235 niter = self.update_treestore.append(iter) 2236 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2237 self.update_treestore.set_value(niter, 3, False) 2238 niter = self.update_treestore.append(iter) 2239 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2240 self.update_treestore.set_value(niter, 3, False) 2241 setype = self.cur_dict["port"][(port, protocol)]["type"] 2242 niter = self.update_treestore.append(iter) 2243 self.update_treestore.set_value(niter, 3, False) 2244 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2245 2246 for user in self.cur_dict["user"]: 2247 operation = self.cur_dict["user"][user]["action"] 2248 iter = self.update_treestore.append(None) 2249 self.update_treestore.set_value(iter, 0, True) 2250 self.update_treestore.set_value(iter, 2, operation) 2251 self.update_treestore.set_value(iter, 0, True) 2252 if operation == "-a": 2253 self.update_treestore.set_value(iter, 1, _("Add user")) 2254 if operation == "-d": 2255 self.update_treestore.set_value(iter, 1, _("Delete user")) 2256 if operation == "-m": 2257 self.update_treestore.set_value(iter, 1, _("Modify user")) 2258 2259 niter = self.update_treestore.append(iter) 2260 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2261 self.update_treestore.set_value(niter, 3, False) 2262 niter = self.update_treestore.append(iter) 2263 self.update_treestore.set_value(niter, 3, False) 2264 roles = self.cur_dict["user"][user]["role"] 2265 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2266 mls = self.cur_dict["user"][user]["range"] 2267 niter = self.update_treestore.append(iter) 2268 self.update_treestore.set_value(niter, 3, False) 2269 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2270 2271 for login in self.cur_dict["login"]: 2272 operation = self.cur_dict["login"][login]["action"] 2273 iter = self.update_treestore.append(None) 2274 self.update_treestore.set_value(iter, 0, True) 2275 self.update_treestore.set_value(iter, 2, operation) 2276 self.update_treestore.set_value(iter, 0, True) 2277 if operation == "-a": 2278 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2279 if operation == "-d": 2280 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2281 if operation == "-m": 2282 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2283 2284 niter = self.update_treestore.append(iter) 2285 self.update_treestore.set_value(niter, 3, False) 2286 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2287 niter = self.update_treestore.append(iter) 2288 self.update_treestore.set_value(niter, 3, False) 2289 seuser = self.cur_dict["login"][login]["seuser"] 2290 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2291 mls = self.cur_dict["login"][login]["range"] 2292 niter = self.update_treestore.append(iter) 2293 self.update_treestore.set_value(niter, 3, False) 2294 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2295 2296 for path in self.cur_dict["fcontext-equiv"]: 2297 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2298 iter = self.update_treestore.append(None) 2299 self.update_treestore.set_value(iter, 0, True) 2300 self.update_treestore.set_value(iter, 2, operation) 2301 self.update_treestore.set_value(iter, 0, True) 2302 if operation == "-a": 2303 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2304 if operation == "-d": 2305 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2306 if operation == "-m": 2307 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2308 2309 niter = self.update_treestore.append(iter) 2310 self.update_treestore.set_value(niter, 3, False) 2311 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2312 niter = self.update_treestore.append(iter) 2313 self.update_treestore.set_value(niter, 3, False) 2314 src = self.cur_dict["fcontext-equiv"][path]["src"] 2315 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2316 2317 self.show_popup(self.update_window) 2318 2319 def set_active_application_button(self): 2320 if self.boolean_radio_button.get_active(): 2321 self.active_button = self.boolean_radio_button 2322 if self.files_radio_button.get_active(): 2323 self.active_button = self.files_radio_button 2324 if self.transitions_radio_button.get_active(): 2325 self.active_button = self.transitions_radio_button 2326 if self.network_radio_button.get_active(): 2327 self.active_button = self.network_radio_button 2328 2329 def clearbuttons(self, clear=True): 2330 self.main_selection_window.hide() 2331 self.boolean_radio_button.set_visible(False) 2332 self.files_radio_button.set_visible(False) 2333 self.network_radio_button.set_visible(False) 2334 self.transitions_radio_button.set_visible(False) 2335 self.system_radio_button.set_visible(False) 2336 self.lockdown_radio_button.set_visible(False) 2337 self.user_radio_button.set_visible(False) 2338 self.login_radio_button.set_visible(False) 2339 if clear: 2340 self.completion_entry.set_text("") 2341 2342 def show_system_page(self): 2343 self.clearbuttons() 2344 self.system_radio_button.set_visible(True) 2345 self.lockdown_radio_button.set_visible(True) 2346 self.applications_selection_button.set_label(_("System")) 2347 self.system_radio_button.set_active(True) 2348 self.tab_change() 2349 self.idle_func() 2350 2351 def show_file_equiv_page(self, *args): 2352 self.clearbuttons() 2353 self.file_equiv_initialize() 2354 self.file_equiv_radio_button.set_active(True) 2355 self.applications_selection_button.set_label(_("File Equivalence")) 2356 self.tab_change() 2357 self.idle_func() 2358 self.add_button.set_sensitive(True) 2359 self.delete_button.set_sensitive(True) 2360 2361 def show_users_page(self): 2362 self.clearbuttons() 2363 self.login_radio_button.set_visible(True) 2364 self.user_radio_button.set_visible(True) 2365 self.applications_selection_button.set_label(_("Users")) 2366 self.login_radio_button.set_active(True) 2367 self.tab_change() 2368 self.user_initialize() 2369 self.login_initialize() 2370 self.idle_func() 2371 self.add_button.set_sensitive(True) 2372 self.delete_button.set_sensitive(True) 2373 2374 def show_applications_page(self): 2375 self.clearbuttons(False) 2376 self.boolean_radio_button.set_visible(True) 2377 self.files_radio_button.set_visible(True) 2378 self.network_radio_button.set_visible(True) 2379 self.transitions_radio_button.set_visible(True) 2380 self.boolean_radio_button.set_active(True) 2381 self.tab_change() 2382 self.idle_func() 2383 2384 def system_interface(self, *args): 2385 self.show_system_page() 2386 2387 def users_interface(self, *args): 2388 self.show_users_page() 2389 2390 def show_mislabeled_files(self, checkbutton, *args): 2391 iterlist = [] 2392 ctr = 0 2393 ipage = self.inner_notebook_files.get_current_page() 2394 if checkbutton.get_active() == True: 2395 for items in self.liststore: 2396 iter = self.treesort.get_iter(ctr) 2397 iter = self.treesort.convert_iter_to_child_iter(iter) 2398 iter = self.treefilter.convert_iter_to_child_iter(iter) 2399 if iter != None: 2400 if self.liststore.get_value(iter, 4) == False: 2401 iterlist.append(iter) 2402 ctr += 1 2403 for iters in iterlist: 2404 self.liststore.remove(iters) 2405 2406 elif self.application != None: 2407 self.liststore.clear() 2408 if ipage == EXE_PAGE: 2409 self.executable_files_initialize(self.application) 2410 elif ipage == WRITABLE_PAGE: 2411 self.writable_files_initialize(self.application) 2412 elif ipage == APP_PAGE: 2413 self.application_files_initialize(self.application) 2414 2415 def fix_mislabeled(self, path): 2416 cur = selinux.getfilecon(path)[1].split(":")[2] 2417 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2418 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2419 self.dbus.restorecon(path) 2420 self.application_selected() 2421 2422 def new_updates(self, *args): 2423 self.update_button.set_sensitive(self.modified()) 2424 self.revert_button.set_sensitive(self.modified()) 2425 2426 def update_or_revert_changes(self, button, *args): 2427 self.update_gui() 2428 self.update = (button.get_label() == _("Update")) 2429 if self.update: 2430 self.update_window.set_title(_("Update Changes")) 2431 else: 2432 self.update_window.set_title(_("Revert Changes")) 2433 2434 def apply_changes_button_press(self, *args): 2435 self.close_popup() 2436 if self.update: 2437 self.update_the_system() 2438 else: 2439 self.revert_data() 2440 self.finish_init = False 2441 self.previously_modified_initialize(self.dbus.customized()) 2442 self.finish_init = True 2443 self.clear_filters() 2444 self.application_selected() 2445 self.new_updates() 2446 self.update_treestore.clear() 2447 2448 def update_the_system(self, *args): 2449 self.close_popup() 2450 update_buffer = self.format_update() 2451 self.wait_mouse() 2452 try: 2453 self.dbus.semanage(update_buffer) 2454 except dbus.exceptions.DBusException, e: 2455 print e 2456 self.ready_mouse() 2457 self.init_cur() 2458 2459 def ipage_value_lookup(self, lookup): 2460 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2461 for value in ipage_values: 2462 if value == lookup: 2463 return ipage_values[value] 2464 return "Booleans" 2465 2466 def get_attributes_update(self, attribute): 2467 attribute = attribute.split(": ")[1] 2468 bool_id = attribute.split(": ")[0] 2469 if bool_id == "SELinux name": 2470 self.bool_revert = attribute 2471 else: 2472 return attribute 2473 2474 def format_update(self): 2475 self.revert_data() 2476 update_buffer = "" 2477 for k in self.cur_dict: 2478 if k in "boolean": 2479 for b in self.cur_dict[k]: 2480 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2481 if k in "login": 2482 for l in self.cur_dict[k]: 2483 if self.cur_dict[k][l]["action"] == "-d": 2484 update_buffer += "login -d %s\n" % l 2485 else: 2486 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2487 if k in "user": 2488 for u in self.cur_dict[k]: 2489 if self.cur_dict[k][u]["action"] == "-d": 2490 update_buffer += "user -d %s\n" % u 2491 else: 2492 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2493 2494 if k in "fcontext-equiv": 2495 for f in self.cur_dict[k]: 2496 if self.cur_dict[k][f]["action"] == "-d": 2497 update_buffer += "fcontext -d %s\n" % f 2498 else: 2499 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2500 2501 if k in "fcontext": 2502 for f in self.cur_dict[k]: 2503 if self.cur_dict[k][f]["action"] == "-d": 2504 update_buffer += "fcontext -d %s\n" % f 2505 else: 2506 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2507 2508 if k in "port": 2509 for port, protocol in self.cur_dict[k]: 2510 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2511 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2512 else: 2513 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port) 2514 2515 return update_buffer 2516 2517 def revert_data(self): 2518 ctr = 0 2519 remove_list = [] 2520 update_buffer = "" 2521 for items in self.update_treestore: 2522 if not self.update_treestore[ctr][0]: 2523 remove_list.append(ctr) 2524 ctr += 1 2525 remove_list.reverse() 2526 for ctr in remove_list: 2527 self.remove_cur(ctr) 2528 2529 def reveal_advanced_system(self, label, *args): 2530 advanced = label.get_text() == ADVANCED_LABEL[0] 2531 if advanced: 2532 label.set_text(ADVANCED_LABEL[1]) 2533 else: 2534 label.set_text(ADVANCED_LABEL[0]) 2535 self.system_policy_label.set_visible(advanced) 2536 self.system_policy_type_combobox.set_visible(advanced) 2537 2538 def reveal_advanced(self, label, *args): 2539 advanced = label.get_text() == ADVANCED_LABEL[0] 2540 if advanced: 2541 label.set_text(ADVANCED_LABEL[1]) 2542 else: 2543 label.set_text(ADVANCED_LABEL[0]) 2544 self.files_mls_label.set_visible(advanced) 2545 self.files_mls_entry.set_visible(advanced) 2546 self.network_mls_label.set_visible(advanced) 2547 self.network_mls_entry.set_visible(advanced) 2548 2549 def advanced_search_initialize(self, path): 2550 try: 2551 if path[0] == '/': 2552 domain = sepolicy.get_init_transtype(path) 2553 else: 2554 domain = path 2555 except IndexError: 2556 return 2557 except OSError: 2558 return 2559 iter = self.advanced_search_liststore.append() 2560 self.advanced_search_liststore.set_value(iter, 0, path) 2561 self.advanced_search_liststore.set_value(iter, 1, domain) 2562 user_types = sepolicy.get_user_types() 2563 if domain in user_types + ['initrc_t']: 2564 return 2565 2566 entrypoints = sepolicy.get_entrypoints(domain) 2567 # From entry_point = 0 to the number of keys in the dic 2568 for exe in entrypoints: 2569 if len(entrypoints[exe]): 2570 file_class = entrypoints[exe][1] 2571 for path in entrypoints[exe][0]: 2572 iter = self.advanced_search_liststore.append() 2573 self.advanced_search_liststore.set_value(iter, 1, domain) 2574 self.advanced_search_liststore.set_value(iter, 0, path) 2575 2576 def advanced_label_main(self, label, *args): 2577 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2578 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2579 self.close_popup() 2580 else: 2581 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2582 self.show_popup(self.advanced_search_window) 2583 2584 def advanced_radio_select(self, button): 2585 label = "" 2586 if button.get_active(): 2587 label = button.get_label() 2588 if label == '': 2589 return 2590 self.advanced_search_liststore.clear() 2591 if label == "All": 2592 for items in self.all_list: 2593 self.advanced_search_initialize(items) 2594 self.idle_func() 2595 2596 elif label == "Installed": 2597 if self.installed_list == []: 2598 return 2599 for items in self.installed_list: 2600 self.advanced_search_initialize(items) 2601 self.idle_func() 2602 2603 def set_enforce_text(self, value): 2604 if value: 2605 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2606 else: 2607 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2608 self.current_status_permissive.set_active(True) 2609 2610 def set_enforce(self, button): 2611 self.dbus.setenforce(button.get_active()) 2612 self.set_enforce_text(button.get_active()) 2613 2614 def on_browse_select(self, *args): 2615 filename = self.file_dialog.get_filename() 2616 if filename == None: 2617 return 2618 self.clear_entry = False 2619 self.file_dialog.hide() 2620 self.files_path_entry.set_text(filename) 2621 if self.import_export == 'Import': 2622 self.import_config(filename) 2623 elif self.import_export == 'Export': 2624 self.export_config(filename) 2625 2626 def recursive_path(self, *args): 2627 path = self.files_path_entry.get_text() 2628 if self.recursive_path_toggle.get_active(): 2629 if not path.endswith("(/.*)?"): 2630 self.files_path_entry.set_text(path + "(/.*)?") 2631 elif path.endswith("(/.*)?"): 2632 path = path.split("(/.*)?")[0] 2633 self.files_path_entry.set_text(path) 2634 2635 def highlight_entry_text(self, entry_obj, *args): 2636 txt = entry_obj.get_text() 2637 if self.clear_entry: 2638 entry_obj.set_text('') 2639 self.clear_entry = False 2640 2641 def autofill_add_files_entry(self, entry): 2642 text = entry.get_text() 2643 if text == '': 2644 return 2645 if text.endswith("(/.*)?"): 2646 self.recursive_path_toggle.set_active(True) 2647 for d in sepolicy.DEFAULT_DIRS: 2648 if text.startswith(d): 2649 for t in self.files_type_combolist: 2650 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2651 self.combo_set_active_text(self.files_type_combobox, t[0]) 2652 2653 def resize_columns(self, *args): 2654 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2655 width = self.boolean_column_1.get_width() 2656 renderer = self.boolean_column_1.get_cell_renderers() 2657 2658 def browse_for_files(self, *args): 2659 self.file_dialog.show() 2660 2661 def close_config_window(self, *args): 2662 self.file_dialog.hide() 2663 2664 def change_default_policy(self, *args): 2665 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2666 return 2667 2668 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2669 self.system_policy_type_combobox.set_active(self.typeHistory) 2670 return None 2671 2672 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2673 self.dbus.relabel_on_boot(True) 2674 self.typeHistory = self.system_policy_type_combobox.get_active() 2675 2676 def change_default_mode(self, button): 2677 if not self.finish_init: 2678 return 2679 self.enabled_changed(button) 2680 if button.get_active(): 2681 self.dbus.change_default_mode(button.get_label().lower()) 2682 2683 def import_config_show(self, *args): 2684 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2685 self.file_dialog.set_title("Import Configuration") 2686 self.file_dialog.show() 2687 #self.file_dialog.set_uri('/tmp') 2688 self.import_export = 'Import' 2689 2690 def export_config_show(self, *args): 2691 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2692 self.file_dialog.set_title("Export Configuration") 2693 self.file_dialog.show() 2694 self.import_export = 'Export' 2695 2696 def export_config(self, filename): 2697 self.wait_mouse() 2698 buf = self.dbus.customized() 2699 fd = open(filename, 'w') 2700 fd.write(buf) 2701 fd.close() 2702 self.ready_mouse() 2703 2704 def import_config(self, filename): 2705 fd = open(filename, "r") 2706 buf = fd.read() 2707 fd.close() 2708 self.wait_mouse() 2709 try: 2710 self.dbus.semanage(buf) 2711 except OSError: 2712 pass 2713 self.ready_mouse() 2714 2715 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2716 if (app, ipage, operation) not in dic: 2717 dic[app, ipage, operation] = {} 2718 if (p, q) not in dic[app, ipage, operation]: 2719 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2720 2721 def translate_bool(self, b): 2722 b = b.split('-')[1] 2723 if b == '0': 2724 return False 2725 if b == '1': 2726 return True 2727 2728 def relabel_on_reboot(self, *args): 2729 active = self.relabel_button.get_active() 2730 exists = os.path.exists("/.autorelabel") 2731 2732 if active and exists: 2733 return 2734 if not active and not exists: 2735 return 2736 try: 2737 self.dbus.relabel_on_boot(active) 2738 except dbus.exceptions.DBusException, e: 2739 self.error(e) 2740 2741 def closewindow(self, window, *args): 2742 window.hide() 2743 self.recursive_path_toggle.set_active(False) 2744 self.window.set_sensitive(True) 2745 if self.moreTypes_window_files == window: 2746 self.show_popup(self.files_popup_window) 2747 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2748 self.files_type_combobox.set_active(0) 2749 if self.error_check_window == window: 2750 if self.files_add: 2751 self.show_popup(self.files_popup_window) 2752 elif self.network_add: 2753 self.show_popup(self.network_popup_window) 2754 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2755 self.advanced_text_files.set_visible(True) 2756 self.files_mls_label.set_visible(False) 2757 self.files_mls_entry.set_visible(False) 2758 self.advanced_text_network.set_visible(True) 2759 self.network_mls_label.set_visible(False) 2760 self.network_mls_entry.set_visible(False) 2761 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2762 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2763 return True 2764 2765 def wait_mouse(self): 2766 self.window.get_window().set_cursor(self.busy_cursor) 2767 self.idle_func() 2768 2769 def ready_mouse(self): 2770 self.window.get_window().set_cursor(self.ready_cursor) 2771 self.idle_func() 2772 2773 def verify(self, message, title=""): 2774 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2775 Gtk.ButtonsType.YES_NO, 2776 message) 2777 dlg.set_title(title) 2778 dlg.set_position(Gtk.WindowPosition.MOUSE) 2779 dlg.show_all() 2780 rc = dlg.run() 2781 dlg.destroy() 2782 return rc 2783 2784 def error(self, message): 2785 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2786 Gtk.ButtonsType.CLOSE, 2787 message) 2788 dlg.set_position(Gtk.WindowPosition.MOUSE) 2789 dlg.show_all() 2790 dlg.run() 2791 dlg.destroy() 2792 2793 def enabled_changed(self, radio): 2794 if not radio.get_active(): 2795 return 2796 label = radio.get_label() 2797 if label == 'Disabled' and self.enforce_mode != DISABLED: 2798 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2799 self.enforce_button.set_active(True) 2800 2801 if label != 'Disabled' and self.enforce_mode == DISABLED: 2802 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2803 self.enforce_button.set_active(True) 2804 self.enforce_button = radio 2805 2806 def clear_filters(self, *args): 2807 self.filter_entry.set_text('') 2808 self.show_modified_only.set_active(False) 2809 2810 def unconfined_toggle(self, *args): 2811 if not self.finish_init: 2812 return 2813 self.wait_mouse() 2814 if self.enable_unconfined_button.get_active(): 2815 self.dbus.semanage("module -e unconfined") 2816 else: 2817 self.dbus.semanage("module -d unconfined") 2818 self.ready_mouse() 2819 2820 def permissive_toggle(self, *args): 2821 if not self.finish_init: 2822 return 2823 self.wait_mouse() 2824 if self.enable_permissive_button.get_active(): 2825 self.dbus.semanage("module -e permissivedomains") 2826 else: 2827 self.dbus.semanage("module -d permissivedomains") 2828 self.ready_mouse() 2829 2830 def confirmation_close(self, button, *args): 2831 if len(self.update_treestore) > 0: 2832 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2833 return True 2834 self.quit() 2835 2836 def quit(self, *args): 2837 sys.exit(0) 2838 2839if __name__ == '__main__': 2840 start = SELinuxGui() 2841