1514af85b89fff54f079f239294c727e4d61319edDan Walsh## usersPage.py - show selinux mappings 2514af85b89fff54f079f239294c727e4d61319edDan Walsh## Copyright (C) 2006,2007,2008 Red Hat, Inc. 3514af85b89fff54f079f239294c727e4d61319edDan Walsh 4514af85b89fff54f079f239294c727e4d61319edDan Walsh## This program is free software; you can redistribute it and/or modify 5514af85b89fff54f079f239294c727e4d61319edDan Walsh## it under the terms of the GNU General Public License as published by 6514af85b89fff54f079f239294c727e4d61319edDan Walsh## the Free Software Foundation; either version 2 of the License, or 7514af85b89fff54f079f239294c727e4d61319edDan Walsh## (at your option) any later version. 8514af85b89fff54f079f239294c727e4d61319edDan Walsh 9514af85b89fff54f079f239294c727e4d61319edDan Walsh## This program is distributed in the hope that it will be useful, 10514af85b89fff54f079f239294c727e4d61319edDan Walsh## but WITHOUT ANY WARRANTY; without even the implied warranty of 11514af85b89fff54f079f239294c727e4d61319edDan Walsh## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12514af85b89fff54f079f239294c727e4d61319edDan Walsh## GNU General Public License for more details. 13514af85b89fff54f079f239294c727e4d61319edDan Walsh 14514af85b89fff54f079f239294c727e4d61319edDan Walsh## You should have received a copy of the GNU General Public License 15514af85b89fff54f079f239294c727e4d61319edDan Walsh## along with this program; if not, write to the Free Software 16514af85b89fff54f079f239294c727e4d61319edDan Walsh## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17514af85b89fff54f079f239294c727e4d61319edDan Walsh 18514af85b89fff54f079f239294c727e4d61319edDan Walsh## Author: Dan Walsh 19514af85b89fff54f079f239294c727e4d61319edDan Walshimport sys 2005d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zamantry: 2105d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman from subprocess import getstatusoutput 2205d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zamanexcept ImportError: 2305d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman from commands import getstatusoutput 2405d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman 250f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Ioossfrom gi.repository import GObject, Gtk 26514af85b89fff54f079f239294c727e4d61319edDan Walshimport seobject 27789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zamanfrom semanagePage import * 28514af85b89fff54f079f239294c727e4d61319edDan Walsh 29514af85b89fff54f079f239294c727e4d61319edDan Walsh## 30514af85b89fff54f079f239294c727e4d61319edDan Walsh## I18N 31514af85b89fff54f079f239294c727e4d61319edDan Walsh## 32789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason ZamanPROGNAME = "policycoreutils" 33514af85b89fff54f079f239294c727e4d61319edDan Walshtry: 34af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman import gettext 35af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman kwargs = {} 36af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman if sys.version_info < (3,): 37af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman kwargs['unicode'] = True 38af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman gettext.install(PROGNAME, 39af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman localedir="/usr/share/locale", 40af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman codeset='utf-8', 41af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman **kwargs) 42af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zamanexcept: 43af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman try: 44af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman import builtins 45af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman builtins.__dict__['_'] = str 46af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman except ImportError: 47af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman import __builtin__ 48af59544e5f54b8948d79ad5bbca6868c13948d40Jason Zaman __builtin__.__dict__['_'] = unicode 49514af85b89fff54f079f239294c727e4d61319edDan Walsh 50789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman 51514af85b89fff54f079f239294c727e4d61319edDan Walshclass usersPage(semanagePage): 52789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman 53514af85b89fff54f079f239294c727e4d61319edDan Walsh def __init__(self, xml): 54514af85b89fff54f079f239294c727e4d61319edDan Walsh semanagePage.__init__(self, xml, "users", _("SELinux User")) 55514af85b89fff54f079f239294c727e4d61319edDan Walsh 560f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) 57514af85b89fff54f079f239294c727e4d61319edDan Walsh self.view.set_model(self.store) 580f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING) 59514af85b89fff54f079f239294c727e4d61319edDan Walsh 600f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss col = Gtk.TreeViewColumn(_("SELinux\nUser"), Gtk.CellRendererText(), text=0) 61514af85b89fff54f079f239294c727e4d61319edDan Walsh col.set_sort_column_id(0) 62514af85b89fff54f079f239294c727e4d61319edDan Walsh col.set_resizable(True) 63514af85b89fff54f079f239294c727e4d61319edDan Walsh self.view.append_column(col) 64514af85b89fff54f079f239294c727e4d61319edDan Walsh 650f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss col = Gtk.TreeViewColumn(_("MLS/\nMCS Range"), Gtk.CellRendererText(), text=1) 66514af85b89fff54f079f239294c727e4d61319edDan Walsh col.set_resizable(True) 67514af85b89fff54f079f239294c727e4d61319edDan Walsh self.view.append_column(col) 68514af85b89fff54f079f239294c727e4d61319edDan Walsh 690f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss col = Gtk.TreeViewColumn(_("SELinux Roles"), Gtk.CellRendererText(), text=2) 70514af85b89fff54f079f239294c727e4d61319edDan Walsh col.set_resizable(True) 71514af85b89fff54f079f239294c727e4d61319edDan Walsh self.view.append_column(col) 72514af85b89fff54f079f239294c727e4d61319edDan Walsh 73514af85b89fff54f079f239294c727e4d61319edDan Walsh self.load() 740f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss self.selinuxUserEntry = xml.get_object("selinuxUserEntry") 750f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss self.mlsRangeEntry = xml.get_object("mlsRangeEntry") 760f3beeb00e7a42cc2f44ef0392b8a3a7566a17d7Nicolas Iooss self.selinuxRolesEntry = xml.get_object("selinuxRolesEntry") 77514af85b89fff54f079f239294c727e4d61319edDan Walsh 78789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman def load(self, filter=""): 79789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman self.filter = filter 80514af85b89fff54f079f239294c727e4d61319edDan Walsh self.user = seobject.seluserRecords() 81514af85b89fff54f079f239294c727e4d61319edDan Walsh dict = self.user.get_all() 82514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.clear() 834d340e467a2ff0e188eb952a1646dbea86c64d9eJason Zaman for k in sorted(dict.keys()): 84514af85b89fff54f079f239294c727e4d61319edDan Walsh range = seobject.translate(dict[k][2]) 85514af85b89fff54f079f239294c727e4d61319edDan Walsh if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter) or self.match(dict[k][3], filter)): 86514af85b89fff54f079f239294c727e4d61319edDan Walsh continue 87514af85b89fff54f079f239294c727e4d61319edDan Walsh 88514af85b89fff54f079f239294c727e4d61319edDan Walsh iter = self.store.append() 89514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 0, k) 90514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 1, range) 91514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 2, dict[k][3]) 92789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman self.view.get_selection().select_path((0,)) 93514af85b89fff54f079f239294c727e4d61319edDan Walsh 94514af85b89fff54f079f239294c727e4d61319edDan Walsh def dialogInit(self): 95514af85b89fff54f079f239294c727e4d61319edDan Walsh store, iter = self.view.get_selection().get_selected() 96514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxUserEntry.set_text(store.get_value(iter, 0)) 97514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxUserEntry.set_sensitive(False) 98514af85b89fff54f079f239294c727e4d61319edDan Walsh self.mlsRangeEntry.set_text(store.get_value(iter, 1)) 99514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxRolesEntry.set_text(store.get_value(iter, 2)) 100514af85b89fff54f079f239294c727e4d61319edDan Walsh 101514af85b89fff54f079f239294c727e4d61319edDan Walsh def dialogClear(self): 102514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxUserEntry.set_text("") 103514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxUserEntry.set_sensitive(True) 104514af85b89fff54f079f239294c727e4d61319edDan Walsh self.mlsRangeEntry.set_text("s0") 105514af85b89fff54f079f239294c727e4d61319edDan Walsh self.selinuxRolesEntry.set_text("") 106514af85b89fff54f079f239294c727e4d61319edDan Walsh 107514af85b89fff54f079f239294c727e4d61319edDan Walsh def add(self): 108514af85b89fff54f079f239294c727e4d61319edDan Walsh user = self.selinuxUserEntry.get_text() 109514af85b89fff54f079f239294c727e4d61319edDan Walsh range = self.mlsRangeEntry.get_text() 110514af85b89fff54f079f239294c727e4d61319edDan Walsh roles = self.selinuxRolesEntry.get_text() 111514af85b89fff54f079f239294c727e4d61319edDan Walsh 112514af85b89fff54f079f239294c727e4d61319edDan Walsh self.wait() 11305d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman (rc, out) = getstatusoutput("semanage user -a -R '%s' -r %s %s" % (roles, range, user)) 114514af85b89fff54f079f239294c727e4d61319edDan Walsh self.ready() 115514af85b89fff54f079f239294c727e4d61319edDan Walsh if rc != 0: 116514af85b89fff54f079f239294c727e4d61319edDan Walsh self.error(out) 117514af85b89fff54f079f239294c727e4d61319edDan Walsh return False 118514af85b89fff54f079f239294c727e4d61319edDan Walsh iter = self.store.append() 119514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 0, user) 120514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 1, range) 121514af85b89fff54f079f239294c727e4d61319edDan Walsh self.store.set_value(iter, 2, roles) 122514af85b89fff54f079f239294c727e4d61319edDan Walsh 123514af85b89fff54f079f239294c727e4d61319edDan Walsh def modify(self): 124514af85b89fff54f079f239294c727e4d61319edDan Walsh user = self.selinuxUserEntry.get_text() 125514af85b89fff54f079f239294c727e4d61319edDan Walsh range = self.mlsRangeEntry.get_text() 126514af85b89fff54f079f239294c727e4d61319edDan Walsh roles = self.selinuxRolesEntry.get_text() 127514af85b89fff54f079f239294c727e4d61319edDan Walsh 128514af85b89fff54f079f239294c727e4d61319edDan Walsh self.wait() 12905d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman (rc, out) = getstatusoutput("semanage user -m -R '%s' -r %s %s" % (roles, range, user)) 130514af85b89fff54f079f239294c727e4d61319edDan Walsh self.ready() 131514af85b89fff54f079f239294c727e4d61319edDan Walsh 132514af85b89fff54f079f239294c727e4d61319edDan Walsh if rc != 0: 133514af85b89fff54f079f239294c727e4d61319edDan Walsh self.error(out) 134514af85b89fff54f079f239294c727e4d61319edDan Walsh return False 135514af85b89fff54f079f239294c727e4d61319edDan Walsh self.load(self.filter) 136514af85b89fff54f079f239294c727e4d61319edDan Walsh 137514af85b89fff54f079f239294c727e4d61319edDan Walsh def delete(self): 138514af85b89fff54f079f239294c727e4d61319edDan Walsh store, iter = self.view.get_selection().get_selected() 139514af85b89fff54f079f239294c727e4d61319edDan Walsh try: 140789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman user = store.get_value(iter, 0) 141514af85b89fff54f079f239294c727e4d61319edDan Walsh if user == "root" or user == "user_u": 142514af85b89fff54f079f239294c727e4d61319edDan Walsh raise ValueError(_("SELinux user '%s' is required") % user) 143514af85b89fff54f079f239294c727e4d61319edDan Walsh 144514af85b89fff54f079f239294c727e4d61319edDan Walsh self.wait() 14505d1cead3d30fc8c1a3f5d9475c4af786e5c03a4Jason Zaman (rc, out) = getstatusoutput("semanage user -d %s" % user) 146514af85b89fff54f079f239294c727e4d61319edDan Walsh self.ready() 147514af85b89fff54f079f239294c727e4d61319edDan Walsh if rc != 0: 148514af85b89fff54f079f239294c727e4d61319edDan Walsh self.error(out) 149514af85b89fff54f079f239294c727e4d61319edDan Walsh return False 150514af85b89fff54f079f239294c727e4d61319edDan Walsh store.remove(iter) 151789d0ebbf9fa448b09917ccd0adff91d72e9f5c1Jason Zaman self.view.get_selection().select_path((0,)) 1524d340e467a2ff0e188eb952a1646dbea86c64d9eJason Zaman except ValueError as e: 153514af85b89fff54f079f239294c727e4d61319edDan Walsh self.error(e.args[0]) 154