1# Copyright (C) 2013 Red Hat 2# see file 'COPYING' for use and warranty information 3# 4# selinux gui is a tool for the examining and modifying SELinux policy 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; either version 2 of 9# the License, or (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19# 02111-1307 USA 20# 21# author: Ryan Hallisey [email protected] 22# author: Dan Walsh [email protected] 23# author: Miroslav Grepl [email protected] 24# 25# 26 27import gi 28gi.require_version('Gtk', '3.0') 29from gi.repository import Gtk 30from gi.repository import Gdk 31from gi.repository import GLib 32from sepolicy.sedbus import SELinuxDBus 33import sys 34import sepolicy 35import selinux 36from selinux import DISABLED, PERMISSIVE, ENFORCING 37import sepolicy.network 38import sepolicy.manpage 39import dbus 40import os 41import re 42import unicodedata 43 44PROGNAME = "selinux-python" 45try: 46 import gettext 47 kwargs = {} 48 if sys.version_info < (3,): 49 kwargs['unicode'] = True 50 t = gettext.translation(PROGNAME, 51 localedir="/usr/share/locale", 52 **kwargs, 53 fallback=True) 54 _ = t.gettext 55except: 56 try: 57 import builtins 58 builtins.__dict__['_'] = str 59 except ImportError: 60 import __builtin__ 61 __builtin__.__dict__['_'] = unicode 62 63reverse_file_type_str = {} 64for f in sepolicy.file_type_str: 65 reverse_file_type_str[sepolicy.file_type_str[f]] = f 66 67enabled = [_("No"), _("Yes")] 68action = [_("Disable"), _("Enable")] 69 70 71def cmp(a, b): 72 if a is None and b is None: 73 return 0 74 if a is None: 75 return -1 76 if b is None: 77 return 1 78 return (a > b) - (a < b) 79 80import sysconfig 81ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 82ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 83OUTBOUND_PAGE = 0 84INBOUND_PAGE = 1 85 86TRANSITIONS_FROM_PAGE = 0 87TRANSITIONS_TO_PAGE = 1 88TRANSITIONS_FILE_PAGE = 2 89 90EXE_PAGE = 0 91WRITABLE_PAGE = 1 92APP_PAGE = 2 93 94BOOLEANS_PAGE = 0 95FILES_PAGE = 1 96NETWORK_PAGE = 2 97TRANSITIONS_PAGE = 3 98LOGIN_PAGE = 4 99USER_PAGE = 5 100LOCKDOWN_PAGE = 6 101SYSTEM_PAGE = 7 102FILE_EQUIV_PAGE = 8 103START_PAGE = 9 104 105keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 106 107DISABLED_TEXT = _("""<small> 108To change from Disabled to Enforcing mode 109- Change the system mode from Disabled to Permissive 110- Reboot, so that the system can relabel 111- Once the system is working as planned 112 * Change the system mode to Enforcing</small> 113""") 114 115 116class SELinuxGui(): 117 118 def __init__(self, app=None, test=False): 119 self.finish_init = False 120 self.advanced_init = True 121 self.opage = START_PAGE 122 self.dbus = SELinuxDBus() 123 try: 124 customized = self.dbus.customized() 125 except dbus.exceptions.DBusException as e: 126 print(e) 127 self.quit() 128 129 self.init_cur() 130 self.application = app 131 self.filter_txt = "" 132 builder = Gtk.Builder() # BUILDER OBJ 133 self.code_path = sysconfig.get_path('purelib', vars={'base': "/usr"}) + "/sepolicy/" 134 glade_file = self.code_path + "sepolicy.glade" 135 builder.add_from_file(glade_file) 136 self.outer_notebook = builder.get_object("outer_notebook") 137 self.window = builder.get_object("SELinux_window") 138 self.main_selection_popover = builder.get_object("Main_selection_menu") 139 self.main_advanced_label = builder.get_object("main_advanced_label") 140 self.applications_selection_button = builder.get_object("applications_selection_button") 141 self.revert_button = builder.get_object("Revert_button") 142 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 143 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 144 self.initialtype = selinux.selinux_getpolicytype()[1] 145 self.current_popup = None 146 self.import_export = None 147 self.clear_entry = True 148 self.files_add = False 149 self.network_add = False 150 self.mislabeled_files = False 151 152 self.all_domains = [] 153 self.installed_list = [] 154 self.previously_modified = {} 155 156 # file dialog 157 self.file_dialog = builder.get_object("add_path_dialog") 158 # Error check *************************************** 159 self.error_check_window = builder.get_object("error_check_window") 160 self.error_check_label = builder.get_object("error_check_label") 161 self.invalid_entry = False 162 # Advanced search window **************************** 163 self.advanced_search_window = builder.get_object("advanced_search_window") 164 self.advanced_search_filter = builder.get_object("advanced_filter") 165 self.advanced_search_filter.set_visible_func(self.filter_the_data) 166 self.advanced_search_sort = builder.get_object("advanced_sort") 167 168 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 169 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 170 self.advanced_search = False 171 172 # Login Items ************************************** 173 self.login_label = builder.get_object("Login_label") 174 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 175 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 176 self.login_name_entry = builder.get_object("login_name_entry") 177 self.login_mls_label = builder.get_object("login_mls_label") 178 self.login_mls_entry = builder.get_object("login_mls_entry") 179 self.login_radio_button = builder.get_object("Login_button") 180 self.login_treeview = builder.get_object("login_treeview") 181 self.login_liststore = builder.get_object("login_liststore") 182 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 183 self.login_filter = builder.get_object("login_filter") 184 self.login_filter.set_visible_func(self.filter_the_data) 185 self.login_popup_window = builder.get_object("login_popup_window") 186 self.login_delete_liststore = builder.get_object("login_delete_liststore") 187 self.login_delete_window = builder.get_object("login_delete_window") 188 189 # Users Items ************************************** 190 self.user_popup_window = builder.get_object("user_popup_window") 191 self.user_radio_button = builder.get_object("User_button") 192 self.user_liststore = builder.get_object("user_liststore") 193 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 194 self.user_filter = builder.get_object("user_filter") 195 self.user_filter.set_visible_func(self.filter_the_data) 196 self.user_treeview = builder.get_object("user_treeview") 197 self.user_roles_combobox = builder.get_object("user_roles_combobox") 198 self.user_roles_combolist = builder.get_object("user_roles_liststore") 199 self.user_label = builder.get_object("User_label") 200 self.user_name_entry = builder.get_object("user_name_entry") 201 self.user_mls_label = builder.get_object("user_mls_label") 202 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 203 self.user_mls_entry = builder.get_object("user_mls_entry") 204 self.user_combobox = builder.get_object("selinux_user_combobox") 205 self.user_delete_liststore = builder.get_object("user_delete_liststore") 206 self.user_delete_window = builder.get_object("user_delete_window") 207 208 # File Equiv Items ************************************** 209 self.file_equiv_label = builder.get_object("file_equiv_label") 210 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 211 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 212 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 213 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 214 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 215 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 216 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 217 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 218 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 219 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 220 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 221 222 # System Items ************************************** 223 self.app_system_button = builder.get_object("app_system_button") 224 self.system_radio_button = builder.get_object("System_button") 225 self.lockdown_radio_button = builder.get_object("Lockdown_button") 226 self.systems_box = builder.get_object("Systems_box") 227 self.relabel_button = builder.get_object("Relabel_button") 228 self.relabel_button_no = builder.get_object("Relabel_button_no") 229 self.advanced_system = builder.get_object("advanced_system") 230 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 231 self.system_policy_label = builder.get_object("system_policy_type_label") 232 # Browse Items ************************************** 233 self.select_button_browse = builder.get_object("select_button_browse") 234 self.cancel_button_browse = builder.get_object("cancel_button_browse") 235 # More types window items *************************** 236 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 237 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 238 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 239 # System policy type ******************************** 240 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 241 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 242 self.policy_list = [] 243 if self.populate_system_policy() < 2: 244 self.advanced_system.set_visible(False) 245 self.system_policy_label.set_visible(False) 246 self.system_policy_type_combobox.set_visible(False) 247 248 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 249 self.permissive_button_default = builder.get_object("Permissive_button_default") 250 self.disabled_button_default = builder.get_object("Disabled_button_default") 251 self.initialize_system_default_mode() 252 253 # Lockdown Window ********************************* 254 self.enable_unconfined_button = builder.get_object("enable_unconfined") 255 self.disable_unconfined_button = builder.get_object("disable_unconfined") 256 self.enable_permissive_button = builder.get_object("enable_permissive") 257 self.disable_permissive_button = builder.get_object("disable_permissive") 258 self.enable_ptrace_button = builder.get_object("enable_ptrace") 259 self.disable_ptrace_button = builder.get_object("disable_ptrace") 260 261 # Help Window ********************************* 262 self.help_window = builder.get_object("help_window") 263 self.help_text = builder.get_object("help_textv") 264 self.info_text = builder.get_object("info_text") 265 self.help_image = builder.get_object("help_image") 266 self.forward_button = builder.get_object("forward_button") 267 self.back_button = builder.get_object("back_button") 268 # Update menu items ********************************* 269 self.update_window = builder.get_object("update_window") 270 self.update_treeview = builder.get_object("update_treeview") 271 self.update_treestore = builder.get_object("Update_treestore") 272 self.apply_button = builder.get_object("apply_button") 273 self.update_button = builder.get_object("Update_button") 274 # Add button objects ******************************** 275 self.add_button = builder.get_object("Add_button") 276 self.delete_button = builder.get_object("Delete_button") 277 278 self.files_path_entry = builder.get_object("files_path_entry") 279 self.network_ports_entry = builder.get_object("network_ports_entry") 280 self.files_popup_window = builder.get_object("files_popup_window") 281 self.network_popup_window = builder.get_object("network_popup_window") 282 283 self.popup_network_label = builder.get_object("Network_label") 284 self.popup_files_label = builder.get_object("files_label") 285 286 self.recursive_path_toggle = builder.get_object("make_path_recursive") 287 self.files_type_combolist = builder.get_object("files_type_combo_store") 288 self.files_class_combolist = builder.get_object("files_class_combo_store") 289 self.files_type_combobox = builder.get_object("files_type_combobox") 290 self.files_class_combobox = builder.get_object("files_class_combobox") 291 self.files_mls_label = builder.get_object("files_mls_label") 292 self.files_mls_entry = builder.get_object("files_mls_entry") 293 self.advanced_text_files = builder.get_object("Advanced_text_files") 294 self.files_cancel_button = builder.get_object("cancel_delete_files") 295 296 self.network_tcp_button = builder.get_object("tcp_button") 297 self.network_udp_button = builder.get_object("udp_button") 298 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 299 self.network_port_type_combobox = builder.get_object("network_type_combobox") 300 self.network_mls_label = builder.get_object("network_mls_label") 301 self.network_mls_entry = builder.get_object("network_mls_entry") 302 self.advanced_text_network = builder.get_object("Advanced_text_network") 303 self.network_cancel_button = builder.get_object("cancel_network_delete") 304 305 # Add button objects ******************************** 306 307 # Modify items ************************************** 308 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 309 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 310 self.warning_files = builder.get_object("warning_files") 311 self.modify_button = builder.get_object("Modify_button") 312 self.modify_button.set_sensitive(False) 313 # Modify items ************************************** 314 315 # Fix label ***************************************** 316 self.fix_label_window = builder.get_object("fix_label_window") 317 self.fixlabel_label = builder.get_object("fixlabel_label") 318 self.fix_label_cancel = builder.get_object("fix_label_cancel") 319 # Fix label ***************************************** 320 321 # Delete items ************************************** 322 self.files_delete_window = builder.get_object("files_delete_window") 323 self.files_delete_treeview = builder.get_object("files_delete_treeview") 324 self.files_delete_liststore = builder.get_object("files_delete_liststore") 325 self.network_delete_window = builder.get_object("network_delete_window") 326 self.network_delete_treeview = builder.get_object("network_delete_treeview") 327 self.network_delete_liststore = builder.get_object("network_delete_liststore") 328 # Delete items ************************************** 329 330 # Progress bar ************************************** 331 self.progress_bar = builder.get_object("progress_bar") 332 # Progress bar ************************************** 333 334 # executable_files items **************************** 335 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 336 self.executable_files_filter = builder.get_object("executable_files_filter") 337 self.executable_files_filter.set_visible_func(self.filter_the_data) 338 self.executable_files_tab = builder.get_object("Executable_files_tab") 339 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 340 self.executable_files_liststore = builder.get_object("executable_files_treestore") 341 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 342 343 self.files_radio_button = builder.get_object("files_button") 344 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 345 # executable_files items **************************** 346 347 # writable files items ****************************** 348 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 349 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 350 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 351 self.writable_files_filter = builder.get_object("writable_files_filter") 352 self.writable_files_filter.set_visible_func(self.filter_the_data) 353 self.writable_files_tab = builder.get_object("Writable_files_tab") 354 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 355 # writable files items ****************************** 356 357 # Application File Types **************************** 358 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 359 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 360 self.application_files_filter.set_visible_func(self.filter_the_data) 361 self.application_files_tab = builder.get_object("Application_files_tab") 362 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 363 self.application_files_liststore = builder.get_object("application_files_treestore") 364 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 365 self.application_files_tab = builder.get_object("Application_files_tab") 366 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 367 # Application File Type ***************************** 368 369 # network items ************************************* 370 self.network_radio_button = builder.get_object("network_button") 371 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 372 373 self.network_out_treeview = builder.get_object("outbound_treeview") 374 self.network_out_liststore = builder.get_object("network_out_liststore") 375 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 376 self.network_out_filter = builder.get_object("network_out_filter") 377 self.network_out_filter.set_visible_func(self.filter_the_data) 378 self.network_out_tab = builder.get_object("network_out_tab") 379 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 380 381 self.network_in_treeview = builder.get_object("inbound_treeview") 382 self.network_in_liststore = builder.get_object("network_in_liststore") 383 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 384 self.network_in_filter = builder.get_object("network_in_filter") 385 self.network_in_filter.set_visible_func(self.filter_the_data) 386 self.network_in_tab = builder.get_object("network_in_tab") 387 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 388 # network items ************************************* 389 390 # boolean items ************************************ 391 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 392 self.boolean_liststore = builder.get_object("boolean_liststore") 393 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 394 self.boolean_filter = builder.get_object("boolean_filter") 395 self.boolean_filter.set_visible_func(self.filter_the_data) 396 397 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 398 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 399 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 400 self.boolean_radio_button = builder.get_object("Booleans_button") 401 self.active_button = self.boolean_radio_button 402 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 403 # boolean items ************************************ 404 405 # transitions items ************************************ 406 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 407 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 408 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 409 self.transitions_into_filter = builder.get_object("transitions_into_filter") 410 self.transitions_into_filter.set_visible_func(self.filter_the_data) 411 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 412 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 413 414 self.transitions_radio_button = builder.get_object("Transitions_button") 415 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 416 417 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 418 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 419 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 420 self.transitions_from_filter = builder.get_object("transitions_from_filter") 421 self.transitions_from_filter.set_visible_func(self.filter_the_data) 422 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 423 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 424 425 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 426 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 427 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 428 self.transitions_file_filter = builder.get_object("file_transitions_filter") 429 self.transitions_file_filter.set_visible_func(self.filter_the_data) 430 self.transitions_file_tab = builder.get_object("file_transitions") 431 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 432 # transitions items ************************************ 433 434 # Combobox and Entry items ************************** 435 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 436 self.application_liststore = builder.get_object("application_liststore") 437 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 438 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 439 #self.entrycompletion_obj = Gtk.EntryCompletion() 440 self.entrycompletion_obj.set_minimum_key_length(0) 441 self.entrycompletion_obj.set_text_column(0) 442 self.entrycompletion_obj.set_match_func(self.match_func, None) 443 self.completion_entry.set_completion(self.entrycompletion_obj) 444 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 445 # Combobox and Entry items ************************** 446 447 # Modify buttons ************************************ 448 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 449 # Modify button ************************************* 450 451 # status bar ***************************************** 452 self.current_status_label = builder.get_object("Enforcing_label") 453 self.current_status_enforcing = builder.get_object("Enforcing_button") 454 self.current_status_permissive = builder.get_object("Permissive_button") 455 self.status_bar = builder.get_object("status_bar") 456 self.context_id = self.status_bar.get_context_id("SELinux status") 457 458 # filters ********************************************* 459 self.filter_entry = builder.get_object("filter_entry") 460 self.filter_box = builder.get_object("filter_box") 461 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 462 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 463 464 # Toggle button **************************************** 465 self.cell = builder.get_object("activate") 466 self.del_cell_files = builder.get_object("files_toggle_delete") 467 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 468 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 469 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 470 self.del_cell_user = builder.get_object("user_toggle_delete") 471 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 472 self.del_cell_login = builder.get_object("login_toggle_delete") 473 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 474 self.del_cell_network = builder.get_object("network_toggle_delete") 475 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 476 self.update_cell = builder.get_object("toggle_update") 477 # Notebook items *************************************** 478 self.outer_notebook = builder.get_object("outer_notebook") 479 self.inner_notebook_files = builder.get_object("files_inner_notebook") 480 self.inner_notebook_network = builder.get_object("network_inner_notebook") 481 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 482 # logind gui *************************************** 483 loading_gui = builder.get_object("loading_gui") 484 485 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 486 self.all_entries = [] 487 488 # Need to connect button on code because the tree view model is a treeviewsort 489 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 490 491 self.loading = 1 492 path = None 493 if test: 494 self.all_domains = ["httpd_t", "abrt_t"] 495 if app and app not in self.all_domains: 496 self.all_domains.append(app) 497 else: 498 self.all_domains = sepolicy.get_all_domains() 499 self.all_domains.sort(key=str.lower) 500 501 if app and app not in self.all_domains: 502 self.error(_("%s is not a valid domain") % app) 503 self.quit() 504 505 loading_gui.show() 506 length = len(self.all_domains) 507 508 entrypoint_dict = sepolicy.get_init_entrypoints_str() 509 for domain in self.all_domains: 510 # After the user selects a path in the drop down menu call 511 # get_init_entrypoint_target(entrypoint) to get the transtype 512 # which will give you the application 513 self.combo_box_add(domain, domain) 514 self.percentage = float(float(self.loading) / float(length)) 515 self.progress_bar.set_fraction(self.percentage) 516 self.progress_bar.set_pulse_step(self.percentage) 517 self.idle_func() 518 519 for entrypoint in entrypoint_dict.get(domain, []): 520 path = sepolicy.find_entrypoint_path(entrypoint) 521 if path: 522 self.combo_box_add(path, domain) 523 self.installed_list.append(path) 524 525 self.loading += 1 526 loading_gui.hide() 527 self.entrycompletion_obj.set_model(self.application_liststore) 528 self.advanced_search_treeview.set_model(self.advanced_search_sort) 529 530 dic = { 531 "on_combo_button_clicked": self.open_combo_menu, 532 "on_disable_ptrace_toggled": self.on_disable_ptrace, 533 "on_entrycompletion_obj_match_selected": self.set_application_label, 534 "on_filter_changed": self.get_filter_data, 535 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 536 "on_save_changes_login_clicked": self.update_to_login, 537 "on_save_changes_user_clicked": self.update_to_user, 538 "on_save_changes_files_clicked": self.update_to_files, 539 "on_save_changes_network_clicked": self.update_to_network, 540 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 541 "item_in_tree_selected": self.cursor_changed, 542 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 543 "on_save_delete_clicked": self.on_save_delete_clicked, 544 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 545 "on_retry_button_files_clicked": self.invalid_entry_retry, 546 "on_make_path_recursive_toggled": self.recursive_path, 547 "on_files_path_entry_button_press_event": self.highlight_entry_text, 548 "on_files_path_entry_changed": self.autofill_add_files_entry, 549 "on_select_type_files_clicked": self.select_type_more, 550 "on_choose_file": self.on_browse_select, 551 "on_Enforcing_button_toggled": self.set_enforce, 552 "on_confirmation_close": self.confirmation_close, 553 "on_column_clicked": self.column_clicked, 554 "on_tab_switch": self.clear_filters, 555 556 "on_file_equiv_button_clicked": self.show_file_equiv_page, 557 "on_app/system_button_clicked": self.system_interface, 558 "on_app/users_button_clicked": self.users_interface, 559 "on_show_advanced_search_window": self.on_show_advanced_search_window, 560 561 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 562 "on_Browse_button_files_clicked": self.browse_for_files, 563 "on_cancel_popup_clicked": self.close_popup, 564 "on_treeview_cursor_changed": self.cursor_changed, 565 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 566 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 567 568 "on_cancel_button_browse_clicked": self.close_config_window, 569 "on_apply_button_clicked": self.apply_changes_button_press, 570 "on_Revert_button_clicked": self.update_or_revert_changes, 571 "on_Update_button_clicked": self.update_or_revert_changes, 572 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 573 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 574 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 575 "on_info_button_button_press_event": self.on_help_button, 576 "on_back_button_clicked": self.on_help_back_clicked, 577 "on_forward_button_clicked": self.on_help_forward_clicked, 578 "on_Boolean_treeview_columns_changed": self.resize_columns, 579 "on_completion_entry_changed": self.application_selected, 580 "on_Add_button_clicked": self.add_button_clicked, 581 "on_Delete_button_clicked": self.delete_button_clicked, 582 "on_Modify_button_clicked": self.modify_button_clicked, 583 "on_Show_modified_only_toggled": self.on_show_modified_only, 584 "on_cancel_button_config_clicked": self.close_config_window, 585 "on_Import_button_clicked": self.import_config_show, 586 "on_Export_button_clicked": self.export_config_show, 587 "on_enable_unconfined_toggled": self.unconfined_toggle, 588 "on_enable_permissive_toggled": self.permissive_toggle, 589 "on_system_policy_type_combobox_changed": self.change_default_policy, 590 "on_Enforcing_button_default_toggled": self.change_default_mode, 591 "on_Permissive_button_default_toggled": self.change_default_mode, 592 "on_Disabled_button_default_toggled": self.change_default_mode, 593 594 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 595 "on_advanced_system_button_press_event": self.reveal_advanced_system, 596 "on_files_type_combobox_changed": self.show_more_types, 597 "on_filter_row_changed": self.filter_the_data, 598 "on_button_toggled": self.tab_change, 599 "gtk_main_quit": self.closewindow 600 } 601 602 self.previously_modified_initialize(customized) 603 builder.connect_signals(dic) 604 self.window.show() # Show the gui to the screen 605 GLib.timeout_add_seconds(5, self.selinux_status) 606 self.selinux_status() 607 self.lockdown_inited = False 608 self.add_modify_delete_box.hide() 609 self.filter_box.hide() 610 if self.status == DISABLED: 611 self.show_system_page() 612 else: 613 if self.application: 614 self.applications_selection_button.set_label(self.application) 615 self.completion_entry.set_text(self.application) 616 self.show_applications_page() 617 self.tab_change() 618 else: 619 self.clearbuttons() 620 self.outer_notebook.set_current_page(START_PAGE) 621 622 self.reinit() 623 self.finish_init = True 624 Gtk.main() 625 626 def init_cur(self): 627 self.cur_dict = {} 628 for k in keys: 629 self.cur_dict[k] = {} 630 631 def remove_cur(self, ctr): 632 i = 0 633 for k in self.cur_dict: 634 for j in self.cur_dict[k]: 635 if i == ctr: 636 del self.cur_dict[k][j] 637 return 638 i += 1 639 640 def selinux_status(self): 641 try: 642 self.status = selinux.security_getenforce() 643 except OSError: 644 self.status = DISABLED 645 if self.status == DISABLED: 646 self.current_status_label.set_sensitive(False) 647 self.current_status_enforcing.set_sensitive(False) 648 self.current_status_permissive.set_sensitive(False) 649 self.enforcing_button_default.set_sensitive(False) 650 self.status_bar.push(self.context_id, _("System Status: Disabled")) 651 self.info_text.set_label(DISABLED_TEXT) 652 else: 653 self.set_enforce_text(self.status) 654 if os.path.exists('/.autorelabel'): 655 self.relabel_button.set_active(True) 656 else: 657 self.relabel_button_no.set_active(True) 658 659 policytype = selinux.selinux_getpolicytype()[1] 660 661 mode = selinux.selinux_getenforcemode()[1] 662 if mode == ENFORCING: 663 self.enforcing_button_default.set_active(True) 664 if mode == PERMISSIVE: 665 self.permissive_button_default.set_active(True) 666 if mode == DISABLED: 667 self.disabled_button_default.set_active(True) 668 669 return True 670 671 def lockdown_init(self): 672 if self.lockdown_inited: 673 return 674 self.wait_mouse() 675 self.lockdown_inited = True 676 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 677 self.module_dict = {} 678 for m in self.dbus.semodule_list().split("\n"): 679 mod = m.split() 680 if len(mod) < 3: 681 continue 682 self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } 683 684 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 685 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 686 self.ready_mouse() 687 688 def column_clicked(self, treeview, treepath, treecol, *args): 689 iter = self.get_selected_iter() 690 if not iter: 691 return 692 693 if self.opage == BOOLEANS_PAGE: 694 if treecol.get_name() == "more_detail_col": 695 self.display_more_detail(self.window, treepath) 696 697 if self.opage == FILES_PAGE: 698 visible = self.liststore.get_value(iter, 3) 699 # If visible is true then fix mislabeled will be visible 700 if treecol.get_name() == "restorecon_col" and visible: 701 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 702 703 if self.opage == TRANSITIONS_PAGE: 704 bool_name = self.liststore.get_value(iter, 1) 705 if bool_name: 706 self.boolean_radio_button.clicked() 707 self.filter_entry.set_text(bool_name) 708 709 def idle_func(self): 710 while Gtk.events_pending(): 711 Gtk.main_iteration() 712 713 def match_func(self, completion, key_string, iter, func_data): 714 try: 715 if self.application_liststore.get_value(iter, 0).find(key_string) != -1: 716 return True 717 return False 718 except AttributeError: 719 pass 720 721 def help_show_page(self): 722 self.back_button.set_sensitive(self.help_page != 0) 723 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 724 try: 725 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 726 buf = fd.read() 727 fd.close() 728 except IOError: 729 buf = "" 730 help_text = self.help_text.get_buffer() 731 help_text.set_text(buf % {"APP": self.application}) 732 self.help_text.set_buffer(help_text) 733 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 734 self.show_popup(self.help_window) 735 736 def on_help_back_clicked(self, *args): 737 self.help_page -= 1 738 self.help_show_page() 739 740 def on_help_forward_clicked(self, *args): 741 self.help_page += 1 742 self.help_show_page() 743 744 def on_help_button(self, *args): 745 self.help_page = 0 746 self.help_list = [] 747 if self.opage == START_PAGE: 748 self.help_window.set_title(_("Help: Start Page")) 749 self.help_list = ["start"] 750 751 if self.opage == BOOLEANS_PAGE: 752 self.help_window.set_title(_("Help: Booleans Page")) 753 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 754 755 if self.opage == FILES_PAGE: 756 ipage = self.inner_notebook_files.get_current_page() 757 if ipage == EXE_PAGE: 758 self.help_window.set_title(_("Help: Executable Files Page")) 759 self.help_list = ["files_exec"] 760 if ipage == WRITABLE_PAGE: 761 self.help_window.set_title(_("Help: Writable Files Page")) 762 self.help_list = ["files_write"] 763 if ipage == APP_PAGE: 764 self.help_window.set_title(_("Help: Application Types Page")) 765 self.help_list = ["files_app"] 766 if self.opage == NETWORK_PAGE: 767 ipage = self.inner_notebook_network.get_current_page() 768 if ipage == OUTBOUND_PAGE: 769 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 770 self.help_list = ["ports_outbound"] 771 if ipage == INBOUND_PAGE: 772 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 773 self.help_list = ["ports_inbound"] 774 775 if self.opage == TRANSITIONS_PAGE: 776 ipage = self.inner_notebook_transitions.get_current_page() 777 if ipage == TRANSITIONS_FROM_PAGE: 778 self.help_window.set_title(_("Help: Transition from application Page")) 779 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 780 if ipage == TRANSITIONS_TO_PAGE: 781 self.help_window.set_title(_("Help: Transition into application Page")) 782 self.help_list = ["transition_to"] 783 if ipage == TRANSITIONS_FILE_PAGE: 784 self.help_window.set_title(_("Help: Transition application file Page")) 785 self.help_list = ["transition_file"] 786 787 if self.opage == SYSTEM_PAGE: 788 self.help_window.set_title(_("Help: Systems Page")) 789 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 790 791 if self.opage == LOCKDOWN_PAGE: 792 self.help_window.set_title(_("Help: Lockdown Page")) 793 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 794 795 if self.opage == LOGIN_PAGE: 796 self.help_window.set_title(_("Help: Login Page")) 797 self.help_list = ["login", "login_default"] 798 799 if self.opage == USER_PAGE: 800 self.help_window.set_title(_("Help: SELinux User Page")) 801 self.help_list = ["users"] 802 803 if self.opage == FILE_EQUIV_PAGE: 804 self.help_window.set_title(_("Help: File Equivalence Page")) 805 self.help_list = ["file_equiv"] 806 return self.help_show_page() 807 808 def open_combo_menu(self, *args): 809 self.main_selection_popover.set_relative_to(self.applications_selection_button) 810 self.main_selection_popover.popup() 811 812 def set_application_label(self, *args): 813 self.set_application_label = True 814 815 def resize_wrap(self, *args): 816 print(args) 817 818 def initialize_system_default_mode(self): 819 self.enforce_mode = selinux.selinux_getenforcemode()[1] 820 if self.enforce_mode == ENFORCING: 821 self.enforce_button = self.enforcing_button_default 822 if self.enforce_mode == PERMISSIVE: 823 self.enforce_button = self.permissive_button_default 824 if self.enforce_mode == DISABLED: 825 self.enforce_button = self.disabled_button_default 826 827 def populate_system_policy(self): 828 types = next(os.walk(selinux.selinux_path(), topdown=True))[1] 829 types.sort() 830 ctr = 0 831 for item in types: 832 iter = self.system_policy_type_liststore.append() 833 self.system_policy_type_liststore.set_value(iter, 0, item) 834 if item == self.initialtype: 835 self.system_policy_type_combobox.set_active(ctr) 836 self.typeHistory = ctr 837 ctr += 1 838 return ctr 839 840 def filter_the_data(self, list, iter, *args): 841 # When there is no txt in the box show all items in the tree 842 if self.filter_txt == "": 843 return True 844 try: 845 for x in range(0, list.get_n_columns()): 846 try: 847 val = list.get_value(iter, x) 848 if val is True or val is False or val is None: 849 continue 850 # Returns true if filter_txt exists within the val 851 if val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1: 852 return True 853 except (AttributeError, TypeError): 854 pass 855 except: # ValueError: 856 pass 857 return False 858 859 def net_update(self, app, netd, protocol, direction, model): 860 for k in netd.keys(): 861 for t, ports in netd[k]: 862 pkey = (",".join(ports), protocol) 863 if pkey in self.cur_dict["port"]: 864 if self.cur_dict["port"][pkey]["action"] == "-d": 865 continue 866 if t != self.cur_dict["port"][pkey]["type"]: 867 continue 868 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 869 870 def file_equiv_initialize(self): 871 self.wait_mouse() 872 edict = sepolicy.get_file_equiv() 873 self.file_equiv_liststore.clear() 874 for f in edict: 875 iter = self.file_equiv_liststore.append() 876 if edict[f]["modify"]: 877 name = self.markup(f) 878 equiv = self.markup(edict[f]["equiv"]) 879 else: 880 name = f 881 equiv = edict[f]["equiv"] 882 883 self.file_equiv_liststore.set_value(iter, 0, name) 884 self.file_equiv_liststore.set_value(iter, 1, equiv) 885 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 886 self.ready_mouse() 887 888 def user_initialize(self): 889 self.wait_mouse() 890 self.user_liststore.clear() 891 for u in sepolicy.get_selinux_users(): 892 iter = self.user_liststore.append() 893 self.user_liststore.set_value(iter, 0, str(u["name"])) 894 roles = u["roles"] 895 if "object_r" in roles: 896 roles.remove("object_r") 897 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 898 self.user_liststore.set_value(iter, 2, u.get("level", "")) 899 self.user_liststore.set_value(iter, 3, u.get("range", "")) 900 self.user_liststore.set_value(iter, 4, True) 901 self.ready_mouse() 902 903 def login_initialize(self): 904 self.wait_mouse() 905 self.login_liststore.clear() 906 for u in sepolicy.get_login_mappings(): 907 iter = self.login_liststore.append() 908 self.login_liststore.set_value(iter, 0, u["name"]) 909 self.login_liststore.set_value(iter, 1, u["seuser"]) 910 self.login_liststore.set_value(iter, 2, u["mls"]) 911 self.login_liststore.set_value(iter, 3, True) 912 self.ready_mouse() 913 914 def network_initialize(self, app): 915 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True) 916 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 917 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind", check_bools=True) 918 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 919 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind", check_bools=True) 920 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 921 922 def network_initial_data_insert(self, model, ports, portType, protocol): 923 iter = model.append() 924 model.set_value(iter, 0, ports) 925 model.set_value(iter, 1, protocol) 926 model.set_value(iter, 2, portType) 927 model.set_value(iter, 4, True) 928 929 def combo_set_active_text(self, combobox, val): 930 ctr = 0 931 liststore = combobox.get_model() 932 for i in liststore: 933 if i[0] == val: 934 combobox.set_active(ctr) 935 return 936 ctr += 1 937 938 niter = liststore.get_iter(ctr - 1) 939 if liststore.get_value(niter, 0) == _("More..."): 940 iter = liststore.insert_before(niter) 941 ctr = ctr - 1 942 else: 943 iter = liststore.append() 944 liststore.set_value(iter, 0, val) 945 combobox.set_active(ctr) 946 947 def combo_get_active_text(self, combobox): 948 liststore = combobox.get_model() 949 index = combobox.get_active() 950 if index < 0: 951 return None 952 iter = liststore.get_iter(index) 953 return liststore.get_value(iter, 0) 954 955 def combo_box_add(self, val, val1): 956 if val is None: 957 return 958 iter = self.application_liststore.append() 959 self.application_liststore.set_value(iter, 0, val) 960 self.application_liststore.set_value(iter, 1, val1) 961 962 def select_type_more(self, *args): 963 app = self.moreTypes_treeview.get_selection() 964 iter = app.get_selected()[1] 965 if iter is None: 966 return 967 app = self.more_types_files_liststore.get_value(iter, 0) 968 self.combo_set_active_text(self.files_type_combobox, app) 969 self.closewindow(self.moreTypes_window_files) 970 971 def advanced_item_button_push(self, *args): 972 row = self.advanced_search_treeview.get_selection() 973 model, iter = row.get_selected() 974 iter = model.convert_iter_to_child_iter(iter) 975 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 976 app = self.application_liststore.get_value(iter, 1) 977 if app is None: 978 return 979 self.advanced_filter_entry.set_text('') 980 self.advanced_search_window.hide() 981 self.reveal_advanced(self.main_advanced_label) 982 self.completion_entry.set_text(app) 983 984 def advanced_item_selected(self, treeview, path, *args): 985 iter = self.advanced_search_filter.get_iter(path) 986 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 987 app = self.application_liststore.get_value(iter, 1) 988 self.advanced_filter_entry.set_text('') 989 self.advanced_search_window.hide() 990 self.reveal_advanced(self.main_advanced_label) 991 self.completion_entry.set_text(app) 992 self.application_selected() 993 994 def find_application(self, app): 995 if app and len(app) > 0: 996 for items in self.application_liststore: 997 if app == items[0]: 998 return True 999 return False 1000 1001 def application_selected(self, *args): 1002 self.show_mislabeled_files_only.set_visible(False) 1003 self.mislabeled_files_label.set_visible(False) 1004 self.warning_files.set_visible(False) 1005 self.filter_entry.set_text('') 1006 1007 app = self.completion_entry.get_text() 1008 if not self.find_application(app): 1009 return 1010 self.show_applications_page() 1011 self.add_button.set_sensitive(True) 1012 self.delete_button.set_sensitive(True) 1013 # Clear the tree to prepare for a new selection otherwise 1014 self.executable_files_liststore.clear() 1015 # data will pile up every time the user selects a new item from the drop down menu 1016 self.network_in_liststore.clear() 1017 self.network_out_liststore.clear() 1018 self.boolean_liststore.clear() 1019 self.transitions_into_liststore.clear() 1020 self.transitions_from_treestore.clear() 1021 self.application_files_liststore.clear() 1022 self.writable_files_liststore.clear() 1023 self.transitions_file_liststore.clear() 1024 1025 try: 1026 if app[0] == '/': 1027 app = sepolicy.get_init_transtype(app) 1028 if not app: 1029 return 1030 self.application = app 1031 except IndexError: 1032 pass 1033 1034 self.wait_mouse() 1035 self.previously_modified_initialize(self.dbus.customized()) 1036 self.reinit() 1037 self.boolean_initialize(app) 1038 self.mislabeled_files = False 1039 self.executable_files_initialize(app) 1040 self.network_initialize(app) 1041 self.writable_files_initialize(app) 1042 self.transitions_into_initialize(app) 1043 self.transitions_from_initialize(app) 1044 self.application_files_initialize(app) 1045 self.transitions_files_initialize(app) 1046 1047 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain.") % app) 1048 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write.") % app) 1049 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect.") % app) 1050 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen.") % app) 1051 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'.") % app) 1052 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'.") % app) 1053 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'.") % app) 1054 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to.") % app) 1055 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'") % app) 1056 self.transitions_from_tab.set_label(_("Application Transitions From '%s'") % app) 1057 self.transitions_file_tab.set_label(_("File Transitions From '%s'") % app) 1058 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) 1059 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) 1060 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label.") % app) 1061 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'.") % app) 1062 1063 self.application = app 1064 self.applications_selection_button.set_label(self.application) 1065 self.ready_mouse() 1066 1067 def reinit(self): 1068 sepolicy.reinit() 1069 self.fcdict = sepolicy.get_fcdict() 1070 self.local_file_paths = sepolicy.get_local_file_paths() 1071 1072 def previously_modified_initialize(self, buf): 1073 self.cust_dict = {} 1074 for i in buf.split("\n"): 1075 rec = i.split() 1076 if len(rec) == 0: 1077 continue 1078 if rec[1] == "-D": 1079 continue 1080 if rec[0] not in self.cust_dict: 1081 self.cust_dict[rec[0]] = {} 1082 if rec[0] == "boolean": 1083 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1084 if rec[0] == "login": 1085 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1086 if rec[0] == "interface": 1087 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1088 if rec[0] == "user": 1089 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1090 if rec[0] == "port": 1091 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1092 if rec[0] == "node": 1093 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1094 if rec[0] == "fcontext": 1095 if rec[2] == "-e": 1096 if "fcontext-equiv" not in self.cust_dict: 1097 self.cust_dict["fcontext-equiv"] = {} 1098 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1099 else: 1100 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1101 if rec[0] == "module": 1102 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1103 1104 if "module" not in self.cust_dict: 1105 return 1106 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1107 if semodule in self.cust_dict["module"]: 1108 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1109 1110 for i in keys: 1111 if i not in self.cust_dict: 1112 self.cust_dict.update({i: {}}) 1113 1114 def executable_files_initialize(self, application): 1115 self.entrypoints = sepolicy.get_entrypoints(application) 1116 for exe in self.entrypoints.keys(): 1117 if len(self.entrypoints[exe]) == 0: 1118 continue 1119 file_class = self.entrypoints[exe][1] 1120 for path in self.entrypoints[exe][0]: 1121 if (path, file_class) in self.cur_dict["fcontext"]: 1122 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1123 continue 1124 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1125 continue 1126 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1127 1128 def mislabeled(self, path): 1129 try: 1130 con = selinux.matchpathcon(path, 0)[1] 1131 cur = selinux.getfilecon(path)[1] 1132 return con != cur 1133 except OSError: 1134 return False 1135 1136 def set_mislabeled(self, tree, path, iter, niter): 1137 if not self.mislabeled(path): 1138 return 1139 con = selinux.matchpathcon(path, 0)[1] 1140 cur = selinux.getfilecon(path)[1] 1141 self.mislabeled_files = True 1142 # Set visibility of label 1143 tree.set_value(niter, 3, True) 1144 # Has a mislabel 1145 tree.set_value(iter, 4, True) 1146 tree.set_value(niter, 4, True) 1147 tree.set_value(iter, 5, con.split(":")[2]) 1148 tree.set_value(iter, 6, cur.split(":")[2]) 1149 1150 def writable_files_initialize(self, application): 1151 # Traversing the dictionary data struct 1152 self.writable_files = sepolicy.get_writable_files(application) 1153 for write in self.writable_files.keys(): 1154 if len(self.writable_files[write]) < 2: 1155 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1156 continue 1157 file_class = self.writable_files[write][1] 1158 for path in self.writable_files[write][0]: 1159 if (path, file_class) in self.cur_dict["fcontext"]: 1160 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1161 continue 1162 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1163 continue 1164 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1165 1166 def files_initial_data_insert(self, liststore, path, selinux_label, file_class): 1167 iter = liststore.append(None) 1168 if path is None: 1169 path = _("MISSING FILE PATH") 1170 modify = False 1171 else: 1172 modify = (path, file_class) in self.local_file_paths 1173 for p in sepolicy.find_file(path): 1174 niter = liststore.append(iter) 1175 liststore.set_value(niter, 0, p) 1176 self.set_mislabeled(liststore, p, iter, niter) 1177 if modify: 1178 path = self.markup(path) 1179 file_class = self.markup(selinux_label) 1180 file_class = self.markup(file_class) 1181 liststore.set_value(iter, 0, path) 1182 liststore.set_value(iter, 1, selinux_label) 1183 liststore.set_value(iter, 2, file_class) 1184 liststore.set_value(iter, 7, modify) 1185 1186 def markup(self, f): 1187 return "<b>%s</b>" % f 1188 1189 def unmarkup(self, f): 1190 if f: 1191 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1192 return None 1193 1194 def application_files_initialize(self, application): 1195 self.file_types = sepolicy.get_file_types(application) 1196 for app in self.file_types.keys(): 1197 if len(self.file_types[app]) == 0: 1198 continue 1199 file_class = self.file_types[app][1] 1200 for path in self.file_types[app][0]: 1201 desc = sepolicy.get_description(app, markup=self.markup) 1202 if (path, file_class) in self.cur_dict["fcontext"]: 1203 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1204 continue 1205 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1206 continue 1207 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1208 1209 def modified(self): 1210 i = 0 1211 for k in self.cur_dict: 1212 if len(self.cur_dict[k]) > 0: 1213 return True 1214 return False 1215 1216 def boolean_initialize(self, application): 1217 for blist in sepolicy.get_bools(application): 1218 for b, active in blist: 1219 if b in self.cur_dict["boolean"]: 1220 active = self.cur_dict["boolean"][b]['active'] 1221 desc = sepolicy.boolean_desc(b) 1222 self.boolean_initial_data_insert(b, desc, active) 1223 1224 def boolean_initial_data_insert(self, val, desc, active): 1225 # Insert data from data source into tree 1226 iter = self.boolean_liststore.append() 1227 self.boolean_liststore.set_value(iter, 0, active) 1228 self.boolean_liststore.set_value(iter, 1, desc) 1229 self.boolean_liststore.set_value(iter, 2, val) 1230 self.boolean_liststore.set_value(iter, 3, _('More...')) 1231 1232 def transitions_into_initialize(self, application): 1233 for x in sepolicy.get_transitions_into(application): 1234 active = None 1235 executable = None 1236 source = None 1237 if "boolean" in x: 1238 active = x["boolean"] 1239 if "target" in x: 1240 executable = x["target"] 1241 if "source" in x: 1242 source = x["source"] 1243 self.transitions_into_initial_data_insert(active, executable, source) 1244 1245 def transitions_into_initial_data_insert(self, active, executable, source): 1246 iter = self.transitions_into_liststore.append() 1247 if active != None: 1248 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1249 else: 1250 self.transitions_into_liststore.set_value(iter, 0, "Default") 1251 1252 self.transitions_into_liststore.set_value(iter, 2, executable) 1253 self.transitions_into_liststore.set_value(iter, 1, source) 1254 1255 def transitions_from_initialize(self, application): 1256 for x in sepolicy.get_transitions(application): 1257 active = None 1258 executable = None 1259 transtype = None 1260 if "boolean" in x: 1261 active = x["boolean"] 1262 if "target" in x: 1263 executable_type = x["target"] 1264 if "transtype" in x: 1265 transtype = x["transtype"] 1266 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1267 try: 1268 for executable in self.fcdict[executable_type]["regex"]: 1269 self.transitions_from_initial_data_insert(active, executable, transtype) 1270 except KeyError: 1271 pass 1272 1273 def transitions_from_initial_data_insert(self, active, executable, transtype): 1274 iter = self.transitions_from_treestore.append(None) 1275 if active == None: 1276 self.transitions_from_treestore.set_value(iter, 0, "Default") 1277 self.transitions_from_treestore.set_value(iter, 5, False) 1278 else: 1279 niter = self.transitions_from_treestore.append(iter) 1280 # active[0][1] is either T or F (enabled is all the way at the top) 1281 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1282 markup = ('<span foreground="blue"><u>','</u></span>') 1283 if active[0][1]: 1284 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the %sBoolean section%s.") % markup)) 1285 else: 1286 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the %sBoolean section%s.") % markup)) 1287 1288 # active[0][0] is the Bool Name 1289 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1290 self.transitions_from_treestore.set_value(niter, 5, True) 1291 1292 self.transitions_from_treestore.set_value(iter, 2, executable) 1293 self.transitions_from_treestore.set_value(iter, 3, transtype) 1294 1295 def transitions_files_initialize(self, application): 1296 for i in sepolicy.get_file_transitions(application): 1297 if 'filename' in i: 1298 filename = i['filename'] 1299 else: 1300 filename = None 1301 self.transitions_files_initial_data_insert(i['target'], i['class'], i['transtype'], filename) 1302 1303 def transitions_files_initial_data_insert(self, path, tclass, dest, name): 1304 iter = self.transitions_file_liststore.append() 1305 self.transitions_file_liststore.set_value(iter, 0, path) 1306 self.transitions_file_liststore.set_value(iter, 1, tclass) 1307 self.transitions_file_liststore.set_value(iter, 2, dest) 1308 if name == None: 1309 name = '*' 1310 self.transitions_file_liststore.set_value(iter, 3, name) 1311 1312 def tab_change(self, *args): 1313 self.clear_filters() 1314 self.treeview = None 1315 self.treesort = None 1316 self.treefilter = None 1317 self.liststore = None 1318 self.modify_button.set_sensitive(False) 1319 self.add_modify_delete_box.hide() 1320 self.show_modified_only.set_visible(False) 1321 self.show_mislabeled_files_only.set_visible(False) 1322 self.mislabeled_files_label.set_visible(False) 1323 self.warning_files.set_visible(False) 1324 1325 if self.boolean_radio_button.get_active(): 1326 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1327 self.treeview = self.boolean_treeview 1328 self.show_modified_only.set_visible(True) 1329 1330 if self.files_radio_button.get_active(): 1331 self.show_popup(self.add_modify_delete_box) 1332 self.show_modified_only.set_visible(True) 1333 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1334 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1335 self.warning_files.set_visible(self.mislabeled_files) 1336 self.outer_notebook.set_current_page(FILES_PAGE) 1337 if args[0] == self.inner_notebook_files: 1338 ipage = args[2] 1339 else: 1340 ipage = self.inner_notebook_files.get_current_page() 1341 if ipage == EXE_PAGE: 1342 self.treeview = self.executable_files_treeview 1343 category = _("executable") 1344 elif ipage == WRITABLE_PAGE: 1345 self.treeview = self.writable_files_treeview 1346 category = _("writable") 1347 elif ipage == APP_PAGE: 1348 self.treeview = self.application_files_treeview 1349 category = _("application") 1350 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1351 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1352 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1353 1354 if self.network_radio_button.get_active(): 1355 self.add_modify_delete_box.show() 1356 self.show_modified_only.set_visible(True) 1357 self.outer_notebook.set_current_page(NETWORK_PAGE) 1358 if args[0] == self.inner_notebook_network: 1359 ipage = args[2] 1360 else: 1361 ipage = self.inner_notebook_network.get_current_page() 1362 if ipage == OUTBOUND_PAGE: 1363 self.treeview = self.network_out_treeview 1364 category = _("connect") 1365 if ipage == INBOUND_PAGE: 1366 self.treeview = self.network_in_treeview 1367 category = _("listen for inbound connections") 1368 1369 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1370 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1371 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1372 1373 if self.transitions_radio_button.get_active(): 1374 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1375 if args[0] == self.inner_notebook_transitions: 1376 ipage = args[2] 1377 else: 1378 ipage = self.inner_notebook_transitions.get_current_page() 1379 if ipage == TRANSITIONS_FROM_PAGE: 1380 self.treeview = self.transitions_from_treeview 1381 if ipage == TRANSITIONS_TO_PAGE: 1382 self.treeview = self.transitions_into_treeview 1383 if ipage == TRANSITIONS_FILE_PAGE: 1384 self.treeview = self.transitions_file_treeview 1385 1386 if self.system_radio_button.get_active(): 1387 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1388 self.filter_box.hide() 1389 1390 if self.lockdown_radio_button.get_active(): 1391 self.lockdown_init() 1392 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1393 self.filter_box.hide() 1394 1395 if self.user_radio_button.get_active(): 1396 self.outer_notebook.set_current_page(USER_PAGE) 1397 self.add_modify_delete_box.show() 1398 self.show_modified_only.set_visible(True) 1399 self.treeview = self.user_treeview 1400 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1401 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1402 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1403 1404 if self.login_radio_button.get_active(): 1405 self.outer_notebook.set_current_page(LOGIN_PAGE) 1406 self.add_modify_delete_box.show() 1407 self.show_modified_only.set_visible(True) 1408 self.treeview = self.login_treeview 1409 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1410 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1411 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1412 1413 if self.file_equiv_radio_button.get_active(): 1414 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1415 self.add_modify_delete_box.show() 1416 self.show_modified_only.set_visible(True) 1417 self.treeview = self.file_equiv_treeview 1418 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1419 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1420 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1421 1422 self.opage = self.outer_notebook.get_current_page() 1423 if self.treeview: 1424 self.filter_box.show() 1425 self.treesort = self.treeview.get_model() 1426 self.treefilter = self.treesort.get_model() 1427 self.liststore = self.treefilter.get_model() 1428 for x in range(0, self.liststore.get_n_columns()): 1429 col = self.treeview.get_column(x) 1430 if col: 1431 cell = col.get_cells()[0] 1432 if isinstance(cell, Gtk.CellRendererText): 1433 self.liststore.set_sort_func(x, self.stripsort, None) 1434 self.treeview.get_selection().unselect_all() 1435 self.modify_button.set_sensitive(False) 1436 1437 def stripsort(self, model, row1, row2, user_data): 1438 sort_column, _ = model.get_sort_column_id() 1439 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1440 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1441 return cmp(val1, val2) 1442 1443 def display_more_detail(self, windows, path): 1444 it = self.boolean_filter.get_iter(path) 1445 it = self.boolean_filter.convert_iter_to_child_iter(it) 1446 1447 self.boolean_more_detail_tree_data_set.clear() 1448 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1449 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1450 for b in blist: 1451 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1452 self.show_popup(self.boolean_more_detail_window) 1453 1454 def display_more_detail_init(self, source, target, class_type, permission): 1455 iter = self.boolean_more_detail_tree_data_set.append() 1456 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1457 1458 def add_button_clicked(self, *args): 1459 self.modify = False 1460 if self.opage == NETWORK_PAGE: 1461 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1462 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1463 self.init_network_dialog(args) 1464 return 1465 1466 if self.opage == FILES_PAGE: 1467 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1468 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1469 self.init_files_dialog(args) 1470 ipage = self.inner_notebook_files.get_current_page() 1471 if ipage == EXE_PAGE: 1472 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1473 else: 1474 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1475 self.clear_entry = True 1476 1477 if self.opage == LOGIN_PAGE: 1478 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1479 self.login_popup_window.set_title(_("Add Login Mapping")) 1480 self.login_init_dialog(args) 1481 self.clear_entry = True 1482 1483 if self.opage == USER_PAGE: 1484 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1485 self.user_popup_window.set_title(_("Add SELinux Users")) 1486 self.user_init_dialog(args) 1487 self.clear_entry = True 1488 1489 if self.opage == FILE_EQUIV_PAGE: 1490 self.file_equiv_source_entry.set_text("") 1491 self.file_equiv_dest_entry.set_text("") 1492 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1493 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1494 self.clear_entry = True 1495 self.show_popup(self.file_equiv_popup_window) 1496 1497 self.new_updates() 1498 1499 def show_popup(self, window): 1500 self.current_popup = window 1501 window.show() 1502 1503 def close_popup(self, *args): 1504 self.current_popup.hide() 1505 self.window.set_sensitive(True) 1506 return True 1507 1508 def modify_button_clicked(self, *args): 1509 iter = None 1510 if self.treeview: 1511 iter = self.get_selected_iter() 1512 if not iter: 1513 self.modify_button.set_sensitive(False) 1514 return 1515 self.modify = True 1516 if self.opage == NETWORK_PAGE: 1517 self.modify_button_network_clicked(args) 1518 1519 if self.opage == FILES_PAGE: 1520 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1521 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1522 self.delete_old_item = None 1523 self.init_files_dialog(args) 1524 self.modify = True 1525 operation = "Modify" 1526 mls = 1 1527 ipage = self.inner_notebook_files.get_current_page() 1528 1529 if ipage == EXE_PAGE: 1530 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1531 self.delete_old_item = iter 1532 path = self.executable_files_liststore.get_value(iter, 0) 1533 self.files_path_entry.set_text(path) 1534 ftype = self.executable_files_liststore.get_value(iter, 1) 1535 if ftype != None: 1536 self.combo_set_active_text(self.files_type_combobox, ftype) 1537 tclass = self.executable_files_liststore.get_value(iter, 2) 1538 if tclass != None: 1539 self.combo_set_active_text(self.files_class_combobox, tclass) 1540 1541 if ipage == WRITABLE_PAGE: 1542 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1543 self.delete_old_item = iter 1544 path = self.writable_files_liststore.get_value(iter, 0) 1545 self.files_path_entry.set_text(path) 1546 type = self.writable_files_liststore.get_value(iter, 1) 1547 if type != None: 1548 self.combo_set_active_text(self.files_type_combobox, type) 1549 tclass = self.writable_files_liststore.get_value(iter, 2) 1550 if tclass != None: 1551 self.combo_set_active_text(self.files_class_combobox, tclass) 1552 1553 if ipage == APP_PAGE: 1554 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1555 self.delete_old_item = iter 1556 path = self.application_files_liststore.get_value(iter, 0) 1557 self.files_path_entry.set_text(path) 1558 try: 1559 get_type = self.application_files_liststore.get_value(iter, 1) 1560 get_type = get_type.split("<b>")[1].split("</b>") 1561 except AttributeError: 1562 pass 1563 type = self.application_files_liststore.get_value(iter, 2) 1564 if type != None: 1565 self.combo_set_active_text(self.files_type_combobox, type) 1566 tclass = get_type[0] 1567 if tclass != None: 1568 self.combo_set_active_text(self.files_class_combobox, tclass) 1569 1570 if self.opage == USER_PAGE: 1571 self.user_init_dialog(args) 1572 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1573 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1574 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1575 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1576 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1577 self.user_popup_window.set_title(_("Modify SELinux Users")) 1578 self.show_popup(self.user_popup_window) 1579 1580 if self.opage == LOGIN_PAGE: 1581 self.login_init_dialog(args) 1582 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1583 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1584 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1585 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1586 self.login_popup_window.set_title(_("Modify Login Mapping")) 1587 self.show_popup(self.login_popup_window) 1588 1589 if self.opage == FILE_EQUIV_PAGE: 1590 self.file_equiv_source_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 0))) 1591 self.file_equiv_dest_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 1))) 1592 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1593 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1594 self.clear_entry = True 1595 self.show_popup(self.file_equiv_popup_window) 1596 1597 def populate_type_combo(self, tree, loc, *args): 1598 iter = self.more_types_files_liststore.get_iter(loc) 1599 ftype = self.more_types_files_liststore.get_value(iter, 0) 1600 self.combo_set_active_text(self.files_type_combobox, ftype) 1601 self.show_popup(self.files_popup_window) 1602 self.moreTypes_window_files.hide() 1603 1604 def strip_domain(self, domain): 1605 if domain == None: 1606 return 1607 if domain.endswith("_script_t"): 1608 split_char = "_script_t" 1609 else: 1610 split_char = "_t" 1611 return domain.split(split_char)[0] 1612 1613 def exclude_type(self, type, exclude_list): 1614 for e in exclude_list: 1615 if type.startswith(e): 1616 return True 1617 return False 1618 1619 def init_files_dialog(self, *args): 1620 exclude_list = [] 1621 self.files_class_combobox.set_sensitive(True) 1622 self.show_popup(self.files_popup_window) 1623 ipage = self.inner_notebook_files.get_current_page() 1624 self.files_type_combolist.clear() 1625 self.files_class_combolist.clear() 1626 compare = self.strip_domain(self.application) 1627 for d in self.application_liststore: 1628 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1629 exclude_list.append(self.strip_domain(d[0])) 1630 1631 self.more_types_files_liststore.clear() 1632 try: 1633 for files in sepolicy.file_type_str: 1634 iter = self.files_class_combolist.append() 1635 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1636 1637 if ipage == EXE_PAGE and self.entrypoints != None: 1638 for exe in self.entrypoints.keys(): 1639 if exe.startswith(compare): 1640 iter = self.files_type_combolist.append() 1641 self.files_type_combolist.set_value(iter, 0, exe) 1642 iter = self.more_types_files_liststore.append() 1643 self.more_types_files_liststore.set_value(iter, 0, exe) 1644 self.files_class_combobox.set_active(4) 1645 self.files_class_combobox.set_sensitive(False) 1646 1647 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1648 for write in self.writable_files.keys(): 1649 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1650 iter = self.files_type_combolist.append() 1651 self.files_type_combolist.set_value(iter, 0, write) 1652 iter = self.more_types_files_liststore.append() 1653 self.more_types_files_liststore.set_value(iter, 0, write) 1654 self.files_class_combobox.set_active(0) 1655 elif ipage == APP_PAGE and self.file_types != None: 1656 for app in sepolicy.get_all_file_types(): 1657 if app.startswith(compare): 1658 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1659 iter = self.files_type_combolist.append() 1660 self.files_type_combolist.set_value(iter, 0, app) 1661 iter = self.more_types_files_liststore.append() 1662 self.more_types_files_liststore.set_value(iter, 0, app) 1663 self.files_class_combobox.set_active(0) 1664 except AttributeError: 1665 print("error") 1666 pass 1667 self.files_type_combobox.set_active(0) 1668 self.files_mls_entry.set_text("s0") 1669 iter = self.files_type_combolist.append() 1670 self.files_type_combolist.set_value(iter, 0, _('More...')) 1671 1672 def modify_button_network_clicked(self, *args): 1673 iter = self.get_selected_iter() 1674 if not iter: 1675 self.modify_button.set_sensitive(False) 1676 return 1677 1678 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1679 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1680 self.delete_old_item = None 1681 self.init_network_dialog(args) 1682 operation = "Modify" 1683 mls = 1 1684 self.modify = True 1685 iter = self.get_selected_iter() 1686 port = self.liststore.get_value(iter, 0) 1687 self.network_ports_entry.set_text(port) 1688 protocol = self.liststore.get_value(iter, 1) 1689 if protocol == "tcp": 1690 self.network_tcp_button.set_active(True) 1691 elif protocol == "udp": 1692 self.network_udp_button.set_active(True) 1693 type = self.liststore.get_value(iter, 2) 1694 if type != None: 1695 self.combo_set_active_text(self.network_port_type_combobox, type) 1696 self.delete_old_item = iter 1697 1698 def init_network_dialog(self, *args): 1699 self.show_popup(self.network_popup_window) 1700 ipage = self.inner_notebook_network.get_current_page() 1701 self.network_port_type_combolist.clear() 1702 self.network_ports_entry.set_text("") 1703 1704 try: 1705 if ipage == OUTBOUND_PAGE: 1706 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools=True) 1707 elif ipage == INBOUND_PAGE: 1708 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools=True) 1709 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools=True) 1710 1711 port_types = [] 1712 for k in netd.keys(): 1713 for t, ports in netd[k]: 1714 if t not in port_types + ["port_t", "unreserved_port_t"]: 1715 if t.endswith("_type"): 1716 continue 1717 1718 port_types.append(t) 1719 1720 port_types.sort() 1721 short_domain = self.strip_domain(self.application) 1722 if short_domain[-1] == "d": 1723 short_domain = short_domain[:-1] 1724 short_domain = short_domain + "_" 1725 ctr = 0 1726 found = 0 1727 for t in port_types: 1728 if t.startswith(short_domain): 1729 found = ctr 1730 iter = self.network_port_type_combolist.append() 1731 self.network_port_type_combolist.set_value(iter, 0, t) 1732 ctr += 1 1733 self.network_port_type_combobox.set_active(found) 1734 1735 except AttributeError: 1736 pass 1737 1738 self.network_tcp_button.set_active(True) 1739 self.network_mls_entry.set_text("s0") 1740 1741 def login_seuser_combobox_change(self, combo, *args): 1742 seuser = self.combo_get_active_text(combo) 1743 if self.login_mls_entry.get_text() == "": 1744 for u in sepolicy.get_selinux_users(): 1745 if seuser == u['name']: 1746 self.login_mls_entry.set_text(u.get('range', '')) 1747 1748 def user_roles_combobox_change(self, combo, *args): 1749 serole = self.combo_get_active_text(combo) 1750 if self.user_mls_entry.get_text() == "": 1751 for u in sepolicy.get_all_roles(): 1752 if serole == u['name']: 1753 self.user_mls_entry.set_text(u.get('range', '')) 1754 1755 def get_selected_iter(self): 1756 iter = None 1757 if not self.treeview: 1758 return None 1759 row = self.treeview.get_selection() 1760 if not row: 1761 return None 1762 treesort, iter = row.get_selected() 1763 if iter: 1764 iter = treesort.convert_iter_to_child_iter(iter) 1765 if iter: 1766 iter = self.treefilter.convert_iter_to_child_iter(iter) 1767 return iter 1768 1769 def cursor_changed(self, *args): 1770 self.modify_button.set_sensitive(False) 1771 iter = self.get_selected_iter() 1772 if iter == None: 1773 self.modify_button.set_sensitive(False) 1774 return 1775 if not self.liststore[iter] or not self.liststore[iter][-1]: 1776 return 1777 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1778 1779 def login_init_dialog(self, *args): 1780 self.show_popup(self.login_popup_window) 1781 self.login_seuser_combolist.clear() 1782 users = sepolicy.get_all_users() 1783 users.sort() 1784 for u in users: 1785 iter = self.login_seuser_combolist.append() 1786 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1787 self.login_name_entry.set_text("") 1788 self.login_mls_entry.set_text("") 1789 1790 def user_init_dialog(self, *args): 1791 self.show_popup(self.user_popup_window) 1792 self.user_roles_combolist.clear() 1793 roles = sepolicy.get_all_roles() 1794 roles.sort() 1795 for r in roles: 1796 iter = self.user_roles_combolist.append() 1797 self.user_roles_combolist.set_value(iter, 0, str(r)) 1798 self.user_name_entry.set_text("") 1799 self.user_mls_entry.set_text("") 1800 1801 def on_disable_ptrace(self, checkbutton): 1802 if self.finish_init: 1803 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1804 self.wait_mouse() 1805 try: 1806 self.dbus.semanage(update_buffer) 1807 except dbus.exceptions.DBusException as e: 1808 self.error(e) 1809 self.ready_mouse() 1810 1811 def on_show_modified_only(self, checkbutton): 1812 length = self.liststore.get_n_columns() 1813 1814 def dup_row(row): 1815 l = [] 1816 for i in range(0, length): 1817 l.append(row[i]) 1818 return l 1819 1820 append_list = [] 1821 if self.opage == BOOLEANS_PAGE: 1822 if not checkbutton.get_active(): 1823 return self.boolean_initialize(self.application) 1824 1825 for row in self.liststore: 1826 if row[2] in self.cust_dict["boolean"]: 1827 append_list.append(dup_row(row)) 1828 1829 if self.opage == FILES_PAGE: 1830 ipage = self.inner_notebook_files.get_current_page() 1831 if not checkbutton.get_active(): 1832 if ipage == EXE_PAGE: 1833 return self.executable_files_initialize(self.application) 1834 if ipage == WRITABLE_PAGE: 1835 return self.writable_files_initialize(self.application) 1836 if ipage == APP_PAGE: 1837 return self.application_files_initialize(self.application) 1838 for row in self.liststore: 1839 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1840 append_list.append(row) 1841 1842 if self.opage == NETWORK_PAGE: 1843 if not checkbutton.get_active(): 1844 return self.network_initialize(self.application) 1845 for row in self.liststore: 1846 if (row[0], row[1]) in self.cust_dict["port"]: 1847 append_list.append(dup_row(row)) 1848 1849 if self.opage == FILE_EQUIV_PAGE: 1850 if not checkbutton.get_active() == True: 1851 return self.file_equiv_initialize() 1852 1853 for row in self.liststore: 1854 if row[0] in self.cust_dict["fcontext-equiv"]: 1855 append_list.append(dup_row(row)) 1856 1857 if self.opage == USER_PAGE: 1858 if not checkbutton.get_active(): 1859 return self.user_initialize() 1860 1861 for row in self.liststore: 1862 if row[0] in self.cust_dict["user"]: 1863 append_list.append(dup_row(row)) 1864 1865 if self.opage == LOGIN_PAGE: 1866 if not checkbutton.get_active() == True: 1867 return self.login_initialize() 1868 1869 for row in self.liststore: 1870 if row[0] in self.cust_dict["login"]: 1871 append_list.append(dup_row(row)) 1872 1873 self.liststore.clear() 1874 for row in append_list: 1875 iter = self.liststore.append() 1876 for i in range(0, length): 1877 self.liststore.set_value(iter, i, row[i]) 1878 1879 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1880 iter = tree.append(None) 1881 tree.set_value(iter, 0, path) 1882 tree.set_value(iter, 1, ftype) 1883 tree.set_value(iter, 2, fclass) 1884 1885 def restore_to_default(self, *args): 1886 print("restore to default clicked...") 1887 1888 def invalid_entry_retry(self, *args): 1889 self.closewindow(self.error_check_window) 1890 self.files_popup_window.set_sensitive(True) 1891 self.network_popup_window.set_sensitive(True) 1892 1893 def error_check_files(self, insert_txt): 1894 if len(insert_txt) == 0 or insert_txt[0] != '/': 1895 self.error_check_window.show() 1896 self.files_popup_window.set_sensitive(False) 1897 self.network_popup_window.set_sensitive(False) 1898 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1899 return True 1900 return False 1901 1902 def error_check_network(self, port): 1903 try: 1904 pnum = int(port) 1905 if pnum < 1 or pnum > 65536: 1906 raise ValueError 1907 except ValueError: 1908 self.error_check_window.show() 1909 self.files_popup_window.set_sensitive(False) 1910 self.network_popup_window.set_sensitive(False) 1911 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1912 return True 1913 return False 1914 1915 def show_more_types(self, *args): 1916 if self.finish_init: 1917 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1918 self.files_popup_window.hide() 1919 self.moreTypes_window_files.show() 1920 1921 def update_to_login(self, *args): 1922 self.close_popup() 1923 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1924 mls_range = self.login_mls_entry.get_text() 1925 name = self.login_name_entry.get_text() 1926 if self.modify: 1927 iter = self.get_selected_iter() 1928 oldname = self.login_liststore.get_value(iter, 0) 1929 oldseuser = self.login_liststore.get_value(iter, 1) 1930 oldrange = self.login_liststore.get_value(iter, 2) 1931 self.liststore.set_value(iter, 0, oldname) 1932 self.liststore.set_value(iter, 1, oldseuser) 1933 self.liststore.set_value(iter, 2, oldrange) 1934 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1935 else: 1936 iter = self.liststore.append(None) 1937 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1938 1939 self.liststore.set_value(iter, 0, name) 1940 self.liststore.set_value(iter, 1, seuser) 1941 self.liststore.set_value(iter, 2, mls_range) 1942 1943 self.new_updates() 1944 1945 def update_to_user(self, *args): 1946 self.close_popup() 1947 roles = self.combo_get_active_text(self.user_roles_combobox) 1948 level = self.user_mls_level_entry.get_text() 1949 mls_range = self.user_mls_entry.get_text() 1950 name = self.user_name_entry.get_text() 1951 if self.modify: 1952 iter = self.get_selected_iter() 1953 oldname = self.user_liststore.get_value(iter, 0) 1954 oldroles = self.user_liststore.get_value(iter, 1) 1955 oldlevel = self.user_liststore.get_value(iter, 1) 1956 oldrange = self.user_liststore.get_value(iter, 3) 1957 self.liststore.set_value(iter, 0, oldname) 1958 self.liststore.set_value(iter, 1, oldroles) 1959 self.liststore.set_value(iter, 2, oldlevel) 1960 self.liststore.set_value(iter, 3, oldrange) 1961 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1962 else: 1963 iter = self.liststore.append(None) 1964 if mls_range or level: 1965 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1966 else: 1967 self.cur_dict["user"][name] = {"action": "-a", "role": roles} 1968 1969 self.liststore.set_value(iter, 0, name) 1970 self.liststore.set_value(iter, 1, roles) 1971 self.liststore.set_value(iter, 2, level) 1972 self.liststore.set_value(iter, 3, mls_range) 1973 1974 self.new_updates() 1975 1976 def update_to_file_equiv(self, *args): 1977 self.close_popup() 1978 dest = self.file_equiv_dest_entry.get_text() 1979 src = self.file_equiv_source_entry.get_text() 1980 if self.modify: 1981 iter = self.get_selected_iter() 1982 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1983 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1984 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1985 else: 1986 iter = self.liststore.append(None) 1987 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 1988 self.liststore.set_value(iter, 0, self.markup(dest)) 1989 self.liststore.set_value(iter, 1, self.markup(src)) 1990 1991 def update_to_files(self, *args): 1992 self.close_popup() 1993 self.files_add = True 1994 # Insert Function will be used in the future 1995 path = self.files_path_entry.get_text() 1996 if self.error_check_files(path): 1997 return 1998 1999 setype = self.combo_get_active_text(self.files_type_combobox) 2000 mls = self.files_mls_entry.get_text() 2001 tclass = self.combo_get_active_text(self.files_class_combobox) 2002 2003 if self.modify: 2004 iter = self.get_selected_iter() 2005 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2006 oldsetype = self.unmark(self.liststore.set_value(iter, 1)) 2007 oldtclass = self.liststore.get_value(iter, 2) 2008 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldpath": oldpath, "oldclass": oldtclass} 2009 else: 2010 iter = self.liststore.append(None) 2011 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2012 self.liststore.set_value(iter, 0, self.markup(path)) 2013 self.liststore.set_value(iter, 1, self.markup(setype)) 2014 self.liststore.set_value(iter, 2, self.markup(tclass)) 2015 2016 self.files_add = False 2017 self.recursive_path_toggle.set_active(False) 2018 self.new_updates() 2019 2020 def update_to_network(self, *args): 2021 self.network_add = True 2022 ports = self.network_ports_entry.get_text() 2023 if self.error_check_network(ports): 2024 return 2025 if self.network_tcp_button.get_active(): 2026 protocol = "tcp" 2027 else: 2028 protocol = "udp" 2029 2030 setype = self.combo_get_active_text(self.network_port_type_combobox) 2031 mls = self.network_mls_entry.get_text() 2032 2033 if self.modify: 2034 iter = self.get_selected_iter() 2035 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2036 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2037 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2038 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldprotocol": oldprotocol, "oldports": oldports} 2039 else: 2040 iter = self.liststore.append(None) 2041 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2042 self.liststore.set_value(iter, 0, ports) 2043 self.liststore.set_value(iter, 1, protocol) 2044 self.liststore.set_value(iter, 2, setype) 2045 2046 self.network_add = False 2047 self.network_popup_window.hide() 2048 self.window.set_sensitive(True) 2049 self.new_updates() 2050 2051 def delete_button_clicked(self, *args): 2052 operation = "Add" 2053 self.window.set_sensitive(False) 2054 if self.opage == NETWORK_PAGE: 2055 self.network_delete_liststore.clear() 2056 port_dict = self.cust_dict["port"] 2057 for ports, protocol in port_dict: 2058 setype = port_dict[(ports, protocol)]["type"] 2059 iter = self.network_delete_liststore.append() 2060 self.network_delete_liststore.set_value(iter, 1, ports) 2061 self.network_delete_liststore.set_value(iter, 2, protocol) 2062 self.network_delete_liststore.set_value(iter, 3, setype) 2063 self.show_popup(self.network_delete_window) 2064 return 2065 2066 if self.opage == FILES_PAGE: 2067 self.files_delete_liststore.clear() 2068 fcontext_dict = self.cust_dict["fcontext"] 2069 for path, tclass in fcontext_dict: 2070 setype = fcontext_dict[(path, tclass)]["type"] 2071 iter = self.files_delete_liststore.append() 2072 self.files_delete_liststore.set_value(iter, 1, path) 2073 self.files_delete_liststore.set_value(iter, 2, setype) 2074 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2075 self.show_popup(self.files_delete_window) 2076 return 2077 2078 if self.opage == USER_PAGE: 2079 self.user_delete_liststore.clear() 2080 user_dict = self.cust_dict["user"] 2081 for user in user_dict: 2082 roles = user_dict[user]["role"] 2083 mls = user_dict[user].get("range", "") 2084 level = user_dict[user].get("level", "") 2085 iter = self.user_delete_liststore.append() 2086 self.user_delete_liststore.set_value(iter, 1, user) 2087 self.user_delete_liststore.set_value(iter, 2, roles) 2088 self.user_delete_liststore.set_value(iter, 3, level) 2089 self.user_delete_liststore.set_value(iter, 4, mls) 2090 self.show_popup(self.user_delete_window) 2091 return 2092 2093 if self.opage == LOGIN_PAGE: 2094 self.login_delete_liststore.clear() 2095 login_dict = self.cust_dict["login"] 2096 for login in login_dict: 2097 seuser = login_dict[login]["seuser"] 2098 mls = login_dict[login].get("range", "") 2099 iter = self.login_delete_liststore.append() 2100 self.login_delete_liststore.set_value(iter, 1, seuser) 2101 self.login_delete_liststore.set_value(iter, 2, login) 2102 self.login_delete_liststore.set_value(iter, 3, mls) 2103 self.show_popup(self.login_delete_window) 2104 return 2105 2106 if self.opage == FILE_EQUIV_PAGE: 2107 self.file_equiv_delete_liststore.clear() 2108 for items in self.file_equiv_liststore: 2109 if items[2]: 2110 iter = self.file_equiv_delete_liststore.append() 2111 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2112 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2113 self.show_popup(self.file_equiv_delete_window) 2114 return 2115 2116 def on_save_delete_clicked(self, *args): 2117 self.close_popup() 2118 if self.opage == NETWORK_PAGE: 2119 for delete in self.network_delete_liststore: 2120 if delete[0]: 2121 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2122 if self.opage == FILES_PAGE: 2123 for delete in self.files_delete_liststore: 2124 if delete[0]: 2125 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2126 if self.opage == USER_PAGE: 2127 for delete in self.user_delete_liststore: 2128 if delete[0]: 2129 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2130 if self.opage == LOGIN_PAGE: 2131 for delete in self.login_delete_liststore: 2132 if delete[0]: 2133 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2134 if self.opage == FILE_EQUIV_PAGE: 2135 for delete in self.file_equiv_delete_liststore: 2136 if delete[0]: 2137 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2138 self.new_updates() 2139 2140 def on_save_delete_file_equiv_clicked(self, *args): 2141 for delete in self.files_delete_liststore: 2142 print(delete[0], delete[1], delete[2],) 2143 2144 def on_toggle_update(self, cell, path, model): 2145 model[path][0] = not model[path][0] 2146 2147 def ipage_delete(self, liststore, key): 2148 ctr = 0 2149 for items in liststore: 2150 if items[0] == key[0] and items[2] == key[1]: 2151 iter = liststore.get_iter(ctr) 2152 liststore.remove(iter) 2153 return 2154 ctr += 1 2155 2156 def on_toggle(self, cell, path, model): 2157 if not path: 2158 return 2159 iter = self.boolean_filter.get_iter(path) 2160 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2161 name = model.get_value(iter, 2) 2162 model.set_value(iter, 0, not model.get_value(iter, 0)) 2163 active = model.get_value(iter, 0) 2164 if name in self.cur_dict["boolean"]: 2165 del self.cur_dict["boolean"][name] 2166 else: 2167 self.cur_dict["boolean"][name] = {"active": active} 2168 self.new_updates() 2169 2170 def get_advanced_filter_data(self, entry, *args): 2171 self.filter_txt = entry.get_text() 2172 self.advanced_search_filter.refilter() 2173 2174 def get_filter_data(self, windows, *args): 2175 #search for desired item 2176 # The txt that the use rinputs into the filter is stored in filter_txt 2177 self.filter_txt = windows.get_text() 2178 self.treefilter.refilter() 2179 2180 def update_gui(self, *args): 2181 self.update = True 2182 self.update_treestore.clear() 2183 for bools in self.cur_dict["boolean"]: 2184 operation = self.cur_dict["boolean"][bools]["action"] 2185 iter = self.update_treestore.append(None) 2186 self.update_treestore.set_value(iter, 0, True) 2187 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2188 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2189 self.update_treestore.set_value(iter, 3, True) 2190 niter = self.update_treestore.append(iter) 2191 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2192 self.update_treestore.set_value(niter, 3, False) 2193 2194 for path, tclass in self.cur_dict["fcontext"]: 2195 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2196 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2197 iter = self.update_treestore.append(None) 2198 self.update_treestore.set_value(iter, 0, True) 2199 self.update_treestore.set_value(iter, 2, operation) 2200 self.update_treestore.set_value(iter, 0, True) 2201 if operation == "-a": 2202 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2203 if operation == "-d": 2204 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2205 if operation == "-m": 2206 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2207 2208 niter = self.update_treestore.append(iter) 2209 self.update_treestore.set_value(niter, 3, False) 2210 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2211 niter = self.update_treestore.append(iter) 2212 self.update_treestore.set_value(niter, 3, False) 2213 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2214 niter = self.update_treestore.append(iter) 2215 self.update_treestore.set_value(niter, 3, False) 2216 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2217 2218 for port, protocol in self.cur_dict["port"]: 2219 operation = self.cur_dict["port"][(port, protocol)]["action"] 2220 iter = self.update_treestore.append(None) 2221 self.update_treestore.set_value(iter, 0, True) 2222 self.update_treestore.set_value(iter, 2, operation) 2223 self.update_treestore.set_value(iter, 3, True) 2224 if operation == "-a": 2225 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2226 if operation == "-d": 2227 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2228 if operation == "-m": 2229 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2230 2231 niter = self.update_treestore.append(iter) 2232 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2233 self.update_treestore.set_value(niter, 3, False) 2234 niter = self.update_treestore.append(iter) 2235 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2236 self.update_treestore.set_value(niter, 3, False) 2237 setype = self.cur_dict["port"][(port, protocol)]["type"] 2238 niter = self.update_treestore.append(iter) 2239 self.update_treestore.set_value(niter, 3, False) 2240 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2241 2242 for user in self.cur_dict["user"]: 2243 operation = self.cur_dict["user"][user]["action"] 2244 iter = self.update_treestore.append(None) 2245 self.update_treestore.set_value(iter, 0, True) 2246 self.update_treestore.set_value(iter, 2, operation) 2247 self.update_treestore.set_value(iter, 0, True) 2248 if operation == "-a": 2249 self.update_treestore.set_value(iter, 1, _("Add user")) 2250 if operation == "-d": 2251 self.update_treestore.set_value(iter, 1, _("Delete user")) 2252 if operation == "-m": 2253 self.update_treestore.set_value(iter, 1, _("Modify user")) 2254 2255 niter = self.update_treestore.append(iter) 2256 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2257 self.update_treestore.set_value(niter, 3, False) 2258 niter = self.update_treestore.append(iter) 2259 self.update_treestore.set_value(niter, 3, False) 2260 roles = self.cur_dict["user"][user]["role"] 2261 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2262 mls = self.cur_dict["user"][user].get("range", "") 2263 niter = self.update_treestore.append(iter) 2264 self.update_treestore.set_value(niter, 3, False) 2265 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2266 2267 for login in self.cur_dict["login"]: 2268 operation = self.cur_dict["login"][login]["action"] 2269 iter = self.update_treestore.append(None) 2270 self.update_treestore.set_value(iter, 0, True) 2271 self.update_treestore.set_value(iter, 2, operation) 2272 self.update_treestore.set_value(iter, 0, True) 2273 if operation == "-a": 2274 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2275 if operation == "-d": 2276 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2277 if operation == "-m": 2278 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2279 2280 niter = self.update_treestore.append(iter) 2281 self.update_treestore.set_value(niter, 3, False) 2282 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2283 niter = self.update_treestore.append(iter) 2284 self.update_treestore.set_value(niter, 3, False) 2285 seuser = self.cur_dict["login"][login]["seuser"] 2286 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2287 mls = self.cur_dict["login"][login].get("range", "") 2288 niter = self.update_treestore.append(iter) 2289 self.update_treestore.set_value(niter, 3, False) 2290 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2291 2292 for path in self.cur_dict["fcontext-equiv"]: 2293 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2294 iter = self.update_treestore.append(None) 2295 self.update_treestore.set_value(iter, 0, True) 2296 self.update_treestore.set_value(iter, 2, operation) 2297 self.update_treestore.set_value(iter, 0, True) 2298 if operation == "-a": 2299 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2300 if operation == "-d": 2301 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2302 if operation == "-m": 2303 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2304 2305 niter = self.update_treestore.append(iter) 2306 self.update_treestore.set_value(niter, 3, False) 2307 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2308 niter = self.update_treestore.append(iter) 2309 self.update_treestore.set_value(niter, 3, False) 2310 src = self.cur_dict["fcontext-equiv"][path]["src"] 2311 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2312 2313 self.show_popup(self.update_window) 2314 2315 def set_active_application_button(self): 2316 if self.boolean_radio_button.get_active(): 2317 self.active_button = self.boolean_radio_button 2318 if self.files_radio_button.get_active(): 2319 self.active_button = self.files_radio_button 2320 if self.transitions_radio_button.get_active(): 2321 self.active_button = self.transitions_radio_button 2322 if self.network_radio_button.get_active(): 2323 self.active_button = self.network_radio_button 2324 2325 def clearbuttons(self, clear=True): 2326 self.main_selection_popover.hide() 2327 self.boolean_radio_button.set_visible(False) 2328 self.files_radio_button.set_visible(False) 2329 self.network_radio_button.set_visible(False) 2330 self.transitions_radio_button.set_visible(False) 2331 self.system_radio_button.set_visible(False) 2332 self.lockdown_radio_button.set_visible(False) 2333 self.user_radio_button.set_visible(False) 2334 self.login_radio_button.set_visible(False) 2335 if clear: 2336 self.completion_entry.set_text("") 2337 2338 def show_system_page(self): 2339 self.clearbuttons() 2340 self.system_radio_button.set_visible(True) 2341 self.lockdown_radio_button.set_visible(True) 2342 self.applications_selection_button.set_label(_("System")) 2343 self.system_radio_button.set_active(True) 2344 self.tab_change() 2345 self.idle_func() 2346 2347 def show_file_equiv_page(self, *args): 2348 self.clearbuttons() 2349 self.file_equiv_initialize() 2350 self.file_equiv_radio_button.set_active(True) 2351 self.applications_selection_button.set_label(_("File Equivalence")) 2352 self.tab_change() 2353 self.idle_func() 2354 self.add_button.set_sensitive(True) 2355 self.delete_button.set_sensitive(True) 2356 2357 def show_users_page(self): 2358 self.clearbuttons() 2359 self.login_radio_button.set_visible(True) 2360 self.user_radio_button.set_visible(True) 2361 self.applications_selection_button.set_label(_("Users")) 2362 self.login_radio_button.set_active(True) 2363 self.tab_change() 2364 self.user_initialize() 2365 self.login_initialize() 2366 self.idle_func() 2367 self.add_button.set_sensitive(True) 2368 self.delete_button.set_sensitive(True) 2369 2370 def show_applications_page(self): 2371 self.clearbuttons(False) 2372 self.boolean_radio_button.set_visible(True) 2373 self.files_radio_button.set_visible(True) 2374 self.network_radio_button.set_visible(True) 2375 self.transitions_radio_button.set_visible(True) 2376 self.boolean_radio_button.set_active(True) 2377 self.tab_change() 2378 self.idle_func() 2379 2380 def system_interface(self, *args): 2381 self.show_system_page() 2382 2383 def users_interface(self, *args): 2384 self.show_users_page() 2385 2386 def show_mislabeled_files(self, checkbutton, *args): 2387 iterlist = [] 2388 ctr = 0 2389 ipage = self.inner_notebook_files.get_current_page() 2390 if checkbutton.get_active() == True: 2391 for items in self.liststore: 2392 iter = self.treesort.get_iter(ctr) 2393 iter = self.treesort.convert_iter_to_child_iter(iter) 2394 iter = self.treefilter.convert_iter_to_child_iter(iter) 2395 if iter != None: 2396 if self.liststore.get_value(iter, 4) == False: 2397 iterlist.append(iter) 2398 ctr += 1 2399 for iters in iterlist: 2400 self.liststore.remove(iters) 2401 2402 elif self.application != None: 2403 self.liststore.clear() 2404 if ipage == EXE_PAGE: 2405 self.executable_files_initialize(self.application) 2406 elif ipage == WRITABLE_PAGE: 2407 self.writable_files_initialize(self.application) 2408 elif ipage == APP_PAGE: 2409 self.application_files_initialize(self.application) 2410 2411 def fix_mislabeled(self, path): 2412 cur = selinux.getfilecon(path)[1].split(":")[2] 2413 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2414 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2415 self.dbus.restorecon(path) 2416 self.application_selected() 2417 2418 def new_updates(self, *args): 2419 self.update_button.set_sensitive(self.modified()) 2420 self.revert_button.set_sensitive(self.modified()) 2421 2422 def update_or_revert_changes(self, button, *args): 2423 self.update_gui() 2424 self.update = (button.get_label() == _("Update")) 2425 if self.update: 2426 self.update_window.set_title(_("Update Changes")) 2427 else: 2428 self.update_window.set_title(_("Revert Changes")) 2429 2430 def apply_changes_button_press(self, *args): 2431 self.close_popup() 2432 if self.update: 2433 self.update_the_system() 2434 else: 2435 self.revert_data() 2436 self.finish_init = False 2437 self.previously_modified_initialize(self.dbus.customized()) 2438 self.finish_init = True 2439 self.clear_filters() 2440 self.application_selected() 2441 self.new_updates() 2442 self.update_treestore.clear() 2443 2444 def update_the_system(self, *args): 2445 self.close_popup() 2446 update_buffer = self.format_update() 2447 self.wait_mouse() 2448 try: 2449 self.dbus.semanage(update_buffer) 2450 except dbus.exceptions.DBusException as e: 2451 print(e) 2452 self.ready_mouse() 2453 self.init_cur() 2454 2455 def ipage_value_lookup(self, lookup): 2456 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2457 for value in ipage_values: 2458 if value == lookup: 2459 return ipage_values[value] 2460 return "Booleans" 2461 2462 def get_attributes_update(self, attribute): 2463 attribute = attribute.split(": ")[1] 2464 bool_id = attribute.split(": ")[0] 2465 if bool_id == "SELinux name": 2466 self.bool_revert = attribute 2467 else: 2468 return attribute 2469 2470 def format_update(self): 2471 self.revert_data() 2472 update_buffer = "" 2473 for k in self.cur_dict: 2474 if k in "boolean": 2475 for b in self.cur_dict[k]: 2476 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2477 if k in "login": 2478 for l in self.cur_dict[k]: 2479 if self.cur_dict[k][l]["action"] == "-d": 2480 update_buffer += "login -d %s\n" % l 2481 elif "range" in self.cur_dict[k][l]: 2482 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2483 else: 2484 update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l) 2485 if k in "user": 2486 for u in self.cur_dict[k]: 2487 if self.cur_dict[k][u]["action"] == "-d": 2488 update_buffer += "user -d %s\n" % u 2489 elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]: 2490 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2491 else: 2492 update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u) 2493 2494 if k in "fcontext-equiv": 2495 for f in self.cur_dict[k]: 2496 if self.cur_dict[k][f]["action"] == "-d": 2497 update_buffer += "fcontext -d %s\n" % f 2498 else: 2499 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2500 2501 if k in "fcontext": 2502 for f in self.cur_dict[k]: 2503 if self.cur_dict[k][f]["action"] == "-d": 2504 update_buffer += "fcontext -d %s\n" % f 2505 else: 2506 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2507 2508 if k in "port": 2509 for port, protocol in self.cur_dict[k]: 2510 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2511 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2512 else: 2513 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], protocol, port) 2514 2515 return update_buffer 2516 2517 def revert_data(self): 2518 ctr = 0 2519 remove_list = [] 2520 update_buffer = "" 2521 for items in self.update_treestore: 2522 if not self.update_treestore[ctr][0]: 2523 remove_list.append(ctr) 2524 ctr += 1 2525 remove_list.reverse() 2526 for ctr in remove_list: 2527 self.remove_cur(ctr) 2528 2529 def reveal_advanced_system(self, label, *args): 2530 advanced = label.get_text() == ADVANCED_LABEL[0] 2531 if advanced: 2532 label.set_text(ADVANCED_LABEL[1]) 2533 else: 2534 label.set_text(ADVANCED_LABEL[0]) 2535 self.system_policy_label.set_visible(advanced) 2536 self.system_policy_type_combobox.set_visible(advanced) 2537 2538 def reveal_advanced(self, label, *args): 2539 advanced = label.get_text() == ADVANCED_LABEL[0] 2540 if advanced: 2541 label.set_text(ADVANCED_LABEL[1]) 2542 else: 2543 label.set_text(ADVANCED_LABEL[0]) 2544 self.files_mls_label.set_visible(advanced) 2545 self.files_mls_entry.set_visible(advanced) 2546 self.network_mls_label.set_visible(advanced) 2547 self.network_mls_entry.set_visible(advanced) 2548 2549 def on_show_advanced_search_window(self, label, *args): 2550 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2551 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2552 self.close_popup() 2553 else: 2554 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2555 self.show_popup(self.advanced_search_window) 2556 2557 def set_enforce_text(self, value): 2558 if value: 2559 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2560 self.current_status_enforcing.set_active(True) 2561 else: 2562 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2563 self.current_status_permissive.set_active(True) 2564 2565 def set_enforce(self, button): 2566 if not self.finish_init: 2567 return 2568 2569 self.dbus.setenforce(button.get_active()) 2570 self.set_enforce_text(button.get_active()) 2571 2572 def on_browse_select(self, *args): 2573 filename = self.file_dialog.get_filename() 2574 if filename == None: 2575 return 2576 self.clear_entry = False 2577 self.file_dialog.hide() 2578 self.files_path_entry.set_text(filename) 2579 if self.import_export == 'Import': 2580 self.import_config(filename) 2581 elif self.import_export == 'Export': 2582 self.export_config(filename) 2583 2584 def recursive_path(self, *args): 2585 path = self.files_path_entry.get_text() 2586 if self.recursive_path_toggle.get_active(): 2587 if not path.endswith("(/.*)?"): 2588 self.files_path_entry.set_text(path + "(/.*)?") 2589 elif path.endswith("(/.*)?"): 2590 path = path.split("(/.*)?")[0] 2591 self.files_path_entry.set_text(path) 2592 2593 def highlight_entry_text(self, entry_obj, *args): 2594 txt = entry_obj.get_text() 2595 if self.clear_entry: 2596 entry_obj.set_text('') 2597 self.clear_entry = False 2598 2599 def autofill_add_files_entry(self, entry): 2600 text = entry.get_text() 2601 if text == '': 2602 return 2603 if text.endswith("(/.*)?"): 2604 self.recursive_path_toggle.set_active(True) 2605 for d in sepolicy.DEFAULT_DIRS: 2606 if text.startswith(d): 2607 for t in self.files_type_combolist: 2608 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2609 self.combo_set_active_text(self.files_type_combobox, t[0]) 2610 2611 def resize_columns(self, *args): 2612 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2613 width = self.boolean_column_1.get_width() 2614 renderer = self.boolean_column_1.get_cell_renderers() 2615 2616 def browse_for_files(self, *args): 2617 self.file_dialog.show() 2618 2619 def close_config_window(self, *args): 2620 self.file_dialog.hide() 2621 2622 def change_default_policy(self, *args): 2623 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2624 return 2625 2626 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2627 self.system_policy_type_combobox.set_active(self.typeHistory) 2628 return None 2629 2630 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2631 self.dbus.relabel_on_boot(True) 2632 self.typeHistory = self.system_policy_type_combobox.get_active() 2633 2634 def change_default_mode(self, button): 2635 if not self.finish_init: 2636 return 2637 self.enabled_changed(button) 2638 if button.get_active(): 2639 self.dbus.change_default_mode(button.get_label().lower()) 2640 2641 def import_config_show(self, *args): 2642 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2643 self.file_dialog.set_title("Import Configuration") 2644 self.file_dialog.show() 2645 #self.file_dialog.set_uri('/tmp') 2646 self.import_export = 'Import' 2647 2648 def export_config_show(self, *args): 2649 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2650 self.file_dialog.set_title("Export Configuration") 2651 self.file_dialog.show() 2652 self.import_export = 'Export' 2653 2654 def export_config(self, filename): 2655 self.wait_mouse() 2656 buf = self.dbus.customized() 2657 fd = open(filename, 'w') 2658 fd.write(buf) 2659 fd.close() 2660 self.ready_mouse() 2661 2662 def import_config(self, filename): 2663 fd = open(filename, "r") 2664 buf = fd.read() 2665 fd.close() 2666 self.wait_mouse() 2667 try: 2668 self.dbus.semanage(buf) 2669 except OSError: 2670 pass 2671 self.ready_mouse() 2672 2673 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2674 if (app, ipage, operation) not in dic: 2675 dic[app, ipage, operation] = {} 2676 if (p, q) not in dic[app, ipage, operation]: 2677 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2678 2679 def translate_bool(self, b): 2680 b = b.split('-')[1] 2681 if b == '0': 2682 return False 2683 if b == '1': 2684 return True 2685 2686 def relabel_on_reboot(self, *args): 2687 active = self.relabel_button.get_active() 2688 exists = os.path.exists("/.autorelabel") 2689 2690 if active and exists: 2691 return 2692 if not active and not exists: 2693 return 2694 try: 2695 self.dbus.relabel_on_boot(active) 2696 except dbus.exceptions.DBusException as e: 2697 self.error(e) 2698 2699 def closewindow(self, window, *args): 2700 window.hide() 2701 self.recursive_path_toggle.set_active(False) 2702 self.window.set_sensitive(True) 2703 if self.moreTypes_window_files == window: 2704 self.show_popup(self.files_popup_window) 2705 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2706 self.files_type_combobox.set_active(0) 2707 if self.error_check_window == window: 2708 if self.files_add: 2709 self.show_popup(self.files_popup_window) 2710 elif self.network_add: 2711 self.show_popup(self.network_popup_window) 2712 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2713 self.advanced_text_files.set_visible(True) 2714 self.files_mls_label.set_visible(False) 2715 self.files_mls_entry.set_visible(False) 2716 self.advanced_text_network.set_visible(True) 2717 self.network_mls_label.set_visible(False) 2718 self.network_mls_entry.set_visible(False) 2719 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2720 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2721 return True 2722 2723 def wait_mouse(self): 2724 self.window.get_window().set_cursor(self.busy_cursor) 2725 self.idle_func() 2726 2727 def ready_mouse(self): 2728 self.window.get_window().set_cursor(self.ready_cursor) 2729 self.idle_func() 2730 2731 def verify(self, message, title=""): 2732 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2733 Gtk.ButtonsType.YES_NO, 2734 message) 2735 dlg.set_title(title) 2736 dlg.set_position(Gtk.WindowPosition.MOUSE) 2737 dlg.show_all() 2738 rc = dlg.run() 2739 dlg.destroy() 2740 return rc 2741 2742 def error(self, message): 2743 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2744 Gtk.ButtonsType.CLOSE, 2745 message) 2746 dlg.set_position(Gtk.WindowPosition.MOUSE) 2747 dlg.show_all() 2748 dlg.run() 2749 dlg.destroy() 2750 2751 def enabled_changed(self, radio): 2752 if not radio.get_active(): 2753 return 2754 label = radio.get_label() 2755 if label == 'Disabled' and self.enforce_mode != DISABLED: 2756 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2757 self.enforce_button.set_active(True) 2758 2759 if label != 'Disabled' and self.enforce_mode == DISABLED: 2760 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2761 self.enforce_button.set_active(True) 2762 self.enforce_button = radio 2763 2764 def clear_filters(self, *args): 2765 self.filter_entry.set_text('') 2766 self.show_modified_only.set_active(False) 2767 2768 def unconfined_toggle(self, *args): 2769 if not self.finish_init: 2770 return 2771 self.wait_mouse() 2772 if self.enable_unconfined_button.get_active(): 2773 self.dbus.semanage("module -e unconfined") 2774 else: 2775 self.dbus.semanage("module -d unconfined") 2776 self.ready_mouse() 2777 2778 def permissive_toggle(self, *args): 2779 if not self.finish_init: 2780 return 2781 self.wait_mouse() 2782 if self.enable_permissive_button.get_active(): 2783 self.dbus.semanage("module -e permissivedomains") 2784 else: 2785 self.dbus.semanage("module -d permissivedomains") 2786 self.ready_mouse() 2787 2788 def confirmation_close(self, button, *args): 2789 if len(self.update_treestore) > 0: 2790 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2791 return True 2792 self.quit() 2793 2794 def quit(self, *args): 2795 sys.exit(0) 2796 2797if __name__ == '__main__': 2798 start = SELinuxGui() 2799