1#!/usr/bin/python3 -Es
2#
3# polgengui.py - GUI for SELinux Config tool in system-config-selinux
4#
5# Dan Walsh <dwalsh@redhat.com>
6#
7# Copyright (C) 2007-2013 Red Hat
8#
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; either version 2 of the License, or
12# (at your option) any later version.
13#
14# This program is distributed in the hope that it will be useful,
15# but WITHOUT ANY WARRANTY; without even the implied warranty of
16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17# GNU General Public License for more details.
18#
19# You should have received a copy of the GNU General Public License
20# along with this program; if not, write to the Free Software
21# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22#
23import signal
24import string
25import gi
26gi.require_version('Gtk', '3.0')
27from gi.repository import Gtk
28import os
29from gi.repository import GObject
30import sys
31try:
32    import sepolicy
33except ValueError as e:
34    sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
35    sys.exit(1)
36
37import sepolicy.generate
38import sepolicy.interface
39
40try:
41    from subprocess import getstatusoutput
42except ImportError:
43    from commands import getstatusoutput
44
45
46import re
47
48
49def get_all_modules():
50    try:
51        all_modules = []
52        rc, output = getstatusoutput("semodule -l 2>/dev/null")
53        if rc == 0:
54            l = output.split("\n")
55            for i in l:
56                all_modules.append(i.split()[0])
57    except:
58        pass
59
60    return all_modules
61
62
63##
64## I18N
65##
66PROGNAME = "policycoreutils"
67try:
68    import gettext
69    kwargs = {}
70    if sys.version_info < (3,):
71        kwargs['unicode'] = True
72    gettext.install(PROGNAME,
73                    localedir="/usr/share/locale",
74                    codeset='utf-8',
75                    **kwargs)
76except:
77    try:
78        import builtins
79        builtins.__dict__['_'] = str
80    except ImportError:
81        import __builtin__
82        __builtin__.__dict__['_'] = unicode
83
84version = "1.0"
85
86sys.path.append('/usr/share/system-config-selinux')
87sys.path.append('.')
88
89# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
90
91
92def foreach(model, path, iter, selected):
93    selected.append(model.get_value(iter, 0))
94
95##
96## Pull in the Glade file
97##
98xml = Gtk.Builder()
99xml.set_translation_domain(PROGNAME)
100if os.access("polgen.ui", os.F_OK):
101    xml.add_from_file("polgen.ui")
102else:
103    xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
104
105FILE = 1
106DIR = 2
107
108
109class childWindow:
110    START_PAGE = 0
111    SELECT_TYPE_PAGE = 0
112    APP_PAGE = 1
113    EXISTING_USER_PAGE = 2
114    TRANSITION_PAGE = 3
115    USER_TRANSITION_PAGE = 4
116    ADMIN_PAGE = 5
117    ROLE_PAGE = 6
118    IN_NET_PAGE = 7
119    OUT_NET_PAGE = 8
120    COMMON_APPS_PAGE = 9
121    FILES_PAGE = 10
122    BOOLEAN_PAGE = 11
123    SELECT_DIR_PAGE = 12
124    FINISH_PAGE = 12
125
126    def __init__(self):
127        self.xml = xml
128        self.notebook = xml.get_object("notebook")
129        self.label_dict = {}
130        self.tooltip_dict = {}
131        label = xml.get_object("select_label")
132        self.label_dict[label] = label.get_text()
133
134        label = xml.get_object("select_user_roles_label")
135        self.label_dict[label] = label.get_text()
136
137        label = xml.get_object("select_dir_label")
138        self.label_dict[label] = label.get_text()
139
140        label = xml.get_object("select_domain_admin_label")
141        self.label_dict[label] = label.get_text()
142
143        label = xml.get_object("select_in_label")
144        self.label_dict[label] = label.get_text()
145
146        label = xml.get_object("select_out_label")
147        self.label_dict[label] = label.get_text()
148
149        label = xml.get_object("select_common_label")
150        self.label_dict[label] = label.get_text()
151
152        label = xml.get_object("select_manages_label")
153        self.label_dict[label] = label.get_text()
154
155        label = xml.get_object("select_booleans_label")
156        self.label_dict[label] = label.get_text()
157
158        label = xml.get_object("existing_user_treeview")
159        self.tooltip_dict[label] = label.get_tooltip_text()
160
161        label = xml.get_object("transition_treeview")
162        self.tooltip_dict[label] = label.get_tooltip_text()
163
164        label = xml.get_object("in_tcp_all_checkbutton")
165        self.tooltip_dict[label] = label.get_tooltip_text()
166
167        label = xml.get_object("in_tcp_reserved_checkbutton")
168        self.tooltip_dict[label] = label.get_tooltip_text()
169
170        label = xml.get_object("in_tcp_unreserved_checkbutton")
171        self.tooltip_dict[label] = label.get_tooltip_text()
172
173        label = xml.get_object("in_tcp_entry")
174        self.tooltip_dict[label] = label.get_tooltip_text()
175
176        label = xml.get_object("in_udp_all_checkbutton")
177        self.tooltip_dict[label] = label.get_tooltip_text()
178
179        label = xml.get_object("in_udp_reserved_checkbutton")
180        self.tooltip_dict[label] = label.get_tooltip_text()
181
182        label = xml.get_object("in_udp_unreserved_checkbutton")
183        self.tooltip_dict[label] = label.get_tooltip_text()
184
185        label = xml.get_object("in_udp_entry")
186        self.tooltip_dict[label] = label.get_tooltip_text()
187
188        label = xml.get_object("out_tcp_entry")
189        self.tooltip_dict[label] = label.get_tooltip_text()
190
191        label = xml.get_object("out_udp_entry")
192        self.tooltip_dict[label] = label.get_tooltip_text()
193
194        label = xml.get_object("out_tcp_all_checkbutton")
195        self.tooltip_dict[label] = label.get_tooltip_text()
196
197        label = xml.get_object("out_udp_all_checkbutton")
198        self.tooltip_dict[label] = label.get_tooltip_text()
199
200        label = xml.get_object("boolean_treeview")
201        self.tooltip_dict[label] = label.get_tooltip_text()
202
203        label = xml.get_object("write_treeview")
204        self.tooltip_dict[label] = label.get_tooltip_text()
205
206        try:
207            self.all_types = sepolicy.generate.get_all_types()
208            self.all_modules = get_all_modules()
209            self.all_roles = sepolicy.generate.get_all_roles()
210            self.all_users = sepolicy.generate.get_all_users()
211        except RuntimeError as e:
212            self.all_types = []
213            self.all_modules = []
214            self.all_roles = []
215            self.all_users = []
216            self.error(str(e))
217
218        self.name = ""
219        handlers = {
220            "on_delete_clicked": self.delete,
221            "on_delete_boolean_clicked": self.delete_boolean,
222            "on_exec_select_clicked": self.exec_select,
223            "on_init_script_select_clicked": self.init_script_select,
224            "on_add_clicked": self.add,
225            "on_add_boolean_clicked": self.add_boolean,
226            "on_add_dir_clicked": self.add_dir,
227            "on_about_clicked": self.on_about_clicked
228        }
229        xml.connect_signals(handlers)
230        xml.get_object("cancel_button").connect("clicked", self.quit)
231        self.forward_button = xml.get_object("forward_button")
232        self.forward_button.connect("clicked", self.forward)
233        self.back_button = xml.get_object("back_button")
234        self.back_button.connect("clicked", self.back)
235
236        self.boolean_dialog = xml.get_object("boolean_dialog")
237        self.boolean_name_entry = xml.get_object("boolean_name_entry")
238        self.boolean_description_entry = xml.get_object("boolean_description_entry")
239
240        self.pages = {}
241        for i in sepolicy.generate.USERS:
242            self.pages[i] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
243        self.pages[sepolicy.generate.RUSER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
244        self.pages[sepolicy.generate.LUSER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
245        self.pages[sepolicy.generate.SANDBOX] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
246        self.pages[sepolicy.generate.EUSER] = [self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
247
248        for i in sepolicy.generate.APPLICATIONS:
249            self.pages[i] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
250        self.pages[sepolicy.generate.USER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
251
252        self.current_page = 0
253        self.back_button.set_sensitive(0)
254
255        self.network_buttons = {}
256
257        self.in_tcp_all_checkbutton = xml.get_object("in_tcp_all_checkbutton")
258        self.in_tcp_reserved_checkbutton = xml.get_object("in_tcp_reserved_checkbutton")
259        self.in_tcp_unreserved_checkbutton = xml.get_object("in_tcp_unreserved_checkbutton")
260        self.in_tcp_entry = self.xml.get_object("in_tcp_entry")
261        self.network_buttons[self.in_tcp_all_checkbutton] = [self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry]
262
263        self.out_tcp_all_checkbutton = xml.get_object("out_tcp_all_checkbutton")
264        self.out_tcp_reserved_checkbutton = xml.get_object("out_tcp_reserved_checkbutton")
265        self.out_tcp_unreserved_checkbutton = xml.get_object("out_tcp_unreserved_checkbutton")
266        self.out_tcp_entry = self.xml.get_object("out_tcp_entry")
267
268        self.network_buttons[self.out_tcp_all_checkbutton] = [self.out_tcp_entry]
269
270        self.in_udp_all_checkbutton = xml.get_object("in_udp_all_checkbutton")
271        self.in_udp_reserved_checkbutton = xml.get_object("in_udp_reserved_checkbutton")
272        self.in_udp_unreserved_checkbutton = xml.get_object("in_udp_unreserved_checkbutton")
273        self.in_udp_entry = self.xml.get_object("in_udp_entry")
274
275        self.network_buttons[self.in_udp_all_checkbutton] = [self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry]
276
277        self.out_udp_all_checkbutton = xml.get_object("out_udp_all_checkbutton")
278        self.out_udp_entry = self.xml.get_object("out_udp_entry")
279        self.network_buttons[self.out_udp_all_checkbutton] = [self.out_udp_entry]
280
281        for b in self.network_buttons.keys():
282            b.connect("clicked", self.network_all_clicked)
283
284        self.boolean_treeview = self.xml.get_object("boolean_treeview")
285        self.boolean_store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING)
286        self.boolean_treeview.set_model(self.boolean_store)
287        self.boolean_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
288        col = Gtk.TreeViewColumn(_("Name"), Gtk.CellRendererText(), text=0)
289        self.boolean_treeview.append_column(col)
290        col = Gtk.TreeViewColumn(_("Description"), Gtk.CellRendererText(), text=1)
291        self.boolean_treeview.append_column(col)
292
293        self.role_treeview = self.xml.get_object("role_treeview")
294        self.role_store = Gtk.ListStore(GObject.TYPE_STRING)
295        self.role_treeview.set_model(self.role_store)
296        self.role_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
297        self.role_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
298        col = Gtk.TreeViewColumn(_("Role"), Gtk.CellRendererText(), text=0)
299        self.role_treeview.append_column(col)
300
301        self.existing_user_treeview = self.xml.get_object("existing_user_treeview")
302        self.existing_user_store = Gtk.ListStore(GObject.TYPE_STRING)
303        self.existing_user_treeview.set_model(self.existing_user_store)
304        self.existing_user_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
305        col = Gtk.TreeViewColumn(_("Existing_User"), Gtk.CellRendererText(), text=0)
306        self.existing_user_treeview.append_column(col)
307
308        for i in self.all_roles:
309            iter = self.role_store.append()
310            self.role_store.set_value(iter, 0, i[:-2])
311
312        self.in_tcp_reserved_checkbutton = xml.get_object("in_tcp_reserved_checkbutton")
313
314        self.transition_treeview = self.xml.get_object("transition_treeview")
315        self.transition_store = Gtk.ListStore(GObject.TYPE_STRING)
316        self.transition_treeview.set_model(self.transition_store)
317        self.transition_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
318        self.transition_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
319        col = Gtk.TreeViewColumn(_("Application"), Gtk.CellRendererText(), text=0)
320        self.transition_treeview.append_column(col)
321
322        self.user_transition_treeview = self.xml.get_object("user_transition_treeview")
323        self.user_transition_store = Gtk.ListStore(GObject.TYPE_STRING)
324        self.user_transition_treeview.set_model(self.user_transition_store)
325        self.user_transition_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
326        self.user_transition_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
327        col = Gtk.TreeViewColumn(_("Application"), Gtk.CellRendererText(), text=0)
328        self.user_transition_treeview.append_column(col)
329
330        for i in self.all_users:
331            iter = self.user_transition_store.append()
332            self.user_transition_store.set_value(iter, 0, i[:-2])
333            iter = self.existing_user_store.append()
334            self.existing_user_store.set_value(iter, 0, i[:-2])
335
336        self.admin_treeview = self.xml.get_object("admin_treeview")
337        self.admin_store = Gtk.ListStore(GObject.TYPE_STRING)
338        self.admin_treeview.set_model(self.admin_store)
339        self.admin_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
340        self.admin_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
341        col = Gtk.TreeViewColumn(_("Application"), Gtk.CellRendererText(), text=0)
342        self.admin_treeview.append_column(col)
343
344        try:
345            for u in sepolicy.interface.get_user():
346                iter = self.transition_store.append()
347                self.transition_store.set_value(iter, 0, u)
348
349            for a in sepolicy.interface.get_admin():
350                iter = self.admin_store.append()
351                self.admin_store.set_value(iter, 0, a)
352        except ValueError as e:
353            self.error(e.message)
354
355    def confine_application(self):
356        return self.get_type() in sepolicy.generate.APPLICATIONS
357
358    def forward(self, arg):
359        type = self.get_type()
360        if self.current_page == self.START_PAGE:
361            self.back_button.set_sensitive(1)
362
363        if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
364            if self.on_select_type_page_next():
365                return
366
367        if self.pages[type][self.current_page] == self.IN_NET_PAGE:
368            if self.on_in_net_page_next():
369                return
370
371        if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
372            if self.on_out_net_page_next():
373                return
374
375        if self.pages[type][self.current_page] == self.APP_PAGE:
376            if self.on_name_page_next():
377                return
378
379        if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
380            if self.on_existing_user_page_next():
381                return
382
383        if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
384            outputdir = self.output_entry.get_text()
385            if not os.path.isdir(outputdir):
386                self.error(_("%s must be a directory") % outputdir)
387                return False
388
389        if self.pages[type][self.current_page] == self.FINISH_PAGE:
390            self.generate_policy()
391            self.xml.get_object("cancel_button").set_label(Gtk.STOCK_CLOSE)
392        else:
393            self.current_page = self.current_page + 1
394            self.notebook.set_current_page(self.pages[type][self.current_page])
395            if self.pages[type][self.current_page] == self.FINISH_PAGE:
396                self.forward_button.set_label(Gtk.STOCK_APPLY)
397
398    def back(self, arg):
399        type = self.get_type()
400        if self.pages[type][self.current_page] == self.FINISH_PAGE:
401            self.forward_button.set_label(Gtk.STOCK_GO_FORWARD)
402
403        self.current_page = self.current_page - 1
404        self.notebook.set_current_page(self.pages[type][self.current_page])
405        if self.pages[type][self.current_page] == self.START_PAGE:
406            self.back_button.set_sensitive(0)
407
408    def network_all_clicked(self, button):
409        active = button.get_active()
410        for b in self.network_buttons[button]:
411            b.set_sensitive(not active)
412
413    def verify(self, message, title=""):
414        dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO,
415                                Gtk.ButtonsType.YES_NO,
416                                message)
417        dlg.set_title(title)
418        dlg.set_position(Gtk.WindowPosition.MOUSE)
419        dlg.show_all()
420        rc = dlg.run()
421        dlg.destroy()
422        return rc
423
424    def info(self, message):
425        dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO,
426                                Gtk.ButtonsType.OK,
427                                message)
428        dlg.set_position(Gtk.WindowPosition.MOUSE)
429        dlg.show_all()
430        dlg.run()
431        dlg.destroy()
432
433    def error(self, message):
434        dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR,
435                                Gtk.ButtonsType.CLOSE,
436                                message)
437        dlg.set_position(Gtk.WindowPosition.MOUSE)
438        dlg.show_all()
439        dlg.run()
440        dlg.destroy()
441
442    def get_name(self):
443        if self.existing_user_radiobutton.get_active():
444            store, iter = self.existing_user_treeview.get_selection().get_selected()
445            if iter == None:
446                raise ValueError(_("You must select a user"))
447            return store.get_value(iter, 0)
448        else:
449            return self.name_entry.get_text()
450
451    def get_type(self):
452        if self.sandbox_radiobutton.get_active():
453            return sepolicy.generate.SANDBOX
454        if self.cgi_radiobutton.get_active():
455            return sepolicy.generate.CGI
456        if self.user_radiobutton.get_active():
457            return sepolicy.generate.USER
458        if self.init_radiobutton.get_active():
459            return sepolicy.generate.DAEMON
460        if self.dbus_radiobutton.get_active():
461            return sepolicy.generate.DBUS
462        if self.inetd_radiobutton.get_active():
463            return sepolicy.generate.INETD
464        if self.login_user_radiobutton.get_active():
465            return sepolicy.generate.LUSER
466        if self.admin_user_radiobutton.get_active():
467            return sepolicy.generate.AUSER
468        if self.xwindows_user_radiobutton.get_active():
469            return sepolicy.generate.XUSER
470        if self.terminal_user_radiobutton.get_active():
471            return sepolicy.generate.TUSER
472        if self.root_user_radiobutton.get_active():
473            return sepolicy.generate.RUSER
474        if self.existing_user_radiobutton.get_active():
475            return sepolicy.generate.EUSER
476
477    def generate_policy(self, *args):
478        outputdir = self.output_entry.get_text()
479        try:
480            my_policy = sepolicy.generate.policy(self.get_name(), self.get_type())
481
482            iter = self.boolean_store.get_iter_first()
483            while(iter):
484                my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
485                iter = self.boolean_store.iter_next(iter)
486
487            if self.get_type() in sepolicy.generate.APPLICATIONS:
488                my_policy.set_program(self.exec_entry.get_text())
489                my_policy.gen_symbols()
490
491                my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
492                my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
493                my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
494                my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
495
496                my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
497                my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
498                my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
499                my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
500                if self.get_type() is sepolicy.generate.DAEMON:
501                    my_policy.set_init_script(self.init_script_entry.get_text())
502                if self.get_type() == sepolicy.generate.USER:
503                    selected = []
504                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
505                    my_policy.set_transition_users(selected)
506            else:
507                if self.get_type() == sepolicy.generate.RUSER:
508                    selected = []
509                    self.admin_treeview.get_selection().selected_foreach(foreach, selected)
510                    my_policy.set_admin_domains(selected)
511                    selected = []
512                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
513                    my_policy.set_transition_users(selected)
514                else:
515                    selected = []
516                    self.transition_treeview.get_selection().selected_foreach(foreach, selected)
517                    my_policy.set_transition_domains(selected)
518
519                    selected = []
520                    self.role_treeview.get_selection().selected_foreach(foreach, selected)
521                    my_policy.set_admin_roles(selected)
522
523            my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
524            my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
525            my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
526            my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
527
528            iter = self.store.get_iter_first()
529            while(iter):
530                if self.store.get_value(iter, 1) == FILE:
531                    my_policy.add_file(self.store.get_value(iter, 0))
532                else:
533                    my_policy.add_dir(self.store.get_value(iter, 0))
534                iter = self.store.iter_next(iter)
535
536            self.info(my_policy.generate(outputdir))
537            return False
538        except ValueError as e:
539            self.error(e.message)
540
541    def delete(self, args):
542        store, iter = self.view.get_selection().get_selected()
543        if iter != None:
544            store.remove(iter)
545            self.view.get_selection().select_path((0,))
546
547    def delete_boolean(self, args):
548        store, iter = self.boolean_treeview.get_selection().get_selected()
549        if iter != None:
550            store.remove(iter)
551            self.boolean_treeview.get_selection().select_path((0,))
552
553    def add_boolean(self, type):
554        self.boolean_name_entry.set_text("")
555        self.boolean_description_entry.set_text("")
556        rc = self.boolean_dialog.run()
557        self.boolean_dialog.hide()
558        if rc == Gtk.ResponseType.CANCEL:
559            return
560        iter = self.boolean_store.append()
561        self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
562        self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
563
564    def __add(self, type):
565        rc = self.file_dialog.run()
566        self.file_dialog.hide()
567        if rc == Gtk.ResponseType.CANCEL:
568            return
569        for i in self.file_dialog.get_filenames():
570            iter = self.store.append()
571            self.store.set_value(iter, 0, i)
572            self.store.set_value(iter, 1, type)
573
574    def exec_select(self, args):
575        self.file_dialog.set_select_multiple(0)
576        self.file_dialog.set_title(_("Select executable file to be confined."))
577        self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
578        self.file_dialog.set_current_folder("/usr/sbin")
579        rc = self.file_dialog.run()
580        self.file_dialog.hide()
581        if rc == Gtk.ResponseType.CANCEL:
582            return
583        self.exec_entry.set_text(self.file_dialog.get_filename())
584
585    def init_script_select(self, args):
586        self.file_dialog.set_select_multiple(0)
587        self.file_dialog.set_title(_("Select init script file to be confined."))
588        self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
589        self.file_dialog.set_current_folder("/etc/rc.d/init.d")
590        rc = self.file_dialog.run()
591        self.file_dialog.hide()
592        if rc == Gtk.ResponseType.CANCEL:
593            return
594        self.init_script_entry.set_text(self.file_dialog.get_filename())
595
596    def add(self, args):
597        self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
598        self.file_dialog.set_current_folder("/")
599        self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
600        self.file_dialog.set_select_multiple(1)
601        self.__add(FILE)
602
603    def add_dir(self, args):
604        self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
605        self.file_dialog.set_current_folder("/")
606        self.file_dialog.set_select_multiple(1)
607        self.file_dialog.set_action(Gtk.FileChooserAction.SELECT_FOLDER)
608        self.__add(DIR)
609
610    def on_about_clicked(self, args):
611        dlg = xml.get_object("about_dialog")
612        dlg.run()
613        dlg.hide()
614
615    def quit(self, args):
616        Gtk.main_quit()
617
618    def setupScreen(self):
619        # Bring in widgets from glade file.
620        self.mainWindow = self.xml.get_object("main_window")
621        self.druid = self.xml.get_object("druid")
622        self.type = 0
623        self.name_entry = self.xml.get_object("name_entry")
624        self.name_entry.connect("insert_text", self.on_name_entry_changed)
625        self.name_entry.connect("focus_out_event", self.on_focus_out_event)
626        self.exec_entry = self.xml.get_object("exec_entry")
627        self.exec_button = self.xml.get_object("exec_button")
628        self.init_script_entry = self.xml.get_object("init_script_entry")
629        self.init_script_button = self.xml.get_object("init_script_button")
630        self.output_entry = self.xml.get_object("output_entry")
631        self.output_entry.set_text(os.getcwd())
632        self.xml.get_object("output_button").connect("clicked", self.output_button_clicked)
633
634        self.xwindows_user_radiobutton = self.xml.get_object("xwindows_user_radiobutton")
635        self.terminal_user_radiobutton = self.xml.get_object("terminal_user_radiobutton")
636        self.root_user_radiobutton = self.xml.get_object("root_user_radiobutton")
637        self.login_user_radiobutton = self.xml.get_object("login_user_radiobutton")
638        self.admin_user_radiobutton = self.xml.get_object("admin_user_radiobutton")
639        self.existing_user_radiobutton = self.xml.get_object("existing_user_radiobutton")
640
641        self.user_radiobutton = self.xml.get_object("user_radiobutton")
642        self.init_radiobutton = self.xml.get_object("init_radiobutton")
643        self.inetd_radiobutton = self.xml.get_object("inetd_radiobutton")
644        self.dbus_radiobutton = self.xml.get_object("dbus_radiobutton")
645        self.cgi_radiobutton = self.xml.get_object("cgi_radiobutton")
646        self.sandbox_radiobutton = self.xml.get_object("sandbox_radiobutton")
647        self.tmp_checkbutton = self.xml.get_object("tmp_checkbutton")
648        self.uid_checkbutton = self.xml.get_object("uid_checkbutton")
649        self.pam_checkbutton = self.xml.get_object("pam_checkbutton")
650        self.dbus_checkbutton = self.xml.get_object("dbus_checkbutton")
651        self.audit_checkbutton = self.xml.get_object("audit_checkbutton")
652        self.terminal_checkbutton = self.xml.get_object("terminal_checkbutton")
653        self.mail_checkbutton = self.xml.get_object("mail_checkbutton")
654        self.syslog_checkbutton = self.xml.get_object("syslog_checkbutton")
655        self.view = self.xml.get_object("write_treeview")
656        self.file_dialog = self.xml.get_object("filechooserdialog")
657
658        self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT)
659        self.view.set_model(self.store)
660        col = Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)
661        col.set_resizable(True)
662        self.view.append_column(col)
663        self.view.get_selection().select_path((0,))
664
665    def output_button_clicked(self, *args):
666        self.file_dialog.set_title(_("Select directory to generate policy files in"))
667        self.file_dialog.set_action(Gtk.FileChooserAction.SELECT_FOLDER)
668        self.file_dialog.set_select_multiple(0)
669        rc = self.file_dialog.run()
670        self.file_dialog.hide()
671        if rc == Gtk.ResponseType.CANCEL:
672            return
673        self.output_entry.set_text(self.file_dialog.get_filename())
674
675    def on_name_entry_changed(self, entry, text, size, position):
676        if text.find(" ") >= 0:
677            entry.stop_emission_by_name("insert-text")
678
679    def on_focus_out_event(self, entry, third):
680        name = entry.get_text()
681        if self.name != name:
682            if name in self.all_types:
683                if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == Gtk.ResponseType.NO:
684                    entry.set_text("")
685                    return False
686            if name in self.all_modules:
687                if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == Gtk.ResponseType.NO:
688                    entry.set_text("")
689                    return False
690
691            file = "/etc/rc.d/init.d/" + name
692            if os.path.isfile(file) and self.init_script_entry.get_text() == "":
693                self.init_script_entry.set_text(file)
694
695            file = "/usr/sbin/" + name
696            if os.path.isfile(file) and self.exec_entry.get_text() == "":
697                self.exec_entry.set_text(file)
698
699        self.name = name
700        return False
701
702    def on_in_net_page_next(self, *args):
703        try:
704            sepolicy.generate.verify_ports(self.in_tcp_entry.get_text())
705            sepolicy.generate.verify_ports(self.in_udp_entry.get_text())
706        except ValueError as e:
707            self.error(e.message)
708            return True
709
710    def on_out_net_page_next(self, *args):
711        try:
712            sepolicy.generate.verify_ports(self.out_tcp_entry.get_text())
713            sepolicy.generate.verify_ports(self.out_udp_entry.get_text())
714        except ValueError as e:
715            self.error(e.message)
716            return True
717
718    def on_select_type_page_next(self, *args):
719        self.exec_entry.set_sensitive(self.confine_application())
720        self.exec_button.set_sensitive(self.confine_application())
721        self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
722        self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
723
724    def on_existing_user_page_next(self, *args):
725        store, iter = self.view.get_selection().get_selected()
726        if iter != None:
727            self.error(_("You must select a user"))
728            return True
729
730    def on_name_page_next(self, *args):
731        name = self.name_entry.get_text()
732        if not name.isalnum():
733            self.error(_("You must add a name made up of letters and numbers and containing no spaces."))
734            return True
735
736        for i in self.label_dict:
737            text = '<b>%s</b>' % (self.label_dict[i] % ("'" + name + "'"))
738            i.set_markup(text)
739
740        for i in self.tooltip_dict:
741            text = self.tooltip_dict[i] % ("'" + name + "'")
742            i.set_tooltip_text(text)
743
744        if self.confine_application():
745            exe = self.exec_entry.get_text()
746            if exe == "":
747                self.error(_("You must enter a executable"))
748                return True
749            policy = sepolicy.generate.policy(name, self.get_type())
750            policy.set_program(exe)
751            policy.gen_writeable()
752            policy.gen_symbols()
753            for f in policy.files.keys():
754                iter = self.store.append()
755                self.store.set_value(iter, 0, f)
756                self.store.set_value(iter, 1, FILE)
757
758            for f in policy.dirs.keys():
759                iter = self.store.append()
760                self.store.set_value(iter, 0, f)
761                self.store.set_value(iter, 1, DIR)
762            self.tmp_checkbutton.set_active(policy.use_tmp)
763            self.uid_checkbutton.set_active(policy.use_uid)
764            self.pam_checkbutton.set_active(policy.use_pam)
765            self.dbus_checkbutton.set_active(policy.use_dbus)
766            self.audit_checkbutton.set_active(policy.use_audit)
767            self.terminal_checkbutton.set_active(policy.use_terminal)
768            self.mail_checkbutton.set_active(policy.use_mail)
769            self.syslog_checkbutton.set_active(policy.use_syslog)
770
771    def stand_alone(self):
772        desktopName = _("Configue SELinux")
773
774        self.setupScreen()
775        self.mainWindow.connect("destroy", self.quit)
776
777        self.mainWindow.show_all()
778        Gtk.main()
779
780if __name__ == "__main__":
781    signal.signal(signal.SIGINT, signal.SIG_DFL)
782
783    app = childWindow()
784    app.stand_alone()
785