1# Copyright (C) 2013 Red Hat 2# see file 'COPYING' for use and warranty information 3# 4# selinux gui is a tool for the examining and modifying SELinux policy 5# 6# This program is free software; you can redistribute it and/or 7# modify it under the terms of the GNU General Public License as 8# published by the Free Software Foundation; either version 2 of 9# the License, or (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, 12# but WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14# GNU General Public License for more details. 15# 16# You should have received a copy of the GNU General Public License 17# along with this program; if not, write to the Free Software 18# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 19# 02111-1307 USA 20# 21# author: Ryan Hallisey rhallisey@redhat.com 22# author: Dan Walsh dwalsh@redhat.com 23# author: Miroslav Grepl mgrepl@redhat.com 24# 25# 26 27import gi 28gi.require_version('Gtk', '3.0') 29from gi.repository import Gtk 30from gi.repository import Gdk 31from gi.repository import GLib 32from sepolicy.sedbus import SELinuxDBus 33import sys 34import sepolicy 35import selinux 36from selinux import DISABLED, PERMISSIVE, ENFORCING 37import sepolicy.network 38import sepolicy.manpage 39import dbus 40import os 41import re 42import unicodedata 43 44PROGNAME = "policycoreutils" 45try: 46 import gettext 47 kwargs = {} 48 if sys.version_info < (3,): 49 kwargs['unicode'] = True 50 gettext.install(PROGNAME, 51 localedir="/usr/share/locale", 52 codeset='utf-8', 53 **kwargs) 54except: 55 try: 56 import builtins 57 builtins.__dict__['_'] = str 58 except ImportError: 59 import __builtin__ 60 __builtin__.__dict__['_'] = unicode 61 62reverse_file_type_str = {} 63for f in sepolicy.file_type_str: 64 reverse_file_type_str[sepolicy.file_type_str[f]] = f 65 66enabled = [_("No"), _("Yes")] 67action = [_("Disable"), _("Enable")] 68 69 70def cmp(a, b): 71 if a is None and b is None: 72 return 0 73 if a is None: 74 return -1 75 if b is None: 76 return 1 77 return (a > b) - (a < b) 78 79import distutils.sysconfig 80ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 81ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 82OUTBOUND_PAGE = 0 83INBOUND_PAGE = 1 84 85TRANSITIONS_FROM_PAGE = 0 86TRANSITIONS_TO_PAGE = 1 87TRANSITIONS_FILE_PAGE = 2 88 89EXE_PAGE = 0 90WRITABLE_PAGE = 1 91APP_PAGE = 2 92 93BOOLEANS_PAGE = 0 94FILES_PAGE = 1 95NETWORK_PAGE = 2 96TRANSITIONS_PAGE = 3 97LOGIN_PAGE = 4 98USER_PAGE = 5 99LOCKDOWN_PAGE = 6 100SYSTEM_PAGE = 7 101FILE_EQUIV_PAGE = 8 102START_PAGE = 9 103 104keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 105 106DISABLED_TEXT = _("""<small> 107To change from Disabled to Enforcing mode 108- Change the system mode from Disabled to Permissive 109- Reboot, so that the system can relabel 110- Once the system is working as planned 111 * Change the system mode to Enforcing</small> 112""") 113 114 115class SELinuxGui(): 116 117 def __init__(self, app=None, test=False): 118 self.finish_init = False 119 self.advanced_init = True 120 self.opage = START_PAGE 121 self.dbus = SELinuxDBus() 122 try: 123 customized = self.dbus.customized() 124 except dbus.exceptions.DBusException as e: 125 print(e) 126 self.quit() 127 128 self.init_cur() 129 self.application = app 130 self.filter_txt = "" 131 builder = Gtk.Builder() # BUILDER OBJ 132 self.code_path = distutils.sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" 133 glade_file = self.code_path + "sepolicy.glade" 134 builder.add_from_file(glade_file) 135 self.outer_notebook = builder.get_object("outer_notebook") 136 self.window = builder.get_object("SELinux_window") 137 self.main_selection_window = builder.get_object("Main_selection_menu") 138 self.main_advanced_label = builder.get_object("main_advanced_label") 139 self.popup = 0 140 self.applications_selection_button = builder.get_object("applications_selection_button") 141 self.revert_button = builder.get_object("Revert_button") 142 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 143 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 144 self.initialtype = selinux.selinux_getpolicytype()[1] 145 self.current_popup = None 146 self.import_export = None 147 self.clear_entry = True 148 self.files_add = False 149 self.network_add = False 150 self.mislabeled_files = False 151 152 self.all_domains = [] 153 self.installed_list = [] 154 self.previously_modified = {} 155 156 # file dialog 157 self.file_dialog = builder.get_object("add_path_dialog") 158 # Error check *************************************** 159 self.error_check_window = builder.get_object("error_check_window") 160 self.error_check_label = builder.get_object("error_check_label") 161 self.invalid_entry = False 162 # Advanced search window **************************** 163 self.advanced_search_window = builder.get_object("advanced_search_window") 164 self.advanced_search_filter = builder.get_object("advanced_filter") 165 self.advanced_search_filter.set_visible_func(self.filter_the_data) 166 self.advanced_search_sort = builder.get_object("advanced_sort") 167 168 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 169 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 170 self.advanced_search = False 171 172 # Login Items ************************************** 173 self.login_label = builder.get_object("Login_label") 174 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 175 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 176 self.login_name_entry = builder.get_object("login_name_entry") 177 self.login_mls_label = builder.get_object("login_mls_label") 178 self.login_mls_entry = builder.get_object("login_mls_entry") 179 self.login_radio_button = builder.get_object("Login_button") 180 self.login_treeview = builder.get_object("login_treeview") 181 self.login_liststore = builder.get_object("login_liststore") 182 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 183 self.login_filter = builder.get_object("login_filter") 184 self.login_filter.set_visible_func(self.filter_the_data) 185 self.login_popup_window = builder.get_object("login_popup_window") 186 self.login_delete_liststore = builder.get_object("login_delete_liststore") 187 self.login_delete_window = builder.get_object("login_delete_window") 188 189 # Users Items ************************************** 190 self.user_popup_window = builder.get_object("user_popup_window") 191 self.user_radio_button = builder.get_object("User_button") 192 self.user_liststore = builder.get_object("user_liststore") 193 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 194 self.user_filter = builder.get_object("user_filter") 195 self.user_filter.set_visible_func(self.filter_the_data) 196 self.user_treeview = builder.get_object("user_treeview") 197 self.user_roles_combobox = builder.get_object("user_roles_combobox") 198 self.user_roles_combolist = builder.get_object("user_roles_liststore") 199 self.user_label = builder.get_object("User_label") 200 self.user_name_entry = builder.get_object("user_name_entry") 201 self.user_mls_label = builder.get_object("user_mls_label") 202 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 203 self.user_mls_entry = builder.get_object("user_mls_entry") 204 self.user_combobox = builder.get_object("selinux_user_combobox") 205 self.user_delete_liststore = builder.get_object("user_delete_liststore") 206 self.user_delete_window = builder.get_object("user_delete_window") 207 208 # File Equiv Items ************************************** 209 self.file_equiv_label = builder.get_object("file_equiv_label") 210 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 211 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 212 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 213 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 214 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 215 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 216 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 217 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 218 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 219 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 220 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 221 222 # System Items ************************************** 223 self.app_system_button = builder.get_object("app_system_button") 224 self.system_radio_button = builder.get_object("System_button") 225 self.lockdown_radio_button = builder.get_object("Lockdown_button") 226 self.systems_box = builder.get_object("Systems_box") 227 self.relabel_button = builder.get_object("Relabel_button") 228 self.relabel_button_no = builder.get_object("Relabel_button_no") 229 self.advanced_system = builder.get_object("advanced_system") 230 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 231 self.system_policy_label = builder.get_object("system_policy_type_label") 232 # Browse Items ************************************** 233 self.select_button_browse = builder.get_object("select_button_browse") 234 self.cancel_button_browse = builder.get_object("cancel_button_browse") 235 # More types window items *************************** 236 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 237 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 238 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 239 # System policy type ******************************** 240 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 241 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 242 self.policy_list = [] 243 if self.populate_system_policy() < 2: 244 self.advanced_system.set_visible(False) 245 self.system_policy_label.set_visible(False) 246 self.system_policy_type_combobox.set_visible(False) 247 248 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 249 self.permissive_button_default = builder.get_object("Permissive_button_default") 250 self.disabled_button_default = builder.get_object("Disabled_button_default") 251 self.initialize_system_default_mode() 252 253 # Lockdown Window ********************************* 254 self.enable_unconfined_button = builder.get_object("enable_unconfined") 255 self.disable_unconfined_button = builder.get_object("disable_unconfined") 256 self.enable_permissive_button = builder.get_object("enable_permissive") 257 self.disable_permissive_button = builder.get_object("disable_permissive") 258 self.enable_ptrace_button = builder.get_object("enable_ptrace") 259 self.disable_ptrace_button = builder.get_object("disable_ptrace") 260 261 # Help Window ********************************* 262 self.help_window = builder.get_object("help_window") 263 self.help_text = builder.get_object("help_textv") 264 self.info_text = builder.get_object("info_text") 265 self.help_image = builder.get_object("help_image") 266 self.forward_button = builder.get_object("forward_button") 267 self.back_button = builder.get_object("back_button") 268 # Update menu items ********************************* 269 self.update_window = builder.get_object("update_window") 270 self.update_treeview = builder.get_object("update_treeview") 271 self.update_treestore = builder.get_object("Update_treestore") 272 self.apply_button = builder.get_object("apply_button") 273 self.update_button = builder.get_object("Update_button") 274 # Add button objects ******************************** 275 self.add_button = builder.get_object("Add_button") 276 self.delete_button = builder.get_object("Delete_button") 277 278 self.files_path_entry = builder.get_object("files_path_entry") 279 self.network_ports_entry = builder.get_object("network_ports_entry") 280 self.files_popup_window = builder.get_object("files_popup_window") 281 self.network_popup_window = builder.get_object("network_popup_window") 282 283 self.popup_network_label = builder.get_object("Network_label") 284 self.popup_files_label = builder.get_object("files_label") 285 286 self.recursive_path_toggle = builder.get_object("make_path_recursive") 287 self.files_type_combolist = builder.get_object("files_type_combo_store") 288 self.files_class_combolist = builder.get_object("files_class_combo_store") 289 self.files_type_combobox = builder.get_object("files_type_combobox") 290 self.files_class_combobox = builder.get_object("files_class_combobox") 291 self.files_mls_label = builder.get_object("files_mls_label") 292 self.files_mls_entry = builder.get_object("files_mls_entry") 293 self.advanced_text_files = builder.get_object("Advanced_text_files") 294 self.files_cancel_button = builder.get_object("cancel_delete_files") 295 296 self.network_tcp_button = builder.get_object("tcp_button") 297 self.network_udp_button = builder.get_object("udp_button") 298 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 299 self.network_port_type_combobox = builder.get_object("network_type_combobox") 300 self.network_mls_label = builder.get_object("network_mls_label") 301 self.network_mls_entry = builder.get_object("network_mls_entry") 302 self.advanced_text_network = builder.get_object("Advanced_text_network") 303 self.network_cancel_button = builder.get_object("cancel_network_delete") 304 305 # Add button objects ******************************** 306 307 # Modify items ************************************** 308 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 309 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 310 self.warning_files = builder.get_object("warning_files") 311 self.modify_button = builder.get_object("Modify_button") 312 self.modify_button.set_sensitive(False) 313 # Modify items ************************************** 314 315 # Fix label ***************************************** 316 self.fix_label_window = builder.get_object("fix_label_window") 317 self.fixlabel_label = builder.get_object("fixlabel_label") 318 self.fix_label_cancel = builder.get_object("fix_label_cancel") 319 # Fix label ***************************************** 320 321 # Delete items ************************************** 322 self.files_delete_window = builder.get_object("files_delete_window") 323 self.files_delete_treeview = builder.get_object("files_delete_treeview") 324 self.files_delete_liststore = builder.get_object("files_delete_liststore") 325 self.network_delete_window = builder.get_object("network_delete_window") 326 self.network_delete_treeview = builder.get_object("network_delete_treeview") 327 self.network_delete_liststore = builder.get_object("network_delete_liststore") 328 # Delete items ************************************** 329 330 # Progress bar ************************************** 331 self.progress_bar = builder.get_object("progress_bar") 332 # Progress bar ************************************** 333 334 # executable_files items **************************** 335 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 336 self.executable_files_filter = builder.get_object("executable_files_filter") 337 self.executable_files_filter.set_visible_func(self.filter_the_data) 338 self.executable_files_tab = builder.get_object("Executable_files_tab") 339 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 340 self.executable_files_liststore = builder.get_object("executable_files_treestore") 341 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 342 343 self.files_radio_button = builder.get_object("files_button") 344 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 345 # executable_files items **************************** 346 347 # writable files items ****************************** 348 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 349 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 350 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 351 self.writable_files_filter = builder.get_object("writable_files_filter") 352 self.writable_files_filter.set_visible_func(self.filter_the_data) 353 self.writable_files_tab = builder.get_object("Writable_files_tab") 354 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 355 # writable files items ****************************** 356 357 # Application File Types **************************** 358 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 359 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 360 self.application_files_filter.set_visible_func(self.filter_the_data) 361 self.application_files_tab = builder.get_object("Application_files_tab") 362 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 363 self.application_files_liststore = builder.get_object("application_files_treestore") 364 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 365 self.application_files_tab = builder.get_object("Application_files_tab") 366 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 367 # Application File Type ***************************** 368 369 # network items ************************************* 370 self.network_radio_button = builder.get_object("network_button") 371 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 372 373 self.network_out_treeview = builder.get_object("outbound_treeview") 374 self.network_out_liststore = builder.get_object("network_out_liststore") 375 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 376 self.network_out_filter = builder.get_object("network_out_filter") 377 self.network_out_filter.set_visible_func(self.filter_the_data) 378 self.network_out_tab = builder.get_object("network_out_tab") 379 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 380 381 self.network_in_treeview = builder.get_object("inbound_treeview") 382 self.network_in_liststore = builder.get_object("network_in_liststore") 383 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 384 self.network_in_filter = builder.get_object("network_in_filter") 385 self.network_in_filter.set_visible_func(self.filter_the_data) 386 self.network_in_tab = builder.get_object("network_in_tab") 387 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 388 # network items ************************************* 389 390 # boolean items ************************************ 391 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 392 self.boolean_liststore = builder.get_object("boolean_liststore") 393 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 394 self.boolean_filter = builder.get_object("boolean_filter") 395 self.boolean_filter.set_visible_func(self.filter_the_data) 396 397 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 398 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 399 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 400 self.boolean_radio_button = builder.get_object("Booleans_button") 401 self.active_button = self.boolean_radio_button 402 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 403 # boolean items ************************************ 404 405 # transitions items ************************************ 406 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 407 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 408 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 409 self.transitions_into_filter = builder.get_object("transitions_into_filter") 410 self.transitions_into_filter.set_visible_func(self.filter_the_data) 411 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 412 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 413 414 self.transitions_radio_button = builder.get_object("Transitions_button") 415 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 416 417 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 418 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 419 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 420 self.transitions_from_filter = builder.get_object("transitions_from_filter") 421 self.transitions_from_filter.set_visible_func(self.filter_the_data) 422 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 423 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 424 425 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 426 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 427 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 428 self.transitions_file_filter = builder.get_object("file_transitions_filter") 429 self.transitions_file_filter.set_visible_func(self.filter_the_data) 430 self.transitions_file_tab = builder.get_object("file_transitions") 431 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 432 # transitions items ************************************ 433 434 # Combobox and Entry items ************************** 435 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 436 self.application_liststore = builder.get_object("application_liststore") 437 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 438 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 439 #self.entrycompletion_obj = Gtk.EntryCompletion() 440 self.entrycompletion_obj.set_minimum_key_length(0) 441 self.entrycompletion_obj.set_text_column(0) 442 self.entrycompletion_obj.set_match_func(self.match_func, None) 443 self.completion_entry.set_completion(self.entrycompletion_obj) 444 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 445 # Combobox and Entry items ************************** 446 447 # Modify buttons ************************************ 448 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 449 # Modify button ************************************* 450 451 # status bar ***************************************** 452 self.current_status_label = builder.get_object("Enforcing_label") 453 self.current_status_enforcing = builder.get_object("Enforcing_button") 454 self.current_status_permissive = builder.get_object("Permissive_button") 455 self.status_bar = builder.get_object("status_bar") 456 self.context_id = self.status_bar.get_context_id("SELinux status") 457 458 # filters ********************************************* 459 self.filter_entry = builder.get_object("filter_entry") 460 self.filter_box = builder.get_object("filter_box") 461 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 462 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 463 464 # Toggle button **************************************** 465 self.cell = builder.get_object("activate") 466 self.del_cell_files = builder.get_object("files_toggle_delete") 467 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 468 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 469 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 470 self.del_cell_user = builder.get_object("user_toggle_delete") 471 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 472 self.del_cell_login = builder.get_object("login_toggle_delete") 473 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 474 self.del_cell_network = builder.get_object("network_toggle_delete") 475 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 476 self.update_cell = builder.get_object("toggle_update") 477 # Notebook items *************************************** 478 self.outer_notebook = builder.get_object("outer_notebook") 479 self.inner_notebook_files = builder.get_object("files_inner_notebook") 480 self.inner_notebook_network = builder.get_object("network_inner_notebook") 481 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 482 # logind gui *************************************** 483 loading_gui = builder.get_object("loading_gui") 484 485 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 486 self.all_entries = [] 487 488 # Need to connect button on code because the tree view model is a treeviewsort 489 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 490 491 self.loading = 1 492 path = None 493 if test: 494 self.all_domains = ["httpd_t", "abrt_t"] 495 if app and app not in self.all_domains: 496 self.all_domains.append(app) 497 else: 498 self.all_domains = sepolicy.get_all_domains() 499 self.all_domains.sort(key=str.lower) 500 501 if app and app not in self.all_domains: 502 self.error(_("%s is not a valid domain") % app) 503 self.quit() 504 505 loading_gui.show() 506 length = len(self.all_domains) 507 508 entrypoint_dict = sepolicy.get_init_entrypoints_str() 509 for domain in self.all_domains: 510 # After the user selects a path in the drop down menu call 511 # get_init_entrypoint_target(entrypoint) to get the transtype 512 # which will give you the application 513 self.combo_box_add(domain, domain) 514 self.percentage = float(float(self.loading) / float(length)) 515 self.progress_bar.set_fraction(self.percentage) 516 self.progress_bar.set_pulse_step(self.percentage) 517 self.idle_func() 518 519 for entrypoint in entrypoint_dict.get(domain, []): 520 path = sepolicy.find_entrypoint_path(entrypoint) 521 if path: 522 self.combo_box_add(path, domain) 523 self.installed_list.append(path) 524 525 self.loading += 1 526 loading_gui.hide() 527 self.entrycompletion_obj.set_model(self.application_liststore) 528 self.advanced_search_treeview.set_model(self.advanced_search_sort) 529 530 dic = { 531 "on_combo_button_clicked": self.open_combo_menu, 532 "on_disable_ptrace_toggled": self.on_disable_ptrace, 533 "on_SELinux_window_configure_event": self.hide_combo_menu, 534 "on_entrycompletion_obj_match_selected": self.set_application_label, 535 "on_filter_changed": self.get_filter_data, 536 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 537 "on_save_changes_login_clicked": self.update_to_login, 538 "on_save_changes_user_clicked": self.update_to_user, 539 "on_save_changes_files_clicked": self.update_to_files, 540 "on_save_changes_network_clicked": self.update_to_network, 541 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 542 "item_in_tree_selected": self.cursor_changed, 543 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 544 "on_save_delete_clicked": self.on_save_delete_clicked, 545 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 546 "on_retry_button_files_clicked": self.invalid_entry_retry, 547 "on_make_path_recursive_toggled": self.recursive_path, 548 "on_files_path_entry_button_press_event": self.highlight_entry_text, 549 "on_files_path_entry_changed": self.autofill_add_files_entry, 550 "on_select_type_files_clicked": self.select_type_more, 551 "on_choose_file": self.on_browse_select, 552 "on_Enforcing_button_toggled": self.set_enforce, 553 "on_confirmation_close": self.confirmation_close, 554 "on_column_clicked": self.column_clicked, 555 "on_tab_switch": self.clear_filters, 556 557 "on_file_equiv_button_clicked": self.show_file_equiv_page, 558 "on_app/system_button_clicked": self.system_interface, 559 "on_app/users_button_clicked": self.users_interface, 560 "on_show_advanced_search_window": self.on_show_advanced_search_window, 561 562 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 563 "on_Browse_button_files_clicked": self.browse_for_files, 564 "on_cancel_popup_clicked": self.close_popup, 565 "on_treeview_cursor_changed": self.cursor_changed, 566 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 567 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 568 569 "on_cancel_button_browse_clicked": self.close_config_window, 570 "on_apply_button_clicked": self.apply_changes_button_press, 571 "on_Revert_button_clicked": self.update_or_revert_changes, 572 "on_Update_button_clicked": self.update_or_revert_changes, 573 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 574 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 575 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 576 "on_info_button_button_press_event": self.on_help_button, 577 "on_back_button_clicked": self.on_help_back_clicked, 578 "on_forward_button_clicked": self.on_help_forward_clicked, 579 "on_Boolean_treeview_columns_changed": self.resize_columns, 580 "on_completion_entry_changed": self.application_selected, 581 "on_Add_button_clicked": self.add_button_clicked, 582 "on_Delete_button_clicked": self.delete_button_clicked, 583 "on_Modify_button_clicked": self.modify_button_clicked, 584 "on_Show_modified_only_toggled": self.on_show_modified_only, 585 "on_cancel_button_config_clicked": self.close_config_window, 586 "on_Import_button_clicked": self.import_config_show, 587 "on_Export_button_clicked": self.export_config_show, 588 "on_enable_unconfined_toggled": self.unconfined_toggle, 589 "on_enable_permissive_toggled": self.permissive_toggle, 590 "on_system_policy_type_combobox_changed": self.change_default_policy, 591 "on_Enforcing_button_default_toggled": self.change_default_mode, 592 "on_Permissive_button_default_toggled": self.change_default_mode, 593 "on_Disabled_button_default_toggled": self.change_default_mode, 594 595 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 596 "on_advanced_system_button_press_event": self.reveal_advanced_system, 597 "on_files_type_combobox_changed": self.show_more_types, 598 "on_filter_row_changed": self.filter_the_data, 599 "on_button_toggled": self.tab_change, 600 "gtk_main_quit": self.closewindow 601 } 602 603 self.previously_modified_initialize(customized) 604 builder.connect_signals(dic) 605 self.window.show() # Show the gui to the screen 606 GLib.timeout_add_seconds(5, self.selinux_status) 607 self.selinux_status() 608 self.lockdown_inited = False 609 self.add_modify_delete_box.hide() 610 self.filter_box.hide() 611 if self.status == DISABLED: 612 self.show_system_page() 613 else: 614 if self.application: 615 self.applications_selection_button.set_label(self.application) 616 self.completion_entry.set_text(self.application) 617 self.show_applications_page() 618 self.tab_change() 619 else: 620 self.clearbuttons() 621 self.outer_notebook.set_current_page(START_PAGE) 622 623 self.reinit() 624 self.finish_init = True 625 Gtk.main() 626 627 def init_cur(self): 628 self.cur_dict = {} 629 for k in keys: 630 self.cur_dict[k] = {} 631 632 def remove_cur(self, ctr): 633 i = 0 634 for k in self.cur_dict: 635 for j in self.cur_dict[k]: 636 if i == ctr: 637 del(self.cur_dict[k][j]) 638 return 639 i += 1 640 641 def selinux_status(self): 642 try: 643 self.status = selinux.security_getenforce() 644 except OSError: 645 self.status = DISABLED 646 if self.status == DISABLED: 647 self.current_status_label.set_sensitive(False) 648 self.current_status_enforcing.set_sensitive(False) 649 self.current_status_permissive.set_sensitive(False) 650 self.enforcing_button_default.set_sensitive(False) 651 self.status_bar.push(self.context_id, _("System Status: Disabled")) 652 self.info_text.set_label(DISABLED_TEXT) 653 else: 654 self.set_enforce_text(self.status) 655 if os.path.exists('/.autorelabel'): 656 self.relabel_button.set_active(True) 657 else: 658 self.relabel_button_no.set_active(True) 659 660 policytype = selinux.selinux_getpolicytype()[1] 661 662 mode = selinux.selinux_getenforcemode()[1] 663 if mode == ENFORCING: 664 self.enforcing_button_default.set_active(True) 665 if mode == PERMISSIVE: 666 self.permissive_button_default.set_active(True) 667 if mode == DISABLED: 668 self.disabled_button_default.set_active(True) 669 670 return True 671 672 def lockdown_init(self): 673 if self.lockdown_inited: 674 return 675 self.wait_mouse() 676 self.lockdown_inited = True 677 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 678 self.module_dict = {} 679 for m in self.dbus.semodule_list().split("\n"): 680 mod = m.split() 681 if len(mod) < 3: 682 continue 683 self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } 684 685 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 686 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 687 self.ready_mouse() 688 689 def column_clicked(self, treeview, treepath, treecol, *args): 690 iter = self.get_selected_iter() 691 if not iter: 692 return 693 694 if self.opage == BOOLEANS_PAGE: 695 if treecol.get_name() == "more_detail_col": 696 self.display_more_detail(self.window, treepath) 697 698 if self.opage == FILES_PAGE: 699 visible = self.liststore.get_value(iter, 3) 700 # If visible is true then fix mislabeled will be visible 701 if treecol.get_name() == "restorecon_col" and visible: 702 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 703 704 if self.opage == TRANSITIONS_PAGE: 705 bool_name = self.liststore.get_value(iter, 1) 706 if bool_name: 707 self.boolean_radio_button.clicked() 708 self.filter_entry.set_text(bool_name) 709 710 def idle_func(self): 711 while Gtk.events_pending(): 712 Gtk.main_iteration() 713 714 def match_func(self, completion, key_string, iter, func_data): 715 try: 716 if self.application_liststore.get_value(iter, 0).find(key_string) != -1: 717 return True 718 return False 719 except AttributeError: 720 pass 721 722 def help_show_page(self): 723 self.back_button.set_sensitive(self.help_page != 0) 724 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 725 try: 726 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 727 buf = fd.read() 728 fd.close() 729 except IOError: 730 buf = "" 731 help_text = self.help_text.get_buffer() 732 help_text.set_text(buf % {"APP": self.application}) 733 self.help_text.set_buffer(help_text) 734 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 735 self.show_popup(self.help_window) 736 737 def on_help_back_clicked(self, *args): 738 self.help_page -= 1 739 self.help_show_page() 740 741 def on_help_forward_clicked(self, *args): 742 self.help_page += 1 743 self.help_show_page() 744 745 def on_help_button(self, *args): 746 self.help_page = 0 747 self.help_list = [] 748 if self.opage == START_PAGE: 749 self.help_window.set_title(_("Help: Start Page")) 750 self.help_list = ["start"] 751 752 if self.opage == BOOLEANS_PAGE: 753 self.help_window.set_title(_("Help: Booleans Page")) 754 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 755 756 if self.opage == FILES_PAGE: 757 ipage = self.inner_notebook_files.get_current_page() 758 if ipage == EXE_PAGE: 759 self.help_window.set_title(_("Help: Executable Files Page")) 760 self.help_list = ["files_exec"] 761 if ipage == WRITABLE_PAGE: 762 self.help_window.set_title(_("Help: Writable Files Page")) 763 self.help_list = ["files_write"] 764 if ipage == APP_PAGE: 765 self.help_window.set_title(_("Help: Application Types Page")) 766 self.help_list = ["files_app"] 767 if self.opage == NETWORK_PAGE: 768 ipage = self.inner_notebook_network.get_current_page() 769 if ipage == OUTBOUND_PAGE: 770 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 771 self.help_list = ["ports_outbound"] 772 if ipage == INBOUND_PAGE: 773 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 774 self.help_list = ["ports_inbound"] 775 776 if self.opage == TRANSITIONS_PAGE: 777 ipage = self.inner_notebook_transitions.get_current_page() 778 if ipage == TRANSITIONS_FROM_PAGE: 779 self.help_window.set_title(_("Help: Transition from application Page")) 780 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 781 if ipage == TRANSITIONS_TO_PAGE: 782 self.help_window.set_title(_("Help: Transition into application Page")) 783 self.help_list = ["transition_to"] 784 if ipage == TRANSITIONS_FILE_PAGE: 785 self.help_window.set_title(_("Help: Transition application file Page")) 786 self.help_list = ["transition_file"] 787 788 if self.opage == SYSTEM_PAGE: 789 self.help_window.set_title(_("Help: Systems Page")) 790 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 791 792 if self.opage == LOCKDOWN_PAGE: 793 self.help_window.set_title(_("Help: Lockdown Page")) 794 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 795 796 if self.opage == LOGIN_PAGE: 797 self.help_window.set_title(_("Help: Login Page")) 798 self.help_list = ["login", "login_default"] 799 800 if self.opage == USER_PAGE: 801 self.help_window.set_title(_("Help: SELinux User Page")) 802 self.help_list = ["users"] 803 804 if self.opage == FILE_EQUIV_PAGE: 805 self.help_window.set_title(_("Help: File Equivalence Page")) 806 self.help_list = ["file_equiv"] 807 return self.help_show_page() 808 809 def open_combo_menu(self, *args): 810 if self.popup == 0: 811 self.popup = 1 812 location = self.window.get_position() 813 self.main_selection_window.move(location[0] + 2, location[1] + 65) 814 self.main_selection_window.show() 815 else: 816 self.main_selection_window.hide() 817 self.popup = 0 818 819 def hide_combo_menu(self, *args): 820 self.main_selection_window.hide() 821 self.popup = 0 822 823 def set_application_label(self, *args): 824 self.set_application_label = True 825 826 def resize_wrap(self, *args): 827 print(args) 828 829 def initialize_system_default_mode(self): 830 self.enforce_mode = selinux.selinux_getenforcemode()[1] 831 if self.enforce_mode == ENFORCING: 832 self.enforce_button = self.enforcing_button_default 833 if self.enforce_mode == PERMISSIVE: 834 self.enforce_button = self.permissive_button_default 835 if self.enforce_mode == DISABLED: 836 self.enforce_button = self.disabled_button_default 837 838 def populate_system_policy(self): 839 types = next(os.walk(selinux.selinux_path(), topdown=True))[1] 840 types.sort() 841 ctr = 0 842 for item in types: 843 iter = self.system_policy_type_liststore.append() 844 self.system_policy_type_liststore.set_value(iter, 0, item) 845 if item == self.initialtype: 846 self.system_policy_type_combobox.set_active(ctr) 847 self.typeHistory = ctr 848 ctr += 1 849 return ctr 850 851 def filter_the_data(self, list, iter, *args): 852 # When there is no txt in the box show all items in the tree 853 if self.filter_txt == "": 854 return True 855 try: 856 for x in range(0, list.get_n_columns()): 857 try: 858 val = list.get_value(iter, x) 859 if val is True or val is False or val is None: 860 continue 861 # Returns true if filter_txt exists within the val 862 if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): 863 return True 864 except (AttributeError, TypeError): 865 pass 866 except: # ValueError: 867 pass 868 return False 869 870 def net_update(self, app, netd, protocol, direction, model): 871 for k in netd.keys(): 872 for t, ports in netd[k]: 873 pkey = (",".join(ports), protocol) 874 if pkey in self.cur_dict["port"]: 875 if self.cur_dict["port"][pkey]["action"] == "-d": 876 continue 877 if t != self.cur_dict["port"][pkey]["type"]: 878 continue 879 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 880 881 def file_equiv_initialize(self): 882 self.wait_mouse() 883 edict = sepolicy.get_file_equiv() 884 self.file_equiv_liststore.clear() 885 for f in edict: 886 iter = self.file_equiv_liststore.append() 887 if edict[f]["modify"]: 888 name = self.markup(f) 889 equiv = self.markup(edict[f]["equiv"]) 890 else: 891 name = f 892 equiv = edict[f]["equiv"] 893 894 self.file_equiv_liststore.set_value(iter, 0, name) 895 self.file_equiv_liststore.set_value(iter, 1, equiv) 896 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 897 self.ready_mouse() 898 899 def user_initialize(self): 900 self.wait_mouse() 901 self.user_liststore.clear() 902 for u in sepolicy.get_selinux_users(): 903 iter = self.user_liststore.append() 904 self.user_liststore.set_value(iter, 0, str(u["name"])) 905 roles = u["roles"] 906 if "object_r" in roles: 907 roles.remove("object_r") 908 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 909 self.user_liststore.set_value(iter, 2, u.get("level", "")) 910 self.user_liststore.set_value(iter, 3, u.get("range", "")) 911 self.user_liststore.set_value(iter, 4, True) 912 self.ready_mouse() 913 914 def login_initialize(self): 915 self.wait_mouse() 916 self.login_liststore.clear() 917 for u in sepolicy.get_login_mappings(): 918 iter = self.login_liststore.append() 919 self.login_liststore.set_value(iter, 0, u["name"]) 920 self.login_liststore.set_value(iter, 1, u["seuser"]) 921 self.login_liststore.set_value(iter, 2, u["mls"]) 922 self.login_liststore.set_value(iter, 3, True) 923 self.ready_mouse() 924 925 def network_initialize(self, app): 926 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True) 927 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 928 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind", check_bools=True) 929 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 930 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind", check_bools=True) 931 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 932 933 def network_initial_data_insert(self, model, ports, portType, protocol): 934 iter = model.append() 935 model.set_value(iter, 0, ports) 936 model.set_value(iter, 1, protocol) 937 model.set_value(iter, 2, portType) 938 model.set_value(iter, 4, True) 939 940 def combo_set_active_text(self, combobox, val): 941 ctr = 0 942 liststore = combobox.get_model() 943 for i in liststore: 944 if i[0] == val: 945 combobox.set_active(ctr) 946 return 947 ctr += 1 948 949 niter = liststore.get_iter(ctr - 1) 950 if liststore.get_value(niter, 0) == _("More..."): 951 iter = liststore.insert_before(niter) 952 ctr = ctr - 1 953 else: 954 iter = liststore.append() 955 liststore.set_value(iter, 0, val) 956 combobox.set_active(ctr) 957 958 def combo_get_active_text(self, combobox): 959 liststore = combobox.get_model() 960 index = combobox.get_active() 961 if index < 0: 962 return None 963 iter = liststore.get_iter(index) 964 return liststore.get_value(iter, 0) 965 966 def combo_box_add(self, val, val1): 967 if val is None: 968 return 969 iter = self.application_liststore.append() 970 self.application_liststore.set_value(iter, 0, val) 971 self.application_liststore.set_value(iter, 1, val1) 972 973 def select_type_more(self, *args): 974 app = self.moreTypes_treeview.get_selection() 975 iter = app.get_selected()[1] 976 if iter is None: 977 return 978 app = self.more_types_files_liststore.get_value(iter, 0) 979 self.combo_set_active_text(self.files_type_combobox, app) 980 self.closewindow(self.moreTypes_window_files) 981 982 def advanced_item_button_push(self, *args): 983 row = self.advanced_search_treeview.get_selection() 984 model, iter = row.get_selected() 985 iter = model.convert_iter_to_child_iter(iter) 986 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 987 app = self.application_liststore.get_value(iter, 1) 988 if app is None: 989 return 990 self.advanced_filter_entry.set_text('') 991 self.advanced_search_window.hide() 992 self.reveal_advanced(self.main_advanced_label) 993 self.completion_entry.set_text(app) 994 995 def advanced_item_selected(self, treeview, path, *args): 996 iter = self.advanced_search_filter.get_iter(path) 997 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 998 app = self.application_liststore.get_value(iter, 1) 999 self.advanced_filter_entry.set_text('') 1000 self.advanced_search_window.hide() 1001 self.reveal_advanced(self.main_advanced_label) 1002 self.completion_entry.set_text(app) 1003 self.application_selected() 1004 1005 def find_application(self, app): 1006 if app and len(app) > 0: 1007 for items in self.application_liststore: 1008 if app == items[0]: 1009 return True 1010 return False 1011 1012 def application_selected(self, *args): 1013 self.show_mislabeled_files_only.set_visible(False) 1014 self.mislabeled_files_label.set_visible(False) 1015 self.warning_files.set_visible(False) 1016 self.filter_entry.set_text('') 1017 1018 app = self.completion_entry.get_text() 1019 if not self.find_application(app): 1020 return 1021 self.show_applications_page() 1022 self.add_button.set_sensitive(True) 1023 self.delete_button.set_sensitive(True) 1024 # Clear the tree to prepare for a new selection otherwise 1025 self.executable_files_liststore.clear() 1026 # data will pile up every time the user selects a new item from the drop down menu 1027 self.network_in_liststore.clear() 1028 self.network_out_liststore.clear() 1029 self.boolean_liststore.clear() 1030 self.transitions_into_liststore.clear() 1031 self.transitions_from_treestore.clear() 1032 self.application_files_liststore.clear() 1033 self.writable_files_liststore.clear() 1034 self.transitions_file_liststore.clear() 1035 1036 try: 1037 if app[0] == '/': 1038 app = sepolicy.get_init_transtype(app) 1039 if not app: 1040 return 1041 self.application = app 1042 except IndexError: 1043 pass 1044 1045 self.wait_mouse() 1046 self.previously_modified_initialize(self.dbus.customized()) 1047 self.reinit() 1048 self.boolean_initialize(app) 1049 self.mislabeled_files = False 1050 self.executable_files_initialize(app) 1051 self.network_initialize(app) 1052 self.writable_files_initialize(app) 1053 self.transitions_into_initialize(app) 1054 self.transitions_from_initialize(app) 1055 self.application_files_initialize(app) 1056 self.transitions_files_initialize(app) 1057 1058 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain.") % app) 1059 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write.") % app) 1060 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect.") % app) 1061 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen.") % app) 1062 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'.") % app) 1063 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'.") % app) 1064 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'.") % app) 1065 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to.") % app) 1066 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'") % app) 1067 self.transitions_from_tab.set_label(_("Application Transitions From '%s'") % app) 1068 self.transitions_file_tab.set_label(_("File Transitions From '%s'") % app) 1069 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) 1070 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) 1071 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label.") % app) 1072 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'.") % app) 1073 1074 self.application = app 1075 self.applications_selection_button.set_label(self.application) 1076 self.ready_mouse() 1077 1078 def reinit(self): 1079 sepolicy.reinit() 1080 self.fcdict = sepolicy.get_fcdict() 1081 self.local_file_paths = sepolicy.get_local_file_paths() 1082 1083 def previously_modified_initialize(self, buf): 1084 self.cust_dict = {} 1085 for i in buf.split("\n"): 1086 rec = i.split() 1087 if len(rec) == 0: 1088 continue 1089 if rec[1] == "-D": 1090 continue 1091 if rec[0] not in self.cust_dict: 1092 self.cust_dict[rec[0]] = {} 1093 if rec[0] == "boolean": 1094 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1095 if rec[0] == "login": 1096 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1097 if rec[0] == "interface": 1098 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1099 if rec[0] == "user": 1100 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1101 if rec[0] == "port": 1102 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1103 if rec[0] == "node": 1104 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1105 if rec[0] == "fcontext": 1106 if rec[2] == "-e": 1107 if "fcontext-equiv" not in self.cust_dict: 1108 self.cust_dict["fcontext-equiv"] = {} 1109 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1110 else: 1111 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1112 if rec[0] == "module": 1113 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1114 1115 if "module" not in self.cust_dict: 1116 return 1117 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1118 if semodule in self.cust_dict["module"]: 1119 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1120 1121 for i in keys: 1122 if i not in self.cust_dict: 1123 self.cust_dict.update({i: {}}) 1124 1125 def executable_files_initialize(self, application): 1126 self.entrypoints = sepolicy.get_entrypoints(application) 1127 for exe in self.entrypoints.keys(): 1128 if len(self.entrypoints[exe]) == 0: 1129 continue 1130 file_class = self.entrypoints[exe][1] 1131 for path in self.entrypoints[exe][0]: 1132 if (path, file_class) in self.cur_dict["fcontext"]: 1133 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1134 continue 1135 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1136 continue 1137 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1138 1139 def mislabeled(self, path): 1140 try: 1141 con = selinux.matchpathcon(path, 0)[1] 1142 cur = selinux.getfilecon(path)[1] 1143 return con != cur 1144 except OSError: 1145 return False 1146 1147 def set_mislabeled(self, tree, path, iter, niter): 1148 if not self.mislabeled(path): 1149 return 1150 con = selinux.matchpathcon(path, 0)[1] 1151 cur = selinux.getfilecon(path)[1] 1152 self.mislabeled_files = True 1153 # Set visibility of label 1154 tree.set_value(niter, 3, True) 1155 # Has a mislabel 1156 tree.set_value(iter, 4, True) 1157 tree.set_value(niter, 4, True) 1158 tree.set_value(iter, 5, con.split(":")[2]) 1159 tree.set_value(iter, 6, cur.split(":")[2]) 1160 1161 def writable_files_initialize(self, application): 1162 # Traversing the dictionary data struct 1163 self.writable_files = sepolicy.get_writable_files(application) 1164 for write in self.writable_files.keys(): 1165 if len(self.writable_files[write]) < 2: 1166 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1167 continue 1168 file_class = self.writable_files[write][1] 1169 for path in self.writable_files[write][0]: 1170 if (path, file_class) in self.cur_dict["fcontext"]: 1171 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1172 continue 1173 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1174 continue 1175 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1176 1177 def files_initial_data_insert(self, liststore, path, selinux_label, file_class): 1178 iter = liststore.append(None) 1179 if path is None: 1180 path = _("MISSING FILE PATH") 1181 modify = False 1182 else: 1183 modify = (path, file_class) in self.local_file_paths 1184 for p in sepolicy.find_file(path): 1185 niter = liststore.append(iter) 1186 liststore.set_value(niter, 0, p) 1187 self.set_mislabeled(liststore, p, iter, niter) 1188 if modify: 1189 path = self.markup(path) 1190 file_class = self.markup(selinux_label) 1191 file_class = self.markup(file_class) 1192 liststore.set_value(iter, 0, path) 1193 liststore.set_value(iter, 1, selinux_label) 1194 liststore.set_value(iter, 2, file_class) 1195 liststore.set_value(iter, 7, modify) 1196 1197 def markup(self, f): 1198 return "<b>%s</b>" % f 1199 1200 def unmarkup(self, f): 1201 if f: 1202 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1203 return None 1204 1205 def application_files_initialize(self, application): 1206 self.file_types = sepolicy.get_file_types(application) 1207 for app in self.file_types.keys(): 1208 if len(self.file_types[app]) == 0: 1209 continue 1210 file_class = self.file_types[app][1] 1211 for path in self.file_types[app][0]: 1212 desc = sepolicy.get_description(app, markup=self.markup) 1213 if (path, file_class) in self.cur_dict["fcontext"]: 1214 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1215 continue 1216 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1217 continue 1218 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1219 1220 def modified(self): 1221 i = 0 1222 for k in self.cur_dict: 1223 if len(self.cur_dict[k]) > 0: 1224 return True 1225 return False 1226 1227 def boolean_initialize(self, application): 1228 for blist in sepolicy.get_bools(application): 1229 for b, active in blist: 1230 if b in self.cur_dict["boolean"]: 1231 active = self.cur_dict["boolean"][b]['active'] 1232 desc = sepolicy.boolean_desc(b) 1233 self.boolean_initial_data_insert(b, desc, active) 1234 1235 def boolean_initial_data_insert(self, val, desc, active): 1236 # Insert data from data source into tree 1237 iter = self.boolean_liststore.append() 1238 self.boolean_liststore.set_value(iter, 0, active) 1239 self.boolean_liststore.set_value(iter, 1, desc) 1240 self.boolean_liststore.set_value(iter, 2, val) 1241 self.boolean_liststore.set_value(iter, 3, _('More...')) 1242 1243 def transitions_into_initialize(self, application): 1244 for x in sepolicy.get_transitions_into(application): 1245 active = None 1246 executable = None 1247 source = None 1248 if "boolean" in x: 1249 active = x["boolean"] 1250 if "target" in x: 1251 executable = x["target"] 1252 if "source" in x: 1253 source = x["source"] 1254 self.transitions_into_initial_data_insert(active, executable, source) 1255 1256 def transitions_into_initial_data_insert(self, active, executable, source): 1257 iter = self.transitions_into_liststore.append() 1258 if active != None: 1259 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1260 else: 1261 self.transitions_into_liststore.set_value(iter, 0, "Default") 1262 1263 self.transitions_into_liststore.set_value(iter, 2, executable) 1264 self.transitions_into_liststore.set_value(iter, 1, source) 1265 1266 def transitions_from_initialize(self, application): 1267 for x in sepolicy.get_transitions(application): 1268 active = None 1269 executable = None 1270 transtype = None 1271 if "boolean" in x: 1272 active = x["boolean"] 1273 if "target" in x: 1274 executable_type = x["target"] 1275 if "transtype" in x: 1276 transtype = x["transtype"] 1277 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1278 try: 1279 for executable in self.fcdict[executable_type]["regex"]: 1280 self.transitions_from_initial_data_insert(active, executable, transtype) 1281 except KeyError: 1282 pass 1283 1284 def transitions_from_initial_data_insert(self, active, executable, transtype): 1285 iter = self.transitions_from_treestore.append(None) 1286 if active == None: 1287 self.transitions_from_treestore.set_value(iter, 0, "Default") 1288 self.transitions_from_treestore.set_value(iter, 5, False) 1289 else: 1290 niter = self.transitions_from_treestore.append(iter) 1291 # active[0][1] is either T or F (enabled is all the way at the top) 1292 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1293 markup = ('<span foreground="blue"><u>','</u></span>') 1294 if active[0][1]: 1295 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the %sBoolean section%s.") % markup)) 1296 else: 1297 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the %sBoolean section%s.") % markup)) 1298 1299 # active[0][0] is the Bool Name 1300 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1301 self.transitions_from_treestore.set_value(niter, 5, True) 1302 1303 self.transitions_from_treestore.set_value(iter, 2, executable) 1304 self.transitions_from_treestore.set_value(iter, 3, transtype) 1305 1306 def transitions_files_initialize(self, application): 1307 for i in sepolicy.get_file_transitions(application): 1308 if 'filename' in i: 1309 filename = i['filename'] 1310 else: 1311 filename = None 1312 self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) 1313 1314 def transitions_files_inital_data_insert(self, path, tclass, dest, name): 1315 iter = self.transitions_file_liststore.append() 1316 self.transitions_file_liststore.set_value(iter, 0, path) 1317 self.transitions_file_liststore.set_value(iter, 1, tclass) 1318 self.transitions_file_liststore.set_value(iter, 2, dest) 1319 if name == None: 1320 name = '*' 1321 self.transitions_file_liststore.set_value(iter, 3, name) 1322 1323 def tab_change(self, *args): 1324 self.clear_filters() 1325 self.treeview = None 1326 self.treesort = None 1327 self.treefilter = None 1328 self.liststore = None 1329 self.modify_button.set_sensitive(False) 1330 self.add_modify_delete_box.hide() 1331 self.show_modified_only.set_visible(False) 1332 self.show_mislabeled_files_only.set_visible(False) 1333 self.mislabeled_files_label.set_visible(False) 1334 self.warning_files.set_visible(False) 1335 1336 if self.boolean_radio_button.get_active(): 1337 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1338 self.treeview = self.boolean_treeview 1339 self.show_modified_only.set_visible(True) 1340 1341 if self.files_radio_button.get_active(): 1342 self.show_popup(self.add_modify_delete_box) 1343 self.show_modified_only.set_visible(True) 1344 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1345 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1346 self.warning_files.set_visible(self.mislabeled_files) 1347 self.outer_notebook.set_current_page(FILES_PAGE) 1348 if args[0] == self.inner_notebook_files: 1349 ipage = args[2] 1350 else: 1351 ipage = self.inner_notebook_files.get_current_page() 1352 if ipage == EXE_PAGE: 1353 self.treeview = self.executable_files_treeview 1354 category = _("executable") 1355 elif ipage == WRITABLE_PAGE: 1356 self.treeview = self.writable_files_treeview 1357 category = _("writable") 1358 elif ipage == APP_PAGE: 1359 self.treeview = self.application_files_treeview 1360 category = _("application") 1361 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1362 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1363 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1364 1365 if self.network_radio_button.get_active(): 1366 self.add_modify_delete_box.show() 1367 self.show_modified_only.set_visible(True) 1368 self.outer_notebook.set_current_page(NETWORK_PAGE) 1369 if args[0] == self.inner_notebook_network: 1370 ipage = args[2] 1371 else: 1372 ipage = self.inner_notebook_network.get_current_page() 1373 if ipage == OUTBOUND_PAGE: 1374 self.treeview = self.network_out_treeview 1375 category = _("connect") 1376 if ipage == INBOUND_PAGE: 1377 self.treeview = self.network_in_treeview 1378 category = _("listen for inbound connections") 1379 1380 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1381 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1382 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1383 1384 if self.transitions_radio_button.get_active(): 1385 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1386 if args[0] == self.inner_notebook_transitions: 1387 ipage = args[2] 1388 else: 1389 ipage = self.inner_notebook_transitions.get_current_page() 1390 if ipage == TRANSITIONS_FROM_PAGE: 1391 self.treeview = self.transitions_from_treeview 1392 if ipage == TRANSITIONS_TO_PAGE: 1393 self.treeview = self.transitions_into_treeview 1394 if ipage == TRANSITIONS_FILE_PAGE: 1395 self.treeview = self.transitions_file_treeview 1396 1397 if self.system_radio_button.get_active(): 1398 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1399 self.filter_box.hide() 1400 1401 if self.lockdown_radio_button.get_active(): 1402 self.lockdown_init() 1403 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1404 self.filter_box.hide() 1405 1406 if self.user_radio_button.get_active(): 1407 self.outer_notebook.set_current_page(USER_PAGE) 1408 self.add_modify_delete_box.show() 1409 self.show_modified_only.set_visible(True) 1410 self.treeview = self.user_treeview 1411 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1412 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1413 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1414 1415 if self.login_radio_button.get_active(): 1416 self.outer_notebook.set_current_page(LOGIN_PAGE) 1417 self.add_modify_delete_box.show() 1418 self.show_modified_only.set_visible(True) 1419 self.treeview = self.login_treeview 1420 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1421 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1422 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1423 1424 if self.file_equiv_radio_button.get_active(): 1425 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1426 self.add_modify_delete_box.show() 1427 self.show_modified_only.set_visible(True) 1428 self.treeview = self.file_equiv_treeview 1429 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1430 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1431 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1432 1433 self.opage = self.outer_notebook.get_current_page() 1434 if self.treeview: 1435 self.filter_box.show() 1436 self.treesort = self.treeview.get_model() 1437 self.treefilter = self.treesort.get_model() 1438 self.liststore = self.treefilter.get_model() 1439 for x in range(0, self.liststore.get_n_columns()): 1440 col = self.treeview.get_column(x) 1441 if col: 1442 cell = col.get_cells()[0] 1443 if isinstance(cell, Gtk.CellRendererText): 1444 self.liststore.set_sort_func(x, self.stripsort, None) 1445 self.treeview.get_selection().unselect_all() 1446 self.modify_button.set_sensitive(False) 1447 1448 def stripsort(self, model, row1, row2, user_data): 1449 sort_column, _ = model.get_sort_column_id() 1450 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1451 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1452 return cmp(val1, val2) 1453 1454 def display_more_detail(self, windows, path): 1455 it = self.boolean_filter.get_iter(path) 1456 it = self.boolean_filter.convert_iter_to_child_iter(it) 1457 1458 self.boolean_more_detail_tree_data_set.clear() 1459 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1460 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1461 for b in blist: 1462 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1463 self.show_popup(self.boolean_more_detail_window) 1464 1465 def display_more_detail_init(self, source, target, class_type, permission): 1466 iter = self.boolean_more_detail_tree_data_set.append() 1467 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1468 1469 def add_button_clicked(self, *args): 1470 self.modify = False 1471 if self.opage == NETWORK_PAGE: 1472 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1473 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1474 self.init_network_dialog(args) 1475 return 1476 1477 if self.opage == FILES_PAGE: 1478 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1479 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1480 self.init_files_dialog(args) 1481 ipage = self.inner_notebook_files.get_current_page() 1482 if ipage == EXE_PAGE: 1483 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1484 else: 1485 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1486 self.clear_entry = True 1487 1488 if self.opage == LOGIN_PAGE: 1489 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1490 self.login_popup_window.set_title(_("Add Login Mapping")) 1491 self.login_init_dialog(args) 1492 self.clear_entry = True 1493 1494 if self.opage == USER_PAGE: 1495 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1496 self.user_popup_window.set_title(_("Add SELinux Users")) 1497 self.user_init_dialog(args) 1498 self.clear_entry = True 1499 1500 if self.opage == FILE_EQUIV_PAGE: 1501 self.file_equiv_source_entry.set_text("") 1502 self.file_equiv_dest_entry.set_text("") 1503 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1504 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1505 self.clear_entry = True 1506 self.show_popup(self.file_equiv_popup_window) 1507 1508 self.new_updates() 1509 1510 def show_popup(self, window): 1511 self.current_popup = window 1512 window.show() 1513 1514 def close_popup(self, *args): 1515 self.current_popup.hide() 1516 self.window.set_sensitive(True) 1517 return True 1518 1519 def modify_button_clicked(self, *args): 1520 iter = None 1521 if self.treeview: 1522 iter = self.get_selected_iter() 1523 if not iter: 1524 self.modify_button.set_sensitive(False) 1525 return 1526 self.modify = True 1527 if self.opage == NETWORK_PAGE: 1528 self.modify_button_network_clicked(args) 1529 1530 if self.opage == FILES_PAGE: 1531 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1532 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1533 self.delete_old_item = None 1534 self.init_files_dialog(args) 1535 self.modify = True 1536 operation = "Modify" 1537 mls = 1 1538 ipage = self.inner_notebook_files.get_current_page() 1539 1540 if ipage == EXE_PAGE: 1541 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1542 self.delete_old_item = iter 1543 path = self.executable_files_liststore.get_value(iter, 0) 1544 self.files_path_entry.set_text(path) 1545 ftype = self.executable_files_liststore.get_value(iter, 1) 1546 if ftype != None: 1547 self.combo_set_active_text(self.files_type_combobox, ftype) 1548 tclass = self.executable_files_liststore.get_value(iter, 2) 1549 if tclass != None: 1550 self.combo_set_active_text(self.files_class_combobox, tclass) 1551 1552 if ipage == WRITABLE_PAGE: 1553 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1554 self.delete_old_item = iter 1555 path = self.writable_files_liststore.get_value(iter, 0) 1556 self.files_path_entry.set_text(path) 1557 type = self.writable_files_liststore.get_value(iter, 1) 1558 if type != None: 1559 self.combo_set_active_text(self.files_type_combobox, type) 1560 tclass = self.writable_files_liststore.get_value(iter, 2) 1561 if tclass != None: 1562 self.combo_set_active_text(self.files_class_combobox, tclass) 1563 1564 if ipage == APP_PAGE: 1565 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1566 self.delete_old_item = iter 1567 path = self.application_files_liststore.get_value(iter, 0) 1568 self.files_path_entry.set_text(path) 1569 try: 1570 get_type = self.application_files_liststore.get_value(iter, 1) 1571 get_type = get_type.split("<b>")[1].split("</b>") 1572 except AttributeError: 1573 pass 1574 type = self.application_files_liststore.get_value(iter, 2) 1575 if type != None: 1576 self.combo_set_active_text(self.files_type_combobox, type) 1577 tclass = get_type[0] 1578 if tclass != None: 1579 self.combo_set_active_text(self.files_class_combobox, tclass) 1580 1581 if self.opage == USER_PAGE: 1582 self.user_init_dialog(args) 1583 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1584 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1585 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1586 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1587 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1588 self.user_popup_window.set_title(_("Modify SELinux Users")) 1589 self.show_popup(self.user_popup_window) 1590 1591 if self.opage == LOGIN_PAGE: 1592 self.login_init_dialog(args) 1593 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1594 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1595 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1596 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1597 self.login_popup_window.set_title(_("Modify Login Mapping")) 1598 self.show_popup(self.login_popup_window) 1599 1600 if self.opage == FILE_EQUIV_PAGE: 1601 self.file_equiv_source_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 0))) 1602 self.file_equiv_dest_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 1))) 1603 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1604 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1605 self.clear_entry = True 1606 self.show_popup(self.file_equiv_popup_window) 1607 1608 def populate_type_combo(self, tree, loc, *args): 1609 iter = self.more_types_files_liststore.get_iter(loc) 1610 ftype = self.more_types_files_liststore.get_value(iter, 0) 1611 self.combo_set_active_text(self.files_type_combobox, ftype) 1612 self.show_popup(self.files_popup_window) 1613 self.moreTypes_window_files.hide() 1614 1615 def strip_domain(self, domain): 1616 if domain == None: 1617 return 1618 if domain.endswith("_script_t"): 1619 split_char = "_script_t" 1620 else: 1621 split_char = "_t" 1622 return domain.split(split_char)[0] 1623 1624 def exclude_type(self, type, exclude_list): 1625 for e in exclude_list: 1626 if type.startswith(e): 1627 return True 1628 return False 1629 1630 def init_files_dialog(self, *args): 1631 exclude_list = [] 1632 self.files_class_combobox.set_sensitive(True) 1633 self.show_popup(self.files_popup_window) 1634 ipage = self.inner_notebook_files.get_current_page() 1635 self.files_type_combolist.clear() 1636 self.files_class_combolist.clear() 1637 compare = self.strip_domain(self.application) 1638 for d in self.application_liststore: 1639 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1640 exclude_list.append(self.strip_domain(d[0])) 1641 1642 self.more_types_files_liststore.clear() 1643 try: 1644 for files in sepolicy.file_type_str: 1645 iter = self.files_class_combolist.append() 1646 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1647 1648 if ipage == EXE_PAGE and self.entrypoints != None: 1649 for exe in self.entrypoints.keys(): 1650 if exe.startswith(compare): 1651 iter = self.files_type_combolist.append() 1652 self.files_type_combolist.set_value(iter, 0, exe) 1653 iter = self.more_types_files_liststore.append() 1654 self.more_types_files_liststore.set_value(iter, 0, exe) 1655 self.files_class_combobox.set_active(4) 1656 self.files_class_combobox.set_sensitive(False) 1657 1658 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1659 for write in self.writable_files.keys(): 1660 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1661 iter = self.files_type_combolist.append() 1662 self.files_type_combolist.set_value(iter, 0, write) 1663 iter = self.more_types_files_liststore.append() 1664 self.more_types_files_liststore.set_value(iter, 0, write) 1665 self.files_class_combobox.set_active(0) 1666 elif ipage == APP_PAGE and self.file_types != None: 1667 for app in sepolicy.get_all_file_types(): 1668 if app.startswith(compare): 1669 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1670 iter = self.files_type_combolist.append() 1671 self.files_type_combolist.set_value(iter, 0, app) 1672 iter = self.more_types_files_liststore.append() 1673 self.more_types_files_liststore.set_value(iter, 0, app) 1674 self.files_class_combobox.set_active(0) 1675 except AttributeError: 1676 print("error") 1677 pass 1678 self.files_type_combobox.set_active(0) 1679 self.files_mls_entry.set_text("s0") 1680 iter = self.files_type_combolist.append() 1681 self.files_type_combolist.set_value(iter, 0, _('More...')) 1682 1683 def modify_button_network_clicked(self, *args): 1684 iter = self.get_selected_iter() 1685 if not iter: 1686 self.modify_button.set_sensitive(False) 1687 return 1688 1689 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1690 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1691 self.delete_old_item = None 1692 self.init_network_dialog(args) 1693 operation = "Modify" 1694 mls = 1 1695 self.modify = True 1696 iter = self.get_selected_iter() 1697 port = self.liststore.get_value(iter, 0) 1698 self.network_ports_entry.set_text(port) 1699 protocol = self.liststore.get_value(iter, 1) 1700 if protocol == "tcp": 1701 self.network_tcp_button.set_active(True) 1702 elif protocol == "udp": 1703 self.network_udp_button.set_active(True) 1704 type = self.liststore.get_value(iter, 2) 1705 if type != None: 1706 self.combo_set_active_text(self.network_port_type_combobox, type) 1707 self.delete_old_item = iter 1708 1709 def init_network_dialog(self, *args): 1710 self.show_popup(self.network_popup_window) 1711 ipage = self.inner_notebook_network.get_current_page() 1712 self.network_port_type_combolist.clear() 1713 self.network_ports_entry.set_text("") 1714 1715 try: 1716 if ipage == OUTBOUND_PAGE: 1717 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools=True) 1718 elif ipage == INBOUND_PAGE: 1719 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools=True) 1720 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools=True) 1721 1722 port_types = [] 1723 for k in netd.keys(): 1724 for t, ports in netd[k]: 1725 if t not in port_types + ["port_t", "unreserved_port_t"]: 1726 if t.endswith("_type"): 1727 continue 1728 1729 port_types.append(t) 1730 1731 port_types.sort() 1732 short_domain = self.strip_domain(self.application) 1733 if short_domain[-1] == "d": 1734 short_domain = short_domain[:-1] 1735 short_domain = short_domain + "_" 1736 ctr = 0 1737 found = 0 1738 for t in port_types: 1739 if t.startswith(short_domain): 1740 found = ctr 1741 iter = self.network_port_type_combolist.append() 1742 self.network_port_type_combolist.set_value(iter, 0, t) 1743 ctr += 1 1744 self.network_port_type_combobox.set_active(found) 1745 1746 except AttributeError: 1747 pass 1748 1749 self.network_tcp_button.set_active(True) 1750 self.network_mls_entry.set_text("s0") 1751 1752 def login_seuser_combobox_change(self, combo, *args): 1753 seuser = self.combo_get_active_text(combo) 1754 if self.login_mls_entry.get_text() == "": 1755 for u in sepolicy.get_selinux_users(): 1756 if seuser == u['name']: 1757 self.login_mls_entry.set_text(u.get('range', '')) 1758 1759 def user_roles_combobox_change(self, combo, *args): 1760 serole = self.combo_get_active_text(combo) 1761 if self.user_mls_entry.get_text() == "": 1762 for u in sepolicy.get_all_roles(): 1763 if serole == u['name']: 1764 self.user_mls_entry.set_text(u.get('range', '')) 1765 1766 def get_selected_iter(self): 1767 iter = None 1768 if not self.treeview: 1769 return None 1770 row = self.treeview.get_selection() 1771 if not row: 1772 return None 1773 treesort, iter = row.get_selected() 1774 if iter: 1775 iter = treesort.convert_iter_to_child_iter(iter) 1776 if iter: 1777 iter = self.treefilter.convert_iter_to_child_iter(iter) 1778 return iter 1779 1780 def cursor_changed(self, *args): 1781 self.modify_button.set_sensitive(False) 1782 iter = self.get_selected_iter() 1783 if iter == None: 1784 self.modify_button.set_sensitive(False) 1785 return 1786 if not self.liststore[iter] or not self.liststore[iter][-1]: 1787 return 1788 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1789 1790 def login_init_dialog(self, *args): 1791 self.show_popup(self.login_popup_window) 1792 self.login_seuser_combolist.clear() 1793 users = sepolicy.get_all_users() 1794 users.sort() 1795 for u in users: 1796 iter = self.login_seuser_combolist.append() 1797 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1798 self.login_name_entry.set_text("") 1799 self.login_mls_entry.set_text("") 1800 1801 def user_init_dialog(self, *args): 1802 self.show_popup(self.user_popup_window) 1803 self.user_roles_combolist.clear() 1804 roles = sepolicy.get_all_roles() 1805 roles.sort() 1806 for r in roles: 1807 iter = self.user_roles_combolist.append() 1808 self.user_roles_combolist.set_value(iter, 0, str(r)) 1809 self.user_name_entry.set_text("") 1810 self.user_mls_entry.set_text("") 1811 1812 def on_disable_ptrace(self, checkbutton): 1813 if self.finish_init: 1814 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1815 self.wait_mouse() 1816 try: 1817 self.dbus.semanage(update_buffer) 1818 except dbus.exceptions.DBusException as e: 1819 self.error(e) 1820 self.ready_mouse() 1821 1822 def on_show_modified_only(self, checkbutton): 1823 length = self.liststore.get_n_columns() 1824 1825 def dup_row(row): 1826 l = [] 1827 for i in range(0, length): 1828 l.append(row[i]) 1829 return l 1830 1831 append_list = [] 1832 if self.opage == BOOLEANS_PAGE: 1833 if not checkbutton.get_active(): 1834 return self.boolean_initialize(self.application) 1835 1836 for row in self.liststore: 1837 if row[2] in self.cust_dict["boolean"]: 1838 append_list.append(dup_row(row)) 1839 1840 if self.opage == FILES_PAGE: 1841 ipage = self.inner_notebook_files.get_current_page() 1842 if not checkbutton.get_active(): 1843 if ipage == EXE_PAGE: 1844 return self.executable_files_initialize(self.application) 1845 if ipage == WRITABLE_PAGE: 1846 return self.writable_files_initialize(self.application) 1847 if ipage == APP_PAGE: 1848 return self.application_files_initialize(self.application) 1849 for row in self.liststore: 1850 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1851 append_list.append(row) 1852 1853 if self.opage == NETWORK_PAGE: 1854 if not checkbutton.get_active(): 1855 return self.network_initialize(self.application) 1856 for row in self.liststore: 1857 if (row[0], row[1]) in self.cust_dict["port"]: 1858 append_list.append(dup_row(row)) 1859 1860 if self.opage == FILE_EQUIV_PAGE: 1861 if not checkbutton.get_active() == True: 1862 return self.file_equiv_initialize() 1863 1864 for row in self.liststore: 1865 if row[0] in self.cust_dict["fcontext-equiv"]: 1866 append_list.append(dup_row(row)) 1867 1868 if self.opage == USER_PAGE: 1869 if not checkbutton.get_active(): 1870 return self.user_initialize() 1871 1872 for row in self.liststore: 1873 if row[0] in self.cust_dict["user"]: 1874 append_list.append(dup_row(row)) 1875 1876 if self.opage == LOGIN_PAGE: 1877 if not checkbutton.get_active() == True: 1878 return self.login_initialize() 1879 1880 for row in self.liststore: 1881 if row[0] in self.cust_dict["login"]: 1882 append_list.append(dup_row(row)) 1883 1884 self.liststore.clear() 1885 for row in append_list: 1886 iter = self.liststore.append() 1887 for i in range(0, length): 1888 self.liststore.set_value(iter, i, row[i]) 1889 1890 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1891 iter = tree.append(None) 1892 tree.set_value(iter, 0, path) 1893 tree.set_value(iter, 1, ftype) 1894 tree.set_value(iter, 2, fclass) 1895 1896 def restore_to_default(self, *args): 1897 print("restore to default clicked...") 1898 1899 def invalid_entry_retry(self, *args): 1900 self.closewindow(self.error_check_window) 1901 self.files_popup_window.set_sensitive(True) 1902 self.network_popup_window.set_sensitive(True) 1903 1904 def error_check_files(self, insert_txt): 1905 if len(insert_txt) == 0 or insert_txt[0] != '/': 1906 self.error_check_window.show() 1907 self.files_popup_window.set_sensitive(False) 1908 self.network_popup_window.set_sensitive(False) 1909 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1910 return True 1911 return False 1912 1913 def error_check_network(self, port): 1914 try: 1915 pnum = int(port) 1916 if pnum < 1 or pnum > 65536: 1917 raise ValueError 1918 except ValueError: 1919 self.error_check_window.show() 1920 self.files_popup_window.set_sensitive(False) 1921 self.network_popup_window.set_sensitive(False) 1922 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1923 return True 1924 return False 1925 1926 def show_more_types(self, *args): 1927 if self.finish_init: 1928 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1929 self.files_popup_window.hide() 1930 self.moreTypes_window_files.show() 1931 1932 def update_to_login(self, *args): 1933 self.close_popup() 1934 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1935 mls_range = self.login_mls_entry.get_text() 1936 name = self.login_name_entry.get_text() 1937 if self.modify: 1938 iter = self.get_selected_iter() 1939 oldname = self.login_liststore.get_value(iter, 0) 1940 oldseuser = self.login_liststore.get_value(iter, 1) 1941 oldrange = self.login_liststore.get_value(iter, 2) 1942 self.liststore.set_value(iter, 0, oldname) 1943 self.liststore.set_value(iter, 1, oldseuser) 1944 self.liststore.set_value(iter, 2, oldrange) 1945 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1946 else: 1947 iter = self.liststore.append(None) 1948 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1949 1950 self.liststore.set_value(iter, 0, name) 1951 self.liststore.set_value(iter, 1, seuser) 1952 self.liststore.set_value(iter, 2, mls_range) 1953 1954 self.new_updates() 1955 1956 def update_to_user(self, *args): 1957 self.close_popup() 1958 roles = self.combo_get_active_text(self.user_roles_combobox) 1959 level = self.user_mls_level_entry.get_text() 1960 mls_range = self.user_mls_entry.get_text() 1961 name = self.user_name_entry.get_text() 1962 if self.modify: 1963 iter = self.get_selected_iter() 1964 oldname = self.user_liststore.get_value(iter, 0) 1965 oldroles = self.user_liststore.get_value(iter, 1) 1966 oldlevel = self.user_liststore.get_value(iter, 1) 1967 oldrange = self.user_liststore.get_value(iter, 3) 1968 self.liststore.set_value(iter, 0, oldname) 1969 self.liststore.set_value(iter, 1, oldroles) 1970 self.liststore.set_value(iter, 2, oldlevel) 1971 self.liststore.set_value(iter, 3, oldrange) 1972 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1973 else: 1974 iter = self.liststore.append(None) 1975 if mls_range or level: 1976 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1977 else: 1978 self.cur_dict["user"][name] = {"action": "-a", "role": roles} 1979 1980 self.liststore.set_value(iter, 0, name) 1981 self.liststore.set_value(iter, 1, roles) 1982 self.liststore.set_value(iter, 2, level) 1983 self.liststore.set_value(iter, 3, mls_range) 1984 1985 self.new_updates() 1986 1987 def update_to_file_equiv(self, *args): 1988 self.close_popup() 1989 dest = self.file_equiv_dest_entry.get_text() 1990 src = self.file_equiv_source_entry.get_text() 1991 if self.modify: 1992 iter = self.get_selected_iter() 1993 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1994 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1995 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1996 else: 1997 iter = self.liststore.append(None) 1998 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 1999 self.liststore.set_value(iter, 0, self.markup(dest)) 2000 self.liststore.set_value(iter, 1, self.markup(src)) 2001 2002 def update_to_files(self, *args): 2003 self.close_popup() 2004 self.files_add = True 2005 # Insert Function will be used in the future 2006 path = self.files_path_entry.get_text() 2007 if self.error_check_files(path): 2008 return 2009 2010 setype = self.combo_get_active_text(self.files_type_combobox) 2011 mls = self.files_mls_entry.get_text() 2012 tclass = self.combo_get_active_text(self.files_class_combobox) 2013 2014 if self.modify: 2015 iter = self.get_selected_iter() 2016 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2017 oldsetype = self.unmark(self.liststore.set_value(iter, 1)) 2018 oldtclass = self.liststore.get_value(iter, 2) 2019 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldpath": oldpath, "oldclass": oldtclass} 2020 else: 2021 iter = self.liststore.append(None) 2022 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2023 self.liststore.set_value(iter, 0, self.markup(path)) 2024 self.liststore.set_value(iter, 1, self.markup(setype)) 2025 self.liststore.set_value(iter, 2, self.markup(tclass)) 2026 2027 self.files_add = False 2028 self.recursive_path_toggle.set_active(False) 2029 self.new_updates() 2030 2031 def update_to_network(self, *args): 2032 self.network_add = True 2033 ports = self.network_ports_entry.get_text() 2034 if self.error_check_network(ports): 2035 return 2036 if self.network_tcp_button.get_active(): 2037 protocol = "tcp" 2038 else: 2039 protocol = "udp" 2040 2041 setype = self.combo_get_active_text(self.network_port_type_combobox) 2042 mls = self.network_mls_entry.get_text() 2043 2044 if self.modify: 2045 iter = self.get_selected_iter() 2046 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2047 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2048 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2049 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldprotocol": oldprotocol, "oldports": oldports} 2050 else: 2051 iter = self.liststore.append(None) 2052 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2053 self.liststore.set_value(iter, 0, ports) 2054 self.liststore.set_value(iter, 1, protocol) 2055 self.liststore.set_value(iter, 2, setype) 2056 2057 self.network_add = False 2058 self.network_popup_window.hide() 2059 self.window.set_sensitive(True) 2060 self.new_updates() 2061 2062 def delete_button_clicked(self, *args): 2063 operation = "Add" 2064 self.window.set_sensitive(False) 2065 if self.opage == NETWORK_PAGE: 2066 self.network_delete_liststore.clear() 2067 port_dict = self.cust_dict["port"] 2068 for ports, protocol in port_dict: 2069 setype = port_dict[(ports, protocol)]["type"] 2070 iter = self.network_delete_liststore.append() 2071 self.network_delete_liststore.set_value(iter, 1, ports) 2072 self.network_delete_liststore.set_value(iter, 2, protocol) 2073 self.network_delete_liststore.set_value(iter, 3, setype) 2074 self.show_popup(self.network_delete_window) 2075 return 2076 2077 if self.opage == FILES_PAGE: 2078 self.files_delete_liststore.clear() 2079 fcontext_dict = self.cust_dict["fcontext"] 2080 for path, tclass in fcontext_dict: 2081 setype = fcontext_dict[(path, tclass)]["type"] 2082 iter = self.files_delete_liststore.append() 2083 self.files_delete_liststore.set_value(iter, 1, path) 2084 self.files_delete_liststore.set_value(iter, 2, setype) 2085 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2086 self.show_popup(self.files_delete_window) 2087 return 2088 2089 if self.opage == USER_PAGE: 2090 self.user_delete_liststore.clear() 2091 user_dict = self.cust_dict["user"] 2092 for user in user_dict: 2093 roles = user_dict[user]["role"] 2094 mls = user_dict[user].get("range", "") 2095 level = user_dict[user].get("level", "") 2096 iter = self.user_delete_liststore.append() 2097 self.user_delete_liststore.set_value(iter, 1, user) 2098 self.user_delete_liststore.set_value(iter, 2, roles) 2099 self.user_delete_liststore.set_value(iter, 3, level) 2100 self.user_delete_liststore.set_value(iter, 4, mls) 2101 self.show_popup(self.user_delete_window) 2102 return 2103 2104 if self.opage == LOGIN_PAGE: 2105 self.login_delete_liststore.clear() 2106 login_dict = self.cust_dict["login"] 2107 for login in login_dict: 2108 seuser = login_dict[login]["seuser"] 2109 mls = login_dict[login].get("range", "") 2110 iter = self.login_delete_liststore.append() 2111 self.login_delete_liststore.set_value(iter, 1, seuser) 2112 self.login_delete_liststore.set_value(iter, 2, login) 2113 self.login_delete_liststore.set_value(iter, 3, mls) 2114 self.show_popup(self.login_delete_window) 2115 return 2116 2117 if self.opage == FILE_EQUIV_PAGE: 2118 self.file_equiv_delete_liststore.clear() 2119 for items in self.file_equiv_liststore: 2120 if items[2]: 2121 iter = self.file_equiv_delete_liststore.append() 2122 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2123 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2124 self.show_popup(self.file_equiv_delete_window) 2125 return 2126 2127 def on_save_delete_clicked(self, *args): 2128 self.close_popup() 2129 if self.opage == NETWORK_PAGE: 2130 for delete in self.network_delete_liststore: 2131 if delete[0]: 2132 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2133 if self.opage == FILES_PAGE: 2134 for delete in self.files_delete_liststore: 2135 if delete[0]: 2136 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2137 if self.opage == USER_PAGE: 2138 for delete in self.user_delete_liststore: 2139 if delete[0]: 2140 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2141 if self.opage == LOGIN_PAGE: 2142 for delete in self.login_delete_liststore: 2143 if delete[0]: 2144 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2145 if self.opage == FILE_EQUIV_PAGE: 2146 for delete in self.file_equiv_delete_liststore: 2147 if delete[0]: 2148 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2149 self.new_updates() 2150 2151 def on_save_delete_file_equiv_clicked(self, *args): 2152 for delete in self.files_delete_liststore: 2153 print(delete[0], delete[1], delete[2],) 2154 2155 def on_toggle_update(self, cell, path, model): 2156 model[path][0] = not model[path][0] 2157 2158 def ipage_delete(self, liststore, key): 2159 ctr = 0 2160 for items in liststore: 2161 if items[0] == key[0] and items[2] == key[1]: 2162 iter = liststore.get_iter(ctr) 2163 liststore.remove(iter) 2164 return 2165 ctr += 1 2166 2167 def on_toggle(self, cell, path, model): 2168 if not path: 2169 return 2170 iter = self.boolean_filter.get_iter(path) 2171 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2172 name = model.get_value(iter, 2) 2173 model.set_value(iter, 0, not model.get_value(iter, 0)) 2174 active = model.get_value(iter, 0) 2175 if name in self.cur_dict["boolean"]: 2176 del(self.cur_dict["boolean"][name]) 2177 else: 2178 self.cur_dict["boolean"][name] = {"active": active} 2179 self.new_updates() 2180 2181 def get_advanced_filter_data(self, entry, *args): 2182 self.filter_txt = entry.get_text() 2183 self.advanced_search_filter.refilter() 2184 2185 def get_filter_data(self, windows, *args): 2186 #search for desired item 2187 # The txt that the use rinputs into the filter is stored in filter_txt 2188 self.filter_txt = windows.get_text() 2189 self.treefilter.refilter() 2190 2191 def update_gui(self, *args): 2192 self.update = True 2193 self.update_treestore.clear() 2194 for bools in self.cur_dict["boolean"]: 2195 operation = self.cur_dict["boolean"][bools]["action"] 2196 iter = self.update_treestore.append(None) 2197 self.update_treestore.set_value(iter, 0, True) 2198 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2199 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2200 self.update_treestore.set_value(iter, 3, True) 2201 niter = self.update_treestore.append(iter) 2202 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2203 self.update_treestore.set_value(niter, 3, False) 2204 2205 for path, tclass in self.cur_dict["fcontext"]: 2206 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2207 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2208 iter = self.update_treestore.append(None) 2209 self.update_treestore.set_value(iter, 0, True) 2210 self.update_treestore.set_value(iter, 2, operation) 2211 self.update_treestore.set_value(iter, 0, True) 2212 if operation == "-a": 2213 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2214 if operation == "-d": 2215 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2216 if operation == "-m": 2217 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2218 2219 niter = self.update_treestore.append(iter) 2220 self.update_treestore.set_value(niter, 3, False) 2221 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2222 niter = self.update_treestore.append(iter) 2223 self.update_treestore.set_value(niter, 3, False) 2224 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2225 niter = self.update_treestore.append(iter) 2226 self.update_treestore.set_value(niter, 3, False) 2227 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2228 2229 for port, protocol in self.cur_dict["port"]: 2230 operation = self.cur_dict["port"][(port, protocol)]["action"] 2231 iter = self.update_treestore.append(None) 2232 self.update_treestore.set_value(iter, 0, True) 2233 self.update_treestore.set_value(iter, 2, operation) 2234 self.update_treestore.set_value(iter, 3, True) 2235 if operation == "-a": 2236 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2237 if operation == "-d": 2238 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2239 if operation == "-m": 2240 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2241 2242 niter = self.update_treestore.append(iter) 2243 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2244 self.update_treestore.set_value(niter, 3, False) 2245 niter = self.update_treestore.append(iter) 2246 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2247 self.update_treestore.set_value(niter, 3, False) 2248 setype = self.cur_dict["port"][(port, protocol)]["type"] 2249 niter = self.update_treestore.append(iter) 2250 self.update_treestore.set_value(niter, 3, False) 2251 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2252 2253 for user in self.cur_dict["user"]: 2254 operation = self.cur_dict["user"][user]["action"] 2255 iter = self.update_treestore.append(None) 2256 self.update_treestore.set_value(iter, 0, True) 2257 self.update_treestore.set_value(iter, 2, operation) 2258 self.update_treestore.set_value(iter, 0, True) 2259 if operation == "-a": 2260 self.update_treestore.set_value(iter, 1, _("Add user")) 2261 if operation == "-d": 2262 self.update_treestore.set_value(iter, 1, _("Delete user")) 2263 if operation == "-m": 2264 self.update_treestore.set_value(iter, 1, _("Modify user")) 2265 2266 niter = self.update_treestore.append(iter) 2267 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2268 self.update_treestore.set_value(niter, 3, False) 2269 niter = self.update_treestore.append(iter) 2270 self.update_treestore.set_value(niter, 3, False) 2271 roles = self.cur_dict["user"][user]["role"] 2272 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2273 mls = self.cur_dict["user"][user].get("range", "") 2274 niter = self.update_treestore.append(iter) 2275 self.update_treestore.set_value(niter, 3, False) 2276 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2277 2278 for login in self.cur_dict["login"]: 2279 operation = self.cur_dict["login"][login]["action"] 2280 iter = self.update_treestore.append(None) 2281 self.update_treestore.set_value(iter, 0, True) 2282 self.update_treestore.set_value(iter, 2, operation) 2283 self.update_treestore.set_value(iter, 0, True) 2284 if operation == "-a": 2285 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2286 if operation == "-d": 2287 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2288 if operation == "-m": 2289 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2290 2291 niter = self.update_treestore.append(iter) 2292 self.update_treestore.set_value(niter, 3, False) 2293 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2294 niter = self.update_treestore.append(iter) 2295 self.update_treestore.set_value(niter, 3, False) 2296 seuser = self.cur_dict["login"][login]["seuser"] 2297 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2298 mls = self.cur_dict["login"][login].get("range", "") 2299 niter = self.update_treestore.append(iter) 2300 self.update_treestore.set_value(niter, 3, False) 2301 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2302 2303 for path in self.cur_dict["fcontext-equiv"]: 2304 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2305 iter = self.update_treestore.append(None) 2306 self.update_treestore.set_value(iter, 0, True) 2307 self.update_treestore.set_value(iter, 2, operation) 2308 self.update_treestore.set_value(iter, 0, True) 2309 if operation == "-a": 2310 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2311 if operation == "-d": 2312 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2313 if operation == "-m": 2314 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2315 2316 niter = self.update_treestore.append(iter) 2317 self.update_treestore.set_value(niter, 3, False) 2318 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2319 niter = self.update_treestore.append(iter) 2320 self.update_treestore.set_value(niter, 3, False) 2321 src = self.cur_dict["fcontext-equiv"][path]["src"] 2322 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2323 2324 self.show_popup(self.update_window) 2325 2326 def set_active_application_button(self): 2327 if self.boolean_radio_button.get_active(): 2328 self.active_button = self.boolean_radio_button 2329 if self.files_radio_button.get_active(): 2330 self.active_button = self.files_radio_button 2331 if self.transitions_radio_button.get_active(): 2332 self.active_button = self.transitions_radio_button 2333 if self.network_radio_button.get_active(): 2334 self.active_button = self.network_radio_button 2335 2336 def clearbuttons(self, clear=True): 2337 self.main_selection_window.hide() 2338 self.boolean_radio_button.set_visible(False) 2339 self.files_radio_button.set_visible(False) 2340 self.network_radio_button.set_visible(False) 2341 self.transitions_radio_button.set_visible(False) 2342 self.system_radio_button.set_visible(False) 2343 self.lockdown_radio_button.set_visible(False) 2344 self.user_radio_button.set_visible(False) 2345 self.login_radio_button.set_visible(False) 2346 if clear: 2347 self.completion_entry.set_text("") 2348 2349 def show_system_page(self): 2350 self.clearbuttons() 2351 self.system_radio_button.set_visible(True) 2352 self.lockdown_radio_button.set_visible(True) 2353 self.applications_selection_button.set_label(_("System")) 2354 self.system_radio_button.set_active(True) 2355 self.tab_change() 2356 self.idle_func() 2357 2358 def show_file_equiv_page(self, *args): 2359 self.clearbuttons() 2360 self.file_equiv_initialize() 2361 self.file_equiv_radio_button.set_active(True) 2362 self.applications_selection_button.set_label(_("File Equivalence")) 2363 self.tab_change() 2364 self.idle_func() 2365 self.add_button.set_sensitive(True) 2366 self.delete_button.set_sensitive(True) 2367 2368 def show_users_page(self): 2369 self.clearbuttons() 2370 self.login_radio_button.set_visible(True) 2371 self.user_radio_button.set_visible(True) 2372 self.applications_selection_button.set_label(_("Users")) 2373 self.login_radio_button.set_active(True) 2374 self.tab_change() 2375 self.user_initialize() 2376 self.login_initialize() 2377 self.idle_func() 2378 self.add_button.set_sensitive(True) 2379 self.delete_button.set_sensitive(True) 2380 2381 def show_applications_page(self): 2382 self.clearbuttons(False) 2383 self.boolean_radio_button.set_visible(True) 2384 self.files_radio_button.set_visible(True) 2385 self.network_radio_button.set_visible(True) 2386 self.transitions_radio_button.set_visible(True) 2387 self.boolean_radio_button.set_active(True) 2388 self.tab_change() 2389 self.idle_func() 2390 2391 def system_interface(self, *args): 2392 self.show_system_page() 2393 2394 def users_interface(self, *args): 2395 self.show_users_page() 2396 2397 def show_mislabeled_files(self, checkbutton, *args): 2398 iterlist = [] 2399 ctr = 0 2400 ipage = self.inner_notebook_files.get_current_page() 2401 if checkbutton.get_active() == True: 2402 for items in self.liststore: 2403 iter = self.treesort.get_iter(ctr) 2404 iter = self.treesort.convert_iter_to_child_iter(iter) 2405 iter = self.treefilter.convert_iter_to_child_iter(iter) 2406 if iter != None: 2407 if self.liststore.get_value(iter, 4) == False: 2408 iterlist.append(iter) 2409 ctr += 1 2410 for iters in iterlist: 2411 self.liststore.remove(iters) 2412 2413 elif self.application != None: 2414 self.liststore.clear() 2415 if ipage == EXE_PAGE: 2416 self.executable_files_initialize(self.application) 2417 elif ipage == WRITABLE_PAGE: 2418 self.writable_files_initialize(self.application) 2419 elif ipage == APP_PAGE: 2420 self.application_files_initialize(self.application) 2421 2422 def fix_mislabeled(self, path): 2423 cur = selinux.getfilecon(path)[1].split(":")[2] 2424 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2425 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2426 self.dbus.restorecon(path) 2427 self.application_selected() 2428 2429 def new_updates(self, *args): 2430 self.update_button.set_sensitive(self.modified()) 2431 self.revert_button.set_sensitive(self.modified()) 2432 2433 def update_or_revert_changes(self, button, *args): 2434 self.update_gui() 2435 self.update = (button.get_label() == _("Update")) 2436 if self.update: 2437 self.update_window.set_title(_("Update Changes")) 2438 else: 2439 self.update_window.set_title(_("Revert Changes")) 2440 2441 def apply_changes_button_press(self, *args): 2442 self.close_popup() 2443 if self.update: 2444 self.update_the_system() 2445 else: 2446 self.revert_data() 2447 self.finish_init = False 2448 self.previously_modified_initialize(self.dbus.customized()) 2449 self.finish_init = True 2450 self.clear_filters() 2451 self.application_selected() 2452 self.new_updates() 2453 self.update_treestore.clear() 2454 2455 def update_the_system(self, *args): 2456 self.close_popup() 2457 update_buffer = self.format_update() 2458 self.wait_mouse() 2459 try: 2460 self.dbus.semanage(update_buffer) 2461 except dbus.exceptions.DBusException as e: 2462 print(e) 2463 self.ready_mouse() 2464 self.init_cur() 2465 2466 def ipage_value_lookup(self, lookup): 2467 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2468 for value in ipage_values: 2469 if value == lookup: 2470 return ipage_values[value] 2471 return "Booleans" 2472 2473 def get_attributes_update(self, attribute): 2474 attribute = attribute.split(": ")[1] 2475 bool_id = attribute.split(": ")[0] 2476 if bool_id == "SELinux name": 2477 self.bool_revert = attribute 2478 else: 2479 return attribute 2480 2481 def format_update(self): 2482 self.revert_data() 2483 update_buffer = "" 2484 for k in self.cur_dict: 2485 if k in "boolean": 2486 for b in self.cur_dict[k]: 2487 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2488 if k in "login": 2489 for l in self.cur_dict[k]: 2490 if self.cur_dict[k][l]["action"] == "-d": 2491 update_buffer += "login -d %s\n" % l 2492 elif "range" in self.cur_dict[k][l]: 2493 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2494 else: 2495 update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l) 2496 if k in "user": 2497 for u in self.cur_dict[k]: 2498 if self.cur_dict[k][u]["action"] == "-d": 2499 update_buffer += "user -d %s\n" % u 2500 elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]: 2501 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2502 else: 2503 update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u) 2504 2505 if k in "fcontext-equiv": 2506 for f in self.cur_dict[k]: 2507 if self.cur_dict[k][f]["action"] == "-d": 2508 update_buffer += "fcontext -d %s\n" % f 2509 else: 2510 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2511 2512 if k in "fcontext": 2513 for f in self.cur_dict[k]: 2514 if self.cur_dict[k][f]["action"] == "-d": 2515 update_buffer += "fcontext -d %s\n" % f 2516 else: 2517 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2518 2519 if k in "port": 2520 for port, protocol in self.cur_dict[k]: 2521 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2522 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2523 else: 2524 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], protocol, port) 2525 2526 return update_buffer 2527 2528 def revert_data(self): 2529 ctr = 0 2530 remove_list = [] 2531 update_buffer = "" 2532 for items in self.update_treestore: 2533 if not self.update_treestore[ctr][0]: 2534 remove_list.append(ctr) 2535 ctr += 1 2536 remove_list.reverse() 2537 for ctr in remove_list: 2538 self.remove_cur(ctr) 2539 2540 def reveal_advanced_system(self, label, *args): 2541 advanced = label.get_text() == ADVANCED_LABEL[0] 2542 if advanced: 2543 label.set_text(ADVANCED_LABEL[1]) 2544 else: 2545 label.set_text(ADVANCED_LABEL[0]) 2546 self.system_policy_label.set_visible(advanced) 2547 self.system_policy_type_combobox.set_visible(advanced) 2548 2549 def reveal_advanced(self, label, *args): 2550 advanced = label.get_text() == ADVANCED_LABEL[0] 2551 if advanced: 2552 label.set_text(ADVANCED_LABEL[1]) 2553 else: 2554 label.set_text(ADVANCED_LABEL[0]) 2555 self.files_mls_label.set_visible(advanced) 2556 self.files_mls_entry.set_visible(advanced) 2557 self.network_mls_label.set_visible(advanced) 2558 self.network_mls_entry.set_visible(advanced) 2559 2560 def on_show_advanced_search_window(self, label, *args): 2561 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2562 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2563 self.close_popup() 2564 else: 2565 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2566 self.show_popup(self.advanced_search_window) 2567 2568 def set_enforce_text(self, value): 2569 if value: 2570 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2571 self.current_status_enforcing.set_active(True) 2572 else: 2573 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2574 self.current_status_permissive.set_active(True) 2575 2576 def set_enforce(self, button): 2577 if not self.finish_init: 2578 return 2579 2580 self.dbus.setenforce(button.get_active()) 2581 self.set_enforce_text(button.get_active()) 2582 2583 def on_browse_select(self, *args): 2584 filename = self.file_dialog.get_filename() 2585 if filename == None: 2586 return 2587 self.clear_entry = False 2588 self.file_dialog.hide() 2589 self.files_path_entry.set_text(filename) 2590 if self.import_export == 'Import': 2591 self.import_config(filename) 2592 elif self.import_export == 'Export': 2593 self.export_config(filename) 2594 2595 def recursive_path(self, *args): 2596 path = self.files_path_entry.get_text() 2597 if self.recursive_path_toggle.get_active(): 2598 if not path.endswith("(/.*)?"): 2599 self.files_path_entry.set_text(path + "(/.*)?") 2600 elif path.endswith("(/.*)?"): 2601 path = path.split("(/.*)?")[0] 2602 self.files_path_entry.set_text(path) 2603 2604 def highlight_entry_text(self, entry_obj, *args): 2605 txt = entry_obj.get_text() 2606 if self.clear_entry: 2607 entry_obj.set_text('') 2608 self.clear_entry = False 2609 2610 def autofill_add_files_entry(self, entry): 2611 text = entry.get_text() 2612 if text == '': 2613 return 2614 if text.endswith("(/.*)?"): 2615 self.recursive_path_toggle.set_active(True) 2616 for d in sepolicy.DEFAULT_DIRS: 2617 if text.startswith(d): 2618 for t in self.files_type_combolist: 2619 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2620 self.combo_set_active_text(self.files_type_combobox, t[0]) 2621 2622 def resize_columns(self, *args): 2623 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2624 width = self.boolean_column_1.get_width() 2625 renderer = self.boolean_column_1.get_cell_renderers() 2626 2627 def browse_for_files(self, *args): 2628 self.file_dialog.show() 2629 2630 def close_config_window(self, *args): 2631 self.file_dialog.hide() 2632 2633 def change_default_policy(self, *args): 2634 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2635 return 2636 2637 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2638 self.system_policy_type_combobox.set_active(self.typeHistory) 2639 return None 2640 2641 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2642 self.dbus.relabel_on_boot(True) 2643 self.typeHistory = self.system_policy_type_combobox.get_active() 2644 2645 def change_default_mode(self, button): 2646 if not self.finish_init: 2647 return 2648 self.enabled_changed(button) 2649 if button.get_active(): 2650 self.dbus.change_default_mode(button.get_label().lower()) 2651 2652 def import_config_show(self, *args): 2653 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2654 self.file_dialog.set_title("Import Configuration") 2655 self.file_dialog.show() 2656 #self.file_dialog.set_uri('/tmp') 2657 self.import_export = 'Import' 2658 2659 def export_config_show(self, *args): 2660 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2661 self.file_dialog.set_title("Export Configuration") 2662 self.file_dialog.show() 2663 self.import_export = 'Export' 2664 2665 def export_config(self, filename): 2666 self.wait_mouse() 2667 buf = self.dbus.customized() 2668 fd = open(filename, 'w') 2669 fd.write(buf) 2670 fd.close() 2671 self.ready_mouse() 2672 2673 def import_config(self, filename): 2674 fd = open(filename, "r") 2675 buf = fd.read() 2676 fd.close() 2677 self.wait_mouse() 2678 try: 2679 self.dbus.semanage(buf) 2680 except OSError: 2681 pass 2682 self.ready_mouse() 2683 2684 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2685 if (app, ipage, operation) not in dic: 2686 dic[app, ipage, operation] = {} 2687 if (p, q) not in dic[app, ipage, operation]: 2688 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2689 2690 def translate_bool(self, b): 2691 b = b.split('-')[1] 2692 if b == '0': 2693 return False 2694 if b == '1': 2695 return True 2696 2697 def relabel_on_reboot(self, *args): 2698 active = self.relabel_button.get_active() 2699 exists = os.path.exists("/.autorelabel") 2700 2701 if active and exists: 2702 return 2703 if not active and not exists: 2704 return 2705 try: 2706 self.dbus.relabel_on_boot(active) 2707 except dbus.exceptions.DBusException as e: 2708 self.error(e) 2709 2710 def closewindow(self, window, *args): 2711 window.hide() 2712 self.recursive_path_toggle.set_active(False) 2713 self.window.set_sensitive(True) 2714 if self.moreTypes_window_files == window: 2715 self.show_popup(self.files_popup_window) 2716 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2717 self.files_type_combobox.set_active(0) 2718 if self.error_check_window == window: 2719 if self.files_add: 2720 self.show_popup(self.files_popup_window) 2721 elif self.network_add: 2722 self.show_popup(self.network_popup_window) 2723 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2724 self.advanced_text_files.set_visible(True) 2725 self.files_mls_label.set_visible(False) 2726 self.files_mls_entry.set_visible(False) 2727 self.advanced_text_network.set_visible(True) 2728 self.network_mls_label.set_visible(False) 2729 self.network_mls_entry.set_visible(False) 2730 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2731 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2732 return True 2733 2734 def wait_mouse(self): 2735 self.window.get_window().set_cursor(self.busy_cursor) 2736 self.idle_func() 2737 2738 def ready_mouse(self): 2739 self.window.get_window().set_cursor(self.ready_cursor) 2740 self.idle_func() 2741 2742 def verify(self, message, title=""): 2743 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2744 Gtk.ButtonsType.YES_NO, 2745 message) 2746 dlg.set_title(title) 2747 dlg.set_position(Gtk.WindowPosition.MOUSE) 2748 dlg.show_all() 2749 rc = dlg.run() 2750 dlg.destroy() 2751 return rc 2752 2753 def error(self, message): 2754 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2755 Gtk.ButtonsType.CLOSE, 2756 message) 2757 dlg.set_position(Gtk.WindowPosition.MOUSE) 2758 dlg.show_all() 2759 dlg.run() 2760 dlg.destroy() 2761 2762 def enabled_changed(self, radio): 2763 if not radio.get_active(): 2764 return 2765 label = radio.get_label() 2766 if label == 'Disabled' and self.enforce_mode != DISABLED: 2767 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2768 self.enforce_button.set_active(True) 2769 2770 if label != 'Disabled' and self.enforce_mode == DISABLED: 2771 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2772 self.enforce_button.set_active(True) 2773 self.enforce_button = radio 2774 2775 def clear_filters(self, *args): 2776 self.filter_entry.set_text('') 2777 self.show_modified_only.set_active(False) 2778 2779 def unconfined_toggle(self, *args): 2780 if not self.finish_init: 2781 return 2782 self.wait_mouse() 2783 if self.enable_unconfined_button.get_active(): 2784 self.dbus.semanage("module -e unconfined") 2785 else: 2786 self.dbus.semanage("module -d unconfined") 2787 self.ready_mouse() 2788 2789 def permissive_toggle(self, *args): 2790 if not self.finish_init: 2791 return 2792 self.wait_mouse() 2793 if self.enable_permissive_button.get_active(): 2794 self.dbus.semanage("module -e permissivedomains") 2795 else: 2796 self.dbus.semanage("module -d permissivedomains") 2797 self.ready_mouse() 2798 2799 def confirmation_close(self, button, *args): 2800 if len(self.update_treestore) > 0: 2801 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2802 return True 2803 self.quit() 2804 2805 def quit(self, *args): 2806 sys.exit(0) 2807 2808if __name__ == '__main__': 2809 start = SELinuxGui() 2810