1#!/usr/bin/python -Es 2# 3# Copyright (C) 2013 Red Hat 4# see file 'COPYING' for use and warranty information 5# 6# selinux gui is a tool for the examining and modifying SELinux policy 7# 8# This program is free software; you can redistribute it and/or 9# modify it under the terms of the GNU General Public License as 10# published by the Free Software Foundation; either version 2 of 11# the License, or (at your option) any later version. 12# 13# This program is distributed in the hope that it will be useful, 14# but WITHOUT ANY WARRANTY; without even the implied warranty of 15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16# GNU General Public License for more details. 17# 18# You should have received a copy of the GNU General Public License 19# along with this program; if not, write to the Free Software 20# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 21# 02111-1307 USA 22# 23# author: Ryan Hallisey rhallisey@redhat.com 24# author: Dan Walsh dwalsh@redhat.com 25# author: Miroslav Grepl mgrepl@redhat.com 26# 27# 28 29import gi 30gi.require_version('Gtk', '3.0') 31from gi.repository import Gtk 32from gi.repository import Gdk 33from gi.repository import GLib 34from sepolicy.sedbus import SELinuxDBus 35import sys 36import sepolicy 37import selinux 38from selinux import DISABLED, PERMISSIVE, ENFORCING 39import sepolicy.network 40import sepolicy.manpage 41import dbus 42import os 43import re 44import unicodedata 45 46PROGNAME = "policycoreutils" 47try: 48 import gettext 49 kwargs = {} 50 if sys.version_info < (3,): 51 kwargs['unicode'] = True 52 gettext.install(PROGNAME, 53 localedir="/usr/share/locale", 54 codeset='utf-8', 55 **kwargs) 56except: 57 try: 58 import builtins 59 builtins.__dict__['_'] = str 60 except ImportError: 61 import __builtin__ 62 __builtin__.__dict__['_'] = unicode 63 64reverse_file_type_str = {} 65for f in sepolicy.file_type_str: 66 reverse_file_type_str[sepolicy.file_type_str[f]] = f 67 68enabled = [_("No"), _("Yes")] 69action = [_("Disable"), _("Enable")] 70 71 72def compare(a, b): 73 return cmp(a.lower(), b.lower()) 74 75import distutils.sysconfig 76ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 77ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 78OUTBOUND_PAGE = 0 79INBOUND_PAGE = 1 80 81TRANSITIONS_FROM_PAGE = 0 82TRANSITIONS_TO_PAGE = 1 83TRANSITIONS_FILE_PAGE = 2 84 85EXE_PAGE = 0 86WRITABLE_PAGE = 1 87APP_PAGE = 2 88 89BOOLEANS_PAGE = 0 90FILES_PAGE = 1 91NETWORK_PAGE = 2 92TRANSITIONS_PAGE = 3 93LOGIN_PAGE = 4 94USER_PAGE = 5 95LOCKDOWN_PAGE = 6 96SYSTEM_PAGE = 7 97FILE_EQUIV_PAGE = 8 98START_PAGE = 9 99 100keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 101 102DISABLED_TEXT = _("""<small> 103To change from Disabled to Enforcing mode 104- Change the system mode from Disabled to Permissive 105- Reboot, so that the system can relabel 106- Once the system is working as planned 107 * Change the system mode to Enforcing</small> 108""") 109 110 111class SELinuxGui(): 112 113 def __init__(self, app=None, test=False): 114 self.finish_init = False 115 self.advanced_init = True 116 self.opage = START_PAGE 117 self.dbus = SELinuxDBus() 118 try: 119 customized = self.dbus.customized() 120 except dbus.exceptions.DBusException as e: 121 print(e) 122 self.quit() 123 124 self.init_cur() 125 self.application = app 126 self.filter_txt = "" 127 builder = Gtk.Builder() # BUILDER OBJ 128 self.code_path = distutils.sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" 129 glade_file = self.code_path + "sepolicy.glade" 130 builder.add_from_file(glade_file) 131 self.outer_notebook = builder.get_object("outer_notebook") 132 self.window = builder.get_object("SELinux_window") 133 self.main_selection_window = builder.get_object("Main_selection_menu") 134 self.main_advanced_label = builder.get_object("main_advanced_label") 135 self.popup = 0 136 self.applications_selection_button = builder.get_object("applications_selection_button") 137 self.revert_button = builder.get_object("Revert_button") 138 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 139 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 140 self.initialtype = selinux.selinux_getpolicytype()[1] 141 self.current_popup = None 142 self.import_export = None 143 self.clear_entry = True 144 self.files_add = False 145 self.network_add = False 146 147 self.all_domains = [] 148 self.installed_list = [] 149 self.previously_modified = {} 150 151 # file dialog 152 self.file_dialog = builder.get_object("add_path_dialog") 153 # Error check *************************************** 154 self.error_check_window = builder.get_object("error_check_window") 155 self.error_check_label = builder.get_object("error_check_label") 156 self.invalid_entry = False 157 # Advanced search window **************************** 158 self.advanced_search_window = builder.get_object("advanced_search_window") 159 self.advanced_search_filter = builder.get_object("advanced_filter") 160 self.advanced_search_filter.set_visible_func(self.filter_the_data) 161 self.advanced_search_sort = builder.get_object("advanced_sort") 162 163 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 164 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 165 self.advanced_search = False 166 167 # Login Items ************************************** 168 self.login_label = builder.get_object("Login_label") 169 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 170 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 171 self.login_name_entry = builder.get_object("login_name_entry") 172 self.login_mls_label = builder.get_object("login_mls_label") 173 self.login_mls_entry = builder.get_object("login_mls_entry") 174 self.login_radio_button = builder.get_object("Login_button") 175 self.login_treeview = builder.get_object("login_treeview") 176 self.login_liststore = builder.get_object("login_liststore") 177 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 178 self.login_filter = builder.get_object("login_filter") 179 self.login_filter.set_visible_func(self.filter_the_data) 180 self.login_popup_window = builder.get_object("login_popup_window") 181 self.login_delete_liststore = builder.get_object("login_delete_liststore") 182 self.login_delete_window = builder.get_object("login_delete_window") 183 184 # Users Items ************************************** 185 self.user_popup_window = builder.get_object("user_popup_window") 186 self.user_radio_button = builder.get_object("User_button") 187 self.user_liststore = builder.get_object("user_liststore") 188 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 189 self.user_filter = builder.get_object("user_filter") 190 self.user_filter.set_visible_func(self.filter_the_data) 191 self.user_treeview = builder.get_object("user_treeview") 192 self.user_roles_combobox = builder.get_object("user_roles_combobox") 193 self.user_roles_combolist = builder.get_object("user_roles_liststore") 194 self.user_label = builder.get_object("User_label") 195 self.user_name_entry = builder.get_object("user_name_entry") 196 self.user_mls_label = builder.get_object("user_mls_label") 197 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 198 self.user_mls_entry = builder.get_object("user_mls_entry") 199 self.user_combobox = builder.get_object("selinux_user_combobox") 200 self.user_delete_liststore = builder.get_object("user_delete_liststore") 201 self.user_delete_window = builder.get_object("user_delete_window") 202 203 # File Equiv Items ************************************** 204 self.file_equiv_label = builder.get_object("file_equiv_label") 205 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 206 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 207 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 208 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 209 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 210 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 211 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 212 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 213 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 214 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 215 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 216 217 # System Items ************************************** 218 self.app_system_button = builder.get_object("app_system_button") 219 self.system_radio_button = builder.get_object("System_button") 220 self.lockdown_radio_button = builder.get_object("Lockdown_button") 221 self.systems_box = builder.get_object("Systems_box") 222 self.relabel_button = builder.get_object("Relabel_button") 223 self.relabel_button_no = builder.get_object("Relabel_button_no") 224 self.advanced_system = builder.get_object("advanced_system") 225 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 226 self.system_policy_label = builder.get_object("system_policy_type_label") 227 # Browse Items ************************************** 228 self.select_button_browse = builder.get_object("select_button_browse") 229 self.cancel_button_browse = builder.get_object("cancel_button_browse") 230 # More types window items *************************** 231 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 232 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 233 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 234 # System policy type ******************************** 235 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 236 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 237 self.policy_list = [] 238 if self.populate_system_policy() < 2: 239 self.advanced_system.set_visible(False) 240 self.system_policy_label.set_visible(False) 241 self.system_policy_type_combobox.set_visible(False) 242 243 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 244 self.permissive_button_default = builder.get_object("Permissive_button_default") 245 self.disabled_button_default = builder.get_object("Disabled_button_default") 246 self.initialize_system_default_mode() 247 248 # Lockdown Window ********************************* 249 self.enable_unconfined_button = builder.get_object("enable_unconfined") 250 self.disable_unconfined_button = builder.get_object("disable_unconfined") 251 self.enable_permissive_button = builder.get_object("enable_permissive") 252 self.disable_permissive_button = builder.get_object("disable_permissive") 253 self.enable_ptrace_button = builder.get_object("enable_ptrace") 254 self.disable_ptrace_button = builder.get_object("disable_ptrace") 255 256 # Help Window ********************************* 257 self.help_window = builder.get_object("help_window") 258 self.help_text = builder.get_object("help_textv") 259 self.info_text = builder.get_object("info_text") 260 self.help_image = builder.get_object("help_image") 261 self.forward_button = builder.get_object("forward_button") 262 self.back_button = builder.get_object("back_button") 263 # Update menu items ********************************* 264 self.update_window = builder.get_object("update_window") 265 self.update_treeview = builder.get_object("update_treeview") 266 self.update_treestore = builder.get_object("Update_treestore") 267 self.apply_button = builder.get_object("apply_button") 268 self.update_button = builder.get_object("Update_button") 269 # Add button objects ******************************** 270 self.add_button = builder.get_object("Add_button") 271 self.delete_button = builder.get_object("Delete_button") 272 273 self.files_path_entry = builder.get_object("files_path_entry") 274 self.network_ports_entry = builder.get_object("network_ports_entry") 275 self.files_popup_window = builder.get_object("files_popup_window") 276 self.network_popup_window = builder.get_object("network_popup_window") 277 278 self.popup_network_label = builder.get_object("Network_label") 279 self.popup_files_label = builder.get_object("files_label") 280 281 self.recursive_path_toggle = builder.get_object("make_path_recursive") 282 self.files_type_combolist = builder.get_object("files_type_combo_store") 283 self.files_class_combolist = builder.get_object("files_class_combo_store") 284 self.files_type_combobox = builder.get_object("files_type_combobox") 285 self.files_class_combobox = builder.get_object("files_class_combobox") 286 self.files_mls_label = builder.get_object("files_mls_label") 287 self.files_mls_entry = builder.get_object("files_mls_entry") 288 self.advanced_text_files = builder.get_object("Advanced_text_files") 289 self.files_cancel_button = builder.get_object("cancel_delete_files") 290 291 self.network_tcp_button = builder.get_object("tcp_button") 292 self.network_udp_button = builder.get_object("udp_button") 293 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 294 self.network_port_type_combobox = builder.get_object("network_type_combobox") 295 self.network_mls_label = builder.get_object("network_mls_label") 296 self.network_mls_entry = builder.get_object("network_mls_entry") 297 self.advanced_text_network = builder.get_object("Advanced_text_network") 298 self.network_cancel_button = builder.get_object("cancel_network_delete") 299 300 # Add button objects ******************************** 301 302 # Modify items ************************************** 303 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 304 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 305 self.warning_files = builder.get_object("warning_files") 306 self.modify_button = builder.get_object("Modify_button") 307 self.modify_button.set_sensitive(False) 308 # Modify items ************************************** 309 310 # Fix label ***************************************** 311 self.fix_label_window = builder.get_object("fix_label_window") 312 self.fixlabel_label = builder.get_object("fixlabel_label") 313 self.fix_label_cancel = builder.get_object("fix_label_cancel") 314 # Fix label ***************************************** 315 316 # Delete items ************************************** 317 self.files_delete_window = builder.get_object("files_delete_window") 318 self.files_delete_treeview = builder.get_object("files_delete_treeview") 319 self.files_delete_liststore = builder.get_object("files_delete_liststore") 320 self.network_delete_window = builder.get_object("network_delete_window") 321 self.network_delete_treeview = builder.get_object("network_delete_treeview") 322 self.network_delete_liststore = builder.get_object("network_delete_liststore") 323 # Delete items ************************************** 324 325 # Progress bar ************************************** 326 self.progress_bar = builder.get_object("progress_bar") 327 # Progress bar ************************************** 328 329 # executable_files items **************************** 330 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 331 self.executable_files_filter = builder.get_object("executable_files_filter") 332 self.executable_files_filter.set_visible_func(self.filter_the_data) 333 self.executable_files_tab = builder.get_object("Executable_files_tab") 334 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 335 self.executable_files_liststore = builder.get_object("executable_files_treestore") 336 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 337 338 self.files_radio_button = builder.get_object("files_button") 339 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 340 # executable_files items **************************** 341 342 # writable files items ****************************** 343 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 344 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 345 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 346 self.writable_files_filter = builder.get_object("writable_files_filter") 347 self.writable_files_filter.set_visible_func(self.filter_the_data) 348 self.writable_files_tab = builder.get_object("Writable_files_tab") 349 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 350 # writable files items ****************************** 351 352 # Application File Types **************************** 353 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 354 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 355 self.application_files_filter.set_visible_func(self.filter_the_data) 356 self.application_files_tab = builder.get_object("Application_files_tab") 357 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 358 self.application_files_liststore = builder.get_object("application_files_treestore") 359 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 360 self.application_files_tab = builder.get_object("Application_files_tab") 361 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 362 # Application File Type ***************************** 363 364 # network items ************************************* 365 self.network_radio_button = builder.get_object("network_button") 366 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 367 368 self.network_out_treeview = builder.get_object("outbound_treeview") 369 self.network_out_liststore = builder.get_object("network_out_liststore") 370 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 371 self.network_out_filter = builder.get_object("network_out_filter") 372 self.network_out_filter.set_visible_func(self.filter_the_data) 373 self.network_out_tab = builder.get_object("network_out_tab") 374 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 375 376 self.network_in_treeview = builder.get_object("inbound_treeview") 377 self.network_in_liststore = builder.get_object("network_in_liststore") 378 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 379 self.network_in_filter = builder.get_object("network_in_filter") 380 self.network_in_filter.set_visible_func(self.filter_the_data) 381 self.network_in_tab = builder.get_object("network_in_tab") 382 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 383 # network items ************************************* 384 385 # boolean items ************************************ 386 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 387 self.boolean_liststore = builder.get_object("boolean_liststore") 388 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 389 self.boolean_filter = builder.get_object("boolean_filter") 390 self.boolean_filter.set_visible_func(self.filter_the_data) 391 392 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 393 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 394 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 395 self.boolean_radio_button = builder.get_object("Booleans_button") 396 self.active_button = self.boolean_radio_button 397 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 398 # boolean items ************************************ 399 400 # transitions items ************************************ 401 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 402 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 403 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 404 self.transitions_into_filter = builder.get_object("transitions_into_filter") 405 self.transitions_into_filter.set_visible_func(self.filter_the_data) 406 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 407 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 408 409 self.transitions_radio_button = builder.get_object("Transitions_button") 410 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 411 412 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 413 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 414 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 415 self.transitions_from_filter = builder.get_object("transitions_from_filter") 416 self.transitions_from_filter.set_visible_func(self.filter_the_data) 417 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 418 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 419 420 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 421 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 422 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 423 self.transitions_file_filter = builder.get_object("file_transitions_filter") 424 self.transitions_file_filter.set_visible_func(self.filter_the_data) 425 self.transitions_file_tab = builder.get_object("file_transitions") 426 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 427 # transitions items ************************************ 428 429 # Combobox and Entry items ************************** 430 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 431 self.application_liststore = builder.get_object("application_liststore") 432 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 433 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 434 #self.entrycompletion_obj = Gtk.EntryCompletion() 435 self.entrycompletion_obj.set_minimum_key_length(0) 436 self.entrycompletion_obj.set_text_column(0) 437 self.entrycompletion_obj.set_match_func(self.match_func, None) 438 self.completion_entry.set_completion(self.entrycompletion_obj) 439 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 440 # Combobox and Entry items ************************** 441 442 # Modify buttons ************************************ 443 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 444 # Modify button ************************************* 445 446 # status bar ***************************************** 447 self.current_status_label = builder.get_object("Enforcing_label") 448 self.current_status_enforcing = builder.get_object("Enforcing_button") 449 self.current_status_permissive = builder.get_object("Permissive_button") 450 self.status_bar = builder.get_object("status_bar") 451 self.context_id = self.status_bar.get_context_id("SELinux status") 452 453 # filters ********************************************* 454 self.filter_entry = builder.get_object("filter_entry") 455 self.filter_box = builder.get_object("filter_box") 456 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 457 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 458 459 # Toggle button **************************************** 460 self.cell = builder.get_object("activate") 461 self.del_cell_files = builder.get_object("files_toggle_delete") 462 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 463 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 464 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 465 self.del_cell_user = builder.get_object("user_toggle_delete") 466 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 467 self.del_cell_login = builder.get_object("login_toggle_delete") 468 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 469 self.del_cell_network = builder.get_object("network_toggle_delete") 470 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 471 self.update_cell = builder.get_object("toggle_update") 472 # Notebook items *************************************** 473 self.outer_notebook = builder.get_object("outer_notebook") 474 self.inner_notebook_files = builder.get_object("files_inner_notebook") 475 self.inner_notebook_network = builder.get_object("network_inner_notebook") 476 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 477 # logind gui *************************************** 478 loading_gui = builder.get_object("loading_gui") 479 480 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 481 self.all_entries = [] 482 483 # Need to connect button on code because the tree view model is a treeviewsort 484 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 485 486 self.loading = 1 487 path = None 488 if test: 489 self.all_domains = ["httpd_t", "abrt_t"] 490 if app and app not in self.all_domains: 491 self.all_domains.append(app) 492 else: 493 self.all_domains = sepolicy.get_all_domains() 494 self.all_domains.sort(key=str.lower) 495 496 if app and app not in self.all_domains: 497 self.error(_("%s is not a valid domain" % app)) 498 self.quit() 499 500 loading_gui.show() 501 length = len(self.all_domains) 502 503 entrypoint_dict = sepolicy.get_init_entrypoints_str() 504 for domain in self.all_domains: 505 # After the user selects a path in the drop down menu call 506 # get_init_entrypoint_target(entrypoint) to get the transtype 507 # which will give you the application 508 self.combo_box_add(domain, domain) 509 self.percentage = float(float(self.loading) / float(length)) 510 self.progress_bar.set_fraction(self.percentage) 511 self.progress_bar.set_pulse_step(self.percentage) 512 self.idle_func() 513 514 for entrypoint in entrypoint_dict.get(domain, []): 515 path = sepolicy.find_entrypoint_path(entrypoint) 516 if path: 517 self.combo_box_add(path, domain) 518 self.installed_list.append(path) 519 520 self.loading += 1 521 loading_gui.hide() 522 self.entrycompletion_obj.set_model(self.application_liststore) 523 self.advanced_search_treeview.set_model(self.advanced_search_sort) 524 525 dic = { 526 "on_combo_button_clicked": self.open_combo_menu, 527 "on_disable_ptrace_toggled": self.on_disable_ptrace, 528 "on_SELinux_window_configure_event": self.hide_combo_menu, 529 "on_entrycompletion_obj_match_selected": self.set_application_label, 530 "on_filter_changed": self.get_filter_data, 531 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 532 "on_save_changes_login_clicked": self.update_to_login, 533 "on_save_changes_user_clicked": self.update_to_user, 534 "on_save_changes_files_clicked": self.update_to_files, 535 "on_save_changes_network_clicked": self.update_to_network, 536 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 537 "item_in_tree_selected": self.cursor_changed, 538 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 539 "on_save_delete_clicked": self.on_save_delete_clicked, 540 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 541 "on_retry_button_files_clicked": self.invalid_entry_retry, 542 "on_make_path_recursive_toggled": self.recursive_path, 543 "on_files_path_entry_button_press_event": self.highlight_entry_text, 544 "on_files_path_entry_changed": self.autofill_add_files_entry, 545 "on_select_type_files_clicked": self.select_type_more, 546 "on_choose_file": self.on_browse_select, 547 "on_Enforcing_button_toggled": self.set_enforce, 548 "on_confirmation_close": self.confirmation_close, 549 "on_column_clicked": self.column_clicked, 550 "on_tab_switch": self.clear_filters, 551 552 "on_file_equiv_button_clicked": self.show_file_equiv_page, 553 "on_app/system_button_clicked": self.system_interface, 554 "on_app/users_button_clicked": self.users_interface, 555 "on_show_advanced_search_window": self.on_show_advanced_search_window, 556 557 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 558 "on_Browse_button_files_clicked": self.browse_for_files, 559 "on_cancel_popup_clicked": self.close_popup, 560 "on_treeview_cursor_changed": self.cursor_changed, 561 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 562 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 563 564 "on_cancel_button_browse_clicked": self.close_config_window, 565 "on_apply_button_clicked": self.apply_changes_button_press, 566 "on_Revert_button_clicked": self.update_or_revert_changes, 567 "on_Update_button_clicked": self.update_or_revert_changes, 568 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 569 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 570 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 571 "on_info_button_button_press_event": self.on_help_button, 572 "on_back_button_clicked": self.on_help_back_clicked, 573 "on_forward_button_clicked": self.on_help_forward_clicked, 574 "on_Boolean_treeview_columns_changed": self.resize_columns, 575 "on_completion_entry_changed": self.application_selected, 576 "on_Add_button_clicked": self.add_button_clicked, 577 "on_Delete_button_clicked": self.delete_button_clicked, 578 "on_Modify_button_clicked": self.modify_button_clicked, 579 "on_Show_modified_only_toggled": self.on_show_modified_only, 580 "on_cancel_button_config_clicked": self.close_config_window, 581 "on_Import_button_clicked": self.import_config_show, 582 "on_Export_button_clicked": self.export_config_show, 583 "on_enable_unconfined_toggled": self.unconfined_toggle, 584 "on_enable_permissive_toggled": self.permissive_toggle, 585 "on_system_policy_type_combobox_changed": self.change_default_policy, 586 "on_Enforcing_button_default_toggled": self.change_default_mode, 587 "on_Permissive_button_default_toggled": self.change_default_mode, 588 "on_Disabled_button_default_toggled": self.change_default_mode, 589 590 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 591 "on_advanced_system_button_press_event": self.reveal_advanced_system, 592 "on_files_type_combobox_changed": self.show_more_types, 593 "on_filter_row_changed": self.filter_the_data, 594 "on_button_toggled": self.tab_change, 595 "gtk_main_quit": self.closewindow 596 } 597 598 self.previously_modified_initialize(customized) 599 builder.connect_signals(dic) 600 self.window.show() # Show the gui to the screen 601 GLib.timeout_add_seconds(5, self.selinux_status) 602 self.selinux_status() 603 self.lockdown_inited = False 604 self.add_modify_delete_box.hide() 605 self.filter_box.hide() 606 if self.status == DISABLED: 607 self.show_system_page() 608 else: 609 if self.application: 610 self.applications_selection_button.set_label(self.application) 611 self.completion_entry.set_text(self.application) 612 self.show_applications_page() 613 self.tab_change() 614 else: 615 self.clearbuttons() 616 self.outer_notebook.set_current_page(START_PAGE) 617 618 self.reinit() 619 self.finish_init = True 620 Gtk.main() 621 622 def init_cur(self): 623 self.cur_dict = {} 624 for k in keys: 625 self.cur_dict[k] = {} 626 627 def remove_cur(self, ctr): 628 i = 0 629 for k in self.cur_dict: 630 for j in self.cur_dict[k]: 631 if i == ctr: 632 del(self.cur_dict[k][j]) 633 return 634 i += 1 635 636 def selinux_status(self): 637 try: 638 self.status = selinux.security_getenforce() 639 except OSError: 640 self.status = DISABLED 641 if self.status == DISABLED: 642 self.current_status_label.set_sensitive(False) 643 self.current_status_enforcing.set_sensitive(False) 644 self.current_status_permissive.set_sensitive(False) 645 self.enforcing_button_default.set_sensitive(False) 646 self.status_bar.push(self.context_id, _("System Status: Disabled")) 647 self.info_text.set_label(DISABLED_TEXT) 648 else: 649 self.set_enforce_text(self.status) 650 if os.path.exists('/.autorelabel'): 651 self.relabel_button.set_active(True) 652 else: 653 self.relabel_button_no.set_active(True) 654 655 policytype = selinux.selinux_getpolicytype()[1] 656 657 mode = selinux.selinux_getenforcemode()[1] 658 if mode == ENFORCING: 659 self.enforcing_button_default.set_active(True) 660 if mode == PERMISSIVE: 661 self.permissive_button_default.set_active(True) 662 if mode == DISABLED: 663 self.disabled_button_default.set_active(True) 664 665 return True 666 667 def lockdown_init(self): 668 if self.lockdown_inited: 669 return 670 self.wait_mouse() 671 self.lockdown_inited = True 672 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 673 self.module_dict = {} 674 for m in self.dbus.semodule_list().split("\n"): 675 mod = m.split() 676 if len(mod) < 2: 677 continue 678 self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)} 679 680 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 681 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 682 self.ready_mouse() 683 684 def column_clicked(self, treeview, treepath, treecol, *args): 685 iter = self.get_selected_iter() 686 if not iter: 687 return 688 689 if self.opage == BOOLEANS_PAGE: 690 if treecol.get_name() == "more_detail_col": 691 self.display_more_detail(self.window, treepath) 692 693 if self.opage == FILES_PAGE: 694 visible = self.liststore.get_value(iter, 3) 695 # If visible is true then fix mislabeled will be visible 696 if treecol.get_name() == "restorecon_col" and visible: 697 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 698 699 if self.opage == TRANSITIONS_PAGE: 700 bool_name = self.liststore.get_value(iter, 1) 701 if bool_name: 702 self.boolean_radio_button.clicked() 703 self.filter_entry.set_text(bool_name) 704 705 def idle_func(self): 706 while Gtk.events_pending(): 707 Gtk.main_iteration() 708 709 def match_func(self, completion, key_string, iter, func_data): 710 try: 711 if self.application_liststore.get_value(iter, 0).find(key_string) != -1: 712 return True 713 return False 714 except AttributeError: 715 pass 716 717 def help_show_page(self): 718 self.back_button.set_sensitive(self.help_page != 0) 719 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 720 try: 721 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 722 buf = fd.read() 723 fd.close() 724 except IOError: 725 buf = "" 726 help_text = self.help_text.get_buffer() 727 help_text.set_text(buf % {"APP": self.application}) 728 self.help_text.set_buffer(help_text) 729 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 730 self.show_popup(self.help_window) 731 732 def on_help_back_clicked(self, *args): 733 self.help_page -= 1 734 self.help_show_page() 735 736 def on_help_forward_clicked(self, *args): 737 self.help_page += 1 738 self.help_show_page() 739 740 def on_help_button(self, *args): 741 self.help_page = 0 742 self.help_list = [] 743 if self.opage == START_PAGE: 744 self.help_window.set_title(_("Help: Start Page")) 745 self.help_list = ["start"] 746 747 if self.opage == BOOLEANS_PAGE: 748 self.help_window.set_title(_("Help: Booleans Page")) 749 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 750 751 if self.opage == FILES_PAGE: 752 ipage = self.inner_notebook_files.get_current_page() 753 if ipage == EXE_PAGE: 754 self.help_window.set_title(_("Help: Executable Files Page")) 755 self.help_list = ["files_exec"] 756 if ipage == WRITABLE_PAGE: 757 self.help_window.set_title(_("Help: Writable Files Page")) 758 self.help_list = ["files_write"] 759 if ipage == APP_PAGE: 760 self.help_window.set_title(_("Help: Application Types Page")) 761 self.help_list = ["files_app"] 762 if self.opage == NETWORK_PAGE: 763 ipage = self.inner_notebook_network.get_current_page() 764 if ipage == OUTBOUND_PAGE: 765 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 766 self.help_list = ["ports_outbound"] 767 if ipage == INBOUND_PAGE: 768 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 769 self.help_list = ["ports_inbound"] 770 771 if self.opage == TRANSITIONS_PAGE: 772 ipage = self.inner_notebook_transitions.get_current_page() 773 if ipage == TRANSITIONS_FROM_PAGE: 774 self.help_window.set_title(_("Help: Transition from application Page")) 775 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 776 if ipage == TRANSITIONS_TO_PAGE: 777 self.help_window.set_title(_("Help: Transition into application Page")) 778 self.help_list = ["transition_to"] 779 if ipage == TRANSITIONS_FILE_PAGE: 780 self.help_window.set_title(_("Help: Transition application file Page")) 781 self.help_list = ["transition_file"] 782 783 if self.opage == SYSTEM_PAGE: 784 self.help_window.set_title(_("Help: Systems Page")) 785 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 786 787 if self.opage == LOCKDOWN_PAGE: 788 self.help_window.set_title(_("Help: Lockdown Page")) 789 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 790 791 if self.opage == LOGIN_PAGE: 792 self.help_window.set_title(_("Help: Login Page")) 793 self.help_list = ["login", "login_default"] 794 795 if self.opage == USER_PAGE: 796 self.help_window.set_title(_("Help: SELinux User Page")) 797 self.help_list = ["users"] 798 799 if self.opage == FILE_EQUIV_PAGE: 800 self.help_window.set_title(_("Help: File Equivalence Page")) 801 self.help_list = ["file_equiv"] 802 return self.help_show_page() 803 804 def open_combo_menu(self, *args): 805 if self.popup == 0: 806 self.popup = 1 807 location = self.window.get_position() 808 self.main_selection_window.move(location[0] + 2, location[1] + 65) 809 self.main_selection_window.show() 810 else: 811 self.main_selection_window.hide() 812 self.popup = 0 813 814 def hide_combo_menu(self, *args): 815 self.main_selection_window.hide() 816 self.popup = 0 817 818 def set_application_label(self, *args): 819 self.set_application_label = True 820 821 def resize_wrap(self, *args): 822 print(args) 823 824 def initialize_system_default_mode(self): 825 self.enforce_mode = selinux.selinux_getenforcemode()[1] 826 if self.enforce_mode == ENFORCING: 827 self.enforce_button = self.enforcing_button_default 828 if self.enforce_mode == PERMISSIVE: 829 self.enforce_button = self.permissive_button_default 830 if self.enforce_mode == DISABLED: 831 self.enforce_button = self.disabled_button_default 832 833 def populate_system_policy(self): 834 selinux_path = selinux.selinux_path() 835 types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0] 836 types.sort() 837 ctr = 0 838 for item in types: 839 iter = self.system_policy_type_liststore.append() 840 self.system_policy_type_liststore.set_value(iter, 0, item) 841 if item == self.initialtype: 842 self.system_policy_type_combobox.set_active(ctr) 843 self.typeHistory = ctr 844 ctr += 1 845 return ctr 846 847 def filter_the_data(self, list, iter, *args): 848 # When there is no txt in the box show all items in the tree 849 if self.filter_txt == "": 850 return True 851 try: 852 for x in range(0, list.get_n_columns()): 853 try: 854 val = list.get_value(iter, x) 855 if val is True or val is False or val is None: 856 continue 857 # Returns true if filter_txt exists within the val 858 if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): 859 return True 860 except (AttributeError, TypeError): 861 pass 862 except: # ValueError: 863 pass 864 return False 865 866 def net_update(self, app, netd, protocol, direction, model): 867 for k in netd.keys(): 868 for t, ports in netd[k]: 869 pkey = (",".join(ports), protocol) 870 if pkey in self.cur_dict["port"]: 871 if self.cur_dict["port"][pkey]["action"] == "-d": 872 continue 873 if t != self.cur_dict["port"][pkey]["type"]: 874 continue 875 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 876 877 def file_equiv_initialize(self): 878 self.wait_mouse() 879 edict = sepolicy.get_file_equiv() 880 self.file_equiv_liststore.clear() 881 for f in edict: 882 iter = self.file_equiv_liststore.append() 883 if edict[f]["modify"]: 884 name = self.markup(f) 885 equiv = self.markup(edict[f]["equiv"]) 886 else: 887 name = f 888 equiv = edict[f]["equiv"] 889 890 self.file_equiv_liststore.set_value(iter, 0, name) 891 self.file_equiv_liststore.set_value(iter, 1, equiv) 892 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 893 self.ready_mouse() 894 895 def user_initialize(self): 896 self.wait_mouse() 897 self.user_liststore.clear() 898 for u in sepolicy.get_selinux_users(): 899 iter = self.user_liststore.append() 900 self.user_liststore.set_value(iter, 0, str(u["name"])) 901 roles = u["roles"] 902 if "object_r" in roles: 903 roles.remove("object_r") 904 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 905 self.user_liststore.set_value(iter, 2, u["level"]) 906 self.user_liststore.set_value(iter, 3, u["range"]) 907 self.user_liststore.set_value(iter, 4, True) 908 self.ready_mouse() 909 910 def login_initialize(self): 911 self.wait_mouse() 912 self.login_liststore.clear() 913 for u in sepolicy.get_login_mappings(): 914 iter = self.login_liststore.append() 915 self.login_liststore.set_value(iter, 0, u["name"]) 916 self.login_liststore.set_value(iter, 1, u["seuser"]) 917 self.login_liststore.set_value(iter, 2, u["mls"]) 918 self.login_liststore.set_value(iter, 3, True) 919 self.ready_mouse() 920 921 def network_initialize(self, app): 922 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True) 923 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 924 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind", check_bools=True) 925 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 926 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind", check_bools=True) 927 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 928 929 def network_initial_data_insert(self, model, ports, portType, protocol): 930 iter = model.append() 931 model.set_value(iter, 0, ports) 932 model.set_value(iter, 1, protocol) 933 model.set_value(iter, 2, portType) 934 model.set_value(iter, 4, True) 935 936 def combo_set_active_text(self, combobox, val): 937 ctr = 0 938 liststore = combobox.get_model() 939 for i in liststore: 940 if i[0] == val: 941 combobox.set_active(ctr) 942 return 943 ctr += 1 944 945 niter = liststore.get_iter(ctr - 1) 946 if liststore.get_value(niter, 0) == _("More..."): 947 iter = liststore.insert_before(niter) 948 ctr = ctr - 1 949 else: 950 iter = liststore.append() 951 liststore.set_value(iter, 0, val) 952 combobox.set_active(ctr) 953 954 def combo_get_active_text(self, combobox): 955 liststore = combobox.get_model() 956 index = combobox.get_active() 957 if index < 0: 958 return None 959 iter = liststore.get_iter(index) 960 return liststore.get_value(iter, 0) 961 962 def combo_box_add(self, val, val1): 963 if val is None: 964 return 965 iter = self.application_liststore.append() 966 self.application_liststore.set_value(iter, 0, val) 967 self.application_liststore.set_value(iter, 1, val1) 968 969 def select_type_more(self, *args): 970 app = self.moreTypes_treeview.get_selection() 971 iter = app.get_selected()[1] 972 if iter is None: 973 return 974 app = self.more_types_files_liststore.get_value(iter, 0) 975 self.combo_set_active_text(self.files_type_combobox, app) 976 self.closewindow(self.moreTypes_window_files) 977 978 def advanced_item_button_push(self, *args): 979 row = self.advanced_search_treeview.get_selection() 980 model, iter = row.get_selected() 981 iter = model.convert_iter_to_child_iter(iter) 982 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 983 app = self.application_liststore.get_value(iter, 1) 984 if app is None: 985 return 986 self.advanced_filter_entry.set_text('') 987 self.advanced_search_window.hide() 988 self.reveal_advanced(self.main_advanced_label) 989 self.completion_entry.set_text(app) 990 991 def advanced_item_selected(self, treeview, path, *args): 992 iter = self.advanced_search_filter.get_iter(path) 993 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 994 app = self.application_liststore.get_value(iter, 1) 995 self.advanced_filter_entry.set_text('') 996 self.advanced_search_window.hide() 997 self.reveal_advanced(self.main_advanced_label) 998 self.completion_entry.set_text(app) 999 self.application_selected() 1000 1001 def find_application(self, app): 1002 if app and len(app) > 0: 1003 for items in self.application_liststore: 1004 if app == items[0]: 1005 return True 1006 return False 1007 1008 def application_selected(self, *args): 1009 self.show_mislabeled_files_only.set_visible(False) 1010 self.mislabeled_files_label.set_visible(False) 1011 self.warning_files.set_visible(False) 1012 self.filter_entry.set_text('') 1013 1014 app = self.completion_entry.get_text() 1015 if not self.find_application(app): 1016 return 1017 self.show_applications_page() 1018 self.add_button.set_sensitive(True) 1019 self.delete_button.set_sensitive(True) 1020 # Clear the tree to prepare for a new selection otherwise 1021 self.executable_files_liststore.clear() 1022 # data will pile up everytime the user selects a new item from the drop down menu 1023 self.network_in_liststore.clear() 1024 self.network_out_liststore.clear() 1025 self.boolean_liststore.clear() 1026 self.transitions_into_liststore.clear() 1027 self.transitions_from_treestore.clear() 1028 self.application_files_liststore.clear() 1029 self.writable_files_liststore.clear() 1030 self.transitions_file_liststore.clear() 1031 1032 try: 1033 if app[0] == '/': 1034 app = sepolicy.get_init_transtype(app) 1035 if not app: 1036 return 1037 self.application = app 1038 except IndexError: 1039 pass 1040 1041 self.wait_mouse() 1042 self.previously_modified_initialize(self.dbus.customized()) 1043 self.reinit() 1044 self.boolean_initialize(app) 1045 self.mislabeled_files = False 1046 self.executable_files_initialize(app) 1047 self.network_initialize(app) 1048 self.writable_files_initialize(app) 1049 self.transitions_into_initialize(app) 1050 self.transitions_from_initialize(app) 1051 self.application_files_initialize(app) 1052 self.transitions_files_initialize(app) 1053 1054 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) 1055 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) 1056 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) 1057 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) 1058 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) 1059 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) 1060 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) 1061 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) 1062 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) 1063 self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) 1064 self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) 1065 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) 1066 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) 1067 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app)) 1068 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) 1069 1070 self.application = app 1071 self.applications_selection_button.set_label(self.application) 1072 self.ready_mouse() 1073 1074 def reinit(self): 1075 sepolicy.reinit() 1076 self.fcdict = sepolicy.get_fcdict() 1077 self.local_file_paths = sepolicy.get_local_file_paths() 1078 1079 def previously_modified_initialize(self, buf): 1080 self.cust_dict = {} 1081 for i in buf.split("\n"): 1082 rec = i.split() 1083 if len(rec) == 0: 1084 continue 1085 if rec[1] == "-D": 1086 continue 1087 if rec[0] not in self.cust_dict: 1088 self.cust_dict[rec[0]] = {} 1089 if rec[0] == "boolean": 1090 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1091 if rec[0] == "login": 1092 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1093 if rec[0] == "interface": 1094 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1095 if rec[0] == "user": 1096 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1097 if rec[0] == "port": 1098 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1099 if rec[0] == "node": 1100 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1101 if rec[0] == "fcontext": 1102 if rec[2] == "-e": 1103 if "fcontext-equiv" not in self.cust_dict: 1104 self.cust_dict["fcontext-equiv"] = {} 1105 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1106 else: 1107 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1108 if rec[0] == "module": 1109 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1110 1111 if "module" not in self.cust_dict: 1112 return 1113 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1114 if semodule in self.cust_dict["module"]: 1115 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1116 1117 for i in keys: 1118 if i not in self.cust_dict: 1119 self.cust_dict.update({i: {}}) 1120 1121 def executable_files_initialize(self, application): 1122 self.entrypoints = sepolicy.get_entrypoints(application) 1123 for exe in self.entrypoints.keys(): 1124 if len(self.entrypoints[exe]) == 0: 1125 continue 1126 file_class = self.entrypoints[exe][1] 1127 for path in self.entrypoints[exe][0]: 1128 if (path, file_class) in self.cur_dict["fcontext"]: 1129 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1130 continue 1131 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1132 continue 1133 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1134 1135 def mislabeled(self, path): 1136 try: 1137 con = selinux.matchpathcon(path, 0)[1] 1138 cur = selinux.getfilecon(path)[1] 1139 return con != cur 1140 except OSError: 1141 return False 1142 1143 def set_mislabeled(self, tree, path, iter, niter): 1144 if not self.mislabeled(path): 1145 return 1146 con = selinux.matchpathcon(path, 0)[1] 1147 cur = selinux.getfilecon(path)[1] 1148 self.mislabeled_files = True 1149 # Set visibility of label 1150 tree.set_value(niter, 3, True) 1151 # Has a mislabel 1152 tree.set_value(iter, 4, True) 1153 tree.set_value(niter, 4, True) 1154 tree.set_value(iter, 5, con.split(":")[2]) 1155 tree.set_value(iter, 6, cur.split(":")[2]) 1156 1157 def writable_files_initialize(self, application): 1158 # Traversing the dictionary data struct 1159 self.writable_files = sepolicy.get_writable_files(application) 1160 for write in self.writable_files.keys(): 1161 if len(self.writable_files[write]) < 2: 1162 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1163 continue 1164 file_class = self.writable_files[write][1] 1165 for path in self.writable_files[write][0]: 1166 if (path, file_class) in self.cur_dict["fcontext"]: 1167 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1168 continue 1169 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1170 continue 1171 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1172 1173 def files_initial_data_insert(self, liststore, path, seLinux_label, file_class): 1174 iter = liststore.append(None) 1175 if path is None: 1176 path = _("MISSING FILE PATH") 1177 modify = False 1178 else: 1179 modify = (path, file_class) in self.local_file_paths 1180 for p in sepolicy.find_file(path): 1181 niter = liststore.append(iter) 1182 liststore.set_value(niter, 0, p) 1183 self.set_mislabeled(liststore, p, iter, niter) 1184 if modify: 1185 path = self.markup(path) 1186 file_class = self.markup(selinux_label) 1187 file_class = self.markup(file_class) 1188 liststore.set_value(iter, 0, path) 1189 liststore.set_value(iter, 1, seLinux_label) 1190 liststore.set_value(iter, 2, file_class) 1191 liststore.set_value(iter, 7, modify) 1192 1193 def markup(self, f): 1194 return "<b>%s</b>" % f 1195 1196 def unmarkup(self, f): 1197 if f: 1198 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1199 return None 1200 1201 def application_files_initialize(self, application): 1202 self.file_types = sepolicy.get_file_types(application) 1203 for app in self.file_types.keys(): 1204 if len(self.file_types[app]) == 0: 1205 continue 1206 file_class = self.file_types[app][1] 1207 for path in self.file_types[app][0]: 1208 desc = sepolicy.get_description(app, markup=self.markup) 1209 if (path, file_class) in self.cur_dict["fcontext"]: 1210 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1211 continue 1212 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1213 continue 1214 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1215 1216 def modified(self): 1217 i = 0 1218 for k in self.cur_dict: 1219 if len(self.cur_dict[k]) > 0: 1220 return True 1221 return False 1222 1223 def boolean_initialize(self, application): 1224 for blist in sepolicy.get_bools(application): 1225 for b, active in blist: 1226 if b in self.cur_dict["boolean"]: 1227 active = self.cur_dict["boolean"][b]['active'] 1228 desc = sepolicy.boolean_desc(b) 1229 self.boolean_initial_data_insert(b, desc, active) 1230 1231 def boolean_initial_data_insert(self, val, desc, active): 1232 # Insert data from data source into tree 1233 iter = self.boolean_liststore.append() 1234 self.boolean_liststore.set_value(iter, 0, active) 1235 self.boolean_liststore.set_value(iter, 1, desc) 1236 self.boolean_liststore.set_value(iter, 2, val) 1237 self.boolean_liststore.set_value(iter, 3, _('More...')) 1238 1239 def transitions_into_initialize(self, application): 1240 for x in sepolicy.get_transitions_into(application): 1241 active = None 1242 executable = None 1243 source = None 1244 if "boolean" in x: 1245 active = x["boolean"] 1246 if "target" in x: 1247 executable = x["target"] 1248 if "source" in x: 1249 source = x["source"] 1250 self.transitions_into_initial_data_insert(active, executable, source) 1251 1252 def transitions_into_initial_data_insert(self, active, executable, source): 1253 iter = self.transitions_into_liststore.append() 1254 if active != None: 1255 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1256 else: 1257 self.transitions_into_liststore.set_value(iter, 0, "Default") 1258 1259 self.transitions_into_liststore.set_value(iter, 2, executable) 1260 self.transitions_into_liststore.set_value(iter, 1, source) 1261 1262 def transitions_from_initialize(self, application): 1263 for x in sepolicy.get_transitions(application): 1264 active = None 1265 executable = None 1266 transtype = None 1267 if "boolean" in x: 1268 active = x["boolean"] 1269 if "target" in x: 1270 executable_type = x["target"] 1271 if "transtype" in x: 1272 transtype = x["transtype"] 1273 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1274 try: 1275 for executable in self.fcdict[executable_type]["regex"]: 1276 self.transitions_from_initial_data_insert(active, executable, transtype) 1277 except KeyError: 1278 pass 1279 1280 def transitions_from_initial_data_insert(self, active, executable, transtype): 1281 iter = self.transitions_from_treestore.append(None) 1282 if active == None: 1283 self.transitions_from_treestore.set_value(iter, 0, "Default") 1284 self.transitions_from_treestore.set_value(iter, 5, False) 1285 else: 1286 niter = self.transitions_from_treestore.append(iter) 1287 # active[0][1] is either T or F (enabled is all the way at the top) 1288 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1289 markup = ('<span foreground="blue"><u>','</u></span>') 1290 if active[0][1]: 1291 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the %sBoolean section%s.") % markup)) 1292 else: 1293 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the %sBoolean section%s.") % markup)) 1294 1295 # active[0][0] is the Bool Name 1296 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1297 self.transitions_from_treestore.set_value(niter, 5, True) 1298 1299 self.transitions_from_treestore.set_value(iter, 2, executable) 1300 self.transitions_from_treestore.set_value(iter, 3, transtype) 1301 1302 def transitions_files_initialize(self, application): 1303 for i in sepolicy.get_file_transitions(application): 1304 if 'filename' in i: 1305 filename = i['filename'] 1306 else: 1307 filename = None 1308 self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) 1309 1310 def transitions_files_inital_data_insert(self, path, tclass, dest, name): 1311 iter = self.transitions_file_liststore.append() 1312 self.transitions_file_liststore.set_value(iter, 0, path) 1313 self.transitions_file_liststore.set_value(iter, 1, tclass) 1314 self.transitions_file_liststore.set_value(iter, 2, dest) 1315 if name == None: 1316 name = '*' 1317 self.transitions_file_liststore.set_value(iter, 3, name) 1318 1319 def tab_change(self, *args): 1320 self.clear_filters() 1321 self.treeview = None 1322 self.treesort = None 1323 self.treefilter = None 1324 self.liststore = None 1325 self.modify_button.set_sensitive(False) 1326 self.add_modify_delete_box.hide() 1327 self.show_modified_only.set_visible(False) 1328 self.show_mislabeled_files_only.set_visible(False) 1329 self.mislabeled_files_label.set_visible(False) 1330 self.warning_files.set_visible(False) 1331 1332 if self.boolean_radio_button.get_active(): 1333 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1334 self.treeview = self.boolean_treeview 1335 self.show_modified_only.set_visible(True) 1336 1337 if self.files_radio_button.get_active(): 1338 self.show_popup(self.add_modify_delete_box) 1339 self.show_modified_only.set_visible(True) 1340 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1341 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1342 self.warning_files.set_visible(self.mislabeled_files) 1343 self.outer_notebook.set_current_page(FILES_PAGE) 1344 if args[0] == self.inner_notebook_files: 1345 ipage = args[2] 1346 else: 1347 ipage = self.inner_notebook_files.get_current_page() 1348 if ipage == EXE_PAGE: 1349 self.treeview = self.executable_files_treeview 1350 category = _("executable") 1351 elif ipage == WRITABLE_PAGE: 1352 self.treeview = self.writable_files_treeview 1353 category = _("writable") 1354 elif ipage == APP_PAGE: 1355 self.treeview = self.application_files_treeview 1356 category = _("application") 1357 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1358 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1359 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1360 1361 if self.network_radio_button.get_active(): 1362 self.add_modify_delete_box.show() 1363 self.show_modified_only.set_visible(True) 1364 self.outer_notebook.set_current_page(NETWORK_PAGE) 1365 if args[0] == self.inner_notebook_network: 1366 ipage = args[2] 1367 else: 1368 ipage = self.inner_notebook_network.get_current_page() 1369 if ipage == OUTBOUND_PAGE: 1370 self.treeview = self.network_out_treeview 1371 category = _("connect") 1372 if ipage == INBOUND_PAGE: 1373 self.treeview = self.network_in_treeview 1374 category = _("listen for inbound connections") 1375 1376 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) 1377 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category}) 1378 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1379 1380 if self.transitions_radio_button.get_active(): 1381 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1382 if args[0] == self.inner_notebook_transitions: 1383 ipage = args[2] 1384 else: 1385 ipage = self.inner_notebook_transitions.get_current_page() 1386 if ipage == TRANSITIONS_FROM_PAGE: 1387 self.treeview = self.transitions_from_treeview 1388 if ipage == TRANSITIONS_TO_PAGE: 1389 self.treeview = self.transitions_into_treeview 1390 if ipage == TRANSITIONS_FILE_PAGE: 1391 self.treeview = self.transitions_file_treeview 1392 1393 if self.system_radio_button.get_active(): 1394 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1395 self.filter_box.hide() 1396 1397 if self.lockdown_radio_button.get_active(): 1398 self.lockdown_init() 1399 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1400 self.filter_box.hide() 1401 1402 if self.user_radio_button.get_active(): 1403 self.outer_notebook.set_current_page(USER_PAGE) 1404 self.add_modify_delete_box.show() 1405 self.show_modified_only.set_visible(True) 1406 self.treeview = self.user_treeview 1407 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1408 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1409 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1410 1411 if self.login_radio_button.get_active(): 1412 self.outer_notebook.set_current_page(LOGIN_PAGE) 1413 self.add_modify_delete_box.show() 1414 self.show_modified_only.set_visible(True) 1415 self.treeview = self.login_treeview 1416 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1417 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1418 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1419 1420 if self.file_equiv_radio_button.get_active(): 1421 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1422 self.add_modify_delete_box.show() 1423 self.show_modified_only.set_visible(True) 1424 self.treeview = self.file_equiv_treeview 1425 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1426 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1427 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1428 1429 self.opage = self.outer_notebook.get_current_page() 1430 if self.treeview: 1431 self.filter_box.show() 1432 self.treesort = self.treeview.get_model() 1433 self.treefilter = self.treesort.get_model() 1434 self.liststore = self.treefilter.get_model() 1435 for x in range(0, self.liststore.get_n_columns()): 1436 col = self.treeview.get_column(x) 1437 if col: 1438 cell = col.get_cells()[0] 1439 if isinstance(cell, Gtk.CellRendererText): 1440 self.liststore.set_sort_func(x, self.stripsort, None) 1441 self.treeview.get_selection().unselect_all() 1442 self.modify_button.set_sensitive(False) 1443 1444 def stripsort(self, model, row1, row2, user_data): 1445 sort_column, _ = model.get_sort_column_id() 1446 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1447 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1448 return cmp(val1, val2) 1449 1450 def display_more_detail(self, windows, path): 1451 it = self.boolean_filter.get_iter(path) 1452 it = self.boolean_filter.convert_iter_to_child_iter(it) 1453 1454 self.boolean_more_detail_tree_data_set.clear() 1455 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1456 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1457 for b in blist: 1458 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1459 self.show_popup(self.boolean_more_detail_window) 1460 1461 def display_more_detail_init(self, source, target, class_type, permission): 1462 iter = self.boolean_more_detail_tree_data_set.append() 1463 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1464 1465 def add_button_clicked(self, *args): 1466 self.modify = False 1467 if self.opage == NETWORK_PAGE: 1468 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1469 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1470 self.init_network_dialog(args) 1471 return 1472 1473 if self.opage == FILES_PAGE: 1474 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1475 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1476 self.init_files_dialog(args) 1477 ipage = self.inner_notebook_files.get_current_page() 1478 if ipage == EXE_PAGE: 1479 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1480 else: 1481 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1482 self.clear_entry = True 1483 1484 if self.opage == LOGIN_PAGE: 1485 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1486 self.login_popup_window.set_title(_("Add Login Mapping")) 1487 self.login_init_dialog(args) 1488 self.clear_entry = True 1489 1490 if self.opage == USER_PAGE: 1491 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1492 self.user_popup_window.set_title(_("Add SELinux Users")) 1493 self.user_init_dialog(args) 1494 self.clear_entry = True 1495 1496 if self.opage == FILE_EQUIV_PAGE: 1497 self.file_equiv_source_entry.set_text("") 1498 self.file_equiv_dest_entry.set_text("") 1499 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1500 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1501 self.clear_entry = True 1502 self.show_popup(self.file_equiv_popup_window) 1503 1504 self.new_updates() 1505 1506 def show_popup(self, window): 1507 self.current_popup = window 1508 window.show() 1509 1510 def close_popup(self, *args): 1511 self.current_popup.hide() 1512 self.window.set_sensitive(True) 1513 return True 1514 1515 def modify_button_clicked(self, *args): 1516 iter = None 1517 if self.treeview: 1518 iter = self.get_selected_iter() 1519 if not iter: 1520 self.modify_button.set_sensitive(False) 1521 return 1522 self.modify = True 1523 if self.opage == NETWORK_PAGE: 1524 self.modify_button_network_clicked(args) 1525 1526 if self.opage == FILES_PAGE: 1527 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1528 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1529 self.delete_old_item = None 1530 self.init_files_dialog(args) 1531 self.modify = True 1532 operation = "Modify" 1533 mls = 1 1534 ipage = self.inner_notebook_files.get_current_page() 1535 1536 if ipage == EXE_PAGE: 1537 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1538 self.delete_old_item = iter 1539 path = self.executable_files_liststore.get_value(iter, 0) 1540 self.files_path_entry.set_text(path) 1541 ftype = self.executable_files_liststore.get_value(iter, 1) 1542 if type != None: 1543 self.combo_set_active_text(self.files_type_combobox, ftype) 1544 tclass = self.executable_files_liststore.get_value(iter, 2) 1545 if tclass != None: 1546 self.combo_set_active_text(self.files_class_combobox, tclass) 1547 1548 if ipage == WRITABLE_PAGE: 1549 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1550 self.delete_old_item = iter 1551 path = self.writable_files_liststore.get_value(iter, 0) 1552 self.files_path_entry.set_text(path) 1553 type = self.writable_files_liststore.get_value(iter, 1) 1554 if type != None: 1555 self.combo_set_active_text(self.files_type_combobox, type) 1556 tclass = self.writable_files_liststore.get_value(iter, 2) 1557 if tclass != None: 1558 self.combo_set_active_text(self.files_class_combobox, tclass) 1559 1560 if ipage == APP_PAGE: 1561 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1562 self.delete_old_item = iter 1563 path = self.application_files_liststore.get_value(iter, 0) 1564 self.files_path_entry.set_text(path) 1565 try: 1566 get_type = self.application_files_liststore.get_value(iter, 1) 1567 get_type = get_type.split("<b>")[1].split("</b>") 1568 except AttributeError: 1569 pass 1570 type = self.application_files_liststore.get_value(iter, 2) 1571 if type != None: 1572 self.combo_set_active_text(self.files_type_combobox, type) 1573 tclass = get_type[0] 1574 if tclass != None: 1575 self.combo_set_active_text(self.files_class_combobox, tclass) 1576 1577 if self.opage == USER_PAGE: 1578 self.user_init_dialog(args) 1579 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1580 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1581 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1582 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1583 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1584 self.user_popup_window.set_title(_("Modify SELinux Users")) 1585 self.show_popup(self.user_popup_window) 1586 1587 if self.opage == LOGIN_PAGE: 1588 self.login_init_dialog(args) 1589 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1590 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1591 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1592 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1593 self.login_popup_window.set_title(_("Modify Login Mapping")) 1594 self.show_popup(self.login_popup_window) 1595 1596 if self.opage == FILE_EQUIV_PAGE: 1597 self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter, 0)) 1598 self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter, 1)) 1599 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1600 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1601 self.clear_entry = True 1602 self.show_popup(self.file_equiv_popup_window) 1603 1604 def populate_type_combo(self, tree, loc, *args): 1605 iter = self.more_types_files_liststore.get_iter(loc) 1606 ftype = self.more_types_files_liststore.get_value(iter, 0) 1607 self.combo_set_active_text(self.files_type_combobox, ftype) 1608 self.show_popup(self.files_popup_window) 1609 self.moreTypes_window_files.hide() 1610 1611 def strip_domain(self, domain): 1612 if domain == None: 1613 return 1614 if domain.endswith("_script_t"): 1615 split_char = "_script_t" 1616 else: 1617 split_char = "_t" 1618 return domain.split(split_char)[0] 1619 1620 def exclude_type(self, type, exclude_list): 1621 for e in exclude_list: 1622 if type.startswith(e): 1623 return True 1624 return False 1625 1626 def init_files_dialog(self, *args): 1627 exclude_list = [] 1628 self.files_class_combobox.set_sensitive(True) 1629 self.show_popup(self.files_popup_window) 1630 ipage = self.inner_notebook_files.get_current_page() 1631 self.files_type_combolist.clear() 1632 self.files_class_combolist.clear() 1633 compare = self.strip_domain(self.application) 1634 for d in self.application_liststore: 1635 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1636 exclude_list.append(self.strip_domain(d[0])) 1637 1638 self.more_types_files_liststore.clear() 1639 try: 1640 for files in sepolicy.file_type_str: 1641 iter = self.files_class_combolist.append() 1642 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1643 1644 if ipage == EXE_PAGE and self.entrypoints != None: 1645 for exe in self.entrypoints.keys(): 1646 if exe.startswith(compare): 1647 iter = self.files_type_combolist.append() 1648 self.files_type_combolist.set_value(iter, 0, exe) 1649 iter = self.more_types_files_liststore.append() 1650 self.more_types_files_liststore.set_value(iter, 0, exe) 1651 self.files_class_combobox.set_active(4) 1652 self.files_class_combobox.set_sensitive(False) 1653 1654 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1655 for write in self.writable_files.keys(): 1656 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1657 iter = self.files_type_combolist.append() 1658 self.files_type_combolist.set_value(iter, 0, write) 1659 iter = self.more_types_files_liststore.append() 1660 self.more_types_files_liststore.set_value(iter, 0, write) 1661 self.files_class_combobox.set_active(0) 1662 elif ipage == APP_PAGE and self.file_types != None: 1663 for app in sepolicy.get_all_file_types(): 1664 if app.startswith(compare): 1665 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1666 iter = self.files_type_combolist.append() 1667 self.files_type_combolist.set_value(iter, 0, app) 1668 iter = self.more_types_files_liststore.append() 1669 self.more_types_files_liststore.set_value(iter, 0, app) 1670 self.files_class_combobox.set_active(0) 1671 except AttributeError: 1672 print("error") 1673 pass 1674 self.files_type_combobox.set_active(0) 1675 self.files_mls_entry.set_text("s0") 1676 iter = self.files_type_combolist.append() 1677 self.files_type_combolist.set_value(iter, 0, _('More...')) 1678 1679 def modify_button_network_clicked(self, *args): 1680 iter = self.get_selected_iter() 1681 if not iter: 1682 self.modify_button.set_sensitive(False) 1683 return 1684 1685 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1686 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1687 self.delete_old_item = None 1688 self.init_network_dialog(args) 1689 operation = "Modify" 1690 mls = 1 1691 self.modify = True 1692 iter = self.get_selected_iter() 1693 port = self.liststore.get_value(iter, 0) 1694 self.network_ports_entry.set_text(port) 1695 protocol = self.liststore.get_value(iter, 1) 1696 if protocol == "tcp": 1697 self.network_tcp_button.set_active(True) 1698 elif protocol == "udp": 1699 self.network_udp_button.set_active(True) 1700 type = self.liststore.get_value(iter, 2) 1701 if type != None: 1702 self.combo_set_active_text(self.network_port_type_combobox, type) 1703 self.delete_old_item = iter 1704 1705 def init_network_dialog(self, *args): 1706 self.show_popup(self.network_popup_window) 1707 ipage = self.inner_notebook_network.get_current_page() 1708 self.network_port_type_combolist.clear() 1709 self.network_ports_entry.set_text("") 1710 1711 try: 1712 if ipage == OUTBOUND_PAGE: 1713 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools=True) 1714 elif ipage == INBOUND_PAGE: 1715 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools=True) 1716 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools=True) 1717 1718 port_types = [] 1719 for k in netd.keys(): 1720 for t, ports in netd[k]: 1721 if t not in port_types + ["port_t", "unreserved_port_t"]: 1722 if t.endswith("_type"): 1723 continue 1724 1725 port_types.append(t) 1726 1727 port_types.sort() 1728 short_domain = self.strip_domain(self.application) 1729 if short_domain[-1] == "d": 1730 short_domain = short_domain[:-1] 1731 short_domain = short_domain + "_" 1732 ctr = 0 1733 found = 0 1734 for t in port_types: 1735 if t.startswith(short_domain): 1736 found = ctr 1737 iter = self.network_port_type_combolist.append() 1738 self.network_port_type_combolist.set_value(iter, 0, t) 1739 ctr += 1 1740 self.network_port_type_combobox.set_active(found) 1741 1742 except AttributeError: 1743 pass 1744 1745 self.network_tcp_button.set_active(True) 1746 self.network_mls_entry.set_text("s0") 1747 1748 def login_seuser_combobox_change(self, combo, *args): 1749 seuser = self.combo_get_active_text(combo) 1750 if self.login_mls_entry.get_text() == "": 1751 for u in sepolicy.get_selinux_users(): 1752 if seuser == u['name']: 1753 self.login_mls_entry.set_text(u['range']) 1754 1755 def user_roles_combobox_change(self, combo, *args): 1756 serole = self.combo_get_active_text(combo) 1757 if self.user_mls_entry.get_text() == "": 1758 for u in sepolicy.get_all_roles(): 1759 if serole == u['name']: 1760 self.user_mls_entry.set_text(u['range']) 1761 1762 def get_selected_iter(self): 1763 iter = None 1764 if not self.treeview: 1765 return None 1766 row = self.treeview.get_selection() 1767 if not row: 1768 return None 1769 treesort, iter = row.get_selected() 1770 if iter: 1771 iter = treesort.convert_iter_to_child_iter(iter) 1772 if iter: 1773 iter = self.treefilter.convert_iter_to_child_iter(iter) 1774 return iter 1775 1776 def cursor_changed(self, *args): 1777 self.modify_button.set_sensitive(False) 1778 iter = self.get_selected_iter() 1779 if iter == None: 1780 self.modify_button.set_sensitive(False) 1781 return 1782 if not self.liststore[iter] or not self.liststore[iter][-1]: 1783 return 1784 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1785 1786 def login_init_dialog(self, *args): 1787 self.show_popup(self.login_popup_window) 1788 self.login_seuser_combolist.clear() 1789 users = sepolicy.get_all_users() 1790 users.sort() 1791 for u in users: 1792 iter = self.login_seuser_combolist.append() 1793 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1794 self.login_name_entry.set_text("") 1795 self.login_mls_entry.set_text("") 1796 1797 def user_init_dialog(self, *args): 1798 self.show_popup(self.user_popup_window) 1799 self.user_roles_combolist.clear() 1800 roles = sepolicy.get_all_roles() 1801 roles.sort() 1802 for r in roles: 1803 iter = self.user_roles_combolist.append() 1804 self.user_roles_combolist.set_value(iter, 0, str(r)) 1805 self.user_name_entry.set_text("") 1806 self.user_mls_entry.set_text("") 1807 1808 def on_disable_ptrace(self, checkbutton): 1809 if self.finish_init: 1810 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1811 self.wait_mouse() 1812 try: 1813 self.dbus.semanage(update_buffer) 1814 except dbus.exceptions.DBusException as e: 1815 self.error(e) 1816 self.ready_mouse() 1817 1818 def on_show_modified_only(self, checkbutton): 1819 length = self.liststore.get_n_columns() 1820 1821 def dup_row(row): 1822 l = [] 1823 for i in range(0, length): 1824 l.append(row[i]) 1825 return l 1826 1827 append_list = [] 1828 if self.opage == BOOLEANS_PAGE: 1829 if not checkbutton.get_active(): 1830 return self.boolean_initialize(self.application) 1831 1832 for row in self.liststore: 1833 if row[2] in self.cust_dict["boolean"]: 1834 append_list.append(dup_row(row)) 1835 1836 if self.opage == FILES_PAGE: 1837 ipage = self.inner_notebook_files.get_current_page() 1838 if not checkbutton.get_active(): 1839 if ipage == EXE_PAGE: 1840 return self.executable_files_initialize(self.application) 1841 if ipage == WRITABLE_PAGE: 1842 return self.writable_files_initialize(self.application) 1843 if ipage == APP_PAGE: 1844 return self.application_files_initialize(self.application) 1845 for row in self.liststore: 1846 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1847 append_list.append(row) 1848 1849 if self.opage == NETWORK_PAGE: 1850 if not checkbutton.get_active(): 1851 return self.network_initialize(self.application) 1852 for row in self.liststore: 1853 if (row[0], row[1]) in self.cust_dict["port"]: 1854 append_list.append(dup_row(row)) 1855 1856 if self.opage == FILE_EQUIV_PAGE: 1857 if not checkbutton.get_active() == True: 1858 return self.file_equiv_initialize() 1859 1860 for row in self.liststore: 1861 if row[0] in self.cust_dict["fcontext-equiv"]: 1862 append_list.append(dup_row(row)) 1863 1864 if self.opage == USER_PAGE: 1865 if not checkbutton.get_active(): 1866 return self.user_initialize() 1867 1868 for row in self.liststore: 1869 if row[0] in self.cust_dict["user"]: 1870 append_list.append(dup_row(row)) 1871 1872 if self.opage == LOGIN_PAGE: 1873 if not checkbutton.get_active() == True: 1874 return self.login_initialize() 1875 1876 for row in self.liststore: 1877 if row[0] in self.cust_dict["login"]: 1878 append_list.append(dup_row(row)) 1879 1880 self.liststore.clear() 1881 for row in append_list: 1882 iter = self.liststore.append() 1883 for i in range(0, length): 1884 self.liststore.set_value(iter, i, row[i]) 1885 1886 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1887 iter = tree.append(None) 1888 tree.set_value(iter, 0, path) 1889 tree.set_value(iter, 1, ftype) 1890 tree.set_value(iter, 2, fclass) 1891 1892 def restore_to_default(self, *args): 1893 print("restore to defualt clicked...") 1894 1895 def invalid_entry_retry(self, *args): 1896 self.closewindow(self.error_check_window) 1897 self.files_popup_window.set_sensitive(True) 1898 self.network_popup_window.set_sensitive(True) 1899 1900 def error_check_files(self, insert_txt): 1901 if len(insert_txt) == 0 or insert_txt[0] != '/': 1902 self.error_check_window.show() 1903 self.files_popup_window.set_sensitive(False) 1904 self.network_popup_window.set_sensitive(False) 1905 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1906 return True 1907 return False 1908 1909 def error_check_network(self, port): 1910 try: 1911 pnum = int(port) 1912 if pnum < 1 or pnum > 65536: 1913 raise ValueError 1914 except ValueError: 1915 self.error_check_window.show() 1916 self.files_popup_window.set_sensitive(False) 1917 self.network_popup_window.set_sensitive(False) 1918 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1919 return True 1920 return False 1921 1922 def show_more_types(self, *args): 1923 if self.finish_init: 1924 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1925 self.files_popup_window.hide() 1926 self.moreTypes_window_files.show() 1927 1928 def update_to_login(self, *args): 1929 self.close_popup() 1930 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1931 mls_range = self.login_mls_entry.get_text() 1932 name = self.login_name_entry.get_text() 1933 if self.modify: 1934 iter = self.get_selected_iter() 1935 oldname = self.login_liststore.get_value(iter, 0) 1936 oldseuser = self.login_liststore.get_value(iter, 1) 1937 oldrange = self.login_liststore.get_value(iter, 2) 1938 self.liststore.set_value(iter, 0, oldname) 1939 self.liststore.set_value(iter, 1, oldseuser) 1940 self.liststore.set_value(iter, 2, oldrange) 1941 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1942 else: 1943 iter = self.liststore.append(None) 1944 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1945 1946 self.liststore.set_value(iter, 0, name) 1947 self.liststore.set_value(iter, 1, seuser) 1948 self.liststore.set_value(iter, 2, mls_range) 1949 1950 self.new_updates() 1951 1952 def update_to_user(self, *args): 1953 self.close_popup() 1954 roles = self.combo_get_active_text(self.user_roles_combobox) 1955 level = self.user_mls_level_entry.get_text() 1956 mls_range = self.user_mls_entry.get_text() 1957 name = self.user_name_entry.get_text() 1958 if self.modify: 1959 iter = self.get_selected_iter() 1960 oldname = self.user_liststore.get_value(iter, 0) 1961 oldroles = self.user_liststore.get_value(iter, 1) 1962 oldlevel = self.user_liststore.get_value(iter, 1) 1963 oldrange = self.user_liststore.get_value(iter, 3) 1964 self.liststore.set_value(iter, 0, oldname) 1965 self.liststore.set_value(iter, 1, oldroles) 1966 self.liststore.set_value(iter, 2, oldlevel) 1967 self.liststore.set_value(iter, 3, oldrange) 1968 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1969 else: 1970 iter = self.liststore.append(None) 1971 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1972 1973 self.liststore.set_value(iter, 0, name) 1974 self.liststore.set_value(iter, 1, roles) 1975 self.liststore.set_value(iter, 2, level) 1976 self.liststore.set_value(iter, 3, mls_range) 1977 1978 self.new_updates() 1979 1980 def update_to_file_equiv(self, *args): 1981 self.close_popup() 1982 dest = self.file_equiv_dest_entry.get_text() 1983 src = self.file_equiv_source_entry.get_text() 1984 if self.modify: 1985 iter = self.get_selected_iter() 1986 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1987 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1988 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1989 else: 1990 iter = self.liststore.append(None) 1991 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 1992 self.liststore.set_value(iter, 0, self.markup(dest)) 1993 self.liststore.set_value(iter, 1, self.markup(src)) 1994 1995 def update_to_files(self, *args): 1996 self.close_popup() 1997 self.files_add = True 1998 # Insert Function will be used in the future 1999 path = self.files_path_entry.get_text() 2000 if self.error_check_files(path): 2001 return 2002 2003 setype = self.combo_get_active_text(self.files_type_combobox) 2004 mls = self.files_mls_entry.get_text() 2005 tclass = self.combo_get_active_text(self.files_class_combobox) 2006 2007 if self.modify: 2008 iter = self.get_selected_iter() 2009 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2010 setype = self.unmark(self.liststore.set_value(iter, 1)) 2011 oldtclass = self.liststore.get_value(iter, 2) 2012 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass} 2013 else: 2014 iter = self.liststore.append(None) 2015 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2016 self.liststore.set_value(iter, 0, self.markup(path)) 2017 self.liststore.set_value(iter, 1, self.markup(setype)) 2018 self.liststore.set_value(iter, 2, self.markup(tclass)) 2019 2020 self.files_add = False 2021 self.recursive_path_toggle.set_active(False) 2022 self.new_updates() 2023 2024 def update_to_network(self, *args): 2025 self.network_add = True 2026 ports = self.network_ports_entry.get_text() 2027 if self.error_check_network(ports): 2028 return 2029 if self.network_tcp_button.get_active(): 2030 protocol = "tcp" 2031 else: 2032 protocol = "udp" 2033 2034 setype = self.combo_get_active_text(self.network_port_type_combobox) 2035 mls = self.network_mls_entry.get_text() 2036 2037 if self.modify: 2038 iter = self.get_selected_iter() 2039 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2040 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2041 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2042 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports} 2043 else: 2044 iter = self.liststore.append(None) 2045 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2046 self.liststore.set_value(iter, 0, ports) 2047 self.liststore.set_value(iter, 1, protocol) 2048 self.liststore.set_value(iter, 2, setype) 2049 2050 self.network_add = False 2051 self.network_popup_window.hide() 2052 self.window.set_sensitive(True) 2053 self.new_updates() 2054 2055 def delete_button_clicked(self, *args): 2056 operation = "Add" 2057 self.window.set_sensitive(False) 2058 if self.opage == NETWORK_PAGE: 2059 self.network_delete_liststore.clear() 2060 port_dict = self.cust_dict["port"] 2061 for ports, protocol in port_dict: 2062 setype = port_dict[(ports, protocol)]["type"] 2063 iter = self.network_delete_liststore.append() 2064 self.network_delete_liststore.set_value(iter, 1, ports) 2065 self.network_delete_liststore.set_value(iter, 2, protocol) 2066 self.network_delete_liststore.set_value(iter, 3, setype) 2067 self.show_popup(self.network_delete_window) 2068 return 2069 2070 if self.opage == FILES_PAGE: 2071 self.files_delete_liststore.clear() 2072 fcontext_dict = self.cust_dict["fcontext"] 2073 for path, tclass in fcontext_dict: 2074 setype = fcontext_dict[(path, tclass)]["type"] 2075 iter = self.files_delete_liststore.append() 2076 self.files_delete_liststore.set_value(iter, 1, path) 2077 self.files_delete_liststore.set_value(iter, 2, setype) 2078 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2079 self.show_popup(self.files_delete_window) 2080 return 2081 2082 if self.opage == USER_PAGE: 2083 self.user_delete_liststore.clear() 2084 user_dict = self.cust_dict["user"] 2085 for user in user_dict: 2086 roles = user_dict[user]["role"] 2087 mls = user_dict[user]["range"] 2088 level = user_dict[user]["level"] 2089 iter = self.user_delete_liststore.append() 2090 self.user_delete_liststore.set_value(iter, 1, user) 2091 self.user_delete_liststore.set_value(iter, 2, roles) 2092 self.user_delete_liststore.set_value(iter, 3, level) 2093 self.user_delete_liststore.set_value(iter, 4, mls) 2094 self.show_popup(self.user_delete_window) 2095 return 2096 2097 if self.opage == LOGIN_PAGE: 2098 self.login_delete_liststore.clear() 2099 login_dict = self.cust_dict["login"] 2100 for login in login_dict: 2101 seuser = login_dict[login]["seuser"] 2102 mls = login_dict[login]["range"] 2103 iter = self.login_delete_liststore.append() 2104 self.login_delete_liststore.set_value(iter, 1, seuser) 2105 self.login_delete_liststore.set_value(iter, 2, login) 2106 self.login_delete_liststore.set_value(iter, 3, mls) 2107 self.show_popup(self.login_delete_window) 2108 return 2109 2110 if self.opage == FILE_EQUIV_PAGE: 2111 self.file_equiv_delete_liststore.clear() 2112 for items in self.file_equiv_liststore: 2113 if items[2]: 2114 iter = self.file_equiv_delete_liststore.append() 2115 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2116 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2117 self.show_popup(self.file_equiv_delete_window) 2118 return 2119 2120 def on_save_delete_clicked(self, *args): 2121 self.close_popup() 2122 if self.opage == NETWORK_PAGE: 2123 for delete in self.network_delete_liststore: 2124 if delete[0]: 2125 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2126 if self.opage == FILES_PAGE: 2127 for delete in self.files_delete_liststore: 2128 if delete[0]: 2129 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2130 if self.opage == USER_PAGE: 2131 for delete in self.user_delete_liststore: 2132 if delete[0]: 2133 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2134 if self.opage == LOGIN_PAGE: 2135 for delete in self.login_delete_liststore: 2136 if delete[0]: 2137 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2138 if self.opage == FILE_EQUIV_PAGE: 2139 for delete in self.file_equiv_delete_liststore: 2140 if delete[0]: 2141 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2142 self.new_updates() 2143 2144 def on_save_delete_file_equiv_clicked(self, *args): 2145 for delete in self.files_delete_liststore: 2146 print(delete[0], delete[1], delete[2],) 2147 2148 def on_toggle_update(self, cell, path, model): 2149 model[path][0] = not model[path][0] 2150 2151 def ipage_delete(self, liststore, key): 2152 ctr = 0 2153 for items in liststore: 2154 if items[0] == key[0] and items[2] == key[1]: 2155 iter = liststore.get_iter(ctr) 2156 liststore.remove(iter) 2157 return 2158 ctr += 1 2159 2160 def on_toggle(self, cell, path, model): 2161 if not path: 2162 return 2163 iter = self.boolean_filter.get_iter(path) 2164 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2165 name = model.get_value(iter, 2) 2166 model.set_value(iter, 0, not model.get_value(iter, 0)) 2167 active = model.get_value(iter, 0) 2168 if name in self.cur_dict["boolean"]: 2169 del(self.cur_dict["boolean"][name]) 2170 else: 2171 self.cur_dict["boolean"][name] = {"active": active} 2172 self.new_updates() 2173 2174 def get_advanced_filter_data(self, entry, *args): 2175 self.filter_txt = entry.get_text() 2176 self.advanced_search_filter.refilter() 2177 2178 def get_filter_data(self, windows, *args): 2179 #search for desired item 2180 # The txt that the use rinputs into the filter is stored in filter_txt 2181 self.filter_txt = windows.get_text() 2182 self.treefilter.refilter() 2183 2184 def update_gui(self, *args): 2185 self.update = True 2186 self.update_treestore.clear() 2187 for bools in self.cur_dict["boolean"]: 2188 operation = self.cur_dict["boolean"][bools]["action"] 2189 iter = self.update_treestore.append(None) 2190 self.update_treestore.set_value(iter, 0, True) 2191 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2192 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2193 self.update_treestore.set_value(iter, 3, True) 2194 niter = self.update_treestore.append(iter) 2195 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2196 self.update_treestore.set_value(niter, 3, False) 2197 2198 for path, tclass in self.cur_dict["fcontext"]: 2199 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2200 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2201 iter = self.update_treestore.append(None) 2202 self.update_treestore.set_value(iter, 0, True) 2203 self.update_treestore.set_value(iter, 2, operation) 2204 self.update_treestore.set_value(iter, 0, True) 2205 if operation == "-a": 2206 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2207 if operation == "-d": 2208 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2209 if operation == "-m": 2210 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2211 2212 niter = self.update_treestore.append(iter) 2213 self.update_treestore.set_value(niter, 3, False) 2214 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2215 niter = self.update_treestore.append(iter) 2216 self.update_treestore.set_value(niter, 3, False) 2217 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2218 niter = self.update_treestore.append(iter) 2219 self.update_treestore.set_value(niter, 3, False) 2220 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2221 2222 for port, protocol in self.cur_dict["port"]: 2223 operation = self.cur_dict["port"][(port, protocol)]["action"] 2224 iter = self.update_treestore.append(None) 2225 self.update_treestore.set_value(iter, 0, True) 2226 self.update_treestore.set_value(iter, 2, operation) 2227 self.update_treestore.set_value(iter, 3, True) 2228 if operation == "-a": 2229 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2230 if operation == "-d": 2231 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2232 if operation == "-m": 2233 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2234 2235 niter = self.update_treestore.append(iter) 2236 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2237 self.update_treestore.set_value(niter, 3, False) 2238 niter = self.update_treestore.append(iter) 2239 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2240 self.update_treestore.set_value(niter, 3, False) 2241 setype = self.cur_dict["port"][(port, protocol)]["type"] 2242 niter = self.update_treestore.append(iter) 2243 self.update_treestore.set_value(niter, 3, False) 2244 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2245 2246 for user in self.cur_dict["user"]: 2247 operation = self.cur_dict["user"][user]["action"] 2248 iter = self.update_treestore.append(None) 2249 self.update_treestore.set_value(iter, 0, True) 2250 self.update_treestore.set_value(iter, 2, operation) 2251 self.update_treestore.set_value(iter, 0, True) 2252 if operation == "-a": 2253 self.update_treestore.set_value(iter, 1, _("Add user")) 2254 if operation == "-d": 2255 self.update_treestore.set_value(iter, 1, _("Delete user")) 2256 if operation == "-m": 2257 self.update_treestore.set_value(iter, 1, _("Modify user")) 2258 2259 niter = self.update_treestore.append(iter) 2260 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2261 self.update_treestore.set_value(niter, 3, False) 2262 niter = self.update_treestore.append(iter) 2263 self.update_treestore.set_value(niter, 3, False) 2264 roles = self.cur_dict["user"][user]["role"] 2265 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2266 mls = self.cur_dict["user"][user]["range"] 2267 niter = self.update_treestore.append(iter) 2268 self.update_treestore.set_value(niter, 3, False) 2269 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2270 2271 for login in self.cur_dict["login"]: 2272 operation = self.cur_dict["login"][login]["action"] 2273 iter = self.update_treestore.append(None) 2274 self.update_treestore.set_value(iter, 0, True) 2275 self.update_treestore.set_value(iter, 2, operation) 2276 self.update_treestore.set_value(iter, 0, True) 2277 if operation == "-a": 2278 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2279 if operation == "-d": 2280 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2281 if operation == "-m": 2282 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2283 2284 niter = self.update_treestore.append(iter) 2285 self.update_treestore.set_value(niter, 3, False) 2286 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2287 niter = self.update_treestore.append(iter) 2288 self.update_treestore.set_value(niter, 3, False) 2289 seuser = self.cur_dict["login"][login]["seuser"] 2290 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2291 mls = self.cur_dict["login"][login]["range"] 2292 niter = self.update_treestore.append(iter) 2293 self.update_treestore.set_value(niter, 3, False) 2294 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2295 2296 for path in self.cur_dict["fcontext-equiv"]: 2297 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2298 iter = self.update_treestore.append(None) 2299 self.update_treestore.set_value(iter, 0, True) 2300 self.update_treestore.set_value(iter, 2, operation) 2301 self.update_treestore.set_value(iter, 0, True) 2302 if operation == "-a": 2303 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2304 if operation == "-d": 2305 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2306 if operation == "-m": 2307 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2308 2309 niter = self.update_treestore.append(iter) 2310 self.update_treestore.set_value(niter, 3, False) 2311 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2312 niter = self.update_treestore.append(iter) 2313 self.update_treestore.set_value(niter, 3, False) 2314 src = self.cur_dict["fcontext-equiv"][path]["src"] 2315 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2316 2317 self.show_popup(self.update_window) 2318 2319 def set_active_application_button(self): 2320 if self.boolean_radio_button.get_active(): 2321 self.active_button = self.boolean_radio_button 2322 if self.files_radio_button.get_active(): 2323 self.active_button = self.files_radio_button 2324 if self.transitions_radio_button.get_active(): 2325 self.active_button = self.transitions_radio_button 2326 if self.network_radio_button.get_active(): 2327 self.active_button = self.network_radio_button 2328 2329 def clearbuttons(self, clear=True): 2330 self.main_selection_window.hide() 2331 self.boolean_radio_button.set_visible(False) 2332 self.files_radio_button.set_visible(False) 2333 self.network_radio_button.set_visible(False) 2334 self.transitions_radio_button.set_visible(False) 2335 self.system_radio_button.set_visible(False) 2336 self.lockdown_radio_button.set_visible(False) 2337 self.user_radio_button.set_visible(False) 2338 self.login_radio_button.set_visible(False) 2339 if clear: 2340 self.completion_entry.set_text("") 2341 2342 def show_system_page(self): 2343 self.clearbuttons() 2344 self.system_radio_button.set_visible(True) 2345 self.lockdown_radio_button.set_visible(True) 2346 self.applications_selection_button.set_label(_("System")) 2347 self.system_radio_button.set_active(True) 2348 self.tab_change() 2349 self.idle_func() 2350 2351 def show_file_equiv_page(self, *args): 2352 self.clearbuttons() 2353 self.file_equiv_initialize() 2354 self.file_equiv_radio_button.set_active(True) 2355 self.applications_selection_button.set_label(_("File Equivalence")) 2356 self.tab_change() 2357 self.idle_func() 2358 self.add_button.set_sensitive(True) 2359 self.delete_button.set_sensitive(True) 2360 2361 def show_users_page(self): 2362 self.clearbuttons() 2363 self.login_radio_button.set_visible(True) 2364 self.user_radio_button.set_visible(True) 2365 self.applications_selection_button.set_label(_("Users")) 2366 self.login_radio_button.set_active(True) 2367 self.tab_change() 2368 self.user_initialize() 2369 self.login_initialize() 2370 self.idle_func() 2371 self.add_button.set_sensitive(True) 2372 self.delete_button.set_sensitive(True) 2373 2374 def show_applications_page(self): 2375 self.clearbuttons(False) 2376 self.boolean_radio_button.set_visible(True) 2377 self.files_radio_button.set_visible(True) 2378 self.network_radio_button.set_visible(True) 2379 self.transitions_radio_button.set_visible(True) 2380 self.boolean_radio_button.set_active(True) 2381 self.tab_change() 2382 self.idle_func() 2383 2384 def system_interface(self, *args): 2385 self.show_system_page() 2386 2387 def users_interface(self, *args): 2388 self.show_users_page() 2389 2390 def show_mislabeled_files(self, checkbutton, *args): 2391 iterlist = [] 2392 ctr = 0 2393 ipage = self.inner_notebook_files.get_current_page() 2394 if checkbutton.get_active() == True: 2395 for items in self.liststore: 2396 iter = self.treesort.get_iter(ctr) 2397 iter = self.treesort.convert_iter_to_child_iter(iter) 2398 iter = self.treefilter.convert_iter_to_child_iter(iter) 2399 if iter != None: 2400 if self.liststore.get_value(iter, 4) == False: 2401 iterlist.append(iter) 2402 ctr += 1 2403 for iters in iterlist: 2404 self.liststore.remove(iters) 2405 2406 elif self.application != None: 2407 self.liststore.clear() 2408 if ipage == EXE_PAGE: 2409 self.executable_files_initialize(self.application) 2410 elif ipage == WRITABLE_PAGE: 2411 self.writable_files_initialize(self.application) 2412 elif ipage == APP_PAGE: 2413 self.application_files_initialize(self.application) 2414 2415 def fix_mislabeled(self, path): 2416 cur = selinux.getfilecon(path)[1].split(":")[2] 2417 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2418 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2419 self.dbus.restorecon(path) 2420 self.application_selected() 2421 2422 def new_updates(self, *args): 2423 self.update_button.set_sensitive(self.modified()) 2424 self.revert_button.set_sensitive(self.modified()) 2425 2426 def update_or_revert_changes(self, button, *args): 2427 self.update_gui() 2428 self.update = (button.get_label() == _("Update")) 2429 if self.update: 2430 self.update_window.set_title(_("Update Changes")) 2431 else: 2432 self.update_window.set_title(_("Revert Changes")) 2433 2434 def apply_changes_button_press(self, *args): 2435 self.close_popup() 2436 if self.update: 2437 self.update_the_system() 2438 else: 2439 self.revert_data() 2440 self.finish_init = False 2441 self.previously_modified_initialize(self.dbus.customized()) 2442 self.finish_init = True 2443 self.clear_filters() 2444 self.application_selected() 2445 self.new_updates() 2446 self.update_treestore.clear() 2447 2448 def update_the_system(self, *args): 2449 self.close_popup() 2450 update_buffer = self.format_update() 2451 self.wait_mouse() 2452 try: 2453 self.dbus.semanage(update_buffer) 2454 except dbus.exceptions.DBusException as e: 2455 print(e) 2456 self.ready_mouse() 2457 self.init_cur() 2458 2459 def ipage_value_lookup(self, lookup): 2460 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2461 for value in ipage_values: 2462 if value == lookup: 2463 return ipage_values[value] 2464 return "Booleans" 2465 2466 def get_attributes_update(self, attribute): 2467 attribute = attribute.split(": ")[1] 2468 bool_id = attribute.split(": ")[0] 2469 if bool_id == "SELinux name": 2470 self.bool_revert = attribute 2471 else: 2472 return attribute 2473 2474 def format_update(self): 2475 self.revert_data() 2476 update_buffer = "" 2477 for k in self.cur_dict: 2478 if k in "boolean": 2479 for b in self.cur_dict[k]: 2480 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2481 if k in "login": 2482 for l in self.cur_dict[k]: 2483 if self.cur_dict[k][l]["action"] == "-d": 2484 update_buffer += "login -d %s\n" % l 2485 else: 2486 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2487 if k in "user": 2488 for u in self.cur_dict[k]: 2489 if self.cur_dict[k][u]["action"] == "-d": 2490 update_buffer += "user -d %s\n" % u 2491 else: 2492 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2493 2494 if k in "fcontext-equiv": 2495 for f in self.cur_dict[k]: 2496 if self.cur_dict[k][f]["action"] == "-d": 2497 update_buffer += "fcontext -d %s\n" % f 2498 else: 2499 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2500 2501 if k in "fcontext": 2502 for f in self.cur_dict[k]: 2503 if self.cur_dict[k][f]["action"] == "-d": 2504 update_buffer += "fcontext -d %s\n" % f 2505 else: 2506 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2507 2508 if k in "port": 2509 for port, protocol in self.cur_dict[k]: 2510 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2511 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2512 else: 2513 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port) 2514 2515 return update_buffer 2516 2517 def revert_data(self): 2518 ctr = 0 2519 remove_list = [] 2520 update_buffer = "" 2521 for items in self.update_treestore: 2522 if not self.update_treestore[ctr][0]: 2523 remove_list.append(ctr) 2524 ctr += 1 2525 remove_list.reverse() 2526 for ctr in remove_list: 2527 self.remove_cur(ctr) 2528 2529 def reveal_advanced_system(self, label, *args): 2530 advanced = label.get_text() == ADVANCED_LABEL[0] 2531 if advanced: 2532 label.set_text(ADVANCED_LABEL[1]) 2533 else: 2534 label.set_text(ADVANCED_LABEL[0]) 2535 self.system_policy_label.set_visible(advanced) 2536 self.system_policy_type_combobox.set_visible(advanced) 2537 2538 def reveal_advanced(self, label, *args): 2539 advanced = label.get_text() == ADVANCED_LABEL[0] 2540 if advanced: 2541 label.set_text(ADVANCED_LABEL[1]) 2542 else: 2543 label.set_text(ADVANCED_LABEL[0]) 2544 self.files_mls_label.set_visible(advanced) 2545 self.files_mls_entry.set_visible(advanced) 2546 self.network_mls_label.set_visible(advanced) 2547 self.network_mls_entry.set_visible(advanced) 2548 2549 def on_show_advanced_search_window(self, label, *args): 2550 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2551 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2552 self.close_popup() 2553 else: 2554 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2555 self.show_popup(self.advanced_search_window) 2556 2557 def set_enforce_text(self, value): 2558 if value: 2559 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2560 self.current_status_enforcing.set_active(True) 2561 else: 2562 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2563 self.current_status_permissive.set_active(True) 2564 2565 def set_enforce(self, button): 2566 if not self.finish_init: 2567 return 2568 2569 self.dbus.setenforce(button.get_active()) 2570 self.set_enforce_text(button.get_active()) 2571 2572 def on_browse_select(self, *args): 2573 filename = self.file_dialog.get_filename() 2574 if filename == None: 2575 return 2576 self.clear_entry = False 2577 self.file_dialog.hide() 2578 self.files_path_entry.set_text(filename) 2579 if self.import_export == 'Import': 2580 self.import_config(filename) 2581 elif self.import_export == 'Export': 2582 self.export_config(filename) 2583 2584 def recursive_path(self, *args): 2585 path = self.files_path_entry.get_text() 2586 if self.recursive_path_toggle.get_active(): 2587 if not path.endswith("(/.*)?"): 2588 self.files_path_entry.set_text(path + "(/.*)?") 2589 elif path.endswith("(/.*)?"): 2590 path = path.split("(/.*)?")[0] 2591 self.files_path_entry.set_text(path) 2592 2593 def highlight_entry_text(self, entry_obj, *args): 2594 txt = entry_obj.get_text() 2595 if self.clear_entry: 2596 entry_obj.set_text('') 2597 self.clear_entry = False 2598 2599 def autofill_add_files_entry(self, entry): 2600 text = entry.get_text() 2601 if text == '': 2602 return 2603 if text.endswith("(/.*)?"): 2604 self.recursive_path_toggle.set_active(True) 2605 for d in sepolicy.DEFAULT_DIRS: 2606 if text.startswith(d): 2607 for t in self.files_type_combolist: 2608 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2609 self.combo_set_active_text(self.files_type_combobox, t[0]) 2610 2611 def resize_columns(self, *args): 2612 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2613 width = self.boolean_column_1.get_width() 2614 renderer = self.boolean_column_1.get_cell_renderers() 2615 2616 def browse_for_files(self, *args): 2617 self.file_dialog.show() 2618 2619 def close_config_window(self, *args): 2620 self.file_dialog.hide() 2621 2622 def change_default_policy(self, *args): 2623 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2624 return 2625 2626 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2627 self.system_policy_type_combobox.set_active(self.typeHistory) 2628 return None 2629 2630 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2631 self.dbus.relabel_on_boot(True) 2632 self.typeHistory = self.system_policy_type_combobox.get_active() 2633 2634 def change_default_mode(self, button): 2635 if not self.finish_init: 2636 return 2637 self.enabled_changed(button) 2638 if button.get_active(): 2639 self.dbus.change_default_mode(button.get_label().lower()) 2640 2641 def import_config_show(self, *args): 2642 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2643 self.file_dialog.set_title("Import Configuration") 2644 self.file_dialog.show() 2645 #self.file_dialog.set_uri('/tmp') 2646 self.import_export = 'Import' 2647 2648 def export_config_show(self, *args): 2649 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2650 self.file_dialog.set_title("Export Configuration") 2651 self.file_dialog.show() 2652 self.import_export = 'Export' 2653 2654 def export_config(self, filename): 2655 self.wait_mouse() 2656 buf = self.dbus.customized() 2657 fd = open(filename, 'w') 2658 fd.write(buf) 2659 fd.close() 2660 self.ready_mouse() 2661 2662 def import_config(self, filename): 2663 fd = open(filename, "r") 2664 buf = fd.read() 2665 fd.close() 2666 self.wait_mouse() 2667 try: 2668 self.dbus.semanage(buf) 2669 except OSError: 2670 pass 2671 self.ready_mouse() 2672 2673 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2674 if (app, ipage, operation) not in dic: 2675 dic[app, ipage, operation] = {} 2676 if (p, q) not in dic[app, ipage, operation]: 2677 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2678 2679 def translate_bool(self, b): 2680 b = b.split('-')[1] 2681 if b == '0': 2682 return False 2683 if b == '1': 2684 return True 2685 2686 def relabel_on_reboot(self, *args): 2687 active = self.relabel_button.get_active() 2688 exists = os.path.exists("/.autorelabel") 2689 2690 if active and exists: 2691 return 2692 if not active and not exists: 2693 return 2694 try: 2695 self.dbus.relabel_on_boot(active) 2696 except dbus.exceptions.DBusException as e: 2697 self.error(e) 2698 2699 def closewindow(self, window, *args): 2700 window.hide() 2701 self.recursive_path_toggle.set_active(False) 2702 self.window.set_sensitive(True) 2703 if self.moreTypes_window_files == window: 2704 self.show_popup(self.files_popup_window) 2705 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2706 self.files_type_combobox.set_active(0) 2707 if self.error_check_window == window: 2708 if self.files_add: 2709 self.show_popup(self.files_popup_window) 2710 elif self.network_add: 2711 self.show_popup(self.network_popup_window) 2712 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2713 self.advanced_text_files.set_visible(True) 2714 self.files_mls_label.set_visible(False) 2715 self.files_mls_entry.set_visible(False) 2716 self.advanced_text_network.set_visible(True) 2717 self.network_mls_label.set_visible(False) 2718 self.network_mls_entry.set_visible(False) 2719 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2720 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2721 return True 2722 2723 def wait_mouse(self): 2724 self.window.get_window().set_cursor(self.busy_cursor) 2725 self.idle_func() 2726 2727 def ready_mouse(self): 2728 self.window.get_window().set_cursor(self.ready_cursor) 2729 self.idle_func() 2730 2731 def verify(self, message, title=""): 2732 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2733 Gtk.ButtonsType.YES_NO, 2734 message) 2735 dlg.set_title(title) 2736 dlg.set_position(Gtk.WindowPosition.MOUSE) 2737 dlg.show_all() 2738 rc = dlg.run() 2739 dlg.destroy() 2740 return rc 2741 2742 def error(self, message): 2743 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2744 Gtk.ButtonsType.CLOSE, 2745 message) 2746 dlg.set_position(Gtk.WindowPosition.MOUSE) 2747 dlg.show_all() 2748 dlg.run() 2749 dlg.destroy() 2750 2751 def enabled_changed(self, radio): 2752 if not radio.get_active(): 2753 return 2754 label = radio.get_label() 2755 if label == 'Disabled' and self.enforce_mode != DISABLED: 2756 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2757 self.enforce_button.set_active(True) 2758 2759 if label != 'Disabled' and self.enforce_mode == DISABLED: 2760 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2761 self.enforce_button.set_active(True) 2762 self.enforce_button = radio 2763 2764 def clear_filters(self, *args): 2765 self.filter_entry.set_text('') 2766 self.show_modified_only.set_active(False) 2767 2768 def unconfined_toggle(self, *args): 2769 if not self.finish_init: 2770 return 2771 self.wait_mouse() 2772 if self.enable_unconfined_button.get_active(): 2773 self.dbus.semanage("module -e unconfined") 2774 else: 2775 self.dbus.semanage("module -d unconfined") 2776 self.ready_mouse() 2777 2778 def permissive_toggle(self, *args): 2779 if not self.finish_init: 2780 return 2781 self.wait_mouse() 2782 if self.enable_permissive_button.get_active(): 2783 self.dbus.semanage("module -e permissivedomains") 2784 else: 2785 self.dbus.semanage("module -d permissivedomains") 2786 self.ready_mouse() 2787 2788 def confirmation_close(self, button, *args): 2789 if len(self.update_treestore) > 0: 2790 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2791 return True 2792 self.quit() 2793 2794 def quit(self, *args): 2795 sys.exit(0) 2796 2797if __name__ == '__main__': 2798 start = SELinuxGui() 2799