• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2007-2012 Red Hat
2# see file 'COPYING' for use and warranty information
3#
4# policygentool is a tool for the initial generation of SELinux policy
5#
6#    This program is free software; you can redistribute it and/or
7#    modify it under the terms of the GNU General Public License as
8#    published by the Free Software Foundation; either version 2 of
9#    the License, or (at your option) any later version.
10#
11#    This program is distributed in the hope that it will be useful,
12#    but WITHOUT ANY WARRANTY; without even the implied warranty of
13#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14#    GNU General Public License for more details.
15#
16#    You should have received a copy of the GNU General Public License
17#    along with this program; if not, write to the Free Software
18#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19#                                        02111-1307  USA
20#
21#
22
23########################### tmp Template File #############################
24compile="""\
25#!/bin/sh -e
26
27DIRNAME=`dirname $0`
28cd $DIRNAME
29USAGE="$0 [ --update ]"
30if [ `id -u` != 0 ]; then
31echo 'You must be root to run this script'
32exit 1
33fi
34
35if [ $# -eq 1 ]; then
36	if [ "$1" = "--update" ] ; then
37		time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'`
38		rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE`
39		if [ x"$rules" != "x" ] ; then
40			echo "Found avc's to update policy with"
41			echo -e "$rules" | audit2allow -R
42			echo "Do you want these changes added to policy [y/n]?"
43			read ANS
44			if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then
45				echo "Updating policy"
46				echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te
47				# Fall though and rebuild policy
48			else
49				exit 0
50			fi
51		else
52			echo "No new avcs found"
53			exit 0
54		fi
55	else
56		echo -e $USAGE
57		exit 1
58	fi
59elif [ $# -ge 2 ] ; then
60	echo -e $USAGE
61	exit 1
62fi
63
64echo "Building and Loading Policy"
65set -x
66make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit
67/usr/sbin/semodule -i TEMPLATEFILE.pp
68
69"""
70rpm="""\
71# Generate a rpm package for the newly generated policy
72
73pwd=$(pwd)
74rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_builddir ${pwd}" --define "_srcrpmdir ${pwd}" --define "_rpmdir ${pwd}" --define "_buildrootdir ${pwd}/.build"  -ba TEMPLATEFILE_selinux.spec
75"""
76
77manpage="""\
78# Generate a man page off the installed module
79sepolicy manpage -p . -d DOMAINTYPE_t
80"""
81
82restorecon="""\
83# Fixing the file context on FILENAME
84/sbin/restorecon -F -R -v FILENAME
85"""
86
87tcp_ports="""\
88# Adding SELinux tcp port to port PORTNUM
89/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
90"""
91
92udp_ports="""\
93# Adding SELinux udp port to port PORTNUM
94/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
95"""
96
97users="""\
98# Adding SELinux user TEMPLATETYPE_u
99/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
100"""
101
102eusers="""\
103# Adding roles to SELinux user TEMPLATETYPE_u
104/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
105"""
106
107admin_trans="""\
108# Adding roles to SELinux user USER
109/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
110"""
111
112min_login_user_default_context="""\
113cat > TEMPLATETYPE_u << _EOF
114TEMPLATETYPE_r:TEMPLATETYPE_t:s0	TEMPLATETYPE_r:TEMPLATETYPE_t
115system_r:crond_t		TEMPLATETYPE_r:TEMPLATETYPE_t
116system_r:initrc_su_t		TEMPLATETYPE_r:TEMPLATETYPE_t
117system_r:local_login_t		TEMPLATETYPE_r:TEMPLATETYPE_t
118system_r:remote_login_t		TEMPLATETYPE_r:TEMPLATETYPE_t
119system_r:sshd_t			TEMPLATETYPE_r:TEMPLATETYPE_t
120_EOF
121if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then
122   cp TEMPLATETYPE_u /etc/selinux/targeted/contexts/users/
123fi
124"""
125
126x_login_user_default_context="""\
127cat > TEMPLATETYPE_u << _EOF
128TEMPLATETYPE_r:TEMPLATETYPE_t	TEMPLATETYPE_r:TEMPLATETYPE_t
129system_r:crond_t		TEMPLATETYPE_r:TEMPLATETYPE_t
130system_r:initrc_su_t		TEMPLATETYPE_r:TEMPLATETYPE_t
131system_r:local_login_t		TEMPLATETYPE_r:TEMPLATETYPE_t
132system_r:remote_login_t		TEMPLATETYPE_r:TEMPLATETYPE_t
133system_r:sshd_t				TEMPLATETYPE_r:TEMPLATETYPE_t
134system_r:xdm_t				TEMPLATETYPE_r:TEMPLATETYPE_t
135_EOF
136if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then
137   cp TEMPLATETYPE_u /etc/selinux/targeted/contexts/users/
138fi
139"""
140