• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1## usersPage.py - show selinux mappings
2## Copyright (C) 2006,2007,2008 Red Hat, Inc.
3
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17
18## Author: Dan Walsh
19import string
20import gtk
21import gtk.glade
22import os
23import gobject
24import sys
25try:
26    from subprocess import getstatusoutput
27except ImportError:
28    from commands import getstatusoutput
29
30import seobject
31from semanagePage import *
32
33##
34## I18N
35##
36PROGNAME = "policycoreutils"
37try:
38    import gettext
39    kwargs = {}
40    if sys.version_info < (3,):
41        kwargs['unicode'] = True
42    gettext.install(PROGNAME,
43                    localedir="/usr/share/locale",
44                    codeset='utf-8',
45                    **kwargs)
46except:
47    try:
48        import builtins
49        builtins.__dict__['_'] = str
50    except ImportError:
51        import __builtin__
52        __builtin__.__dict__['_'] = unicode
53
54
55class usersPage(semanagePage):
56
57    def __init__(self, xml):
58        semanagePage.__init__(self, xml, "users", _("SELinux User"))
59
60        self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING)
61        self.view.set_model(self.store)
62        self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
63
64        col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text=0)
65        col.set_sort_column_id(0)
66        col.set_resizable(True)
67        self.view.append_column(col)
68
69        col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text=1)
70        col.set_resizable(True)
71        self.view.append_column(col)
72
73        col = gtk.TreeViewColumn(_("SELinux Roles"), gtk.CellRendererText(), text=2)
74        col.set_resizable(True)
75        self.view.append_column(col)
76
77        self.load()
78        self.selinuxUserEntry = xml.get_widget("selinuxUserEntry")
79        self.mlsRangeEntry = xml.get_widget("mlsRangeEntry")
80        self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry")
81
82    def load(self, filter=""):
83        self.filter = filter
84        self.user = seobject.seluserRecords()
85        dict = self.user.get_all()
86        self.store.clear()
87        for k in sorted(dict.keys()):
88            range = seobject.translate(dict[k][2])
89            if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter) or self.match(dict[k][3], filter)):
90                continue
91
92            iter = self.store.append()
93            self.store.set_value(iter, 0, k)
94            self.store.set_value(iter, 1, range)
95            self.store.set_value(iter, 2, dict[k][3])
96        self.view.get_selection().select_path((0,))
97
98    def delete(self):
99        if semanagePage.delete(self) == gtk.RESPONSE_NO:
100            return None
101
102    def dialogInit(self):
103        store, iter = self.view.get_selection().get_selected()
104        self.selinuxUserEntry.set_text(store.get_value(iter, 0))
105        self.selinuxUserEntry.set_sensitive(False)
106        self.mlsRangeEntry.set_text(store.get_value(iter, 1))
107        self.selinuxRolesEntry.set_text(store.get_value(iter, 2))
108
109    def dialogClear(self):
110        self.selinuxUserEntry.set_text("")
111        self.selinuxUserEntry.set_sensitive(True)
112        self.mlsRangeEntry.set_text("s0")
113        self.selinuxRolesEntry.set_text("")
114
115    def add(self):
116        user = self.selinuxUserEntry.get_text()
117        range = self.mlsRangeEntry.get_text()
118        roles = self.selinuxRolesEntry.get_text()
119
120        self.wait()
121        (rc, out) = getstatusoutput("semanage user -a -R '%s' -r %s %s" % (roles, range, user))
122        self.ready()
123        if rc != 0:
124            self.error(out)
125            return False
126        iter = self.store.append()
127        self.store.set_value(iter, 0, user)
128        self.store.set_value(iter, 1, range)
129        self.store.set_value(iter, 2, roles)
130
131    def modify(self):
132        user = self.selinuxUserEntry.get_text()
133        range = self.mlsRangeEntry.get_text()
134        roles = self.selinuxRolesEntry.get_text()
135
136        self.wait()
137        (rc, out) = getstatusoutput("semanage user -m -R '%s' -r %s %s" % (roles, range, user))
138        self.ready()
139
140        if rc != 0:
141            self.error(out)
142            return False
143        self.load(self.filter)
144
145    def delete(self):
146        store, iter = self.view.get_selection().get_selected()
147        try:
148            user = store.get_value(iter, 0)
149            if user == "root" or user == "user_u":
150                raise ValueError(_("SELinux user '%s' is required") % user)
151
152            self.wait()
153            (rc, out) = getstatusoutput("semanage user -d %s" % user)
154            self.ready()
155            if rc != 0:
156                self.error(out)
157                return False
158            store.remove(iter)
159            self.view.get_selection().select_path((0,))
160        except ValueError as e:
161            self.error(e.args[0])
162