1#!/usr/bin/python -Es 2# 3# Copyright (C) 2013 Red Hat 4# see file 'COPYING' for use and warranty information 5# 6# selinux gui is a tool for the examining and modifying SELinux policy 7# 8# This program is free software; you can redistribute it and/or 9# modify it under the terms of the GNU General Public License as 10# published by the Free Software Foundation; either version 2 of 11# the License, or (at your option) any later version. 12# 13# This program is distributed in the hope that it will be useful, 14# but WITHOUT ANY WARRANTY; without even the implied warranty of 15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16# GNU General Public License for more details. 17# 18# You should have received a copy of the GNU General Public License 19# along with this program; if not, write to the Free Software 20# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 21# 02111-1307 USA 22# 23# author: Ryan Hallisey rhallisey@redhat.com 24# author: Dan Walsh dwalsh@redhat.com 25# author: Miroslav Grepl mgrepl@redhat.com 26# 27# 28 29import gi 30gi.require_version('Gtk', '3.0') 31from gi.repository import Gtk 32from gi.repository import Gdk 33from gi.repository import GLib 34from sepolicy.sedbus import SELinuxDBus 35import sys 36import sepolicy 37import selinux 38from selinux import DISABLED, PERMISSIVE, ENFORCING 39import sepolicy.network 40import sepolicy.manpage 41import dbus 42import os 43import re 44import unicodedata 45 46PROGNAME = "policycoreutils" 47try: 48 import gettext 49 kwargs = {} 50 if sys.version_info < (3,): 51 kwargs['unicode'] = True 52 gettext.install(PROGNAME, 53 localedir="/usr/share/locale", 54 codeset='utf-8', 55 **kwargs) 56except: 57 try: 58 import builtins 59 builtins.__dict__['_'] = str 60 except ImportError: 61 import __builtin__ 62 __builtin__.__dict__['_'] = unicode 63 64reverse_file_type_str = {} 65for f in sepolicy.file_type_str: 66 reverse_file_type_str[sepolicy.file_type_str[f]] = f 67 68enabled = [_("No"), _("Yes")] 69action = [_("Disable"), _("Enable")] 70 71 72def cmp(a, b): 73 if a is None and b is None: 74 return 0 75 if a is None: 76 return -1 77 if b is None: 78 return 1 79 return (a > b) - (a < b) 80 81import distutils.sysconfig 82ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 83ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 84OUTBOUND_PAGE = 0 85INBOUND_PAGE = 1 86 87TRANSITIONS_FROM_PAGE = 0 88TRANSITIONS_TO_PAGE = 1 89TRANSITIONS_FILE_PAGE = 2 90 91EXE_PAGE = 0 92WRITABLE_PAGE = 1 93APP_PAGE = 2 94 95BOOLEANS_PAGE = 0 96FILES_PAGE = 1 97NETWORK_PAGE = 2 98TRANSITIONS_PAGE = 3 99LOGIN_PAGE = 4 100USER_PAGE = 5 101LOCKDOWN_PAGE = 6 102SYSTEM_PAGE = 7 103FILE_EQUIV_PAGE = 8 104START_PAGE = 9 105 106keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 107 108DISABLED_TEXT = _("""<small> 109To change from Disabled to Enforcing mode 110- Change the system mode from Disabled to Permissive 111- Reboot, so that the system can relabel 112- Once the system is working as planned 113 * Change the system mode to Enforcing</small> 114""") 115 116 117class SELinuxGui(): 118 119 def __init__(self, app=None, test=False): 120 self.finish_init = False 121 self.advanced_init = True 122 self.opage = START_PAGE 123 self.dbus = SELinuxDBus() 124 try: 125 customized = self.dbus.customized() 126 except dbus.exceptions.DBusException as e: 127 print(e) 128 self.quit() 129 130 self.init_cur() 131 self.application = app 132 self.filter_txt = "" 133 builder = Gtk.Builder() # BUILDER OBJ 134 self.code_path = distutils.sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" 135 glade_file = self.code_path + "sepolicy.glade" 136 builder.add_from_file(glade_file) 137 self.outer_notebook = builder.get_object("outer_notebook") 138 self.window = builder.get_object("SELinux_window") 139 self.main_selection_window = builder.get_object("Main_selection_menu") 140 self.main_advanced_label = builder.get_object("main_advanced_label") 141 self.popup = 0 142 self.applications_selection_button = builder.get_object("applications_selection_button") 143 self.revert_button = builder.get_object("Revert_button") 144 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 145 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 146 self.initialtype = selinux.selinux_getpolicytype()[1] 147 self.current_popup = None 148 self.import_export = None 149 self.clear_entry = True 150 self.files_add = False 151 self.network_add = False 152 153 self.all_domains = [] 154 self.installed_list = [] 155 self.previously_modified = {} 156 157 # file dialog 158 self.file_dialog = builder.get_object("add_path_dialog") 159 # Error check *************************************** 160 self.error_check_window = builder.get_object("error_check_window") 161 self.error_check_label = builder.get_object("error_check_label") 162 self.invalid_entry = False 163 # Advanced search window **************************** 164 self.advanced_search_window = builder.get_object("advanced_search_window") 165 self.advanced_search_filter = builder.get_object("advanced_filter") 166 self.advanced_search_filter.set_visible_func(self.filter_the_data) 167 self.advanced_search_sort = builder.get_object("advanced_sort") 168 169 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 170 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 171 self.advanced_search = False 172 173 # Login Items ************************************** 174 self.login_label = builder.get_object("Login_label") 175 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 176 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 177 self.login_name_entry = builder.get_object("login_name_entry") 178 self.login_mls_label = builder.get_object("login_mls_label") 179 self.login_mls_entry = builder.get_object("login_mls_entry") 180 self.login_radio_button = builder.get_object("Login_button") 181 self.login_treeview = builder.get_object("login_treeview") 182 self.login_liststore = builder.get_object("login_liststore") 183 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 184 self.login_filter = builder.get_object("login_filter") 185 self.login_filter.set_visible_func(self.filter_the_data) 186 self.login_popup_window = builder.get_object("login_popup_window") 187 self.login_delete_liststore = builder.get_object("login_delete_liststore") 188 self.login_delete_window = builder.get_object("login_delete_window") 189 190 # Users Items ************************************** 191 self.user_popup_window = builder.get_object("user_popup_window") 192 self.user_radio_button = builder.get_object("User_button") 193 self.user_liststore = builder.get_object("user_liststore") 194 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 195 self.user_filter = builder.get_object("user_filter") 196 self.user_filter.set_visible_func(self.filter_the_data) 197 self.user_treeview = builder.get_object("user_treeview") 198 self.user_roles_combobox = builder.get_object("user_roles_combobox") 199 self.user_roles_combolist = builder.get_object("user_roles_liststore") 200 self.user_label = builder.get_object("User_label") 201 self.user_name_entry = builder.get_object("user_name_entry") 202 self.user_mls_label = builder.get_object("user_mls_label") 203 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 204 self.user_mls_entry = builder.get_object("user_mls_entry") 205 self.user_combobox = builder.get_object("selinux_user_combobox") 206 self.user_delete_liststore = builder.get_object("user_delete_liststore") 207 self.user_delete_window = builder.get_object("user_delete_window") 208 209 # File Equiv Items ************************************** 210 self.file_equiv_label = builder.get_object("file_equiv_label") 211 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 212 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 213 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 214 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 215 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 216 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 217 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 218 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 219 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 220 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 221 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 222 223 # System Items ************************************** 224 self.app_system_button = builder.get_object("app_system_button") 225 self.system_radio_button = builder.get_object("System_button") 226 self.lockdown_radio_button = builder.get_object("Lockdown_button") 227 self.systems_box = builder.get_object("Systems_box") 228 self.relabel_button = builder.get_object("Relabel_button") 229 self.relabel_button_no = builder.get_object("Relabel_button_no") 230 self.advanced_system = builder.get_object("advanced_system") 231 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 232 self.system_policy_label = builder.get_object("system_policy_type_label") 233 # Browse Items ************************************** 234 self.select_button_browse = builder.get_object("select_button_browse") 235 self.cancel_button_browse = builder.get_object("cancel_button_browse") 236 # More types window items *************************** 237 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 238 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 239 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 240 # System policy type ******************************** 241 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 242 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 243 self.policy_list = [] 244 if self.populate_system_policy() < 2: 245 self.advanced_system.set_visible(False) 246 self.system_policy_label.set_visible(False) 247 self.system_policy_type_combobox.set_visible(False) 248 249 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 250 self.permissive_button_default = builder.get_object("Permissive_button_default") 251 self.disabled_button_default = builder.get_object("Disabled_button_default") 252 self.initialize_system_default_mode() 253 254 # Lockdown Window ********************************* 255 self.enable_unconfined_button = builder.get_object("enable_unconfined") 256 self.disable_unconfined_button = builder.get_object("disable_unconfined") 257 self.enable_permissive_button = builder.get_object("enable_permissive") 258 self.disable_permissive_button = builder.get_object("disable_permissive") 259 self.enable_ptrace_button = builder.get_object("enable_ptrace") 260 self.disable_ptrace_button = builder.get_object("disable_ptrace") 261 262 # Help Window ********************************* 263 self.help_window = builder.get_object("help_window") 264 self.help_text = builder.get_object("help_textv") 265 self.info_text = builder.get_object("info_text") 266 self.help_image = builder.get_object("help_image") 267 self.forward_button = builder.get_object("forward_button") 268 self.back_button = builder.get_object("back_button") 269 # Update menu items ********************************* 270 self.update_window = builder.get_object("update_window") 271 self.update_treeview = builder.get_object("update_treeview") 272 self.update_treestore = builder.get_object("Update_treestore") 273 self.apply_button = builder.get_object("apply_button") 274 self.update_button = builder.get_object("Update_button") 275 # Add button objects ******************************** 276 self.add_button = builder.get_object("Add_button") 277 self.delete_button = builder.get_object("Delete_button") 278 279 self.files_path_entry = builder.get_object("files_path_entry") 280 self.network_ports_entry = builder.get_object("network_ports_entry") 281 self.files_popup_window = builder.get_object("files_popup_window") 282 self.network_popup_window = builder.get_object("network_popup_window") 283 284 self.popup_network_label = builder.get_object("Network_label") 285 self.popup_files_label = builder.get_object("files_label") 286 287 self.recursive_path_toggle = builder.get_object("make_path_recursive") 288 self.files_type_combolist = builder.get_object("files_type_combo_store") 289 self.files_class_combolist = builder.get_object("files_class_combo_store") 290 self.files_type_combobox = builder.get_object("files_type_combobox") 291 self.files_class_combobox = builder.get_object("files_class_combobox") 292 self.files_mls_label = builder.get_object("files_mls_label") 293 self.files_mls_entry = builder.get_object("files_mls_entry") 294 self.advanced_text_files = builder.get_object("Advanced_text_files") 295 self.files_cancel_button = builder.get_object("cancel_delete_files") 296 297 self.network_tcp_button = builder.get_object("tcp_button") 298 self.network_udp_button = builder.get_object("udp_button") 299 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 300 self.network_port_type_combobox = builder.get_object("network_type_combobox") 301 self.network_mls_label = builder.get_object("network_mls_label") 302 self.network_mls_entry = builder.get_object("network_mls_entry") 303 self.advanced_text_network = builder.get_object("Advanced_text_network") 304 self.network_cancel_button = builder.get_object("cancel_network_delete") 305 306 # Add button objects ******************************** 307 308 # Modify items ************************************** 309 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 310 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 311 self.warning_files = builder.get_object("warning_files") 312 self.modify_button = builder.get_object("Modify_button") 313 self.modify_button.set_sensitive(False) 314 # Modify items ************************************** 315 316 # Fix label ***************************************** 317 self.fix_label_window = builder.get_object("fix_label_window") 318 self.fixlabel_label = builder.get_object("fixlabel_label") 319 self.fix_label_cancel = builder.get_object("fix_label_cancel") 320 # Fix label ***************************************** 321 322 # Delete items ************************************** 323 self.files_delete_window = builder.get_object("files_delete_window") 324 self.files_delete_treeview = builder.get_object("files_delete_treeview") 325 self.files_delete_liststore = builder.get_object("files_delete_liststore") 326 self.network_delete_window = builder.get_object("network_delete_window") 327 self.network_delete_treeview = builder.get_object("network_delete_treeview") 328 self.network_delete_liststore = builder.get_object("network_delete_liststore") 329 # Delete items ************************************** 330 331 # Progress bar ************************************** 332 self.progress_bar = builder.get_object("progress_bar") 333 # Progress bar ************************************** 334 335 # executable_files items **************************** 336 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 337 self.executable_files_filter = builder.get_object("executable_files_filter") 338 self.executable_files_filter.set_visible_func(self.filter_the_data) 339 self.executable_files_tab = builder.get_object("Executable_files_tab") 340 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 341 self.executable_files_liststore = builder.get_object("executable_files_treestore") 342 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 343 344 self.files_radio_button = builder.get_object("files_button") 345 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 346 # executable_files items **************************** 347 348 # writable files items ****************************** 349 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 350 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 351 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 352 self.writable_files_filter = builder.get_object("writable_files_filter") 353 self.writable_files_filter.set_visible_func(self.filter_the_data) 354 self.writable_files_tab = builder.get_object("Writable_files_tab") 355 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 356 # writable files items ****************************** 357 358 # Application File Types **************************** 359 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 360 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 361 self.application_files_filter.set_visible_func(self.filter_the_data) 362 self.application_files_tab = builder.get_object("Application_files_tab") 363 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 364 self.application_files_liststore = builder.get_object("application_files_treestore") 365 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 366 self.application_files_tab = builder.get_object("Application_files_tab") 367 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 368 # Application File Type ***************************** 369 370 # network items ************************************* 371 self.network_radio_button = builder.get_object("network_button") 372 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 373 374 self.network_out_treeview = builder.get_object("outbound_treeview") 375 self.network_out_liststore = builder.get_object("network_out_liststore") 376 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 377 self.network_out_filter = builder.get_object("network_out_filter") 378 self.network_out_filter.set_visible_func(self.filter_the_data) 379 self.network_out_tab = builder.get_object("network_out_tab") 380 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 381 382 self.network_in_treeview = builder.get_object("inbound_treeview") 383 self.network_in_liststore = builder.get_object("network_in_liststore") 384 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 385 self.network_in_filter = builder.get_object("network_in_filter") 386 self.network_in_filter.set_visible_func(self.filter_the_data) 387 self.network_in_tab = builder.get_object("network_in_tab") 388 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 389 # network items ************************************* 390 391 # boolean items ************************************ 392 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 393 self.boolean_liststore = builder.get_object("boolean_liststore") 394 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 395 self.boolean_filter = builder.get_object("boolean_filter") 396 self.boolean_filter.set_visible_func(self.filter_the_data) 397 398 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 399 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 400 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 401 self.boolean_radio_button = builder.get_object("Booleans_button") 402 self.active_button = self.boolean_radio_button 403 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 404 # boolean items ************************************ 405 406 # transitions items ************************************ 407 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 408 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 409 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 410 self.transitions_into_filter = builder.get_object("transitions_into_filter") 411 self.transitions_into_filter.set_visible_func(self.filter_the_data) 412 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 413 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 414 415 self.transitions_radio_button = builder.get_object("Transitions_button") 416 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 417 418 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 419 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 420 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 421 self.transitions_from_filter = builder.get_object("transitions_from_filter") 422 self.transitions_from_filter.set_visible_func(self.filter_the_data) 423 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 424 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 425 426 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 427 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 428 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 429 self.transitions_file_filter = builder.get_object("file_transitions_filter") 430 self.transitions_file_filter.set_visible_func(self.filter_the_data) 431 self.transitions_file_tab = builder.get_object("file_transitions") 432 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 433 # transitions items ************************************ 434 435 # Combobox and Entry items ************************** 436 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 437 self.application_liststore = builder.get_object("application_liststore") 438 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 439 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 440 #self.entrycompletion_obj = Gtk.EntryCompletion() 441 self.entrycompletion_obj.set_minimum_key_length(0) 442 self.entrycompletion_obj.set_text_column(0) 443 self.entrycompletion_obj.set_match_func(self.match_func, None) 444 self.completion_entry.set_completion(self.entrycompletion_obj) 445 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 446 # Combobox and Entry items ************************** 447 448 # Modify buttons ************************************ 449 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 450 # Modify button ************************************* 451 452 # status bar ***************************************** 453 self.current_status_label = builder.get_object("Enforcing_label") 454 self.current_status_enforcing = builder.get_object("Enforcing_button") 455 self.current_status_permissive = builder.get_object("Permissive_button") 456 self.status_bar = builder.get_object("status_bar") 457 self.context_id = self.status_bar.get_context_id("SELinux status") 458 459 # filters ********************************************* 460 self.filter_entry = builder.get_object("filter_entry") 461 self.filter_box = builder.get_object("filter_box") 462 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 463 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 464 465 # Toggle button **************************************** 466 self.cell = builder.get_object("activate") 467 self.del_cell_files = builder.get_object("files_toggle_delete") 468 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 469 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 470 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 471 self.del_cell_user = builder.get_object("user_toggle_delete") 472 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 473 self.del_cell_login = builder.get_object("login_toggle_delete") 474 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 475 self.del_cell_network = builder.get_object("network_toggle_delete") 476 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 477 self.update_cell = builder.get_object("toggle_update") 478 # Notebook items *************************************** 479 self.outer_notebook = builder.get_object("outer_notebook") 480 self.inner_notebook_files = builder.get_object("files_inner_notebook") 481 self.inner_notebook_network = builder.get_object("network_inner_notebook") 482 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 483 # logind gui *************************************** 484 loading_gui = builder.get_object("loading_gui") 485 486 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 487 self.all_entries = [] 488 489 # Need to connect button on code because the tree view model is a treeviewsort 490 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 491 492 self.loading = 1 493 path = None 494 if test: 495 self.all_domains = ["httpd_t", "abrt_t"] 496 if app and app not in self.all_domains: 497 self.all_domains.append(app) 498 else: 499 self.all_domains = sepolicy.get_all_domains() 500 self.all_domains.sort(key=str.lower) 501 502 if app and app not in self.all_domains: 503 self.error(_("%s is not a valid domain" % app)) 504 self.quit() 505 506 loading_gui.show() 507 length = len(self.all_domains) 508 509 entrypoint_dict = sepolicy.get_init_entrypoints_str() 510 for domain in self.all_domains: 511 # After the user selects a path in the drop down menu call 512 # get_init_entrypoint_target(entrypoint) to get the transtype 513 # which will give you the application 514 self.combo_box_add(domain, domain) 515 self.percentage = float(float(self.loading) / float(length)) 516 self.progress_bar.set_fraction(self.percentage) 517 self.progress_bar.set_pulse_step(self.percentage) 518 self.idle_func() 519 520 for entrypoint in entrypoint_dict.get(domain, []): 521 path = sepolicy.find_entrypoint_path(entrypoint) 522 if path: 523 self.combo_box_add(path, domain) 524 self.installed_list.append(path) 525 526 self.loading += 1 527 loading_gui.hide() 528 self.entrycompletion_obj.set_model(self.application_liststore) 529 self.advanced_search_treeview.set_model(self.advanced_search_sort) 530 531 dic = { 532 "on_combo_button_clicked": self.open_combo_menu, 533 "on_disable_ptrace_toggled": self.on_disable_ptrace, 534 "on_SELinux_window_configure_event": self.hide_combo_menu, 535 "on_entrycompletion_obj_match_selected": self.set_application_label, 536 "on_filter_changed": self.get_filter_data, 537 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 538 "on_save_changes_login_clicked": self.update_to_login, 539 "on_save_changes_user_clicked": self.update_to_user, 540 "on_save_changes_files_clicked": self.update_to_files, 541 "on_save_changes_network_clicked": self.update_to_network, 542 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 543 "item_in_tree_selected": self.cursor_changed, 544 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 545 "on_save_delete_clicked": self.on_save_delete_clicked, 546 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 547 "on_retry_button_files_clicked": self.invalid_entry_retry, 548 "on_make_path_recursive_toggled": self.recursive_path, 549 "on_files_path_entry_button_press_event": self.highlight_entry_text, 550 "on_files_path_entry_changed": self.autofill_add_files_entry, 551 "on_select_type_files_clicked": self.select_type_more, 552 "on_choose_file": self.on_browse_select, 553 "on_Enforcing_button_toggled": self.set_enforce, 554 "on_confirmation_close": self.confirmation_close, 555 "on_column_clicked": self.column_clicked, 556 "on_tab_switch": self.clear_filters, 557 558 "on_file_equiv_button_clicked": self.show_file_equiv_page, 559 "on_app/system_button_clicked": self.system_interface, 560 "on_app/users_button_clicked": self.users_interface, 561 "on_show_advanced_search_window": self.on_show_advanced_search_window, 562 563 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 564 "on_Browse_button_files_clicked": self.browse_for_files, 565 "on_cancel_popup_clicked": self.close_popup, 566 "on_treeview_cursor_changed": self.cursor_changed, 567 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 568 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 569 570 "on_cancel_button_browse_clicked": self.close_config_window, 571 "on_apply_button_clicked": self.apply_changes_button_press, 572 "on_Revert_button_clicked": self.update_or_revert_changes, 573 "on_Update_button_clicked": self.update_or_revert_changes, 574 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 575 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 576 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 577 "on_info_button_button_press_event": self.on_help_button, 578 "on_back_button_clicked": self.on_help_back_clicked, 579 "on_forward_button_clicked": self.on_help_forward_clicked, 580 "on_Boolean_treeview_columns_changed": self.resize_columns, 581 "on_completion_entry_changed": self.application_selected, 582 "on_Add_button_clicked": self.add_button_clicked, 583 "on_Delete_button_clicked": self.delete_button_clicked, 584 "on_Modify_button_clicked": self.modify_button_clicked, 585 "on_Show_modified_only_toggled": self.on_show_modified_only, 586 "on_cancel_button_config_clicked": self.close_config_window, 587 "on_Import_button_clicked": self.import_config_show, 588 "on_Export_button_clicked": self.export_config_show, 589 "on_enable_unconfined_toggled": self.unconfined_toggle, 590 "on_enable_permissive_toggled": self.permissive_toggle, 591 "on_system_policy_type_combobox_changed": self.change_default_policy, 592 "on_Enforcing_button_default_toggled": self.change_default_mode, 593 "on_Permissive_button_default_toggled": self.change_default_mode, 594 "on_Disabled_button_default_toggled": self.change_default_mode, 595 596 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 597 "on_advanced_system_button_press_event": self.reveal_advanced_system, 598 "on_files_type_combobox_changed": self.show_more_types, 599 "on_filter_row_changed": self.filter_the_data, 600 "on_button_toggled": self.tab_change, 601 "gtk_main_quit": self.closewindow 602 } 603 604 self.previously_modified_initialize(customized) 605 builder.connect_signals(dic) 606 self.window.show() # Show the gui to the screen 607 GLib.timeout_add_seconds(5, self.selinux_status) 608 self.selinux_status() 609 self.lockdown_inited = False 610 self.add_modify_delete_box.hide() 611 self.filter_box.hide() 612 if self.status == DISABLED: 613 self.show_system_page() 614 else: 615 if self.application: 616 self.applications_selection_button.set_label(self.application) 617 self.completion_entry.set_text(self.application) 618 self.show_applications_page() 619 self.tab_change() 620 else: 621 self.clearbuttons() 622 self.outer_notebook.set_current_page(START_PAGE) 623 624 self.reinit() 625 self.finish_init = True 626 Gtk.main() 627 628 def init_cur(self): 629 self.cur_dict = {} 630 for k in keys: 631 self.cur_dict[k] = {} 632 633 def remove_cur(self, ctr): 634 i = 0 635 for k in self.cur_dict: 636 for j in self.cur_dict[k]: 637 if i == ctr: 638 del(self.cur_dict[k][j]) 639 return 640 i += 1 641 642 def selinux_status(self): 643 try: 644 self.status = selinux.security_getenforce() 645 except OSError: 646 self.status = DISABLED 647 if self.status == DISABLED: 648 self.current_status_label.set_sensitive(False) 649 self.current_status_enforcing.set_sensitive(False) 650 self.current_status_permissive.set_sensitive(False) 651 self.enforcing_button_default.set_sensitive(False) 652 self.status_bar.push(self.context_id, _("System Status: Disabled")) 653 self.info_text.set_label(DISABLED_TEXT) 654 else: 655 self.set_enforce_text(self.status) 656 if os.path.exists('/.autorelabel'): 657 self.relabel_button.set_active(True) 658 else: 659 self.relabel_button_no.set_active(True) 660 661 policytype = selinux.selinux_getpolicytype()[1] 662 663 mode = selinux.selinux_getenforcemode()[1] 664 if mode == ENFORCING: 665 self.enforcing_button_default.set_active(True) 666 if mode == PERMISSIVE: 667 self.permissive_button_default.set_active(True) 668 if mode == DISABLED: 669 self.disabled_button_default.set_active(True) 670 671 return True 672 673 def lockdown_init(self): 674 if self.lockdown_inited: 675 return 676 self.wait_mouse() 677 self.lockdown_inited = True 678 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 679 self.module_dict = {} 680 for m in self.dbus.semodule_list().split("\n"): 681 mod = m.split() 682 if len(mod) < 3: 683 continue 684 self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } 685 686 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 687 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 688 self.ready_mouse() 689 690 def column_clicked(self, treeview, treepath, treecol, *args): 691 iter = self.get_selected_iter() 692 if not iter: 693 return 694 695 if self.opage == BOOLEANS_PAGE: 696 if treecol.get_name() == "more_detail_col": 697 self.display_more_detail(self.window, treepath) 698 699 if self.opage == FILES_PAGE: 700 visible = self.liststore.get_value(iter, 3) 701 # If visible is true then fix mislabeled will be visible 702 if treecol.get_name() == "restorecon_col" and visible: 703 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 704 705 if self.opage == TRANSITIONS_PAGE: 706 bool_name = self.liststore.get_value(iter, 1) 707 if bool_name: 708 self.boolean_radio_button.clicked() 709 self.filter_entry.set_text(bool_name) 710 711 def idle_func(self): 712 while Gtk.events_pending(): 713 Gtk.main_iteration() 714 715 def match_func(self, completion, key_string, iter, func_data): 716 try: 717 if self.application_liststore.get_value(iter, 0).find(key_string) != -1: 718 return True 719 return False 720 except AttributeError: 721 pass 722 723 def help_show_page(self): 724 self.back_button.set_sensitive(self.help_page != 0) 725 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 726 try: 727 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 728 buf = fd.read() 729 fd.close() 730 except IOError: 731 buf = "" 732 help_text = self.help_text.get_buffer() 733 help_text.set_text(buf % {"APP": self.application}) 734 self.help_text.set_buffer(help_text) 735 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 736 self.show_popup(self.help_window) 737 738 def on_help_back_clicked(self, *args): 739 self.help_page -= 1 740 self.help_show_page() 741 742 def on_help_forward_clicked(self, *args): 743 self.help_page += 1 744 self.help_show_page() 745 746 def on_help_button(self, *args): 747 self.help_page = 0 748 self.help_list = [] 749 if self.opage == START_PAGE: 750 self.help_window.set_title(_("Help: Start Page")) 751 self.help_list = ["start"] 752 753 if self.opage == BOOLEANS_PAGE: 754 self.help_window.set_title(_("Help: Booleans Page")) 755 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 756 757 if self.opage == FILES_PAGE: 758 ipage = self.inner_notebook_files.get_current_page() 759 if ipage == EXE_PAGE: 760 self.help_window.set_title(_("Help: Executable Files Page")) 761 self.help_list = ["files_exec"] 762 if ipage == WRITABLE_PAGE: 763 self.help_window.set_title(_("Help: Writable Files Page")) 764 self.help_list = ["files_write"] 765 if ipage == APP_PAGE: 766 self.help_window.set_title(_("Help: Application Types Page")) 767 self.help_list = ["files_app"] 768 if self.opage == NETWORK_PAGE: 769 ipage = self.inner_notebook_network.get_current_page() 770 if ipage == OUTBOUND_PAGE: 771 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 772 self.help_list = ["ports_outbound"] 773 if ipage == INBOUND_PAGE: 774 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 775 self.help_list = ["ports_inbound"] 776 777 if self.opage == TRANSITIONS_PAGE: 778 ipage = self.inner_notebook_transitions.get_current_page() 779 if ipage == TRANSITIONS_FROM_PAGE: 780 self.help_window.set_title(_("Help: Transition from application Page")) 781 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 782 if ipage == TRANSITIONS_TO_PAGE: 783 self.help_window.set_title(_("Help: Transition into application Page")) 784 self.help_list = ["transition_to"] 785 if ipage == TRANSITIONS_FILE_PAGE: 786 self.help_window.set_title(_("Help: Transition application file Page")) 787 self.help_list = ["transition_file"] 788 789 if self.opage == SYSTEM_PAGE: 790 self.help_window.set_title(_("Help: Systems Page")) 791 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 792 793 if self.opage == LOCKDOWN_PAGE: 794 self.help_window.set_title(_("Help: Lockdown Page")) 795 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 796 797 if self.opage == LOGIN_PAGE: 798 self.help_window.set_title(_("Help: Login Page")) 799 self.help_list = ["login", "login_default"] 800 801 if self.opage == USER_PAGE: 802 self.help_window.set_title(_("Help: SELinux User Page")) 803 self.help_list = ["users"] 804 805 if self.opage == FILE_EQUIV_PAGE: 806 self.help_window.set_title(_("Help: File Equivalence Page")) 807 self.help_list = ["file_equiv"] 808 return self.help_show_page() 809 810 def open_combo_menu(self, *args): 811 if self.popup == 0: 812 self.popup = 1 813 location = self.window.get_position() 814 self.main_selection_window.move(location[0] + 2, location[1] + 65) 815 self.main_selection_window.show() 816 else: 817 self.main_selection_window.hide() 818 self.popup = 0 819 820 def hide_combo_menu(self, *args): 821 self.main_selection_window.hide() 822 self.popup = 0 823 824 def set_application_label(self, *args): 825 self.set_application_label = True 826 827 def resize_wrap(self, *args): 828 print(args) 829 830 def initialize_system_default_mode(self): 831 self.enforce_mode = selinux.selinux_getenforcemode()[1] 832 if self.enforce_mode == ENFORCING: 833 self.enforce_button = self.enforcing_button_default 834 if self.enforce_mode == PERMISSIVE: 835 self.enforce_button = self.permissive_button_default 836 if self.enforce_mode == DISABLED: 837 self.enforce_button = self.disabled_button_default 838 839 def populate_system_policy(self): 840 types = next(os.walk(selinux.selinux_path(), topdown=True))[1] 841 types.sort() 842 ctr = 0 843 for item in types: 844 iter = self.system_policy_type_liststore.append() 845 self.system_policy_type_liststore.set_value(iter, 0, item) 846 if item == self.initialtype: 847 self.system_policy_type_combobox.set_active(ctr) 848 self.typeHistory = ctr 849 ctr += 1 850 return ctr 851 852 def filter_the_data(self, list, iter, *args): 853 # When there is no txt in the box show all items in the tree 854 if self.filter_txt == "": 855 return True 856 try: 857 for x in range(0, list.get_n_columns()): 858 try: 859 val = list.get_value(iter, x) 860 if val is True or val is False or val is None: 861 continue 862 # Returns true if filter_txt exists within the val 863 if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): 864 return True 865 except (AttributeError, TypeError): 866 pass 867 except: # ValueError: 868 pass 869 return False 870 871 def net_update(self, app, netd, protocol, direction, model): 872 for k in netd.keys(): 873 for t, ports in netd[k]: 874 pkey = (",".join(ports), protocol) 875 if pkey in self.cur_dict["port"]: 876 if self.cur_dict["port"][pkey]["action"] == "-d": 877 continue 878 if t != self.cur_dict["port"][pkey]["type"]: 879 continue 880 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 881 882 def file_equiv_initialize(self): 883 self.wait_mouse() 884 edict = sepolicy.get_file_equiv() 885 self.file_equiv_liststore.clear() 886 for f in edict: 887 iter = self.file_equiv_liststore.append() 888 if edict[f]["modify"]: 889 name = self.markup(f) 890 equiv = self.markup(edict[f]["equiv"]) 891 else: 892 name = f 893 equiv = edict[f]["equiv"] 894 895 self.file_equiv_liststore.set_value(iter, 0, name) 896 self.file_equiv_liststore.set_value(iter, 1, equiv) 897 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 898 self.ready_mouse() 899 900 def user_initialize(self): 901 self.wait_mouse() 902 self.user_liststore.clear() 903 for u in sepolicy.get_selinux_users(): 904 iter = self.user_liststore.append() 905 self.user_liststore.set_value(iter, 0, str(u["name"])) 906 roles = u["roles"] 907 if "object_r" in roles: 908 roles.remove("object_r") 909 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 910 self.user_liststore.set_value(iter, 2, u["level"]) 911 self.user_liststore.set_value(iter, 3, u["range"]) 912 self.user_liststore.set_value(iter, 4, True) 913 self.ready_mouse() 914 915 def login_initialize(self): 916 self.wait_mouse() 917 self.login_liststore.clear() 918 for u in sepolicy.get_login_mappings(): 919 iter = self.login_liststore.append() 920 self.login_liststore.set_value(iter, 0, u["name"]) 921 self.login_liststore.set_value(iter, 1, u["seuser"]) 922 self.login_liststore.set_value(iter, 2, u["mls"]) 923 self.login_liststore.set_value(iter, 3, True) 924 self.ready_mouse() 925 926 def network_initialize(self, app): 927 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True) 928 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 929 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind", check_bools=True) 930 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 931 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind", check_bools=True) 932 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 933 934 def network_initial_data_insert(self, model, ports, portType, protocol): 935 iter = model.append() 936 model.set_value(iter, 0, ports) 937 model.set_value(iter, 1, protocol) 938 model.set_value(iter, 2, portType) 939 model.set_value(iter, 4, True) 940 941 def combo_set_active_text(self, combobox, val): 942 ctr = 0 943 liststore = combobox.get_model() 944 for i in liststore: 945 if i[0] == val: 946 combobox.set_active(ctr) 947 return 948 ctr += 1 949 950 niter = liststore.get_iter(ctr - 1) 951 if liststore.get_value(niter, 0) == _("More..."): 952 iter = liststore.insert_before(niter) 953 ctr = ctr - 1 954 else: 955 iter = liststore.append() 956 liststore.set_value(iter, 0, val) 957 combobox.set_active(ctr) 958 959 def combo_get_active_text(self, combobox): 960 liststore = combobox.get_model() 961 index = combobox.get_active() 962 if index < 0: 963 return None 964 iter = liststore.get_iter(index) 965 return liststore.get_value(iter, 0) 966 967 def combo_box_add(self, val, val1): 968 if val is None: 969 return 970 iter = self.application_liststore.append() 971 self.application_liststore.set_value(iter, 0, val) 972 self.application_liststore.set_value(iter, 1, val1) 973 974 def select_type_more(self, *args): 975 app = self.moreTypes_treeview.get_selection() 976 iter = app.get_selected()[1] 977 if iter is None: 978 return 979 app = self.more_types_files_liststore.get_value(iter, 0) 980 self.combo_set_active_text(self.files_type_combobox, app) 981 self.closewindow(self.moreTypes_window_files) 982 983 def advanced_item_button_push(self, *args): 984 row = self.advanced_search_treeview.get_selection() 985 model, iter = row.get_selected() 986 iter = model.convert_iter_to_child_iter(iter) 987 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 988 app = self.application_liststore.get_value(iter, 1) 989 if app is None: 990 return 991 self.advanced_filter_entry.set_text('') 992 self.advanced_search_window.hide() 993 self.reveal_advanced(self.main_advanced_label) 994 self.completion_entry.set_text(app) 995 996 def advanced_item_selected(self, treeview, path, *args): 997 iter = self.advanced_search_filter.get_iter(path) 998 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 999 app = self.application_liststore.get_value(iter, 1) 1000 self.advanced_filter_entry.set_text('') 1001 self.advanced_search_window.hide() 1002 self.reveal_advanced(self.main_advanced_label) 1003 self.completion_entry.set_text(app) 1004 self.application_selected() 1005 1006 def find_application(self, app): 1007 if app and len(app) > 0: 1008 for items in self.application_liststore: 1009 if app == items[0]: 1010 return True 1011 return False 1012 1013 def application_selected(self, *args): 1014 self.show_mislabeled_files_only.set_visible(False) 1015 self.mislabeled_files_label.set_visible(False) 1016 self.warning_files.set_visible(False) 1017 self.filter_entry.set_text('') 1018 1019 app = self.completion_entry.get_text() 1020 if not self.find_application(app): 1021 return 1022 self.show_applications_page() 1023 self.add_button.set_sensitive(True) 1024 self.delete_button.set_sensitive(True) 1025 # Clear the tree to prepare for a new selection otherwise 1026 self.executable_files_liststore.clear() 1027 # data will pile up everytime the user selects a new item from the drop down menu 1028 self.network_in_liststore.clear() 1029 self.network_out_liststore.clear() 1030 self.boolean_liststore.clear() 1031 self.transitions_into_liststore.clear() 1032 self.transitions_from_treestore.clear() 1033 self.application_files_liststore.clear() 1034 self.writable_files_liststore.clear() 1035 self.transitions_file_liststore.clear() 1036 1037 try: 1038 if app[0] == '/': 1039 app = sepolicy.get_init_transtype(app) 1040 if not app: 1041 return 1042 self.application = app 1043 except IndexError: 1044 pass 1045 1046 self.wait_mouse() 1047 self.previously_modified_initialize(self.dbus.customized()) 1048 self.reinit() 1049 self.boolean_initialize(app) 1050 self.mislabeled_files = False 1051 self.executable_files_initialize(app) 1052 self.network_initialize(app) 1053 self.writable_files_initialize(app) 1054 self.transitions_into_initialize(app) 1055 self.transitions_from_initialize(app) 1056 self.application_files_initialize(app) 1057 self.transitions_files_initialize(app) 1058 1059 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) 1060 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) 1061 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) 1062 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) 1063 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) 1064 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) 1065 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) 1066 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) 1067 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) 1068 self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) 1069 self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) 1070 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) 1071 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) 1072 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app)) 1073 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) 1074 1075 self.application = app 1076 self.applications_selection_button.set_label(self.application) 1077 self.ready_mouse() 1078 1079 def reinit(self): 1080 sepolicy.reinit() 1081 self.fcdict = sepolicy.get_fcdict() 1082 self.local_file_paths = sepolicy.get_local_file_paths() 1083 1084 def previously_modified_initialize(self, buf): 1085 self.cust_dict = {} 1086 for i in buf.split("\n"): 1087 rec = i.split() 1088 if len(rec) == 0: 1089 continue 1090 if rec[1] == "-D": 1091 continue 1092 if rec[0] not in self.cust_dict: 1093 self.cust_dict[rec[0]] = {} 1094 if rec[0] == "boolean": 1095 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1096 if rec[0] == "login": 1097 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1098 if rec[0] == "interface": 1099 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1100 if rec[0] == "user": 1101 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1102 if rec[0] == "port": 1103 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1104 if rec[0] == "node": 1105 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1106 if rec[0] == "fcontext": 1107 if rec[2] == "-e": 1108 if "fcontext-equiv" not in self.cust_dict: 1109 self.cust_dict["fcontext-equiv"] = {} 1110 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1111 else: 1112 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1113 if rec[0] == "module": 1114 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1115 1116 if "module" not in self.cust_dict: 1117 return 1118 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1119 if semodule in self.cust_dict["module"]: 1120 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1121 1122 for i in keys: 1123 if i not in self.cust_dict: 1124 self.cust_dict.update({i: {}}) 1125 1126 def executable_files_initialize(self, application): 1127 self.entrypoints = sepolicy.get_entrypoints(application) 1128 for exe in self.entrypoints.keys(): 1129 if len(self.entrypoints[exe]) == 0: 1130 continue 1131 file_class = self.entrypoints[exe][1] 1132 for path in self.entrypoints[exe][0]: 1133 if (path, file_class) in self.cur_dict["fcontext"]: 1134 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1135 continue 1136 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1137 continue 1138 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1139 1140 def mislabeled(self, path): 1141 try: 1142 con = selinux.matchpathcon(path, 0)[1] 1143 cur = selinux.getfilecon(path)[1] 1144 return con != cur 1145 except OSError: 1146 return False 1147 1148 def set_mislabeled(self, tree, path, iter, niter): 1149 if not self.mislabeled(path): 1150 return 1151 con = selinux.matchpathcon(path, 0)[1] 1152 cur = selinux.getfilecon(path)[1] 1153 self.mislabeled_files = True 1154 # Set visibility of label 1155 tree.set_value(niter, 3, True) 1156 # Has a mislabel 1157 tree.set_value(iter, 4, True) 1158 tree.set_value(niter, 4, True) 1159 tree.set_value(iter, 5, con.split(":")[2]) 1160 tree.set_value(iter, 6, cur.split(":")[2]) 1161 1162 def writable_files_initialize(self, application): 1163 # Traversing the dictionary data struct 1164 self.writable_files = sepolicy.get_writable_files(application) 1165 for write in self.writable_files.keys(): 1166 if len(self.writable_files[write]) < 2: 1167 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1168 continue 1169 file_class = self.writable_files[write][1] 1170 for path in self.writable_files[write][0]: 1171 if (path, file_class) in self.cur_dict["fcontext"]: 1172 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1173 continue 1174 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1175 continue 1176 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1177 1178 def files_initial_data_insert(self, liststore, path, seLinux_label, file_class): 1179 iter = liststore.append(None) 1180 if path is None: 1181 path = _("MISSING FILE PATH") 1182 modify = False 1183 else: 1184 modify = (path, file_class) in self.local_file_paths 1185 for p in sepolicy.find_file(path): 1186 niter = liststore.append(iter) 1187 liststore.set_value(niter, 0, p) 1188 self.set_mislabeled(liststore, p, iter, niter) 1189 if modify: 1190 path = self.markup(path) 1191 file_class = self.markup(selinux_label) 1192 file_class = self.markup(file_class) 1193 liststore.set_value(iter, 0, path) 1194 liststore.set_value(iter, 1, seLinux_label) 1195 liststore.set_value(iter, 2, file_class) 1196 liststore.set_value(iter, 7, modify) 1197 1198 def markup(self, f): 1199 return "<b>%s</b>" % f 1200 1201 def unmarkup(self, f): 1202 if f: 1203 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1204 return None 1205 1206 def application_files_initialize(self, application): 1207 self.file_types = sepolicy.get_file_types(application) 1208 for app in self.file_types.keys(): 1209 if len(self.file_types[app]) == 0: 1210 continue 1211 file_class = self.file_types[app][1] 1212 for path in self.file_types[app][0]: 1213 desc = sepolicy.get_description(app, markup=self.markup) 1214 if (path, file_class) in self.cur_dict["fcontext"]: 1215 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1216 continue 1217 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1218 continue 1219 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1220 1221 def modified(self): 1222 i = 0 1223 for k in self.cur_dict: 1224 if len(self.cur_dict[k]) > 0: 1225 return True 1226 return False 1227 1228 def boolean_initialize(self, application): 1229 for blist in sepolicy.get_bools(application): 1230 for b, active in blist: 1231 if b in self.cur_dict["boolean"]: 1232 active = self.cur_dict["boolean"][b]['active'] 1233 desc = sepolicy.boolean_desc(b) 1234 self.boolean_initial_data_insert(b, desc, active) 1235 1236 def boolean_initial_data_insert(self, val, desc, active): 1237 # Insert data from data source into tree 1238 iter = self.boolean_liststore.append() 1239 self.boolean_liststore.set_value(iter, 0, active) 1240 self.boolean_liststore.set_value(iter, 1, desc) 1241 self.boolean_liststore.set_value(iter, 2, val) 1242 self.boolean_liststore.set_value(iter, 3, _('More...')) 1243 1244 def transitions_into_initialize(self, application): 1245 for x in sepolicy.get_transitions_into(application): 1246 active = None 1247 executable = None 1248 source = None 1249 if "boolean" in x: 1250 active = x["boolean"] 1251 if "target" in x: 1252 executable = x["target"] 1253 if "source" in x: 1254 source = x["source"] 1255 self.transitions_into_initial_data_insert(active, executable, source) 1256 1257 def transitions_into_initial_data_insert(self, active, executable, source): 1258 iter = self.transitions_into_liststore.append() 1259 if active != None: 1260 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1261 else: 1262 self.transitions_into_liststore.set_value(iter, 0, "Default") 1263 1264 self.transitions_into_liststore.set_value(iter, 2, executable) 1265 self.transitions_into_liststore.set_value(iter, 1, source) 1266 1267 def transitions_from_initialize(self, application): 1268 for x in sepolicy.get_transitions(application): 1269 active = None 1270 executable = None 1271 transtype = None 1272 if "boolean" in x: 1273 active = x["boolean"] 1274 if "target" in x: 1275 executable_type = x["target"] 1276 if "transtype" in x: 1277 transtype = x["transtype"] 1278 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1279 try: 1280 for executable in self.fcdict[executable_type]["regex"]: 1281 self.transitions_from_initial_data_insert(active, executable, transtype) 1282 except KeyError: 1283 pass 1284 1285 def transitions_from_initial_data_insert(self, active, executable, transtype): 1286 iter = self.transitions_from_treestore.append(None) 1287 if active == None: 1288 self.transitions_from_treestore.set_value(iter, 0, "Default") 1289 self.transitions_from_treestore.set_value(iter, 5, False) 1290 else: 1291 niter = self.transitions_from_treestore.append(iter) 1292 # active[0][1] is either T or F (enabled is all the way at the top) 1293 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1294 markup = ('<span foreground="blue"><u>','</u></span>') 1295 if active[0][1]: 1296 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the %sBoolean section%s.") % markup)) 1297 else: 1298 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the %sBoolean section%s.") % markup)) 1299 1300 # active[0][0] is the Bool Name 1301 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1302 self.transitions_from_treestore.set_value(niter, 5, True) 1303 1304 self.transitions_from_treestore.set_value(iter, 2, executable) 1305 self.transitions_from_treestore.set_value(iter, 3, transtype) 1306 1307 def transitions_files_initialize(self, application): 1308 for i in sepolicy.get_file_transitions(application): 1309 if 'filename' in i: 1310 filename = i['filename'] 1311 else: 1312 filename = None 1313 self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) 1314 1315 def transitions_files_inital_data_insert(self, path, tclass, dest, name): 1316 iter = self.transitions_file_liststore.append() 1317 self.transitions_file_liststore.set_value(iter, 0, path) 1318 self.transitions_file_liststore.set_value(iter, 1, tclass) 1319 self.transitions_file_liststore.set_value(iter, 2, dest) 1320 if name == None: 1321 name = '*' 1322 self.transitions_file_liststore.set_value(iter, 3, name) 1323 1324 def tab_change(self, *args): 1325 self.clear_filters() 1326 self.treeview = None 1327 self.treesort = None 1328 self.treefilter = None 1329 self.liststore = None 1330 self.modify_button.set_sensitive(False) 1331 self.add_modify_delete_box.hide() 1332 self.show_modified_only.set_visible(False) 1333 self.show_mislabeled_files_only.set_visible(False) 1334 self.mislabeled_files_label.set_visible(False) 1335 self.warning_files.set_visible(False) 1336 1337 if self.boolean_radio_button.get_active(): 1338 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1339 self.treeview = self.boolean_treeview 1340 self.show_modified_only.set_visible(True) 1341 1342 if self.files_radio_button.get_active(): 1343 self.show_popup(self.add_modify_delete_box) 1344 self.show_modified_only.set_visible(True) 1345 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1346 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1347 self.warning_files.set_visible(self.mislabeled_files) 1348 self.outer_notebook.set_current_page(FILES_PAGE) 1349 if args[0] == self.inner_notebook_files: 1350 ipage = args[2] 1351 else: 1352 ipage = self.inner_notebook_files.get_current_page() 1353 if ipage == EXE_PAGE: 1354 self.treeview = self.executable_files_treeview 1355 category = _("executable") 1356 elif ipage == WRITABLE_PAGE: 1357 self.treeview = self.writable_files_treeview 1358 category = _("writable") 1359 elif ipage == APP_PAGE: 1360 self.treeview = self.application_files_treeview 1361 category = _("application") 1362 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1363 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1364 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1365 1366 if self.network_radio_button.get_active(): 1367 self.add_modify_delete_box.show() 1368 self.show_modified_only.set_visible(True) 1369 self.outer_notebook.set_current_page(NETWORK_PAGE) 1370 if args[0] == self.inner_notebook_network: 1371 ipage = args[2] 1372 else: 1373 ipage = self.inner_notebook_network.get_current_page() 1374 if ipage == OUTBOUND_PAGE: 1375 self.treeview = self.network_out_treeview 1376 category = _("connect") 1377 if ipage == INBOUND_PAGE: 1378 self.treeview = self.network_in_treeview 1379 category = _("listen for inbound connections") 1380 1381 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1382 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1383 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1384 1385 if self.transitions_radio_button.get_active(): 1386 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1387 if args[0] == self.inner_notebook_transitions: 1388 ipage = args[2] 1389 else: 1390 ipage = self.inner_notebook_transitions.get_current_page() 1391 if ipage == TRANSITIONS_FROM_PAGE: 1392 self.treeview = self.transitions_from_treeview 1393 if ipage == TRANSITIONS_TO_PAGE: 1394 self.treeview = self.transitions_into_treeview 1395 if ipage == TRANSITIONS_FILE_PAGE: 1396 self.treeview = self.transitions_file_treeview 1397 1398 if self.system_radio_button.get_active(): 1399 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1400 self.filter_box.hide() 1401 1402 if self.lockdown_radio_button.get_active(): 1403 self.lockdown_init() 1404 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1405 self.filter_box.hide() 1406 1407 if self.user_radio_button.get_active(): 1408 self.outer_notebook.set_current_page(USER_PAGE) 1409 self.add_modify_delete_box.show() 1410 self.show_modified_only.set_visible(True) 1411 self.treeview = self.user_treeview 1412 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1413 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1414 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1415 1416 if self.login_radio_button.get_active(): 1417 self.outer_notebook.set_current_page(LOGIN_PAGE) 1418 self.add_modify_delete_box.show() 1419 self.show_modified_only.set_visible(True) 1420 self.treeview = self.login_treeview 1421 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1422 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1423 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1424 1425 if self.file_equiv_radio_button.get_active(): 1426 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1427 self.add_modify_delete_box.show() 1428 self.show_modified_only.set_visible(True) 1429 self.treeview = self.file_equiv_treeview 1430 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1431 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1432 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1433 1434 self.opage = self.outer_notebook.get_current_page() 1435 if self.treeview: 1436 self.filter_box.show() 1437 self.treesort = self.treeview.get_model() 1438 self.treefilter = self.treesort.get_model() 1439 self.liststore = self.treefilter.get_model() 1440 for x in range(0, self.liststore.get_n_columns()): 1441 col = self.treeview.get_column(x) 1442 if col: 1443 cell = col.get_cells()[0] 1444 if isinstance(cell, Gtk.CellRendererText): 1445 self.liststore.set_sort_func(x, self.stripsort, None) 1446 self.treeview.get_selection().unselect_all() 1447 self.modify_button.set_sensitive(False) 1448 1449 def stripsort(self, model, row1, row2, user_data): 1450 sort_column, _ = model.get_sort_column_id() 1451 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1452 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1453 return cmp(val1, val2) 1454 1455 def display_more_detail(self, windows, path): 1456 it = self.boolean_filter.get_iter(path) 1457 it = self.boolean_filter.convert_iter_to_child_iter(it) 1458 1459 self.boolean_more_detail_tree_data_set.clear() 1460 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1461 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1462 for b in blist: 1463 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1464 self.show_popup(self.boolean_more_detail_window) 1465 1466 def display_more_detail_init(self, source, target, class_type, permission): 1467 iter = self.boolean_more_detail_tree_data_set.append() 1468 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1469 1470 def add_button_clicked(self, *args): 1471 self.modify = False 1472 if self.opage == NETWORK_PAGE: 1473 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1474 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1475 self.init_network_dialog(args) 1476 return 1477 1478 if self.opage == FILES_PAGE: 1479 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1480 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1481 self.init_files_dialog(args) 1482 ipage = self.inner_notebook_files.get_current_page() 1483 if ipage == EXE_PAGE: 1484 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1485 else: 1486 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1487 self.clear_entry = True 1488 1489 if self.opage == LOGIN_PAGE: 1490 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1491 self.login_popup_window.set_title(_("Add Login Mapping")) 1492 self.login_init_dialog(args) 1493 self.clear_entry = True 1494 1495 if self.opage == USER_PAGE: 1496 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1497 self.user_popup_window.set_title(_("Add SELinux Users")) 1498 self.user_init_dialog(args) 1499 self.clear_entry = True 1500 1501 if self.opage == FILE_EQUIV_PAGE: 1502 self.file_equiv_source_entry.set_text("") 1503 self.file_equiv_dest_entry.set_text("") 1504 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1505 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1506 self.clear_entry = True 1507 self.show_popup(self.file_equiv_popup_window) 1508 1509 self.new_updates() 1510 1511 def show_popup(self, window): 1512 self.current_popup = window 1513 window.show() 1514 1515 def close_popup(self, *args): 1516 self.current_popup.hide() 1517 self.window.set_sensitive(True) 1518 return True 1519 1520 def modify_button_clicked(self, *args): 1521 iter = None 1522 if self.treeview: 1523 iter = self.get_selected_iter() 1524 if not iter: 1525 self.modify_button.set_sensitive(False) 1526 return 1527 self.modify = True 1528 if self.opage == NETWORK_PAGE: 1529 self.modify_button_network_clicked(args) 1530 1531 if self.opage == FILES_PAGE: 1532 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1533 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1534 self.delete_old_item = None 1535 self.init_files_dialog(args) 1536 self.modify = True 1537 operation = "Modify" 1538 mls = 1 1539 ipage = self.inner_notebook_files.get_current_page() 1540 1541 if ipage == EXE_PAGE: 1542 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1543 self.delete_old_item = iter 1544 path = self.executable_files_liststore.get_value(iter, 0) 1545 self.files_path_entry.set_text(path) 1546 ftype = self.executable_files_liststore.get_value(iter, 1) 1547 if type != None: 1548 self.combo_set_active_text(self.files_type_combobox, ftype) 1549 tclass = self.executable_files_liststore.get_value(iter, 2) 1550 if tclass != None: 1551 self.combo_set_active_text(self.files_class_combobox, tclass) 1552 1553 if ipage == WRITABLE_PAGE: 1554 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1555 self.delete_old_item = iter 1556 path = self.writable_files_liststore.get_value(iter, 0) 1557 self.files_path_entry.set_text(path) 1558 type = self.writable_files_liststore.get_value(iter, 1) 1559 if type != None: 1560 self.combo_set_active_text(self.files_type_combobox, type) 1561 tclass = self.writable_files_liststore.get_value(iter, 2) 1562 if tclass != None: 1563 self.combo_set_active_text(self.files_class_combobox, tclass) 1564 1565 if ipage == APP_PAGE: 1566 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1567 self.delete_old_item = iter 1568 path = self.application_files_liststore.get_value(iter, 0) 1569 self.files_path_entry.set_text(path) 1570 try: 1571 get_type = self.application_files_liststore.get_value(iter, 1) 1572 get_type = get_type.split("<b>")[1].split("</b>") 1573 except AttributeError: 1574 pass 1575 type = self.application_files_liststore.get_value(iter, 2) 1576 if type != None: 1577 self.combo_set_active_text(self.files_type_combobox, type) 1578 tclass = get_type[0] 1579 if tclass != None: 1580 self.combo_set_active_text(self.files_class_combobox, tclass) 1581 1582 if self.opage == USER_PAGE: 1583 self.user_init_dialog(args) 1584 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1585 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1586 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1587 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1588 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1589 self.user_popup_window.set_title(_("Modify SELinux Users")) 1590 self.show_popup(self.user_popup_window) 1591 1592 if self.opage == LOGIN_PAGE: 1593 self.login_init_dialog(args) 1594 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1595 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1596 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1597 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1598 self.login_popup_window.set_title(_("Modify Login Mapping")) 1599 self.show_popup(self.login_popup_window) 1600 1601 if self.opage == FILE_EQUIV_PAGE: 1602 self.file_equiv_source_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 0))) 1603 self.file_equiv_dest_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 1))) 1604 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1605 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1606 self.clear_entry = True 1607 self.show_popup(self.file_equiv_popup_window) 1608 1609 def populate_type_combo(self, tree, loc, *args): 1610 iter = self.more_types_files_liststore.get_iter(loc) 1611 ftype = self.more_types_files_liststore.get_value(iter, 0) 1612 self.combo_set_active_text(self.files_type_combobox, ftype) 1613 self.show_popup(self.files_popup_window) 1614 self.moreTypes_window_files.hide() 1615 1616 def strip_domain(self, domain): 1617 if domain == None: 1618 return 1619 if domain.endswith("_script_t"): 1620 split_char = "_script_t" 1621 else: 1622 split_char = "_t" 1623 return domain.split(split_char)[0] 1624 1625 def exclude_type(self, type, exclude_list): 1626 for e in exclude_list: 1627 if type.startswith(e): 1628 return True 1629 return False 1630 1631 def init_files_dialog(self, *args): 1632 exclude_list = [] 1633 self.files_class_combobox.set_sensitive(True) 1634 self.show_popup(self.files_popup_window) 1635 ipage = self.inner_notebook_files.get_current_page() 1636 self.files_type_combolist.clear() 1637 self.files_class_combolist.clear() 1638 compare = self.strip_domain(self.application) 1639 for d in self.application_liststore: 1640 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1641 exclude_list.append(self.strip_domain(d[0])) 1642 1643 self.more_types_files_liststore.clear() 1644 try: 1645 for files in sepolicy.file_type_str: 1646 iter = self.files_class_combolist.append() 1647 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1648 1649 if ipage == EXE_PAGE and self.entrypoints != None: 1650 for exe in self.entrypoints.keys(): 1651 if exe.startswith(compare): 1652 iter = self.files_type_combolist.append() 1653 self.files_type_combolist.set_value(iter, 0, exe) 1654 iter = self.more_types_files_liststore.append() 1655 self.more_types_files_liststore.set_value(iter, 0, exe) 1656 self.files_class_combobox.set_active(4) 1657 self.files_class_combobox.set_sensitive(False) 1658 1659 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1660 for write in self.writable_files.keys(): 1661 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1662 iter = self.files_type_combolist.append() 1663 self.files_type_combolist.set_value(iter, 0, write) 1664 iter = self.more_types_files_liststore.append() 1665 self.more_types_files_liststore.set_value(iter, 0, write) 1666 self.files_class_combobox.set_active(0) 1667 elif ipage == APP_PAGE and self.file_types != None: 1668 for app in sepolicy.get_all_file_types(): 1669 if app.startswith(compare): 1670 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1671 iter = self.files_type_combolist.append() 1672 self.files_type_combolist.set_value(iter, 0, app) 1673 iter = self.more_types_files_liststore.append() 1674 self.more_types_files_liststore.set_value(iter, 0, app) 1675 self.files_class_combobox.set_active(0) 1676 except AttributeError: 1677 print("error") 1678 pass 1679 self.files_type_combobox.set_active(0) 1680 self.files_mls_entry.set_text("s0") 1681 iter = self.files_type_combolist.append() 1682 self.files_type_combolist.set_value(iter, 0, _('More...')) 1683 1684 def modify_button_network_clicked(self, *args): 1685 iter = self.get_selected_iter() 1686 if not iter: 1687 self.modify_button.set_sensitive(False) 1688 return 1689 1690 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1691 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1692 self.delete_old_item = None 1693 self.init_network_dialog(args) 1694 operation = "Modify" 1695 mls = 1 1696 self.modify = True 1697 iter = self.get_selected_iter() 1698 port = self.liststore.get_value(iter, 0) 1699 self.network_ports_entry.set_text(port) 1700 protocol = self.liststore.get_value(iter, 1) 1701 if protocol == "tcp": 1702 self.network_tcp_button.set_active(True) 1703 elif protocol == "udp": 1704 self.network_udp_button.set_active(True) 1705 type = self.liststore.get_value(iter, 2) 1706 if type != None: 1707 self.combo_set_active_text(self.network_port_type_combobox, type) 1708 self.delete_old_item = iter 1709 1710 def init_network_dialog(self, *args): 1711 self.show_popup(self.network_popup_window) 1712 ipage = self.inner_notebook_network.get_current_page() 1713 self.network_port_type_combolist.clear() 1714 self.network_ports_entry.set_text("") 1715 1716 try: 1717 if ipage == OUTBOUND_PAGE: 1718 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools=True) 1719 elif ipage == INBOUND_PAGE: 1720 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools=True) 1721 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools=True) 1722 1723 port_types = [] 1724 for k in netd.keys(): 1725 for t, ports in netd[k]: 1726 if t not in port_types + ["port_t", "unreserved_port_t"]: 1727 if t.endswith("_type"): 1728 continue 1729 1730 port_types.append(t) 1731 1732 port_types.sort() 1733 short_domain = self.strip_domain(self.application) 1734 if short_domain[-1] == "d": 1735 short_domain = short_domain[:-1] 1736 short_domain = short_domain + "_" 1737 ctr = 0 1738 found = 0 1739 for t in port_types: 1740 if t.startswith(short_domain): 1741 found = ctr 1742 iter = self.network_port_type_combolist.append() 1743 self.network_port_type_combolist.set_value(iter, 0, t) 1744 ctr += 1 1745 self.network_port_type_combobox.set_active(found) 1746 1747 except AttributeError: 1748 pass 1749 1750 self.network_tcp_button.set_active(True) 1751 self.network_mls_entry.set_text("s0") 1752 1753 def login_seuser_combobox_change(self, combo, *args): 1754 seuser = self.combo_get_active_text(combo) 1755 if self.login_mls_entry.get_text() == "": 1756 for u in sepolicy.get_selinux_users(): 1757 if seuser == u['name']: 1758 self.login_mls_entry.set_text(u['range']) 1759 1760 def user_roles_combobox_change(self, combo, *args): 1761 serole = self.combo_get_active_text(combo) 1762 if self.user_mls_entry.get_text() == "": 1763 for u in sepolicy.get_all_roles(): 1764 if serole == u['name']: 1765 self.user_mls_entry.set_text(u['range']) 1766 1767 def get_selected_iter(self): 1768 iter = None 1769 if not self.treeview: 1770 return None 1771 row = self.treeview.get_selection() 1772 if not row: 1773 return None 1774 treesort, iter = row.get_selected() 1775 if iter: 1776 iter = treesort.convert_iter_to_child_iter(iter) 1777 if iter: 1778 iter = self.treefilter.convert_iter_to_child_iter(iter) 1779 return iter 1780 1781 def cursor_changed(self, *args): 1782 self.modify_button.set_sensitive(False) 1783 iter = self.get_selected_iter() 1784 if iter == None: 1785 self.modify_button.set_sensitive(False) 1786 return 1787 if not self.liststore[iter] or not self.liststore[iter][-1]: 1788 return 1789 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1790 1791 def login_init_dialog(self, *args): 1792 self.show_popup(self.login_popup_window) 1793 self.login_seuser_combolist.clear() 1794 users = sepolicy.get_all_users() 1795 users.sort() 1796 for u in users: 1797 iter = self.login_seuser_combolist.append() 1798 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1799 self.login_name_entry.set_text("") 1800 self.login_mls_entry.set_text("") 1801 1802 def user_init_dialog(self, *args): 1803 self.show_popup(self.user_popup_window) 1804 self.user_roles_combolist.clear() 1805 roles = sepolicy.get_all_roles() 1806 roles.sort() 1807 for r in roles: 1808 iter = self.user_roles_combolist.append() 1809 self.user_roles_combolist.set_value(iter, 0, str(r)) 1810 self.user_name_entry.set_text("") 1811 self.user_mls_entry.set_text("") 1812 1813 def on_disable_ptrace(self, checkbutton): 1814 if self.finish_init: 1815 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1816 self.wait_mouse() 1817 try: 1818 self.dbus.semanage(update_buffer) 1819 except dbus.exceptions.DBusException as e: 1820 self.error(e) 1821 self.ready_mouse() 1822 1823 def on_show_modified_only(self, checkbutton): 1824 length = self.liststore.get_n_columns() 1825 1826 def dup_row(row): 1827 l = [] 1828 for i in range(0, length): 1829 l.append(row[i]) 1830 return l 1831 1832 append_list = [] 1833 if self.opage == BOOLEANS_PAGE: 1834 if not checkbutton.get_active(): 1835 return self.boolean_initialize(self.application) 1836 1837 for row in self.liststore: 1838 if row[2] in self.cust_dict["boolean"]: 1839 append_list.append(dup_row(row)) 1840 1841 if self.opage == FILES_PAGE: 1842 ipage = self.inner_notebook_files.get_current_page() 1843 if not checkbutton.get_active(): 1844 if ipage == EXE_PAGE: 1845 return self.executable_files_initialize(self.application) 1846 if ipage == WRITABLE_PAGE: 1847 return self.writable_files_initialize(self.application) 1848 if ipage == APP_PAGE: 1849 return self.application_files_initialize(self.application) 1850 for row in self.liststore: 1851 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1852 append_list.append(row) 1853 1854 if self.opage == NETWORK_PAGE: 1855 if not checkbutton.get_active(): 1856 return self.network_initialize(self.application) 1857 for row in self.liststore: 1858 if (row[0], row[1]) in self.cust_dict["port"]: 1859 append_list.append(dup_row(row)) 1860 1861 if self.opage == FILE_EQUIV_PAGE: 1862 if not checkbutton.get_active() == True: 1863 return self.file_equiv_initialize() 1864 1865 for row in self.liststore: 1866 if row[0] in self.cust_dict["fcontext-equiv"]: 1867 append_list.append(dup_row(row)) 1868 1869 if self.opage == USER_PAGE: 1870 if not checkbutton.get_active(): 1871 return self.user_initialize() 1872 1873 for row in self.liststore: 1874 if row[0] in self.cust_dict["user"]: 1875 append_list.append(dup_row(row)) 1876 1877 if self.opage == LOGIN_PAGE: 1878 if not checkbutton.get_active() == True: 1879 return self.login_initialize() 1880 1881 for row in self.liststore: 1882 if row[0] in self.cust_dict["login"]: 1883 append_list.append(dup_row(row)) 1884 1885 self.liststore.clear() 1886 for row in append_list: 1887 iter = self.liststore.append() 1888 for i in range(0, length): 1889 self.liststore.set_value(iter, i, row[i]) 1890 1891 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1892 iter = tree.append(None) 1893 tree.set_value(iter, 0, path) 1894 tree.set_value(iter, 1, ftype) 1895 tree.set_value(iter, 2, fclass) 1896 1897 def restore_to_default(self, *args): 1898 print("restore to defualt clicked...") 1899 1900 def invalid_entry_retry(self, *args): 1901 self.closewindow(self.error_check_window) 1902 self.files_popup_window.set_sensitive(True) 1903 self.network_popup_window.set_sensitive(True) 1904 1905 def error_check_files(self, insert_txt): 1906 if len(insert_txt) == 0 or insert_txt[0] != '/': 1907 self.error_check_window.show() 1908 self.files_popup_window.set_sensitive(False) 1909 self.network_popup_window.set_sensitive(False) 1910 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1911 return True 1912 return False 1913 1914 def error_check_network(self, port): 1915 try: 1916 pnum = int(port) 1917 if pnum < 1 or pnum > 65536: 1918 raise ValueError 1919 except ValueError: 1920 self.error_check_window.show() 1921 self.files_popup_window.set_sensitive(False) 1922 self.network_popup_window.set_sensitive(False) 1923 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1924 return True 1925 return False 1926 1927 def show_more_types(self, *args): 1928 if self.finish_init: 1929 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1930 self.files_popup_window.hide() 1931 self.moreTypes_window_files.show() 1932 1933 def update_to_login(self, *args): 1934 self.close_popup() 1935 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1936 mls_range = self.login_mls_entry.get_text() 1937 name = self.login_name_entry.get_text() 1938 if self.modify: 1939 iter = self.get_selected_iter() 1940 oldname = self.login_liststore.get_value(iter, 0) 1941 oldseuser = self.login_liststore.get_value(iter, 1) 1942 oldrange = self.login_liststore.get_value(iter, 2) 1943 self.liststore.set_value(iter, 0, oldname) 1944 self.liststore.set_value(iter, 1, oldseuser) 1945 self.liststore.set_value(iter, 2, oldrange) 1946 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1947 else: 1948 iter = self.liststore.append(None) 1949 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1950 1951 self.liststore.set_value(iter, 0, name) 1952 self.liststore.set_value(iter, 1, seuser) 1953 self.liststore.set_value(iter, 2, mls_range) 1954 1955 self.new_updates() 1956 1957 def update_to_user(self, *args): 1958 self.close_popup() 1959 roles = self.combo_get_active_text(self.user_roles_combobox) 1960 level = self.user_mls_level_entry.get_text() 1961 mls_range = self.user_mls_entry.get_text() 1962 name = self.user_name_entry.get_text() 1963 if self.modify: 1964 iter = self.get_selected_iter() 1965 oldname = self.user_liststore.get_value(iter, 0) 1966 oldroles = self.user_liststore.get_value(iter, 1) 1967 oldlevel = self.user_liststore.get_value(iter, 1) 1968 oldrange = self.user_liststore.get_value(iter, 3) 1969 self.liststore.set_value(iter, 0, oldname) 1970 self.liststore.set_value(iter, 1, oldroles) 1971 self.liststore.set_value(iter, 2, oldlevel) 1972 self.liststore.set_value(iter, 3, oldrange) 1973 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1974 else: 1975 iter = self.liststore.append(None) 1976 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1977 1978 self.liststore.set_value(iter, 0, name) 1979 self.liststore.set_value(iter, 1, roles) 1980 self.liststore.set_value(iter, 2, level) 1981 self.liststore.set_value(iter, 3, mls_range) 1982 1983 self.new_updates() 1984 1985 def update_to_file_equiv(self, *args): 1986 self.close_popup() 1987 dest = self.file_equiv_dest_entry.get_text() 1988 src = self.file_equiv_source_entry.get_text() 1989 if self.modify: 1990 iter = self.get_selected_iter() 1991 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1992 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1993 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1994 else: 1995 iter = self.liststore.append(None) 1996 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 1997 self.liststore.set_value(iter, 0, self.markup(dest)) 1998 self.liststore.set_value(iter, 1, self.markup(src)) 1999 2000 def update_to_files(self, *args): 2001 self.close_popup() 2002 self.files_add = True 2003 # Insert Function will be used in the future 2004 path = self.files_path_entry.get_text() 2005 if self.error_check_files(path): 2006 return 2007 2008 setype = self.combo_get_active_text(self.files_type_combobox) 2009 mls = self.files_mls_entry.get_text() 2010 tclass = self.combo_get_active_text(self.files_class_combobox) 2011 2012 if self.modify: 2013 iter = self.get_selected_iter() 2014 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2015 setype = self.unmark(self.liststore.set_value(iter, 1)) 2016 oldtclass = self.liststore.get_value(iter, 2) 2017 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass} 2018 else: 2019 iter = self.liststore.append(None) 2020 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2021 self.liststore.set_value(iter, 0, self.markup(path)) 2022 self.liststore.set_value(iter, 1, self.markup(setype)) 2023 self.liststore.set_value(iter, 2, self.markup(tclass)) 2024 2025 self.files_add = False 2026 self.recursive_path_toggle.set_active(False) 2027 self.new_updates() 2028 2029 def update_to_network(self, *args): 2030 self.network_add = True 2031 ports = self.network_ports_entry.get_text() 2032 if self.error_check_network(ports): 2033 return 2034 if self.network_tcp_button.get_active(): 2035 protocol = "tcp" 2036 else: 2037 protocol = "udp" 2038 2039 setype = self.combo_get_active_text(self.network_port_type_combobox) 2040 mls = self.network_mls_entry.get_text() 2041 2042 if self.modify: 2043 iter = self.get_selected_iter() 2044 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2045 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2046 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2047 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports} 2048 else: 2049 iter = self.liststore.append(None) 2050 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2051 self.liststore.set_value(iter, 0, ports) 2052 self.liststore.set_value(iter, 1, protocol) 2053 self.liststore.set_value(iter, 2, setype) 2054 2055 self.network_add = False 2056 self.network_popup_window.hide() 2057 self.window.set_sensitive(True) 2058 self.new_updates() 2059 2060 def delete_button_clicked(self, *args): 2061 operation = "Add" 2062 self.window.set_sensitive(False) 2063 if self.opage == NETWORK_PAGE: 2064 self.network_delete_liststore.clear() 2065 port_dict = self.cust_dict["port"] 2066 for ports, protocol in port_dict: 2067 setype = port_dict[(ports, protocol)]["type"] 2068 iter = self.network_delete_liststore.append() 2069 self.network_delete_liststore.set_value(iter, 1, ports) 2070 self.network_delete_liststore.set_value(iter, 2, protocol) 2071 self.network_delete_liststore.set_value(iter, 3, setype) 2072 self.show_popup(self.network_delete_window) 2073 return 2074 2075 if self.opage == FILES_PAGE: 2076 self.files_delete_liststore.clear() 2077 fcontext_dict = self.cust_dict["fcontext"] 2078 for path, tclass in fcontext_dict: 2079 setype = fcontext_dict[(path, tclass)]["type"] 2080 iter = self.files_delete_liststore.append() 2081 self.files_delete_liststore.set_value(iter, 1, path) 2082 self.files_delete_liststore.set_value(iter, 2, setype) 2083 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2084 self.show_popup(self.files_delete_window) 2085 return 2086 2087 if self.opage == USER_PAGE: 2088 self.user_delete_liststore.clear() 2089 user_dict = self.cust_dict["user"] 2090 for user in user_dict: 2091 roles = user_dict[user]["role"] 2092 mls = user_dict[user]["range"] 2093 level = user_dict[user]["level"] 2094 iter = self.user_delete_liststore.append() 2095 self.user_delete_liststore.set_value(iter, 1, user) 2096 self.user_delete_liststore.set_value(iter, 2, roles) 2097 self.user_delete_liststore.set_value(iter, 3, level) 2098 self.user_delete_liststore.set_value(iter, 4, mls) 2099 self.show_popup(self.user_delete_window) 2100 return 2101 2102 if self.opage == LOGIN_PAGE: 2103 self.login_delete_liststore.clear() 2104 login_dict = self.cust_dict["login"] 2105 for login in login_dict: 2106 seuser = login_dict[login]["seuser"] 2107 mls = login_dict[login]["range"] 2108 iter = self.login_delete_liststore.append() 2109 self.login_delete_liststore.set_value(iter, 1, seuser) 2110 self.login_delete_liststore.set_value(iter, 2, login) 2111 self.login_delete_liststore.set_value(iter, 3, mls) 2112 self.show_popup(self.login_delete_window) 2113 return 2114 2115 if self.opage == FILE_EQUIV_PAGE: 2116 self.file_equiv_delete_liststore.clear() 2117 for items in self.file_equiv_liststore: 2118 if items[2]: 2119 iter = self.file_equiv_delete_liststore.append() 2120 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2121 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2122 self.show_popup(self.file_equiv_delete_window) 2123 return 2124 2125 def on_save_delete_clicked(self, *args): 2126 self.close_popup() 2127 if self.opage == NETWORK_PAGE: 2128 for delete in self.network_delete_liststore: 2129 if delete[0]: 2130 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2131 if self.opage == FILES_PAGE: 2132 for delete in self.files_delete_liststore: 2133 if delete[0]: 2134 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2135 if self.opage == USER_PAGE: 2136 for delete in self.user_delete_liststore: 2137 if delete[0]: 2138 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2139 if self.opage == LOGIN_PAGE: 2140 for delete in self.login_delete_liststore: 2141 if delete[0]: 2142 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2143 if self.opage == FILE_EQUIV_PAGE: 2144 for delete in self.file_equiv_delete_liststore: 2145 if delete[0]: 2146 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2147 self.new_updates() 2148 2149 def on_save_delete_file_equiv_clicked(self, *args): 2150 for delete in self.files_delete_liststore: 2151 print(delete[0], delete[1], delete[2],) 2152 2153 def on_toggle_update(self, cell, path, model): 2154 model[path][0] = not model[path][0] 2155 2156 def ipage_delete(self, liststore, key): 2157 ctr = 0 2158 for items in liststore: 2159 if items[0] == key[0] and items[2] == key[1]: 2160 iter = liststore.get_iter(ctr) 2161 liststore.remove(iter) 2162 return 2163 ctr += 1 2164 2165 def on_toggle(self, cell, path, model): 2166 if not path: 2167 return 2168 iter = self.boolean_filter.get_iter(path) 2169 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2170 name = model.get_value(iter, 2) 2171 model.set_value(iter, 0, not model.get_value(iter, 0)) 2172 active = model.get_value(iter, 0) 2173 if name in self.cur_dict["boolean"]: 2174 del(self.cur_dict["boolean"][name]) 2175 else: 2176 self.cur_dict["boolean"][name] = {"active": active} 2177 self.new_updates() 2178 2179 def get_advanced_filter_data(self, entry, *args): 2180 self.filter_txt = entry.get_text() 2181 self.advanced_search_filter.refilter() 2182 2183 def get_filter_data(self, windows, *args): 2184 #search for desired item 2185 # The txt that the use rinputs into the filter is stored in filter_txt 2186 self.filter_txt = windows.get_text() 2187 self.treefilter.refilter() 2188 2189 def update_gui(self, *args): 2190 self.update = True 2191 self.update_treestore.clear() 2192 for bools in self.cur_dict["boolean"]: 2193 operation = self.cur_dict["boolean"][bools]["action"] 2194 iter = self.update_treestore.append(None) 2195 self.update_treestore.set_value(iter, 0, True) 2196 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2197 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2198 self.update_treestore.set_value(iter, 3, True) 2199 niter = self.update_treestore.append(iter) 2200 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2201 self.update_treestore.set_value(niter, 3, False) 2202 2203 for path, tclass in self.cur_dict["fcontext"]: 2204 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2205 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2206 iter = self.update_treestore.append(None) 2207 self.update_treestore.set_value(iter, 0, True) 2208 self.update_treestore.set_value(iter, 2, operation) 2209 self.update_treestore.set_value(iter, 0, True) 2210 if operation == "-a": 2211 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2212 if operation == "-d": 2213 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2214 if operation == "-m": 2215 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2216 2217 niter = self.update_treestore.append(iter) 2218 self.update_treestore.set_value(niter, 3, False) 2219 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2220 niter = self.update_treestore.append(iter) 2221 self.update_treestore.set_value(niter, 3, False) 2222 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2223 niter = self.update_treestore.append(iter) 2224 self.update_treestore.set_value(niter, 3, False) 2225 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2226 2227 for port, protocol in self.cur_dict["port"]: 2228 operation = self.cur_dict["port"][(port, protocol)]["action"] 2229 iter = self.update_treestore.append(None) 2230 self.update_treestore.set_value(iter, 0, True) 2231 self.update_treestore.set_value(iter, 2, operation) 2232 self.update_treestore.set_value(iter, 3, True) 2233 if operation == "-a": 2234 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2235 if operation == "-d": 2236 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2237 if operation == "-m": 2238 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2239 2240 niter = self.update_treestore.append(iter) 2241 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2242 self.update_treestore.set_value(niter, 3, False) 2243 niter = self.update_treestore.append(iter) 2244 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2245 self.update_treestore.set_value(niter, 3, False) 2246 setype = self.cur_dict["port"][(port, protocol)]["type"] 2247 niter = self.update_treestore.append(iter) 2248 self.update_treestore.set_value(niter, 3, False) 2249 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2250 2251 for user in self.cur_dict["user"]: 2252 operation = self.cur_dict["user"][user]["action"] 2253 iter = self.update_treestore.append(None) 2254 self.update_treestore.set_value(iter, 0, True) 2255 self.update_treestore.set_value(iter, 2, operation) 2256 self.update_treestore.set_value(iter, 0, True) 2257 if operation == "-a": 2258 self.update_treestore.set_value(iter, 1, _("Add user")) 2259 if operation == "-d": 2260 self.update_treestore.set_value(iter, 1, _("Delete user")) 2261 if operation == "-m": 2262 self.update_treestore.set_value(iter, 1, _("Modify user")) 2263 2264 niter = self.update_treestore.append(iter) 2265 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2266 self.update_treestore.set_value(niter, 3, False) 2267 niter = self.update_treestore.append(iter) 2268 self.update_treestore.set_value(niter, 3, False) 2269 roles = self.cur_dict["user"][user]["role"] 2270 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2271 mls = self.cur_dict["user"][user]["range"] 2272 niter = self.update_treestore.append(iter) 2273 self.update_treestore.set_value(niter, 3, False) 2274 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2275 2276 for login in self.cur_dict["login"]: 2277 operation = self.cur_dict["login"][login]["action"] 2278 iter = self.update_treestore.append(None) 2279 self.update_treestore.set_value(iter, 0, True) 2280 self.update_treestore.set_value(iter, 2, operation) 2281 self.update_treestore.set_value(iter, 0, True) 2282 if operation == "-a": 2283 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2284 if operation == "-d": 2285 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2286 if operation == "-m": 2287 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2288 2289 niter = self.update_treestore.append(iter) 2290 self.update_treestore.set_value(niter, 3, False) 2291 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2292 niter = self.update_treestore.append(iter) 2293 self.update_treestore.set_value(niter, 3, False) 2294 seuser = self.cur_dict["login"][login]["seuser"] 2295 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2296 mls = self.cur_dict["login"][login]["range"] 2297 niter = self.update_treestore.append(iter) 2298 self.update_treestore.set_value(niter, 3, False) 2299 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2300 2301 for path in self.cur_dict["fcontext-equiv"]: 2302 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2303 iter = self.update_treestore.append(None) 2304 self.update_treestore.set_value(iter, 0, True) 2305 self.update_treestore.set_value(iter, 2, operation) 2306 self.update_treestore.set_value(iter, 0, True) 2307 if operation == "-a": 2308 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2309 if operation == "-d": 2310 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2311 if operation == "-m": 2312 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2313 2314 niter = self.update_treestore.append(iter) 2315 self.update_treestore.set_value(niter, 3, False) 2316 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2317 niter = self.update_treestore.append(iter) 2318 self.update_treestore.set_value(niter, 3, False) 2319 src = self.cur_dict["fcontext-equiv"][path]["src"] 2320 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2321 2322 self.show_popup(self.update_window) 2323 2324 def set_active_application_button(self): 2325 if self.boolean_radio_button.get_active(): 2326 self.active_button = self.boolean_radio_button 2327 if self.files_radio_button.get_active(): 2328 self.active_button = self.files_radio_button 2329 if self.transitions_radio_button.get_active(): 2330 self.active_button = self.transitions_radio_button 2331 if self.network_radio_button.get_active(): 2332 self.active_button = self.network_radio_button 2333 2334 def clearbuttons(self, clear=True): 2335 self.main_selection_window.hide() 2336 self.boolean_radio_button.set_visible(False) 2337 self.files_radio_button.set_visible(False) 2338 self.network_radio_button.set_visible(False) 2339 self.transitions_radio_button.set_visible(False) 2340 self.system_radio_button.set_visible(False) 2341 self.lockdown_radio_button.set_visible(False) 2342 self.user_radio_button.set_visible(False) 2343 self.login_radio_button.set_visible(False) 2344 if clear: 2345 self.completion_entry.set_text("") 2346 2347 def show_system_page(self): 2348 self.clearbuttons() 2349 self.system_radio_button.set_visible(True) 2350 self.lockdown_radio_button.set_visible(True) 2351 self.applications_selection_button.set_label(_("System")) 2352 self.system_radio_button.set_active(True) 2353 self.tab_change() 2354 self.idle_func() 2355 2356 def show_file_equiv_page(self, *args): 2357 self.clearbuttons() 2358 self.file_equiv_initialize() 2359 self.file_equiv_radio_button.set_active(True) 2360 self.applications_selection_button.set_label(_("File Equivalence")) 2361 self.tab_change() 2362 self.idle_func() 2363 self.add_button.set_sensitive(True) 2364 self.delete_button.set_sensitive(True) 2365 2366 def show_users_page(self): 2367 self.clearbuttons() 2368 self.login_radio_button.set_visible(True) 2369 self.user_radio_button.set_visible(True) 2370 self.applications_selection_button.set_label(_("Users")) 2371 self.login_radio_button.set_active(True) 2372 self.tab_change() 2373 self.user_initialize() 2374 self.login_initialize() 2375 self.idle_func() 2376 self.add_button.set_sensitive(True) 2377 self.delete_button.set_sensitive(True) 2378 2379 def show_applications_page(self): 2380 self.clearbuttons(False) 2381 self.boolean_radio_button.set_visible(True) 2382 self.files_radio_button.set_visible(True) 2383 self.network_radio_button.set_visible(True) 2384 self.transitions_radio_button.set_visible(True) 2385 self.boolean_radio_button.set_active(True) 2386 self.tab_change() 2387 self.idle_func() 2388 2389 def system_interface(self, *args): 2390 self.show_system_page() 2391 2392 def users_interface(self, *args): 2393 self.show_users_page() 2394 2395 def show_mislabeled_files(self, checkbutton, *args): 2396 iterlist = [] 2397 ctr = 0 2398 ipage = self.inner_notebook_files.get_current_page() 2399 if checkbutton.get_active() == True: 2400 for items in self.liststore: 2401 iter = self.treesort.get_iter(ctr) 2402 iter = self.treesort.convert_iter_to_child_iter(iter) 2403 iter = self.treefilter.convert_iter_to_child_iter(iter) 2404 if iter != None: 2405 if self.liststore.get_value(iter, 4) == False: 2406 iterlist.append(iter) 2407 ctr += 1 2408 for iters in iterlist: 2409 self.liststore.remove(iters) 2410 2411 elif self.application != None: 2412 self.liststore.clear() 2413 if ipage == EXE_PAGE: 2414 self.executable_files_initialize(self.application) 2415 elif ipage == WRITABLE_PAGE: 2416 self.writable_files_initialize(self.application) 2417 elif ipage == APP_PAGE: 2418 self.application_files_initialize(self.application) 2419 2420 def fix_mislabeled(self, path): 2421 cur = selinux.getfilecon(path)[1].split(":")[2] 2422 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2423 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2424 self.dbus.restorecon(path) 2425 self.application_selected() 2426 2427 def new_updates(self, *args): 2428 self.update_button.set_sensitive(self.modified()) 2429 self.revert_button.set_sensitive(self.modified()) 2430 2431 def update_or_revert_changes(self, button, *args): 2432 self.update_gui() 2433 self.update = (button.get_label() == _("Update")) 2434 if self.update: 2435 self.update_window.set_title(_("Update Changes")) 2436 else: 2437 self.update_window.set_title(_("Revert Changes")) 2438 2439 def apply_changes_button_press(self, *args): 2440 self.close_popup() 2441 if self.update: 2442 self.update_the_system() 2443 else: 2444 self.revert_data() 2445 self.finish_init = False 2446 self.previously_modified_initialize(self.dbus.customized()) 2447 self.finish_init = True 2448 self.clear_filters() 2449 self.application_selected() 2450 self.new_updates() 2451 self.update_treestore.clear() 2452 2453 def update_the_system(self, *args): 2454 self.close_popup() 2455 update_buffer = self.format_update() 2456 self.wait_mouse() 2457 try: 2458 self.dbus.semanage(update_buffer) 2459 except dbus.exceptions.DBusException as e: 2460 print(e) 2461 self.ready_mouse() 2462 self.init_cur() 2463 2464 def ipage_value_lookup(self, lookup): 2465 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2466 for value in ipage_values: 2467 if value == lookup: 2468 return ipage_values[value] 2469 return "Booleans" 2470 2471 def get_attributes_update(self, attribute): 2472 attribute = attribute.split(": ")[1] 2473 bool_id = attribute.split(": ")[0] 2474 if bool_id == "SELinux name": 2475 self.bool_revert = attribute 2476 else: 2477 return attribute 2478 2479 def format_update(self): 2480 self.revert_data() 2481 update_buffer = "" 2482 for k in self.cur_dict: 2483 if k in "boolean": 2484 for b in self.cur_dict[k]: 2485 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2486 if k in "login": 2487 for l in self.cur_dict[k]: 2488 if self.cur_dict[k][l]["action"] == "-d": 2489 update_buffer += "login -d %s\n" % l 2490 else: 2491 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2492 if k in "user": 2493 for u in self.cur_dict[k]: 2494 if self.cur_dict[k][u]["action"] == "-d": 2495 update_buffer += "user -d %s\n" % u 2496 else: 2497 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2498 2499 if k in "fcontext-equiv": 2500 for f in self.cur_dict[k]: 2501 if self.cur_dict[k][f]["action"] == "-d": 2502 update_buffer += "fcontext -d %s\n" % f 2503 else: 2504 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2505 2506 if k in "fcontext": 2507 for f in self.cur_dict[k]: 2508 if self.cur_dict[k][f]["action"] == "-d": 2509 update_buffer += "fcontext -d %s\n" % f 2510 else: 2511 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2512 2513 if k in "port": 2514 for port, protocol in self.cur_dict[k]: 2515 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2516 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2517 else: 2518 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port) 2519 2520 return update_buffer 2521 2522 def revert_data(self): 2523 ctr = 0 2524 remove_list = [] 2525 update_buffer = "" 2526 for items in self.update_treestore: 2527 if not self.update_treestore[ctr][0]: 2528 remove_list.append(ctr) 2529 ctr += 1 2530 remove_list.reverse() 2531 for ctr in remove_list: 2532 self.remove_cur(ctr) 2533 2534 def reveal_advanced_system(self, label, *args): 2535 advanced = label.get_text() == ADVANCED_LABEL[0] 2536 if advanced: 2537 label.set_text(ADVANCED_LABEL[1]) 2538 else: 2539 label.set_text(ADVANCED_LABEL[0]) 2540 self.system_policy_label.set_visible(advanced) 2541 self.system_policy_type_combobox.set_visible(advanced) 2542 2543 def reveal_advanced(self, label, *args): 2544 advanced = label.get_text() == ADVANCED_LABEL[0] 2545 if advanced: 2546 label.set_text(ADVANCED_LABEL[1]) 2547 else: 2548 label.set_text(ADVANCED_LABEL[0]) 2549 self.files_mls_label.set_visible(advanced) 2550 self.files_mls_entry.set_visible(advanced) 2551 self.network_mls_label.set_visible(advanced) 2552 self.network_mls_entry.set_visible(advanced) 2553 2554 def on_show_advanced_search_window(self, label, *args): 2555 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2556 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2557 self.close_popup() 2558 else: 2559 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2560 self.show_popup(self.advanced_search_window) 2561 2562 def set_enforce_text(self, value): 2563 if value: 2564 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2565 self.current_status_enforcing.set_active(True) 2566 else: 2567 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2568 self.current_status_permissive.set_active(True) 2569 2570 def set_enforce(self, button): 2571 if not self.finish_init: 2572 return 2573 2574 self.dbus.setenforce(button.get_active()) 2575 self.set_enforce_text(button.get_active()) 2576 2577 def on_browse_select(self, *args): 2578 filename = self.file_dialog.get_filename() 2579 if filename == None: 2580 return 2581 self.clear_entry = False 2582 self.file_dialog.hide() 2583 self.files_path_entry.set_text(filename) 2584 if self.import_export == 'Import': 2585 self.import_config(filename) 2586 elif self.import_export == 'Export': 2587 self.export_config(filename) 2588 2589 def recursive_path(self, *args): 2590 path = self.files_path_entry.get_text() 2591 if self.recursive_path_toggle.get_active(): 2592 if not path.endswith("(/.*)?"): 2593 self.files_path_entry.set_text(path + "(/.*)?") 2594 elif path.endswith("(/.*)?"): 2595 path = path.split("(/.*)?")[0] 2596 self.files_path_entry.set_text(path) 2597 2598 def highlight_entry_text(self, entry_obj, *args): 2599 txt = entry_obj.get_text() 2600 if self.clear_entry: 2601 entry_obj.set_text('') 2602 self.clear_entry = False 2603 2604 def autofill_add_files_entry(self, entry): 2605 text = entry.get_text() 2606 if text == '': 2607 return 2608 if text.endswith("(/.*)?"): 2609 self.recursive_path_toggle.set_active(True) 2610 for d in sepolicy.DEFAULT_DIRS: 2611 if text.startswith(d): 2612 for t in self.files_type_combolist: 2613 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2614 self.combo_set_active_text(self.files_type_combobox, t[0]) 2615 2616 def resize_columns(self, *args): 2617 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2618 width = self.boolean_column_1.get_width() 2619 renderer = self.boolean_column_1.get_cell_renderers() 2620 2621 def browse_for_files(self, *args): 2622 self.file_dialog.show() 2623 2624 def close_config_window(self, *args): 2625 self.file_dialog.hide() 2626 2627 def change_default_policy(self, *args): 2628 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2629 return 2630 2631 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2632 self.system_policy_type_combobox.set_active(self.typeHistory) 2633 return None 2634 2635 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2636 self.dbus.relabel_on_boot(True) 2637 self.typeHistory = self.system_policy_type_combobox.get_active() 2638 2639 def change_default_mode(self, button): 2640 if not self.finish_init: 2641 return 2642 self.enabled_changed(button) 2643 if button.get_active(): 2644 self.dbus.change_default_mode(button.get_label().lower()) 2645 2646 def import_config_show(self, *args): 2647 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2648 self.file_dialog.set_title("Import Configuration") 2649 self.file_dialog.show() 2650 #self.file_dialog.set_uri('/tmp') 2651 self.import_export = 'Import' 2652 2653 def export_config_show(self, *args): 2654 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2655 self.file_dialog.set_title("Export Configuration") 2656 self.file_dialog.show() 2657 self.import_export = 'Export' 2658 2659 def export_config(self, filename): 2660 self.wait_mouse() 2661 buf = self.dbus.customized() 2662 fd = open(filename, 'w') 2663 fd.write(buf) 2664 fd.close() 2665 self.ready_mouse() 2666 2667 def import_config(self, filename): 2668 fd = open(filename, "r") 2669 buf = fd.read() 2670 fd.close() 2671 self.wait_mouse() 2672 try: 2673 self.dbus.semanage(buf) 2674 except OSError: 2675 pass 2676 self.ready_mouse() 2677 2678 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2679 if (app, ipage, operation) not in dic: 2680 dic[app, ipage, operation] = {} 2681 if (p, q) not in dic[app, ipage, operation]: 2682 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2683 2684 def translate_bool(self, b): 2685 b = b.split('-')[1] 2686 if b == '0': 2687 return False 2688 if b == '1': 2689 return True 2690 2691 def relabel_on_reboot(self, *args): 2692 active = self.relabel_button.get_active() 2693 exists = os.path.exists("/.autorelabel") 2694 2695 if active and exists: 2696 return 2697 if not active and not exists: 2698 return 2699 try: 2700 self.dbus.relabel_on_boot(active) 2701 except dbus.exceptions.DBusException as e: 2702 self.error(e) 2703 2704 def closewindow(self, window, *args): 2705 window.hide() 2706 self.recursive_path_toggle.set_active(False) 2707 self.window.set_sensitive(True) 2708 if self.moreTypes_window_files == window: 2709 self.show_popup(self.files_popup_window) 2710 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2711 self.files_type_combobox.set_active(0) 2712 if self.error_check_window == window: 2713 if self.files_add: 2714 self.show_popup(self.files_popup_window) 2715 elif self.network_add: 2716 self.show_popup(self.network_popup_window) 2717 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2718 self.advanced_text_files.set_visible(True) 2719 self.files_mls_label.set_visible(False) 2720 self.files_mls_entry.set_visible(False) 2721 self.advanced_text_network.set_visible(True) 2722 self.network_mls_label.set_visible(False) 2723 self.network_mls_entry.set_visible(False) 2724 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2725 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2726 return True 2727 2728 def wait_mouse(self): 2729 self.window.get_window().set_cursor(self.busy_cursor) 2730 self.idle_func() 2731 2732 def ready_mouse(self): 2733 self.window.get_window().set_cursor(self.ready_cursor) 2734 self.idle_func() 2735 2736 def verify(self, message, title=""): 2737 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2738 Gtk.ButtonsType.YES_NO, 2739 message) 2740 dlg.set_title(title) 2741 dlg.set_position(Gtk.WindowPosition.MOUSE) 2742 dlg.show_all() 2743 rc = dlg.run() 2744 dlg.destroy() 2745 return rc 2746 2747 def error(self, message): 2748 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2749 Gtk.ButtonsType.CLOSE, 2750 message) 2751 dlg.set_position(Gtk.WindowPosition.MOUSE) 2752 dlg.show_all() 2753 dlg.run() 2754 dlg.destroy() 2755 2756 def enabled_changed(self, radio): 2757 if not radio.get_active(): 2758 return 2759 label = radio.get_label() 2760 if label == 'Disabled' and self.enforce_mode != DISABLED: 2761 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2762 self.enforce_button.set_active(True) 2763 2764 if label != 'Disabled' and self.enforce_mode == DISABLED: 2765 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2766 self.enforce_button.set_active(True) 2767 self.enforce_button = radio 2768 2769 def clear_filters(self, *args): 2770 self.filter_entry.set_text('') 2771 self.show_modified_only.set_active(False) 2772 2773 def unconfined_toggle(self, *args): 2774 if not self.finish_init: 2775 return 2776 self.wait_mouse() 2777 if self.enable_unconfined_button.get_active(): 2778 self.dbus.semanage("module -e unconfined") 2779 else: 2780 self.dbus.semanage("module -d unconfined") 2781 self.ready_mouse() 2782 2783 def permissive_toggle(self, *args): 2784 if not self.finish_init: 2785 return 2786 self.wait_mouse() 2787 if self.enable_permissive_button.get_active(): 2788 self.dbus.semanage("module -e permissivedomains") 2789 else: 2790 self.dbus.semanage("module -d permissivedomains") 2791 self.ready_mouse() 2792 2793 def confirmation_close(self, button, *args): 2794 if len(self.update_treestore) > 0: 2795 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2796 return True 2797 self.quit() 2798 2799 def quit(self, *args): 2800 sys.exit(0) 2801 2802if __name__ == '__main__': 2803 start = SELinuxGui() 2804