1 #!/usr/bin/python -Es 2 # 3 # Copyright (C) 2013 Red Hat 4 # see file 'COPYING' for use and warranty information 5 # 6 # selinux gui is a tool for the examining and modifying SELinux policy 7 # 8 # This program is free software; you can redistribute it and/or 9 # modify it under the terms of the GNU General Public License as 10 # published by the Free Software Foundation; either version 2 of 11 # the License, or (at your option) any later version. 12 # 13 # This program is distributed in the hope that it will be useful, 14 # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 # GNU General Public License for more details. 17 # 18 # You should have received a copy of the GNU General Public License 19 # along with this program; if not, write to the Free Software 20 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 21 # 02111-1307 USA 22 # 23 # author: Ryan Hallisey rhallisey (at] redhat.com 24 # author: Dan Walsh dwalsh (at] redhat.com 25 # author: Miroslav Grepl mgrepl (at] redhat.com 26 # 27 # 28 29 import gi 30 gi.require_version('Gtk', '3.0') 31 from gi.repository import Gtk 32 from gi.repository import Gdk 33 from gi.repository import GLib 34 from sepolicy.sedbus import SELinuxDBus 35 import sys 36 import sepolicy 37 import selinux 38 from selinux import DISABLED, PERMISSIVE, ENFORCING 39 import sepolicy.network 40 import sepolicy.manpage 41 import dbus 42 import os 43 import re 44 import unicodedata 45 46 PROGNAME = "policycoreutils" 47 try: 48 import gettext 49 kwargs = {} 50 if sys.version_info < (3,): 51 kwargs['unicode'] = True 52 gettext.install(PROGNAME, 53 localedir="/usr/share/locale", 54 codeset='utf-8', 55 **kwargs) 56 except: 57 try: 58 import builtins 59 builtins.__dict__['_'] = str 60 except ImportError: 61 import __builtin__ 62 __builtin__.__dict__['_'] = unicode 63 64 reverse_file_type_str = {} 65 for f in sepolicy.file_type_str: 66 reverse_file_type_str[sepolicy.file_type_str[f]] = f 67 68 enabled = [_("No"), _("Yes")] 69 action = [_("Disable"), _("Enable")] 70 71 72 def cmp(a, b): 73 if a is None and b is None: 74 return 0 75 if a is None: 76 return -1 77 if b is None: 78 return 1 79 return (a > b) - (a < b) 80 81 import distutils.sysconfig 82 ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<")) 83 ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<")) 84 OUTBOUND_PAGE = 0 85 INBOUND_PAGE = 1 86 87 TRANSITIONS_FROM_PAGE = 0 88 TRANSITIONS_TO_PAGE = 1 89 TRANSITIONS_FILE_PAGE = 2 90 91 EXE_PAGE = 0 92 WRITABLE_PAGE = 1 93 APP_PAGE = 2 94 95 BOOLEANS_PAGE = 0 96 FILES_PAGE = 1 97 NETWORK_PAGE = 2 98 TRANSITIONS_PAGE = 3 99 LOGIN_PAGE = 4 100 USER_PAGE = 5 101 LOCKDOWN_PAGE = 6 102 SYSTEM_PAGE = 7 103 FILE_EQUIV_PAGE = 8 104 START_PAGE = 9 105 106 keys = ["boolean", "fcontext", "fcontext-equiv", "port", "login", "user", "module", "node", "interface"] 107 108 DISABLED_TEXT = _("""<small> 109 To change from Disabled to Enforcing mode 110 - Change the system mode from Disabled to Permissive 111 - Reboot, so that the system can relabel 112 - Once the system is working as planned 113 * Change the system mode to Enforcing</small> 114 """) 115 116 117 class SELinuxGui(): 118 119 def __init__(self, app=None, test=False): 120 self.finish_init = False 121 self.advanced_init = True 122 self.opage = START_PAGE 123 self.dbus = SELinuxDBus() 124 try: 125 customized = self.dbus.customized() 126 except dbus.exceptions.DBusException as e: 127 print(e) 128 self.quit() 129 130 self.init_cur() 131 self.application = app 132 self.filter_txt = "" 133 builder = Gtk.Builder() # BUILDER OBJ 134 self.code_path = distutils.sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" 135 glade_file = self.code_path + "sepolicy.glade" 136 builder.add_from_file(glade_file) 137 self.outer_notebook = builder.get_object("outer_notebook") 138 self.window = builder.get_object("SELinux_window") 139 self.main_selection_window = builder.get_object("Main_selection_menu") 140 self.main_advanced_label = builder.get_object("main_advanced_label") 141 self.popup = 0 142 self.applications_selection_button = builder.get_object("applications_selection_button") 143 self.revert_button = builder.get_object("Revert_button") 144 self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) 145 self.ready_cursor = Gdk.Cursor(Gdk.CursorType.LEFT_PTR) 146 self.initialtype = selinux.selinux_getpolicytype()[1] 147 self.current_popup = None 148 self.import_export = None 149 self.clear_entry = True 150 self.files_add = False 151 self.network_add = False 152 153 self.all_domains = [] 154 self.installed_list = [] 155 self.previously_modified = {} 156 157 # file dialog 158 self.file_dialog = builder.get_object("add_path_dialog") 159 # Error check *************************************** 160 self.error_check_window = builder.get_object("error_check_window") 161 self.error_check_label = builder.get_object("error_check_label") 162 self.invalid_entry = False 163 # Advanced search window **************************** 164 self.advanced_search_window = builder.get_object("advanced_search_window") 165 self.advanced_search_filter = builder.get_object("advanced_filter") 166 self.advanced_search_filter.set_visible_func(self.filter_the_data) 167 self.advanced_search_sort = builder.get_object("advanced_sort") 168 169 self.advanced_filter_entry = builder.get_object("advanced_filter_entry") 170 self.advanced_search_treeview = builder.get_object("advanced_search_treeview") 171 self.advanced_search = False 172 173 # Login Items ************************************** 174 self.login_label = builder.get_object("Login_label") 175 self.login_seuser_combobox = builder.get_object("login_seuser_combobox") 176 self.login_seuser_combolist = builder.get_object("login_seuser_liststore") 177 self.login_name_entry = builder.get_object("login_name_entry") 178 self.login_mls_label = builder.get_object("login_mls_label") 179 self.login_mls_entry = builder.get_object("login_mls_entry") 180 self.login_radio_button = builder.get_object("Login_button") 181 self.login_treeview = builder.get_object("login_treeview") 182 self.login_liststore = builder.get_object("login_liststore") 183 self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 184 self.login_filter = builder.get_object("login_filter") 185 self.login_filter.set_visible_func(self.filter_the_data) 186 self.login_popup_window = builder.get_object("login_popup_window") 187 self.login_delete_liststore = builder.get_object("login_delete_liststore") 188 self.login_delete_window = builder.get_object("login_delete_window") 189 190 # Users Items ************************************** 191 self.user_popup_window = builder.get_object("user_popup_window") 192 self.user_radio_button = builder.get_object("User_button") 193 self.user_liststore = builder.get_object("user_liststore") 194 self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 195 self.user_filter = builder.get_object("user_filter") 196 self.user_filter.set_visible_func(self.filter_the_data) 197 self.user_treeview = builder.get_object("user_treeview") 198 self.user_roles_combobox = builder.get_object("user_roles_combobox") 199 self.user_roles_combolist = builder.get_object("user_roles_liststore") 200 self.user_label = builder.get_object("User_label") 201 self.user_name_entry = builder.get_object("user_name_entry") 202 self.user_mls_label = builder.get_object("user_mls_label") 203 self.user_mls_level_entry = builder.get_object("user_mls_level_entry") 204 self.user_mls_entry = builder.get_object("user_mls_entry") 205 self.user_combobox = builder.get_object("selinux_user_combobox") 206 self.user_delete_liststore = builder.get_object("user_delete_liststore") 207 self.user_delete_window = builder.get_object("user_delete_window") 208 209 # File Equiv Items ************************************** 210 self.file_equiv_label = builder.get_object("file_equiv_label") 211 self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry") 212 self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry") 213 self.file_equiv_radio_button = builder.get_object("file_equiv_button") 214 self.file_equiv_treeview = builder.get_object("file_equiv_treeview") 215 self.file_equiv_liststore = builder.get_object("file_equiv_liststore") 216 self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 217 self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window") 218 self.file_equiv_treefilter = builder.get_object("file_equiv_filter") 219 self.file_equiv_treefilter.set_visible_func(self.filter_the_data) 220 self.file_equiv_delete_liststore = builder.get_object("file_equiv_delete_liststore") 221 self.file_equiv_delete_window = builder.get_object("file_equiv_delete_window") 222 223 # System Items ************************************** 224 self.app_system_button = builder.get_object("app_system_button") 225 self.system_radio_button = builder.get_object("System_button") 226 self.lockdown_radio_button = builder.get_object("Lockdown_button") 227 self.systems_box = builder.get_object("Systems_box") 228 self.relabel_button = builder.get_object("Relabel_button") 229 self.relabel_button_no = builder.get_object("Relabel_button_no") 230 self.advanced_system = builder.get_object("advanced_system") 231 self.outer_notebook_frame = builder.get_object("outer_notebook_frame") 232 self.system_policy_label = builder.get_object("system_policy_type_label") 233 # Browse Items ************************************** 234 self.select_button_browse = builder.get_object("select_button_browse") 235 self.cancel_button_browse = builder.get_object("cancel_button_browse") 236 # More types window items *************************** 237 self.moreTypes_window_files = builder.get_object("moreTypes_window_files") 238 self.more_types_files_liststore = builder.get_object("more_types_file_liststore") 239 self.moreTypes_treeview = builder.get_object("moreTypes_treeview_files") 240 # System policy type ******************************** 241 self.system_policy_type_liststore = builder.get_object("system_policy_type_liststore") 242 self.system_policy_type_combobox = builder.get_object("system_policy_type_combobox") 243 self.policy_list = [] 244 if self.populate_system_policy() < 2: 245 self.advanced_system.set_visible(False) 246 self.system_policy_label.set_visible(False) 247 self.system_policy_type_combobox.set_visible(False) 248 249 self.enforcing_button_default = builder.get_object("Enforcing_button_default") 250 self.permissive_button_default = builder.get_object("Permissive_button_default") 251 self.disabled_button_default = builder.get_object("Disabled_button_default") 252 self.initialize_system_default_mode() 253 254 # Lockdown Window ********************************* 255 self.enable_unconfined_button = builder.get_object("enable_unconfined") 256 self.disable_unconfined_button = builder.get_object("disable_unconfined") 257 self.enable_permissive_button = builder.get_object("enable_permissive") 258 self.disable_permissive_button = builder.get_object("disable_permissive") 259 self.enable_ptrace_button = builder.get_object("enable_ptrace") 260 self.disable_ptrace_button = builder.get_object("disable_ptrace") 261 262 # Help Window ********************************* 263 self.help_window = builder.get_object("help_window") 264 self.help_text = builder.get_object("help_textv") 265 self.info_text = builder.get_object("info_text") 266 self.help_image = builder.get_object("help_image") 267 self.forward_button = builder.get_object("forward_button") 268 self.back_button = builder.get_object("back_button") 269 # Update menu items ********************************* 270 self.update_window = builder.get_object("update_window") 271 self.update_treeview = builder.get_object("update_treeview") 272 self.update_treestore = builder.get_object("Update_treestore") 273 self.apply_button = builder.get_object("apply_button") 274 self.update_button = builder.get_object("Update_button") 275 # Add button objects ******************************** 276 self.add_button = builder.get_object("Add_button") 277 self.delete_button = builder.get_object("Delete_button") 278 279 self.files_path_entry = builder.get_object("files_path_entry") 280 self.network_ports_entry = builder.get_object("network_ports_entry") 281 self.files_popup_window = builder.get_object("files_popup_window") 282 self.network_popup_window = builder.get_object("network_popup_window") 283 284 self.popup_network_label = builder.get_object("Network_label") 285 self.popup_files_label = builder.get_object("files_label") 286 287 self.recursive_path_toggle = builder.get_object("make_path_recursive") 288 self.files_type_combolist = builder.get_object("files_type_combo_store") 289 self.files_class_combolist = builder.get_object("files_class_combo_store") 290 self.files_type_combobox = builder.get_object("files_type_combobox") 291 self.files_class_combobox = builder.get_object("files_class_combobox") 292 self.files_mls_label = builder.get_object("files_mls_label") 293 self.files_mls_entry = builder.get_object("files_mls_entry") 294 self.advanced_text_files = builder.get_object("Advanced_text_files") 295 self.files_cancel_button = builder.get_object("cancel_delete_files") 296 297 self.network_tcp_button = builder.get_object("tcp_button") 298 self.network_udp_button = builder.get_object("udp_button") 299 self.network_port_type_combolist = builder.get_object("network_type_combo_store") 300 self.network_port_type_combobox = builder.get_object("network_type_combobox") 301 self.network_mls_label = builder.get_object("network_mls_label") 302 self.network_mls_entry = builder.get_object("network_mls_entry") 303 self.advanced_text_network = builder.get_object("Advanced_text_network") 304 self.network_cancel_button = builder.get_object("cancel_network_delete") 305 306 # Add button objects ******************************** 307 308 # Modify items ************************************** 309 self.show_mislabeled_files_only = builder.get_object("Show_mislabeled_files") 310 self.mislabeled_files_label = builder.get_object("mislabeled_files_label") 311 self.warning_files = builder.get_object("warning_files") 312 self.modify_button = builder.get_object("Modify_button") 313 self.modify_button.set_sensitive(False) 314 # Modify items ************************************** 315 316 # Fix label ***************************************** 317 self.fix_label_window = builder.get_object("fix_label_window") 318 self.fixlabel_label = builder.get_object("fixlabel_label") 319 self.fix_label_cancel = builder.get_object("fix_label_cancel") 320 # Fix label ***************************************** 321 322 # Delete items ************************************** 323 self.files_delete_window = builder.get_object("files_delete_window") 324 self.files_delete_treeview = builder.get_object("files_delete_treeview") 325 self.files_delete_liststore = builder.get_object("files_delete_liststore") 326 self.network_delete_window = builder.get_object("network_delete_window") 327 self.network_delete_treeview = builder.get_object("network_delete_treeview") 328 self.network_delete_liststore = builder.get_object("network_delete_liststore") 329 # Delete items ************************************** 330 331 # Progress bar ************************************** 332 self.progress_bar = builder.get_object("progress_bar") 333 # Progress bar ************************************** 334 335 # executable_files items **************************** 336 self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view 337 self.executable_files_filter = builder.get_object("executable_files_filter") 338 self.executable_files_filter.set_visible_func(self.filter_the_data) 339 self.executable_files_tab = builder.get_object("Executable_files_tab") 340 self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text() 341 self.executable_files_liststore = builder.get_object("executable_files_treestore") 342 self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 343 344 self.files_radio_button = builder.get_object("files_button") 345 self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text() 346 # executable_files items **************************** 347 348 # writable files items ****************************** 349 self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view 350 self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class 351 self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 352 self.writable_files_filter = builder.get_object("writable_files_filter") 353 self.writable_files_filter.set_visible_func(self.filter_the_data) 354 self.writable_files_tab = builder.get_object("Writable_files_tab") 355 self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 356 # writable files items ****************************** 357 358 # Application File Types **************************** 359 self.application_files_treeview = builder.get_object("Application_files_treeview") # Get the Application files tree view 360 self.application_files_filter = builder.get_object("application_files_filter") # Contains the tree with File Path, Description, Class 361 self.application_files_filter.set_visible_func(self.filter_the_data) 362 self.application_files_tab = builder.get_object("Application_files_tab") 363 self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text() 364 self.application_files_liststore = builder.get_object("application_files_treestore") 365 self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 366 self.application_files_tab = builder.get_object("Application_files_tab") 367 self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text() 368 # Application File Type ***************************** 369 370 # network items ************************************* 371 self.network_radio_button = builder.get_object("network_button") 372 self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text() 373 374 self.network_out_treeview = builder.get_object("outbound_treeview") 375 self.network_out_liststore = builder.get_object("network_out_liststore") 376 self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 377 self.network_out_filter = builder.get_object("network_out_filter") 378 self.network_out_filter.set_visible_func(self.filter_the_data) 379 self.network_out_tab = builder.get_object("network_out_tab") 380 self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text() 381 382 self.network_in_treeview = builder.get_object("inbound_treeview") 383 self.network_in_liststore = builder.get_object("network_in_liststore") 384 self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 385 self.network_in_filter = builder.get_object("network_in_filter") 386 self.network_in_filter.set_visible_func(self.filter_the_data) 387 self.network_in_tab = builder.get_object("network_in_tab") 388 self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text() 389 # network items ************************************* 390 391 # boolean items ************************************ 392 self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list 393 self.boolean_liststore = builder.get_object("boolean_liststore") 394 self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 395 self.boolean_filter = builder.get_object("boolean_filter") 396 self.boolean_filter.set_visible_func(self.filter_the_data) 397 398 self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window") 399 self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview") 400 self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore") 401 self.boolean_radio_button = builder.get_object("Booleans_button") 402 self.active_button = self.boolean_radio_button 403 self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text() 404 # boolean items ************************************ 405 406 # transitions items ************************************ 407 self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File 408 self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with 409 self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING) 410 self.transitions_into_filter = builder.get_object("transitions_into_filter") 411 self.transitions_into_filter.set_visible_func(self.filter_the_data) 412 self.transitions_into_tab = builder.get_object("Transitions_into_tab") 413 self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text() 414 415 self.transitions_radio_button = builder.get_object("Transitions_button") 416 self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text() 417 418 self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list 419 self.transitions_from_treestore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype 420 self.transitions_from_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING) 421 self.transitions_from_filter = builder.get_object("transitions_from_filter") 422 self.transitions_from_filter.set_visible_func(self.filter_the_data) 423 self.transitions_from_tab = builder.get_object("Transitions_from_tab") 424 self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 425 426 self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list 427 self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype 428 self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING) 429 self.transitions_file_filter = builder.get_object("file_transitions_filter") 430 self.transitions_file_filter.set_visible_func(self.filter_the_data) 431 self.transitions_file_tab = builder.get_object("file_transitions") 432 self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text() 433 # transitions items ************************************ 434 435 # Combobox and Entry items ************************** 436 self.combobox_menu = builder.get_object("combobox_org") # This is the combobox box object, aka the arrow next to the entry text bar 437 self.application_liststore = builder.get_object("application_liststore") 438 self.completion_entry = builder.get_object("completion_entry") # self.combobox_menu.get_child() 439 self.entrycompletion_obj = builder.get_object("entrycompletion_obj") 440 #self.entrycompletion_obj = Gtk.EntryCompletion() 441 self.entrycompletion_obj.set_minimum_key_length(0) 442 self.entrycompletion_obj.set_text_column(0) 443 self.entrycompletion_obj.set_match_func(self.match_func, None) 444 self.completion_entry.set_completion(self.entrycompletion_obj) 445 self.completion_entry.set_icon_from_stock(0, Gtk.STOCK_FIND) 446 # Combobox and Entry items ************************** 447 448 # Modify buttons ************************************ 449 self.show_modified_only = builder.get_object("Show_modified_only_toggle") 450 # Modify button ************************************* 451 452 # status bar ***************************************** 453 self.current_status_label = builder.get_object("Enforcing_label") 454 self.current_status_enforcing = builder.get_object("Enforcing_button") 455 self.current_status_permissive = builder.get_object("Permissive_button") 456 self.status_bar = builder.get_object("status_bar") 457 self.context_id = self.status_bar.get_context_id("SELinux status") 458 459 # filters ********************************************* 460 self.filter_entry = builder.get_object("filter_entry") 461 self.filter_box = builder.get_object("filter_box") 462 self.add_modify_delete_box = builder.get_object("add_modify_delete_box") 463 # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it) 464 465 # Toggle button **************************************** 466 self.cell = builder.get_object("activate") 467 self.del_cell_files = builder.get_object("files_toggle_delete") 468 self.del_cell_files.connect("toggled", self.on_toggle_update, self.files_delete_liststore) 469 self.del_cell_files_equiv = builder.get_object("file_equiv_toggle_delete1") 470 self.del_cell_files_equiv.connect("toggled", self.on_toggle_update, self.file_equiv_delete_liststore) 471 self.del_cell_user = builder.get_object("user_toggle_delete") 472 self.del_cell_user.connect("toggled", self.on_toggle_update, self.user_delete_liststore) 473 self.del_cell_login = builder.get_object("login_toggle_delete") 474 self.del_cell_login.connect("toggled", self.on_toggle_update, self.login_delete_liststore) 475 self.del_cell_network = builder.get_object("network_toggle_delete") 476 self.del_cell_network.connect("toggled", self.on_toggle_update, self.network_delete_liststore) 477 self.update_cell = builder.get_object("toggle_update") 478 # Notebook items *************************************** 479 self.outer_notebook = builder.get_object("outer_notebook") 480 self.inner_notebook_files = builder.get_object("files_inner_notebook") 481 self.inner_notebook_network = builder.get_object("network_inner_notebook") 482 self.inner_notebook_transitions = builder.get_object("transitions_inner_notebook") 483 # logind gui *************************************** 484 loading_gui = builder.get_object("loading_gui") 485 486 self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore) 487 self.all_entries = [] 488 489 # Need to connect button on code because the tree view model is a treeviewsort 490 self.cell.connect("toggled", self.on_toggle, self.boolean_liststore) 491 492 self.loading = 1 493 path = None 494 if test: 495 self.all_domains = ["httpd_t", "abrt_t"] 496 if app and app not in self.all_domains: 497 self.all_domains.append(app) 498 else: 499 self.all_domains = sepolicy.get_all_domains() 500 self.all_domains.sort(key=str.lower) 501 502 if app and app not in self.all_domains: 503 self.error(_("%s is not a valid domain" % app)) 504 self.quit() 505 506 loading_gui.show() 507 length = len(self.all_domains) 508 509 entrypoint_dict = sepolicy.get_init_entrypoints_str() 510 for domain in self.all_domains: 511 # After the user selects a path in the drop down menu call 512 # get_init_entrypoint_target(entrypoint) to get the transtype 513 # which will give you the application 514 self.combo_box_add(domain, domain) 515 self.percentage = float(float(self.loading) / float(length)) 516 self.progress_bar.set_fraction(self.percentage) 517 self.progress_bar.set_pulse_step(self.percentage) 518 self.idle_func() 519 520 for entrypoint in entrypoint_dict.get(domain, []): 521 path = sepolicy.find_entrypoint_path(entrypoint) 522 if path: 523 self.combo_box_add(path, domain) 524 self.installed_list.append(path) 525 526 self.loading += 1 527 loading_gui.hide() 528 self.entrycompletion_obj.set_model(self.application_liststore) 529 self.advanced_search_treeview.set_model(self.advanced_search_sort) 530 531 dic = { 532 "on_combo_button_clicked": self.open_combo_menu, 533 "on_disable_ptrace_toggled": self.on_disable_ptrace, 534 "on_SELinux_window_configure_event": self.hide_combo_menu, 535 "on_entrycompletion_obj_match_selected": self.set_application_label, 536 "on_filter_changed": self.get_filter_data, 537 "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, 538 "on_save_changes_login_clicked": self.update_to_login, 539 "on_save_changes_user_clicked": self.update_to_user, 540 "on_save_changes_files_clicked": self.update_to_files, 541 "on_save_changes_network_clicked": self.update_to_network, 542 "on_Advanced_text_files_button_press_event": self.reveal_advanced, 543 "item_in_tree_selected": self.cursor_changed, 544 "on_Application_file_types_treeview_configure_event": self.resize_wrap, 545 "on_save_delete_clicked": self.on_save_delete_clicked, 546 "on_moreTypes_treeview_files_row_activated": self.populate_type_combo, 547 "on_retry_button_files_clicked": self.invalid_entry_retry, 548 "on_make_path_recursive_toggled": self.recursive_path, 549 "on_files_path_entry_button_press_event": self.highlight_entry_text, 550 "on_files_path_entry_changed": self.autofill_add_files_entry, 551 "on_select_type_files_clicked": self.select_type_more, 552 "on_choose_file": self.on_browse_select, 553 "on_Enforcing_button_toggled": self.set_enforce, 554 "on_confirmation_close": self.confirmation_close, 555 "on_column_clicked": self.column_clicked, 556 "on_tab_switch": self.clear_filters, 557 558 "on_file_equiv_button_clicked": self.show_file_equiv_page, 559 "on_app/system_button_clicked": self.system_interface, 560 "on_app/users_button_clicked": self.users_interface, 561 "on_show_advanced_search_window": self.on_show_advanced_search_window, 562 563 "on_Show_mislabeled_files_toggled": self.show_mislabeled_files, 564 "on_Browse_button_files_clicked": self.browse_for_files, 565 "on_cancel_popup_clicked": self.close_popup, 566 "on_treeview_cursor_changed": self.cursor_changed, 567 "on_login_seuser_combobox_changed": self.login_seuser_combobox_change, 568 "on_user_roles_combobox_changed": self.user_roles_combobox_change, 569 570 "on_cancel_button_browse_clicked": self.close_config_window, 571 "on_apply_button_clicked": self.apply_changes_button_press, 572 "on_Revert_button_clicked": self.update_or_revert_changes, 573 "on_Update_button_clicked": self.update_or_revert_changes, 574 "on_advanced_filter_entry_changed": self.get_advanced_filter_data, 575 "on_advanced_search_treeview_row_activated": self.advanced_item_selected, 576 "on_Select_advanced_search_clicked": self.advanced_item_button_push, 577 "on_info_button_button_press_event": self.on_help_button, 578 "on_back_button_clicked": self.on_help_back_clicked, 579 "on_forward_button_clicked": self.on_help_forward_clicked, 580 "on_Boolean_treeview_columns_changed": self.resize_columns, 581 "on_completion_entry_changed": self.application_selected, 582 "on_Add_button_clicked": self.add_button_clicked, 583 "on_Delete_button_clicked": self.delete_button_clicked, 584 "on_Modify_button_clicked": self.modify_button_clicked, 585 "on_Show_modified_only_toggled": self.on_show_modified_only, 586 "on_cancel_button_config_clicked": self.close_config_window, 587 "on_Import_button_clicked": self.import_config_show, 588 "on_Export_button_clicked": self.export_config_show, 589 "on_enable_unconfined_toggled": self.unconfined_toggle, 590 "on_enable_permissive_toggled": self.permissive_toggle, 591 "on_system_policy_type_combobox_changed": self.change_default_policy, 592 "on_Enforcing_button_default_toggled": self.change_default_mode, 593 "on_Permissive_button_default_toggled": self.change_default_mode, 594 "on_Disabled_button_default_toggled": self.change_default_mode, 595 596 "on_Relabel_button_toggled_cb": self.relabel_on_reboot, 597 "on_advanced_system_button_press_event": self.reveal_advanced_system, 598 "on_files_type_combobox_changed": self.show_more_types, 599 "on_filter_row_changed": self.filter_the_data, 600 "on_button_toggled": self.tab_change, 601 "gtk_main_quit": self.closewindow 602 } 603 604 self.previously_modified_initialize(customized) 605 builder.connect_signals(dic) 606 self.window.show() # Show the gui to the screen 607 GLib.timeout_add_seconds(5, self.selinux_status) 608 self.selinux_status() 609 self.lockdown_inited = False 610 self.add_modify_delete_box.hide() 611 self.filter_box.hide() 612 if self.status == DISABLED: 613 self.show_system_page() 614 else: 615 if self.application: 616 self.applications_selection_button.set_label(self.application) 617 self.completion_entry.set_text(self.application) 618 self.show_applications_page() 619 self.tab_change() 620 else: 621 self.clearbuttons() 622 self.outer_notebook.set_current_page(START_PAGE) 623 624 self.reinit() 625 self.finish_init = True 626 Gtk.main() 627 628 def init_cur(self): 629 self.cur_dict = {} 630 for k in keys: 631 self.cur_dict[k] = {} 632 633 def remove_cur(self, ctr): 634 i = 0 635 for k in self.cur_dict: 636 for j in self.cur_dict[k]: 637 if i == ctr: 638 del(self.cur_dict[k][j]) 639 return 640 i += 1 641 642 def selinux_status(self): 643 try: 644 self.status = selinux.security_getenforce() 645 except OSError: 646 self.status = DISABLED 647 if self.status == DISABLED: 648 self.current_status_label.set_sensitive(False) 649 self.current_status_enforcing.set_sensitive(False) 650 self.current_status_permissive.set_sensitive(False) 651 self.enforcing_button_default.set_sensitive(False) 652 self.status_bar.push(self.context_id, _("System Status: Disabled")) 653 self.info_text.set_label(DISABLED_TEXT) 654 else: 655 self.set_enforce_text(self.status) 656 if os.path.exists('/.autorelabel'): 657 self.relabel_button.set_active(True) 658 else: 659 self.relabel_button_no.set_active(True) 660 661 policytype = selinux.selinux_getpolicytype()[1] 662 663 mode = selinux.selinux_getenforcemode()[1] 664 if mode == ENFORCING: 665 self.enforcing_button_default.set_active(True) 666 if mode == PERMISSIVE: 667 self.permissive_button_default.set_active(True) 668 if mode == DISABLED: 669 self.disabled_button_default.set_active(True) 670 671 return True 672 673 def lockdown_init(self): 674 if self.lockdown_inited: 675 return 676 self.wait_mouse() 677 self.lockdown_inited = True 678 self.disable_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace")) 679 self.module_dict = {} 680 for m in self.dbus.semodule_list().split("\n"): 681 mod = m.split() 682 if len(mod) < 3: 683 continue 684 self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } 685 686 self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) 687 self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) 688 self.ready_mouse() 689 690 def column_clicked(self, treeview, treepath, treecol, *args): 691 iter = self.get_selected_iter() 692 if not iter: 693 return 694 695 if self.opage == BOOLEANS_PAGE: 696 if treecol.get_name() == "more_detail_col": 697 self.display_more_detail(self.window, treepath) 698 699 if self.opage == FILES_PAGE: 700 visible = self.liststore.get_value(iter, 3) 701 # If visible is true then fix mislabeled will be visible 702 if treecol.get_name() == "restorecon_col" and visible: 703 self.fix_mislabeled(self.liststore.get_value(iter, 0)) 704 705 if self.opage == TRANSITIONS_PAGE: 706 bool_name = self.liststore.get_value(iter, 1) 707 if bool_name: 708 self.boolean_radio_button.clicked() 709 self.filter_entry.set_text(bool_name) 710 711 def idle_func(self): 712 while Gtk.events_pending(): 713 Gtk.main_iteration() 714 715 def match_func(self, completion, key_string, iter, func_data): 716 try: 717 if self.application_liststore.get_value(iter, 0).find(key_string) != -1: 718 return True 719 return False 720 except AttributeError: 721 pass 722 723 def help_show_page(self): 724 self.back_button.set_sensitive(self.help_page != 0) 725 self.forward_button.set_sensitive(self.help_page < (len(self.help_list) - 1)) 726 try: 727 fd = open("%shelp/%s.txt" % (self.code_path, self.help_list[self.help_page]), "r") 728 buf = fd.read() 729 fd.close() 730 except IOError: 731 buf = "" 732 help_text = self.help_text.get_buffer() 733 help_text.set_text(buf % {"APP": self.application}) 734 self.help_text.set_buffer(help_text) 735 self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page])) 736 self.show_popup(self.help_window) 737 738 def on_help_back_clicked(self, *args): 739 self.help_page -= 1 740 self.help_show_page() 741 742 def on_help_forward_clicked(self, *args): 743 self.help_page += 1 744 self.help_show_page() 745 746 def on_help_button(self, *args): 747 self.help_page = 0 748 self.help_list = [] 749 if self.opage == START_PAGE: 750 self.help_window.set_title(_("Help: Start Page")) 751 self.help_list = ["start"] 752 753 if self.opage == BOOLEANS_PAGE: 754 self.help_window.set_title(_("Help: Booleans Page")) 755 self.help_list = ["booleans", "booleans_toggled", "booleans_more", "booleans_more_show"] 756 757 if self.opage == FILES_PAGE: 758 ipage = self.inner_notebook_files.get_current_page() 759 if ipage == EXE_PAGE: 760 self.help_window.set_title(_("Help: Executable Files Page")) 761 self.help_list = ["files_exec"] 762 if ipage == WRITABLE_PAGE: 763 self.help_window.set_title(_("Help: Writable Files Page")) 764 self.help_list = ["files_write"] 765 if ipage == APP_PAGE: 766 self.help_window.set_title(_("Help: Application Types Page")) 767 self.help_list = ["files_app"] 768 if self.opage == NETWORK_PAGE: 769 ipage = self.inner_notebook_network.get_current_page() 770 if ipage == OUTBOUND_PAGE: 771 self.help_window.set_title(_("Help: Outbound Network Connections Page")) 772 self.help_list = ["ports_outbound"] 773 if ipage == INBOUND_PAGE: 774 self.help_window.set_title(_("Help: Inbound Network Connections Page")) 775 self.help_list = ["ports_inbound"] 776 777 if self.opage == TRANSITIONS_PAGE: 778 ipage = self.inner_notebook_transitions.get_current_page() 779 if ipage == TRANSITIONS_FROM_PAGE: 780 self.help_window.set_title(_("Help: Transition from application Page")) 781 self.help_list = ["transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"] 782 if ipage == TRANSITIONS_TO_PAGE: 783 self.help_window.set_title(_("Help: Transition into application Page")) 784 self.help_list = ["transition_to"] 785 if ipage == TRANSITIONS_FILE_PAGE: 786 self.help_window.set_title(_("Help: Transition application file Page")) 787 self.help_list = ["transition_file"] 788 789 if self.opage == SYSTEM_PAGE: 790 self.help_window.set_title(_("Help: Systems Page")) 791 self.help_list = ["system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel"] 792 793 if self.opage == LOCKDOWN_PAGE: 794 self.help_window.set_title(_("Help: Lockdown Page")) 795 self.help_list = ["lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace"] 796 797 if self.opage == LOGIN_PAGE: 798 self.help_window.set_title(_("Help: Login Page")) 799 self.help_list = ["login", "login_default"] 800 801 if self.opage == USER_PAGE: 802 self.help_window.set_title(_("Help: SELinux User Page")) 803 self.help_list = ["users"] 804 805 if self.opage == FILE_EQUIV_PAGE: 806 self.help_window.set_title(_("Help: File Equivalence Page")) 807 self.help_list = ["file_equiv"] 808 return self.help_show_page() 809 810 def open_combo_menu(self, *args): 811 if self.popup == 0: 812 self.popup = 1 813 location = self.window.get_position() 814 self.main_selection_window.move(location[0] + 2, location[1] + 65) 815 self.main_selection_window.show() 816 else: 817 self.main_selection_window.hide() 818 self.popup = 0 819 820 def hide_combo_menu(self, *args): 821 self.main_selection_window.hide() 822 self.popup = 0 823 824 def set_application_label(self, *args): 825 self.set_application_label = True 826 827 def resize_wrap(self, *args): 828 print(args) 829 830 def initialize_system_default_mode(self): 831 self.enforce_mode = selinux.selinux_getenforcemode()[1] 832 if self.enforce_mode == ENFORCING: 833 self.enforce_button = self.enforcing_button_default 834 if self.enforce_mode == PERMISSIVE: 835 self.enforce_button = self.permissive_button_default 836 if self.enforce_mode == DISABLED: 837 self.enforce_button = self.disabled_button_default 838 839 def populate_system_policy(self): 840 types = next(os.walk(selinux.selinux_path(), topdown=True))[1] 841 types.sort() 842 ctr = 0 843 for item in types: 844 iter = self.system_policy_type_liststore.append() 845 self.system_policy_type_liststore.set_value(iter, 0, item) 846 if item == self.initialtype: 847 self.system_policy_type_combobox.set_active(ctr) 848 self.typeHistory = ctr 849 ctr += 1 850 return ctr 851 852 def filter_the_data(self, list, iter, *args): 853 # When there is no txt in the box show all items in the tree 854 if self.filter_txt == "": 855 return True 856 try: 857 for x in range(0, list.get_n_columns()): 858 try: 859 val = list.get_value(iter, x) 860 if val is True or val is False or val is None: 861 continue 862 # Returns true if filter_txt exists within the val 863 if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): 864 return True 865 except (AttributeError, TypeError): 866 pass 867 except: # ValueError: 868 pass 869 return False 870 871 def net_update(self, app, netd, protocol, direction, model): 872 for k in netd.keys(): 873 for t, ports in netd[k]: 874 pkey = (",".join(ports), protocol) 875 if pkey in self.cur_dict["port"]: 876 if self.cur_dict["port"][pkey]["action"] == "-d": 877 continue 878 if t != self.cur_dict["port"][pkey]["type"]: 879 continue 880 self.network_initial_data_insert(model, ", ".join(ports), t, protocol) 881 882 def file_equiv_initialize(self): 883 self.wait_mouse() 884 edict = sepolicy.get_file_equiv() 885 self.file_equiv_liststore.clear() 886 for f in edict: 887 iter = self.file_equiv_liststore.append() 888 if edict[f]["modify"]: 889 name = self.markup(f) 890 equiv = self.markup(edict[f]["equiv"]) 891 else: 892 name = f 893 equiv = edict[f]["equiv"] 894 895 self.file_equiv_liststore.set_value(iter, 0, name) 896 self.file_equiv_liststore.set_value(iter, 1, equiv) 897 self.file_equiv_liststore.set_value(iter, 2, edict[f]["modify"]) 898 self.ready_mouse() 899 900 def user_initialize(self): 901 self.wait_mouse() 902 self.user_liststore.clear() 903 for u in sepolicy.get_selinux_users(): 904 iter = self.user_liststore.append() 905 self.user_liststore.set_value(iter, 0, str(u["name"])) 906 roles = u["roles"] 907 if "object_r" in roles: 908 roles.remove("object_r") 909 self.user_liststore.set_value(iter, 1, ", ".join(roles)) 910 self.user_liststore.set_value(iter, 2, u.get("level", "")) 911 self.user_liststore.set_value(iter, 3, u.get("range", "")) 912 self.user_liststore.set_value(iter, 4, True) 913 self.ready_mouse() 914 915 def login_initialize(self): 916 self.wait_mouse() 917 self.login_liststore.clear() 918 for u in sepolicy.get_login_mappings(): 919 iter = self.login_liststore.append() 920 self.login_liststore.set_value(iter, 0, u["name"]) 921 self.login_liststore.set_value(iter, 1, u["seuser"]) 922 self.login_liststore.set_value(iter, 2, u["mls"]) 923 self.login_liststore.set_value(iter, 3, True) 924 self.ready_mouse() 925 926 def network_initialize(self, app): 927 netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect", check_bools=True) 928 self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore) 929 netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind", check_bools=True) 930 self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore) 931 netd = sepolicy.network.get_network_connect(app, "udp", "name_bind", check_bools=True) 932 self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore) 933 934 def network_initial_data_insert(self, model, ports, portType, protocol): 935 iter = model.append() 936 model.set_value(iter, 0, ports) 937 model.set_value(iter, 1, protocol) 938 model.set_value(iter, 2, portType) 939 model.set_value(iter, 4, True) 940 941 def combo_set_active_text(self, combobox, val): 942 ctr = 0 943 liststore = combobox.get_model() 944 for i in liststore: 945 if i[0] == val: 946 combobox.set_active(ctr) 947 return 948 ctr += 1 949 950 niter = liststore.get_iter(ctr - 1) 951 if liststore.get_value(niter, 0) == _("More..."): 952 iter = liststore.insert_before(niter) 953 ctr = ctr - 1 954 else: 955 iter = liststore.append() 956 liststore.set_value(iter, 0, val) 957 combobox.set_active(ctr) 958 959 def combo_get_active_text(self, combobox): 960 liststore = combobox.get_model() 961 index = combobox.get_active() 962 if index < 0: 963 return None 964 iter = liststore.get_iter(index) 965 return liststore.get_value(iter, 0) 966 967 def combo_box_add(self, val, val1): 968 if val is None: 969 return 970 iter = self.application_liststore.append() 971 self.application_liststore.set_value(iter, 0, val) 972 self.application_liststore.set_value(iter, 1, val1) 973 974 def select_type_more(self, *args): 975 app = self.moreTypes_treeview.get_selection() 976 iter = app.get_selected()[1] 977 if iter is None: 978 return 979 app = self.more_types_files_liststore.get_value(iter, 0) 980 self.combo_set_active_text(self.files_type_combobox, app) 981 self.closewindow(self.moreTypes_window_files) 982 983 def advanced_item_button_push(self, *args): 984 row = self.advanced_search_treeview.get_selection() 985 model, iter = row.get_selected() 986 iter = model.convert_iter_to_child_iter(iter) 987 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 988 app = self.application_liststore.get_value(iter, 1) 989 if app is None: 990 return 991 self.advanced_filter_entry.set_text('') 992 self.advanced_search_window.hide() 993 self.reveal_advanced(self.main_advanced_label) 994 self.completion_entry.set_text(app) 995 996 def advanced_item_selected(self, treeview, path, *args): 997 iter = self.advanced_search_filter.get_iter(path) 998 iter = self.advanced_search_filter.convert_iter_to_child_iter(iter) 999 app = self.application_liststore.get_value(iter, 1) 1000 self.advanced_filter_entry.set_text('') 1001 self.advanced_search_window.hide() 1002 self.reveal_advanced(self.main_advanced_label) 1003 self.completion_entry.set_text(app) 1004 self.application_selected() 1005 1006 def find_application(self, app): 1007 if app and len(app) > 0: 1008 for items in self.application_liststore: 1009 if app == items[0]: 1010 return True 1011 return False 1012 1013 def application_selected(self, *args): 1014 self.show_mislabeled_files_only.set_visible(False) 1015 self.mislabeled_files_label.set_visible(False) 1016 self.warning_files.set_visible(False) 1017 self.filter_entry.set_text('') 1018 1019 app = self.completion_entry.get_text() 1020 if not self.find_application(app): 1021 return 1022 self.show_applications_page() 1023 self.add_button.set_sensitive(True) 1024 self.delete_button.set_sensitive(True) 1025 # Clear the tree to prepare for a new selection otherwise 1026 self.executable_files_liststore.clear() 1027 # data will pile up everytime the user selects a new item from the drop down menu 1028 self.network_in_liststore.clear() 1029 self.network_out_liststore.clear() 1030 self.boolean_liststore.clear() 1031 self.transitions_into_liststore.clear() 1032 self.transitions_from_treestore.clear() 1033 self.application_files_liststore.clear() 1034 self.writable_files_liststore.clear() 1035 self.transitions_file_liststore.clear() 1036 1037 try: 1038 if app[0] == '/': 1039 app = sepolicy.get_init_transtype(app) 1040 if not app: 1041 return 1042 self.application = app 1043 except IndexError: 1044 pass 1045 1046 self.wait_mouse() 1047 self.previously_modified_initialize(self.dbus.customized()) 1048 self.reinit() 1049 self.boolean_initialize(app) 1050 self.mislabeled_files = False 1051 self.executable_files_initialize(app) 1052 self.network_initialize(app) 1053 self.writable_files_initialize(app) 1054 self.transitions_into_initialize(app) 1055 self.transitions_from_initialize(app) 1056 self.application_files_initialize(app) 1057 self.transitions_files_initialize(app) 1058 1059 self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) 1060 self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) 1061 self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) 1062 self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) 1063 self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) 1064 self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) 1065 self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) 1066 self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) 1067 self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) 1068 self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) 1069 self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) 1070 self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) 1071 self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) 1072 self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app)) 1073 self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) 1074 1075 self.application = app 1076 self.applications_selection_button.set_label(self.application) 1077 self.ready_mouse() 1078 1079 def reinit(self): 1080 sepolicy.reinit() 1081 self.fcdict = sepolicy.get_fcdict() 1082 self.local_file_paths = sepolicy.get_local_file_paths() 1083 1084 def previously_modified_initialize(self, buf): 1085 self.cust_dict = {} 1086 for i in buf.split("\n"): 1087 rec = i.split() 1088 if len(rec) == 0: 1089 continue 1090 if rec[1] == "-D": 1091 continue 1092 if rec[0] not in self.cust_dict: 1093 self.cust_dict[rec[0]] = {} 1094 if rec[0] == "boolean": 1095 self.cust_dict["boolean"][rec[-1]] = {"active": rec[2] == "-1"} 1096 if rec[0] == "login": 1097 self.cust_dict["login"][rec[-1]] = {"seuser": rec[3], "range": rec[5]} 1098 if rec[0] == "interface": 1099 self.cust_dict["interface"][rec[-1]] = {"type": rec[3]} 1100 if rec[0] == "user": 1101 self.cust_dict["user"][rec[-1]] = {"level": "s0", "range": rec[3], "role": rec[5]} 1102 if rec[0] == "port": 1103 self.cust_dict["port"][(rec[-1], rec[-2])] = {"type": rec[3]} 1104 if rec[0] == "node": 1105 self.cust_dict["node"][rec[-1]] = {"mask": rec[3], "protocol": rec[5], "type": rec[7]} 1106 if rec[0] == "fcontext": 1107 if rec[2] == "-e": 1108 if "fcontext-equiv" not in self.cust_dict: 1109 self.cust_dict["fcontext-equiv"] = {} 1110 self.cust_dict["fcontext-equiv"][(rec[-1])] = {"equiv": rec[3]} 1111 else: 1112 self.cust_dict["fcontext"][(rec[-1], rec[3])] = {"type": rec[5]} 1113 if rec[0] == "module": 1114 self.cust_dict["module"][rec[-1]] = {"enabled": rec[2] != "-d"} 1115 1116 if "module" not in self.cust_dict: 1117 return 1118 for semodule, button in [("unconfined", self.disable_unconfined_button), ("permissivedomains", self.disable_permissive_button)]: 1119 if semodule in self.cust_dict["module"]: 1120 button.set_active(self.cust_dict["module"][semodule]["enabled"]) 1121 1122 for i in keys: 1123 if i not in self.cust_dict: 1124 self.cust_dict.update({i: {}}) 1125 1126 def executable_files_initialize(self, application): 1127 self.entrypoints = sepolicy.get_entrypoints(application) 1128 for exe in self.entrypoints.keys(): 1129 if len(self.entrypoints[exe]) == 0: 1130 continue 1131 file_class = self.entrypoints[exe][1] 1132 for path in self.entrypoints[exe][0]: 1133 if (path, file_class) in self.cur_dict["fcontext"]: 1134 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1135 continue 1136 if exe != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1137 continue 1138 self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class) 1139 1140 def mislabeled(self, path): 1141 try: 1142 con = selinux.matchpathcon(path, 0)[1] 1143 cur = selinux.getfilecon(path)[1] 1144 return con != cur 1145 except OSError: 1146 return False 1147 1148 def set_mislabeled(self, tree, path, iter, niter): 1149 if not self.mislabeled(path): 1150 return 1151 con = selinux.matchpathcon(path, 0)[1] 1152 cur = selinux.getfilecon(path)[1] 1153 self.mislabeled_files = True 1154 # Set visibility of label 1155 tree.set_value(niter, 3, True) 1156 # Has a mislabel 1157 tree.set_value(iter, 4, True) 1158 tree.set_value(niter, 4, True) 1159 tree.set_value(iter, 5, con.split(":")[2]) 1160 tree.set_value(iter, 6, cur.split(":")[2]) 1161 1162 def writable_files_initialize(self, application): 1163 # Traversing the dictionary data struct 1164 self.writable_files = sepolicy.get_writable_files(application) 1165 for write in self.writable_files.keys(): 1166 if len(self.writable_files[write]) < 2: 1167 self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files")) 1168 continue 1169 file_class = self.writable_files[write][1] 1170 for path in self.writable_files[write][0]: 1171 if (path, file_class) in self.cur_dict["fcontext"]: 1172 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1173 continue 1174 if write != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1175 continue 1176 self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class) 1177 1178 def files_initial_data_insert(self, liststore, path, seLinux_label, file_class): 1179 iter = liststore.append(None) 1180 if path is None: 1181 path = _("MISSING FILE PATH") 1182 modify = False 1183 else: 1184 modify = (path, file_class) in self.local_file_paths 1185 for p in sepolicy.find_file(path): 1186 niter = liststore.append(iter) 1187 liststore.set_value(niter, 0, p) 1188 self.set_mislabeled(liststore, p, iter, niter) 1189 if modify: 1190 path = self.markup(path) 1191 file_class = self.markup(selinux_label) 1192 file_class = self.markup(file_class) 1193 liststore.set_value(iter, 0, path) 1194 liststore.set_value(iter, 1, seLinux_label) 1195 liststore.set_value(iter, 2, file_class) 1196 liststore.set_value(iter, 7, modify) 1197 1198 def markup(self, f): 1199 return "<b>%s</b>" % f 1200 1201 def unmarkup(self, f): 1202 if f: 1203 return re.sub("</b>$", "", re.sub("^<b>", "", f)) 1204 return None 1205 1206 def application_files_initialize(self, application): 1207 self.file_types = sepolicy.get_file_types(application) 1208 for app in self.file_types.keys(): 1209 if len(self.file_types[app]) == 0: 1210 continue 1211 file_class = self.file_types[app][1] 1212 for path in self.file_types[app][0]: 1213 desc = sepolicy.get_description(app, markup=self.markup) 1214 if (path, file_class) in self.cur_dict["fcontext"]: 1215 if self.cur_dict["fcontext"][(path, file_class)]["action"] == "-d": 1216 continue 1217 if app != self.cur_dict["fcontext"][(path, file_class)]["type"]: 1218 continue 1219 self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class) 1220 1221 def modified(self): 1222 i = 0 1223 for k in self.cur_dict: 1224 if len(self.cur_dict[k]) > 0: 1225 return True 1226 return False 1227 1228 def boolean_initialize(self, application): 1229 for blist in sepolicy.get_bools(application): 1230 for b, active in blist: 1231 if b in self.cur_dict["boolean"]: 1232 active = self.cur_dict["boolean"][b]['active'] 1233 desc = sepolicy.boolean_desc(b) 1234 self.boolean_initial_data_insert(b, desc, active) 1235 1236 def boolean_initial_data_insert(self, val, desc, active): 1237 # Insert data from data source into tree 1238 iter = self.boolean_liststore.append() 1239 self.boolean_liststore.set_value(iter, 0, active) 1240 self.boolean_liststore.set_value(iter, 1, desc) 1241 self.boolean_liststore.set_value(iter, 2, val) 1242 self.boolean_liststore.set_value(iter, 3, _('More...')) 1243 1244 def transitions_into_initialize(self, application): 1245 for x in sepolicy.get_transitions_into(application): 1246 active = None 1247 executable = None 1248 source = None 1249 if "boolean" in x: 1250 active = x["boolean"] 1251 if "target" in x: 1252 executable = x["target"] 1253 if "source" in x: 1254 source = x["source"] 1255 self.transitions_into_initial_data_insert(active, executable, source) 1256 1257 def transitions_into_initial_data_insert(self, active, executable, source): 1258 iter = self.transitions_into_liststore.append() 1259 if active != None: 1260 self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top) 1261 else: 1262 self.transitions_into_liststore.set_value(iter, 0, "Default") 1263 1264 self.transitions_into_liststore.set_value(iter, 2, executable) 1265 self.transitions_into_liststore.set_value(iter, 1, source) 1266 1267 def transitions_from_initialize(self, application): 1268 for x in sepolicy.get_transitions(application): 1269 active = None 1270 executable = None 1271 transtype = None 1272 if "boolean" in x: 1273 active = x["boolean"] 1274 if "target" in x: 1275 executable_type = x["target"] 1276 if "transtype" in x: 1277 transtype = x["transtype"] 1278 self.transitions_from_initial_data_insert(active, executable_type, transtype) 1279 try: 1280 for executable in self.fcdict[executable_type]["regex"]: 1281 self.transitions_from_initial_data_insert(active, executable, transtype) 1282 except KeyError: 1283 pass 1284 1285 def transitions_from_initial_data_insert(self, active, executable, transtype): 1286 iter = self.transitions_from_treestore.append(None) 1287 if active == None: 1288 self.transitions_from_treestore.set_value(iter, 0, "Default") 1289 self.transitions_from_treestore.set_value(iter, 5, False) 1290 else: 1291 niter = self.transitions_from_treestore.append(iter) 1292 # active[0][1] is either T or F (enabled is all the way at the top) 1293 self.transitions_from_treestore.set_value(iter, 0, enabled[active[0][1]]) 1294 markup = ('<span foreground="blue"><u>','</u></span>') 1295 if active[0][1]: 1296 self.transitions_from_treestore.set_value(niter, 2, (_("To disable this transition, go to the %sBoolean section%s.") % markup)) 1297 else: 1298 self.transitions_from_treestore.set_value(niter, 2, (_("To enable this transition, go to the %sBoolean section%s.") % markup)) 1299 1300 # active[0][0] is the Bool Name 1301 self.transitions_from_treestore.set_value(niter, 1, active[0][0]) 1302 self.transitions_from_treestore.set_value(niter, 5, True) 1303 1304 self.transitions_from_treestore.set_value(iter, 2, executable) 1305 self.transitions_from_treestore.set_value(iter, 3, transtype) 1306 1307 def transitions_files_initialize(self, application): 1308 for i in sepolicy.get_file_transitions(application): 1309 if 'filename' in i: 1310 filename = i['filename'] 1311 else: 1312 filename = None 1313 self.transitions_files_inital_data_insert(i['target'], i['class'], i['transtype'], filename) 1314 1315 def transitions_files_inital_data_insert(self, path, tclass, dest, name): 1316 iter = self.transitions_file_liststore.append() 1317 self.transitions_file_liststore.set_value(iter, 0, path) 1318 self.transitions_file_liststore.set_value(iter, 1, tclass) 1319 self.transitions_file_liststore.set_value(iter, 2, dest) 1320 if name == None: 1321 name = '*' 1322 self.transitions_file_liststore.set_value(iter, 3, name) 1323 1324 def tab_change(self, *args): 1325 self.clear_filters() 1326 self.treeview = None 1327 self.treesort = None 1328 self.treefilter = None 1329 self.liststore = None 1330 self.modify_button.set_sensitive(False) 1331 self.add_modify_delete_box.hide() 1332 self.show_modified_only.set_visible(False) 1333 self.show_mislabeled_files_only.set_visible(False) 1334 self.mislabeled_files_label.set_visible(False) 1335 self.warning_files.set_visible(False) 1336 1337 if self.boolean_radio_button.get_active(): 1338 self.outer_notebook.set_current_page(BOOLEANS_PAGE) 1339 self.treeview = self.boolean_treeview 1340 self.show_modified_only.set_visible(True) 1341 1342 if self.files_radio_button.get_active(): 1343 self.show_popup(self.add_modify_delete_box) 1344 self.show_modified_only.set_visible(True) 1345 self.show_mislabeled_files_only.set_visible(self.mislabeled_files) 1346 self.mislabeled_files_label.set_visible(self.mislabeled_files) 1347 self.warning_files.set_visible(self.mislabeled_files) 1348 self.outer_notebook.set_current_page(FILES_PAGE) 1349 if args[0] == self.inner_notebook_files: 1350 ipage = args[2] 1351 else: 1352 ipage = self.inner_notebook_files.get_current_page() 1353 if ipage == EXE_PAGE: 1354 self.treeview = self.executable_files_treeview 1355 category = _("executable") 1356 elif ipage == WRITABLE_PAGE: 1357 self.treeview = self.writable_files_treeview 1358 category = _("writable") 1359 elif ipage == APP_PAGE: 1360 self.treeview = self.application_files_treeview 1361 category = _("application") 1362 self.add_button.set_tooltip_text(_("Add new %(TYPE)s file path for '%(DOMAIN)s' domains.") % {"TYPE": category, "DOMAIN": self.application}) 1363 self.delete_button.set_tooltip_text(_("Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.") % {"TYPE": category, "DOMAIN": self.application}) 1364 self.modify_button.set_tooltip_text(_("Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.") % {"TYPE": category, "DOMAIN": self.application}) 1365 1366 if self.network_radio_button.get_active(): 1367 self.add_modify_delete_box.show() 1368 self.show_modified_only.set_visible(True) 1369 self.outer_notebook.set_current_page(NETWORK_PAGE) 1370 if args[0] == self.inner_notebook_network: 1371 ipage = args[2] 1372 else: 1373 ipage = self.inner_notebook_network.get_current_page() 1374 if ipage == OUTBOUND_PAGE: 1375 self.treeview = self.network_out_treeview 1376 category = _("connect") 1377 if ipage == INBOUND_PAGE: 1378 self.treeview = self.network_in_treeview 1379 category = _("listen for inbound connections") 1380 1381 self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1382 self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1383 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) 1384 1385 if self.transitions_radio_button.get_active(): 1386 self.outer_notebook.set_current_page(TRANSITIONS_PAGE) 1387 if args[0] == self.inner_notebook_transitions: 1388 ipage = args[2] 1389 else: 1390 ipage = self.inner_notebook_transitions.get_current_page() 1391 if ipage == TRANSITIONS_FROM_PAGE: 1392 self.treeview = self.transitions_from_treeview 1393 if ipage == TRANSITIONS_TO_PAGE: 1394 self.treeview = self.transitions_into_treeview 1395 if ipage == TRANSITIONS_FILE_PAGE: 1396 self.treeview = self.transitions_file_treeview 1397 1398 if self.system_radio_button.get_active(): 1399 self.outer_notebook.set_current_page(SYSTEM_PAGE) 1400 self.filter_box.hide() 1401 1402 if self.lockdown_radio_button.get_active(): 1403 self.lockdown_init() 1404 self.outer_notebook.set_current_page(LOCKDOWN_PAGE) 1405 self.filter_box.hide() 1406 1407 if self.user_radio_button.get_active(): 1408 self.outer_notebook.set_current_page(USER_PAGE) 1409 self.add_modify_delete_box.show() 1410 self.show_modified_only.set_visible(True) 1411 self.treeview = self.user_treeview 1412 self.add_button.set_tooltip_text(_("Add new SELinux User/Role definition.")) 1413 self.delete_button.set_tooltip_text(_("Delete modified SELinux User/Role definitions.")) 1414 self.modify_button.set_tooltip_text(_("Modify selected modified SELinux User/Role definitions.")) 1415 1416 if self.login_radio_button.get_active(): 1417 self.outer_notebook.set_current_page(LOGIN_PAGE) 1418 self.add_modify_delete_box.show() 1419 self.show_modified_only.set_visible(True) 1420 self.treeview = self.login_treeview 1421 self.add_button.set_tooltip_text(_("Add new Login Mapping definition.")) 1422 self.delete_button.set_tooltip_text(_("Delete modified Login Mapping definitions.")) 1423 self.modify_button.set_tooltip_text(_("Modify selected modified Login Mapping definitions.")) 1424 1425 if self.file_equiv_radio_button.get_active(): 1426 self.outer_notebook.set_current_page(FILE_EQUIV_PAGE) 1427 self.add_modify_delete_box.show() 1428 self.show_modified_only.set_visible(True) 1429 self.treeview = self.file_equiv_treeview 1430 self.add_button.set_tooltip_text(_("Add new File Equivalence definition.")) 1431 self.delete_button.set_tooltip_text(_("Delete modified File Equivalence definitions.")) 1432 self.modify_button.set_tooltip_text(_("Modify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.")) 1433 1434 self.opage = self.outer_notebook.get_current_page() 1435 if self.treeview: 1436 self.filter_box.show() 1437 self.treesort = self.treeview.get_model() 1438 self.treefilter = self.treesort.get_model() 1439 self.liststore = self.treefilter.get_model() 1440 for x in range(0, self.liststore.get_n_columns()): 1441 col = self.treeview.get_column(x) 1442 if col: 1443 cell = col.get_cells()[0] 1444 if isinstance(cell, Gtk.CellRendererText): 1445 self.liststore.set_sort_func(x, self.stripsort, None) 1446 self.treeview.get_selection().unselect_all() 1447 self.modify_button.set_sensitive(False) 1448 1449 def stripsort(self, model, row1, row2, user_data): 1450 sort_column, _ = model.get_sort_column_id() 1451 val1 = self.unmarkup(model.get_value(row1, sort_column)) 1452 val2 = self.unmarkup(model.get_value(row2, sort_column)) 1453 return cmp(val1, val2) 1454 1455 def display_more_detail(self, windows, path): 1456 it = self.boolean_filter.get_iter(path) 1457 it = self.boolean_filter.convert_iter_to_child_iter(it) 1458 1459 self.boolean_more_detail_tree_data_set.clear() 1460 self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2)) 1461 blist = sepolicy.get_boolean_rules(self.application, self.boolean_liststore.get_value(it, 2)) 1462 for b in blist: 1463 self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"]) 1464 self.show_popup(self.boolean_more_detail_window) 1465 1466 def display_more_detail_init(self, source, target, class_type, permission): 1467 iter = self.boolean_more_detail_tree_data_set.append() 1468 self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission))) 1469 1470 def add_button_clicked(self, *args): 1471 self.modify = False 1472 if self.opage == NETWORK_PAGE: 1473 self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied.")) % self.application) 1474 self.network_popup_window.set_title((_("Add Network Port for %s")) % self.application) 1475 self.init_network_dialog(args) 1476 return 1477 1478 if self.opage == FILES_PAGE: 1479 self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1480 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1481 self.init_files_dialog(args) 1482 ipage = self.inner_notebook_files.get_current_page() 1483 if ipage == EXE_PAGE: 1484 self.files_path_entry.set_text("ex: /usr/sbin/Foobar") 1485 else: 1486 self.files_path_entry.set_text("ex: /var/lib/Foobar") 1487 self.clear_entry = True 1488 1489 if self.opage == LOGIN_PAGE: 1490 self.login_label.set_text((_("Add Login Mapping. User Mapping will be created when Update is applied."))) 1491 self.login_popup_window.set_title(_("Add Login Mapping")) 1492 self.login_init_dialog(args) 1493 self.clear_entry = True 1494 1495 if self.opage == USER_PAGE: 1496 self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied."))) 1497 self.user_popup_window.set_title(_("Add SELinux Users")) 1498 self.user_init_dialog(args) 1499 self.clear_entry = True 1500 1501 if self.opage == FILE_EQUIV_PAGE: 1502 self.file_equiv_source_entry.set_text("") 1503 self.file_equiv_dest_entry.set_text("") 1504 self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied."))) 1505 self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency")) 1506 self.clear_entry = True 1507 self.show_popup(self.file_equiv_popup_window) 1508 1509 self.new_updates() 1510 1511 def show_popup(self, window): 1512 self.current_popup = window 1513 window.show() 1514 1515 def close_popup(self, *args): 1516 self.current_popup.hide() 1517 self.window.set_sensitive(True) 1518 return True 1519 1520 def modify_button_clicked(self, *args): 1521 iter = None 1522 if self.treeview: 1523 iter = self.get_selected_iter() 1524 if not iter: 1525 self.modify_button.set_sensitive(False) 1526 return 1527 self.modify = True 1528 if self.opage == NETWORK_PAGE: 1529 self.modify_button_network_clicked(args) 1530 1531 if self.opage == FILES_PAGE: 1532 self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied.")) % self.application) 1533 self.files_popup_window.set_title((_("Add File Labeling for %s")) % self.application) 1534 self.delete_old_item = None 1535 self.init_files_dialog(args) 1536 self.modify = True 1537 operation = "Modify" 1538 mls = 1 1539 ipage = self.inner_notebook_files.get_current_page() 1540 1541 if ipage == EXE_PAGE: 1542 iter = self.executable_files_filter.convert_iter_to_child_iter(iter) 1543 self.delete_old_item = iter 1544 path = self.executable_files_liststore.get_value(iter, 0) 1545 self.files_path_entry.set_text(path) 1546 ftype = self.executable_files_liststore.get_value(iter, 1) 1547 if type != None: 1548 self.combo_set_active_text(self.files_type_combobox, ftype) 1549 tclass = self.executable_files_liststore.get_value(iter, 2) 1550 if tclass != None: 1551 self.combo_set_active_text(self.files_class_combobox, tclass) 1552 1553 if ipage == WRITABLE_PAGE: 1554 iter = self.writable_files_filter.convert_iter_to_child_iter(iter) 1555 self.delete_old_item = iter 1556 path = self.writable_files_liststore.get_value(iter, 0) 1557 self.files_path_entry.set_text(path) 1558 type = self.writable_files_liststore.get_value(iter, 1) 1559 if type != None: 1560 self.combo_set_active_text(self.files_type_combobox, type) 1561 tclass = self.writable_files_liststore.get_value(iter, 2) 1562 if tclass != None: 1563 self.combo_set_active_text(self.files_class_combobox, tclass) 1564 1565 if ipage == APP_PAGE: 1566 iter = self.application_files_filter.convert_iter_to_child_iter(iter) 1567 self.delete_old_item = iter 1568 path = self.application_files_liststore.get_value(iter, 0) 1569 self.files_path_entry.set_text(path) 1570 try: 1571 get_type = self.application_files_liststore.get_value(iter, 1) 1572 get_type = get_type.split("<b>")[1].split("</b>") 1573 except AttributeError: 1574 pass 1575 type = self.application_files_liststore.get_value(iter, 2) 1576 if type != None: 1577 self.combo_set_active_text(self.files_type_combobox, type) 1578 tclass = get_type[0] 1579 if tclass != None: 1580 self.combo_set_active_text(self.files_class_combobox, tclass) 1581 1582 if self.opage == USER_PAGE: 1583 self.user_init_dialog(args) 1584 self.user_name_entry.set_text(self.user_liststore.get_value(iter, 0)) 1585 self.user_mls_level_entry.set_text(self.user_liststore.get_value(iter, 2)) 1586 self.user_mls_entry.set_text(self.user_liststore.get_value(iter, 3)) 1587 self.combo_set_active_text(self.user_roles_combobox, self.user_liststore.get_value(iter, 1)) 1588 self.user_label.set_text((_("Modify SELinux User Role. SELinux user roles will be modified when update is applied."))) 1589 self.user_popup_window.set_title(_("Modify SELinux Users")) 1590 self.show_popup(self.user_popup_window) 1591 1592 if self.opage == LOGIN_PAGE: 1593 self.login_init_dialog(args) 1594 self.login_name_entry.set_text(self.login_liststore.get_value(iter, 0)) 1595 self.login_mls_entry.set_text(self.login_liststore.get_value(iter, 2)) 1596 self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter, 1)) 1597 self.login_label.set_text((_("Modify Login Mapping. Login Mapping will be modified when Update is applied."))) 1598 self.login_popup_window.set_title(_("Modify Login Mapping")) 1599 self.show_popup(self.login_popup_window) 1600 1601 if self.opage == FILE_EQUIV_PAGE: 1602 self.file_equiv_source_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 0))) 1603 self.file_equiv_dest_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 1))) 1604 self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied."))) 1605 self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency")) 1606 self.clear_entry = True 1607 self.show_popup(self.file_equiv_popup_window) 1608 1609 def populate_type_combo(self, tree, loc, *args): 1610 iter = self.more_types_files_liststore.get_iter(loc) 1611 ftype = self.more_types_files_liststore.get_value(iter, 0) 1612 self.combo_set_active_text(self.files_type_combobox, ftype) 1613 self.show_popup(self.files_popup_window) 1614 self.moreTypes_window_files.hide() 1615 1616 def strip_domain(self, domain): 1617 if domain == None: 1618 return 1619 if domain.endswith("_script_t"): 1620 split_char = "_script_t" 1621 else: 1622 split_char = "_t" 1623 return domain.split(split_char)[0] 1624 1625 def exclude_type(self, type, exclude_list): 1626 for e in exclude_list: 1627 if type.startswith(e): 1628 return True 1629 return False 1630 1631 def init_files_dialog(self, *args): 1632 exclude_list = [] 1633 self.files_class_combobox.set_sensitive(True) 1634 self.show_popup(self.files_popup_window) 1635 ipage = self.inner_notebook_files.get_current_page() 1636 self.files_type_combolist.clear() 1637 self.files_class_combolist.clear() 1638 compare = self.strip_domain(self.application) 1639 for d in self.application_liststore: 1640 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): 1641 exclude_list.append(self.strip_domain(d[0])) 1642 1643 self.more_types_files_liststore.clear() 1644 try: 1645 for files in sepolicy.file_type_str: 1646 iter = self.files_class_combolist.append() 1647 self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) 1648 1649 if ipage == EXE_PAGE and self.entrypoints != None: 1650 for exe in self.entrypoints.keys(): 1651 if exe.startswith(compare): 1652 iter = self.files_type_combolist.append() 1653 self.files_type_combolist.set_value(iter, 0, exe) 1654 iter = self.more_types_files_liststore.append() 1655 self.more_types_files_liststore.set_value(iter, 0, exe) 1656 self.files_class_combobox.set_active(4) 1657 self.files_class_combobox.set_sensitive(False) 1658 1659 elif ipage == WRITABLE_PAGE and self.writable_files != None: 1660 for write in self.writable_files.keys(): 1661 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: 1662 iter = self.files_type_combolist.append() 1663 self.files_type_combolist.set_value(iter, 0, write) 1664 iter = self.more_types_files_liststore.append() 1665 self.more_types_files_liststore.set_value(iter, 0, write) 1666 self.files_class_combobox.set_active(0) 1667 elif ipage == APP_PAGE and self.file_types != None: 1668 for app in sepolicy.get_all_file_types(): 1669 if app.startswith(compare): 1670 if app.startswith(compare) and not self.exclude_type(app, exclude_list): 1671 iter = self.files_type_combolist.append() 1672 self.files_type_combolist.set_value(iter, 0, app) 1673 iter = self.more_types_files_liststore.append() 1674 self.more_types_files_liststore.set_value(iter, 0, app) 1675 self.files_class_combobox.set_active(0) 1676 except AttributeError: 1677 print("error") 1678 pass 1679 self.files_type_combobox.set_active(0) 1680 self.files_mls_entry.set_text("s0") 1681 iter = self.files_type_combolist.append() 1682 self.files_type_combolist.set_value(iter, 0, _('More...')) 1683 1684 def modify_button_network_clicked(self, *args): 1685 iter = self.get_selected_iter() 1686 if not iter: 1687 self.modify_button.set_sensitive(False) 1688 return 1689 1690 self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied.")) % self.application) 1691 self.network_popup_window.set_title((_("Modify Network Port for %s")) % self.application) 1692 self.delete_old_item = None 1693 self.init_network_dialog(args) 1694 operation = "Modify" 1695 mls = 1 1696 self.modify = True 1697 iter = self.get_selected_iter() 1698 port = self.liststore.get_value(iter, 0) 1699 self.network_ports_entry.set_text(port) 1700 protocol = self.liststore.get_value(iter, 1) 1701 if protocol == "tcp": 1702 self.network_tcp_button.set_active(True) 1703 elif protocol == "udp": 1704 self.network_udp_button.set_active(True) 1705 type = self.liststore.get_value(iter, 2) 1706 if type != None: 1707 self.combo_set_active_text(self.network_port_type_combobox, type) 1708 self.delete_old_item = iter 1709 1710 def init_network_dialog(self, *args): 1711 self.show_popup(self.network_popup_window) 1712 ipage = self.inner_notebook_network.get_current_page() 1713 self.network_port_type_combolist.clear() 1714 self.network_ports_entry.set_text("") 1715 1716 try: 1717 if ipage == OUTBOUND_PAGE: 1718 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect", check_bools=True) 1719 elif ipage == INBOUND_PAGE: 1720 netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind", check_bools=True) 1721 netd += sepolicy.network.get_network_connect(self.application, "udp", "name_bind", check_bools=True) 1722 1723 port_types = [] 1724 for k in netd.keys(): 1725 for t, ports in netd[k]: 1726 if t not in port_types + ["port_t", "unreserved_port_t"]: 1727 if t.endswith("_type"): 1728 continue 1729 1730 port_types.append(t) 1731 1732 port_types.sort() 1733 short_domain = self.strip_domain(self.application) 1734 if short_domain[-1] == "d": 1735 short_domain = short_domain[:-1] 1736 short_domain = short_domain + "_" 1737 ctr = 0 1738 found = 0 1739 for t in port_types: 1740 if t.startswith(short_domain): 1741 found = ctr 1742 iter = self.network_port_type_combolist.append() 1743 self.network_port_type_combolist.set_value(iter, 0, t) 1744 ctr += 1 1745 self.network_port_type_combobox.set_active(found) 1746 1747 except AttributeError: 1748 pass 1749 1750 self.network_tcp_button.set_active(True) 1751 self.network_mls_entry.set_text("s0") 1752 1753 def login_seuser_combobox_change(self, combo, *args): 1754 seuser = self.combo_get_active_text(combo) 1755 if self.login_mls_entry.get_text() == "": 1756 for u in sepolicy.get_selinux_users(): 1757 if seuser == u['name']: 1758 self.login_mls_entry.set_text(u.get('range', '')) 1759 1760 def user_roles_combobox_change(self, combo, *args): 1761 serole = self.combo_get_active_text(combo) 1762 if self.user_mls_entry.get_text() == "": 1763 for u in sepolicy.get_all_roles(): 1764 if serole == u['name']: 1765 self.user_mls_entry.set_text(u.get('range', '')) 1766 1767 def get_selected_iter(self): 1768 iter = None 1769 if not self.treeview: 1770 return None 1771 row = self.treeview.get_selection() 1772 if not row: 1773 return None 1774 treesort, iter = row.get_selected() 1775 if iter: 1776 iter = treesort.convert_iter_to_child_iter(iter) 1777 if iter: 1778 iter = self.treefilter.convert_iter_to_child_iter(iter) 1779 return iter 1780 1781 def cursor_changed(self, *args): 1782 self.modify_button.set_sensitive(False) 1783 iter = self.get_selected_iter() 1784 if iter == None: 1785 self.modify_button.set_sensitive(False) 1786 return 1787 if not self.liststore[iter] or not self.liststore[iter][-1]: 1788 return 1789 self.modify_button.set_sensitive(self.liststore[iter][-1]) 1790 1791 def login_init_dialog(self, *args): 1792 self.show_popup(self.login_popup_window) 1793 self.login_seuser_combolist.clear() 1794 users = sepolicy.get_all_users() 1795 users.sort() 1796 for u in users: 1797 iter = self.login_seuser_combolist.append() 1798 self.login_seuser_combolist.set_value(iter, 0, str(u)) 1799 self.login_name_entry.set_text("") 1800 self.login_mls_entry.set_text("") 1801 1802 def user_init_dialog(self, *args): 1803 self.show_popup(self.user_popup_window) 1804 self.user_roles_combolist.clear() 1805 roles = sepolicy.get_all_roles() 1806 roles.sort() 1807 for r in roles: 1808 iter = self.user_roles_combolist.append() 1809 self.user_roles_combolist.set_value(iter, 0, str(r)) 1810 self.user_name_entry.set_text("") 1811 self.user_mls_entry.set_text("") 1812 1813 def on_disable_ptrace(self, checkbutton): 1814 if self.finish_init: 1815 update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active() 1816 self.wait_mouse() 1817 try: 1818 self.dbus.semanage(update_buffer) 1819 except dbus.exceptions.DBusException as e: 1820 self.error(e) 1821 self.ready_mouse() 1822 1823 def on_show_modified_only(self, checkbutton): 1824 length = self.liststore.get_n_columns() 1825 1826 def dup_row(row): 1827 l = [] 1828 for i in range(0, length): 1829 l.append(row[i]) 1830 return l 1831 1832 append_list = [] 1833 if self.opage == BOOLEANS_PAGE: 1834 if not checkbutton.get_active(): 1835 return self.boolean_initialize(self.application) 1836 1837 for row in self.liststore: 1838 if row[2] in self.cust_dict["boolean"]: 1839 append_list.append(dup_row(row)) 1840 1841 if self.opage == FILES_PAGE: 1842 ipage = self.inner_notebook_files.get_current_page() 1843 if not checkbutton.get_active(): 1844 if ipage == EXE_PAGE: 1845 return self.executable_files_initialize(self.application) 1846 if ipage == WRITABLE_PAGE: 1847 return self.writable_files_initialize(self.application) 1848 if ipage == APP_PAGE: 1849 return self.application_files_initialize(self.application) 1850 for row in self.liststore: 1851 if (row[0], row[2]) in self.cust_dict["fcontext"]: 1852 append_list.append(row) 1853 1854 if self.opage == NETWORK_PAGE: 1855 if not checkbutton.get_active(): 1856 return self.network_initialize(self.application) 1857 for row in self.liststore: 1858 if (row[0], row[1]) in self.cust_dict["port"]: 1859 append_list.append(dup_row(row)) 1860 1861 if self.opage == FILE_EQUIV_PAGE: 1862 if not checkbutton.get_active() == True: 1863 return self.file_equiv_initialize() 1864 1865 for row in self.liststore: 1866 if row[0] in self.cust_dict["fcontext-equiv"]: 1867 append_list.append(dup_row(row)) 1868 1869 if self.opage == USER_PAGE: 1870 if not checkbutton.get_active(): 1871 return self.user_initialize() 1872 1873 for row in self.liststore: 1874 if row[0] in self.cust_dict["user"]: 1875 append_list.append(dup_row(row)) 1876 1877 if self.opage == LOGIN_PAGE: 1878 if not checkbutton.get_active() == True: 1879 return self.login_initialize() 1880 1881 for row in self.liststore: 1882 if row[0] in self.cust_dict["login"]: 1883 append_list.append(dup_row(row)) 1884 1885 self.liststore.clear() 1886 for row in append_list: 1887 iter = self.liststore.append() 1888 for i in range(0, length): 1889 self.liststore.set_value(iter, i, row[i]) 1890 1891 def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype): 1892 iter = tree.append(None) 1893 tree.set_value(iter, 0, path) 1894 tree.set_value(iter, 1, ftype) 1895 tree.set_value(iter, 2, fclass) 1896 1897 def restore_to_default(self, *args): 1898 print("restore to defualt clicked...") 1899 1900 def invalid_entry_retry(self, *args): 1901 self.closewindow(self.error_check_window) 1902 self.files_popup_window.set_sensitive(True) 1903 self.network_popup_window.set_sensitive(True) 1904 1905 def error_check_files(self, insert_txt): 1906 if len(insert_txt) == 0 or insert_txt[0] != '/': 1907 self.error_check_window.show() 1908 self.files_popup_window.set_sensitive(False) 1909 self.network_popup_window.set_sensitive(False) 1910 self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt) 1911 return True 1912 return False 1913 1914 def error_check_network(self, port): 1915 try: 1916 pnum = int(port) 1917 if pnum < 1 or pnum > 65536: 1918 raise ValueError 1919 except ValueError: 1920 self.error_check_window.show() 1921 self.files_popup_window.set_sensitive(False) 1922 self.network_popup_window.set_sensitive(False) 1923 self.error_check_label.set_text((_("Port number must be between 1 and 65536"))) 1924 return True 1925 return False 1926 1927 def show_more_types(self, *args): 1928 if self.finish_init: 1929 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 1930 self.files_popup_window.hide() 1931 self.moreTypes_window_files.show() 1932 1933 def update_to_login(self, *args): 1934 self.close_popup() 1935 seuser = self.combo_get_active_text(self.login_seuser_combobox) 1936 mls_range = self.login_mls_entry.get_text() 1937 name = self.login_name_entry.get_text() 1938 if self.modify: 1939 iter = self.get_selected_iter() 1940 oldname = self.login_liststore.get_value(iter, 0) 1941 oldseuser = self.login_liststore.get_value(iter, 1) 1942 oldrange = self.login_liststore.get_value(iter, 2) 1943 self.liststore.set_value(iter, 0, oldname) 1944 self.liststore.set_value(iter, 1, oldseuser) 1945 self.liststore.set_value(iter, 2, oldrange) 1946 self.cur_dict["login"][name] = {"action": "-m", "range": mls_range, "seuser": seuser, "oldrange": oldrange, "oldseuser": oldseuser, "oldname": oldname} 1947 else: 1948 iter = self.liststore.append(None) 1949 self.cur_dict["login"][name] = {"action": "-a", "range": mls_range, "seuser": seuser} 1950 1951 self.liststore.set_value(iter, 0, name) 1952 self.liststore.set_value(iter, 1, seuser) 1953 self.liststore.set_value(iter, 2, mls_range) 1954 1955 self.new_updates() 1956 1957 def update_to_user(self, *args): 1958 self.close_popup() 1959 roles = self.combo_get_active_text(self.user_roles_combobox) 1960 level = self.user_mls_level_entry.get_text() 1961 mls_range = self.user_mls_entry.get_text() 1962 name = self.user_name_entry.get_text() 1963 if self.modify: 1964 iter = self.get_selected_iter() 1965 oldname = self.user_liststore.get_value(iter, 0) 1966 oldroles = self.user_liststore.get_value(iter, 1) 1967 oldlevel = self.user_liststore.get_value(iter, 1) 1968 oldrange = self.user_liststore.get_value(iter, 3) 1969 self.liststore.set_value(iter, 0, oldname) 1970 self.liststore.set_value(iter, 1, oldroles) 1971 self.liststore.set_value(iter, 2, oldlevel) 1972 self.liststore.set_value(iter, 3, oldrange) 1973 self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname} 1974 else: 1975 iter = self.liststore.append(None) 1976 if mls_range or level: 1977 self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles} 1978 else: 1979 self.cur_dict["user"][name] = {"action": "-a", "role": roles} 1980 1981 self.liststore.set_value(iter, 0, name) 1982 self.liststore.set_value(iter, 1, roles) 1983 self.liststore.set_value(iter, 2, level) 1984 self.liststore.set_value(iter, 3, mls_range) 1985 1986 self.new_updates() 1987 1988 def update_to_file_equiv(self, *args): 1989 self.close_popup() 1990 dest = self.file_equiv_dest_entry.get_text() 1991 src = self.file_equiv_source_entry.get_text() 1992 if self.modify: 1993 iter = self.get_selected_iter() 1994 olddest = self.unmarkup(self.liststore.set_value(iter, 0)) 1995 oldsrc = self.unmarkup(self.liststore.set_value(iter, 1)) 1996 self.cur_dict["fcontext-equiv"][dest] = {"action": "-m", "src": src, "oldsrc": oldsrc, "olddest": olddest} 1997 else: 1998 iter = self.liststore.append(None) 1999 self.cur_dict["fcontext-equiv"][dest] = {"action": "-a", "src": src} 2000 self.liststore.set_value(iter, 0, self.markup(dest)) 2001 self.liststore.set_value(iter, 1, self.markup(src)) 2002 2003 def update_to_files(self, *args): 2004 self.close_popup() 2005 self.files_add = True 2006 # Insert Function will be used in the future 2007 path = self.files_path_entry.get_text() 2008 if self.error_check_files(path): 2009 return 2010 2011 setype = self.combo_get_active_text(self.files_type_combobox) 2012 mls = self.files_mls_entry.get_text() 2013 tclass = self.combo_get_active_text(self.files_class_combobox) 2014 2015 if self.modify: 2016 iter = self.get_selected_iter() 2017 oldpath = self.unmark(self.liststore.get_value(iter, 0)) 2018 setype = self.unmark(self.liststore.set_value(iter, 1)) 2019 oldtclass = self.liststore.get_value(iter, 2) 2020 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-m", "type": setype, "oldtype": oldsetype, "oldmls": oldmls, "oldclass": oldclass} 2021 else: 2022 iter = self.liststore.append(None) 2023 self.cur_dict["fcontext"][(path, tclass)] = {"action": "-a", "type": setype} 2024 self.liststore.set_value(iter, 0, self.markup(path)) 2025 self.liststore.set_value(iter, 1, self.markup(setype)) 2026 self.liststore.set_value(iter, 2, self.markup(tclass)) 2027 2028 self.files_add = False 2029 self.recursive_path_toggle.set_active(False) 2030 self.new_updates() 2031 2032 def update_to_network(self, *args): 2033 self.network_add = True 2034 ports = self.network_ports_entry.get_text() 2035 if self.error_check_network(ports): 2036 return 2037 if self.network_tcp_button.get_active(): 2038 protocol = "tcp" 2039 else: 2040 protocol = "udp" 2041 2042 setype = self.combo_get_active_text(self.network_port_type_combobox) 2043 mls = self.network_mls_entry.get_text() 2044 2045 if self.modify: 2046 iter = self.get_selected_iter() 2047 oldports = self.unmark(self.liststore.get_value(iter, 0)) 2048 oldprotocol = self.unmark(self.liststore.get_value(iter, 1)) 2049 oldsetype = self.unmark(self.liststore.set_value(iter, 2)) 2050 self.cur_dict["port"][(ports, protocol)] = {"action": "-m", "type": setype, "mls": mls, "oldtype": oldsetype, "oldmls": oldmls, "oldprotocol": oldprotocol, "oldports": oldports} 2051 else: 2052 iter = self.liststore.append(None) 2053 self.cur_dict["port"][(ports, protocol)] = {"action": "-a", "type": setype, "mls": mls} 2054 self.liststore.set_value(iter, 0, ports) 2055 self.liststore.set_value(iter, 1, protocol) 2056 self.liststore.set_value(iter, 2, setype) 2057 2058 self.network_add = False 2059 self.network_popup_window.hide() 2060 self.window.set_sensitive(True) 2061 self.new_updates() 2062 2063 def delete_button_clicked(self, *args): 2064 operation = "Add" 2065 self.window.set_sensitive(False) 2066 if self.opage == NETWORK_PAGE: 2067 self.network_delete_liststore.clear() 2068 port_dict = self.cust_dict["port"] 2069 for ports, protocol in port_dict: 2070 setype = port_dict[(ports, protocol)]["type"] 2071 iter = self.network_delete_liststore.append() 2072 self.network_delete_liststore.set_value(iter, 1, ports) 2073 self.network_delete_liststore.set_value(iter, 2, protocol) 2074 self.network_delete_liststore.set_value(iter, 3, setype) 2075 self.show_popup(self.network_delete_window) 2076 return 2077 2078 if self.opage == FILES_PAGE: 2079 self.files_delete_liststore.clear() 2080 fcontext_dict = self.cust_dict["fcontext"] 2081 for path, tclass in fcontext_dict: 2082 setype = fcontext_dict[(path, tclass)]["type"] 2083 iter = self.files_delete_liststore.append() 2084 self.files_delete_liststore.set_value(iter, 1, path) 2085 self.files_delete_liststore.set_value(iter, 2, setype) 2086 self.files_delete_liststore.set_value(iter, 3, sepolicy.file_type_str[tclass]) 2087 self.show_popup(self.files_delete_window) 2088 return 2089 2090 if self.opage == USER_PAGE: 2091 self.user_delete_liststore.clear() 2092 user_dict = self.cust_dict["user"] 2093 for user in user_dict: 2094 roles = user_dict[user]["role"] 2095 mls = user_dict[user].get("range", "") 2096 level = user_dict[user].get("level", "") 2097 iter = self.user_delete_liststore.append() 2098 self.user_delete_liststore.set_value(iter, 1, user) 2099 self.user_delete_liststore.set_value(iter, 2, roles) 2100 self.user_delete_liststore.set_value(iter, 3, level) 2101 self.user_delete_liststore.set_value(iter, 4, mls) 2102 self.show_popup(self.user_delete_window) 2103 return 2104 2105 if self.opage == LOGIN_PAGE: 2106 self.login_delete_liststore.clear() 2107 login_dict = self.cust_dict["login"] 2108 for login in login_dict: 2109 seuser = login_dict[login]["seuser"] 2110 mls = login_dict[login].get("range", "") 2111 iter = self.login_delete_liststore.append() 2112 self.login_delete_liststore.set_value(iter, 1, seuser) 2113 self.login_delete_liststore.set_value(iter, 2, login) 2114 self.login_delete_liststore.set_value(iter, 3, mls) 2115 self.show_popup(self.login_delete_window) 2116 return 2117 2118 if self.opage == FILE_EQUIV_PAGE: 2119 self.file_equiv_delete_liststore.clear() 2120 for items in self.file_equiv_liststore: 2121 if items[2]: 2122 iter = self.file_equiv_delete_liststore.append() 2123 self.file_equiv_delete_liststore.set_value(iter, 1, self.unmarkup(items[0])) 2124 self.file_equiv_delete_liststore.set_value(iter, 2, self.unmarkup(items[1])) 2125 self.show_popup(self.file_equiv_delete_window) 2126 return 2127 2128 def on_save_delete_clicked(self, *args): 2129 self.close_popup() 2130 if self.opage == NETWORK_PAGE: 2131 for delete in self.network_delete_liststore: 2132 if delete[0]: 2133 self.cur_dict["port"][(delete[1], delete[2])] = {"action": "-d", "type": delete[3]} 2134 if self.opage == FILES_PAGE: 2135 for delete in self.files_delete_liststore: 2136 if delete[0]: 2137 self.cur_dict["fcontext"][(delete[1], reverse_file_type_str[delete[3]])] = {"action": "-d", "type": delete[2]} 2138 if self.opage == USER_PAGE: 2139 for delete in self.user_delete_liststore: 2140 if delete[0]: 2141 self.cur_dict["user"][delete[1]] = {"action": "-d", "role": delete[2], "range": delete[4]} 2142 if self.opage == LOGIN_PAGE: 2143 for delete in self.login_delete_liststore: 2144 if delete[0]: 2145 self.cur_dict["login"][delete[2]] = {"action": "-d", "login": delete[2], "seuser": delete[1], "range": delete[3]} 2146 if self.opage == FILE_EQUIV_PAGE: 2147 for delete in self.file_equiv_delete_liststore: 2148 if delete[0]: 2149 self.cur_dict["fcontext-equiv"][delete[1]] = {"action": "-d", "src": delete[2]} 2150 self.new_updates() 2151 2152 def on_save_delete_file_equiv_clicked(self, *args): 2153 for delete in self.files_delete_liststore: 2154 print(delete[0], delete[1], delete[2],) 2155 2156 def on_toggle_update(self, cell, path, model): 2157 model[path][0] = not model[path][0] 2158 2159 def ipage_delete(self, liststore, key): 2160 ctr = 0 2161 for items in liststore: 2162 if items[0] == key[0] and items[2] == key[1]: 2163 iter = liststore.get_iter(ctr) 2164 liststore.remove(iter) 2165 return 2166 ctr += 1 2167 2168 def on_toggle(self, cell, path, model): 2169 if not path: 2170 return 2171 iter = self.boolean_filter.get_iter(path) 2172 iter = self.boolean_filter.convert_iter_to_child_iter(iter) 2173 name = model.get_value(iter, 2) 2174 model.set_value(iter, 0, not model.get_value(iter, 0)) 2175 active = model.get_value(iter, 0) 2176 if name in self.cur_dict["boolean"]: 2177 del(self.cur_dict["boolean"][name]) 2178 else: 2179 self.cur_dict["boolean"][name] = {"active": active} 2180 self.new_updates() 2181 2182 def get_advanced_filter_data(self, entry, *args): 2183 self.filter_txt = entry.get_text() 2184 self.advanced_search_filter.refilter() 2185 2186 def get_filter_data(self, windows, *args): 2187 #search for desired item 2188 # The txt that the use rinputs into the filter is stored in filter_txt 2189 self.filter_txt = windows.get_text() 2190 self.treefilter.refilter() 2191 2192 def update_gui(self, *args): 2193 self.update = True 2194 self.update_treestore.clear() 2195 for bools in self.cur_dict["boolean"]: 2196 operation = self.cur_dict["boolean"][bools]["action"] 2197 iter = self.update_treestore.append(None) 2198 self.update_treestore.set_value(iter, 0, True) 2199 self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) 2200 self.update_treestore.set_value(iter, 2, action[self.cur_dict["boolean"][bools]['active']]) 2201 self.update_treestore.set_value(iter, 3, True) 2202 niter = self.update_treestore.append(iter) 2203 self.update_treestore.set_value(niter, 1, (_("SELinux name: %s")) % bools) 2204 self.update_treestore.set_value(niter, 3, False) 2205 2206 for path, tclass in self.cur_dict["fcontext"]: 2207 operation = self.cur_dict["fcontext"][(path, tclass)]["action"] 2208 setype = self.cur_dict["fcontext"][(path, tclass)]["type"] 2209 iter = self.update_treestore.append(None) 2210 self.update_treestore.set_value(iter, 0, True) 2211 self.update_treestore.set_value(iter, 2, operation) 2212 self.update_treestore.set_value(iter, 0, True) 2213 if operation == "-a": 2214 self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s")) % self.application) 2215 if operation == "-d": 2216 self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s")) % self.application) 2217 if operation == "-m": 2218 self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s")) % self.application) 2219 2220 niter = self.update_treestore.append(iter) 2221 self.update_treestore.set_value(niter, 3, False) 2222 self.update_treestore.set_value(niter, 1, (_("File path: %s")) % path) 2223 niter = self.update_treestore.append(iter) 2224 self.update_treestore.set_value(niter, 3, False) 2225 self.update_treestore.set_value(niter, 1, (_("File class: %s")) % sepolicy.file_type_str[tclass]) 2226 niter = self.update_treestore.append(iter) 2227 self.update_treestore.set_value(niter, 3, False) 2228 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2229 2230 for port, protocol in self.cur_dict["port"]: 2231 operation = self.cur_dict["port"][(port, protocol)]["action"] 2232 iter = self.update_treestore.append(None) 2233 self.update_treestore.set_value(iter, 0, True) 2234 self.update_treestore.set_value(iter, 2, operation) 2235 self.update_treestore.set_value(iter, 3, True) 2236 if operation == "-a": 2237 self.update_treestore.set_value(iter, 1, (_("Add ports for %s")) % self.application) 2238 if operation == "-d": 2239 self.update_treestore.set_value(iter, 1, (_("Delete ports for %s")) % self.application) 2240 if operation == "-m": 2241 self.update_treestore.set_value(iter, 1, (_("Modify ports for %s")) % self.application) 2242 2243 niter = self.update_treestore.append(iter) 2244 self.update_treestore.set_value(niter, 1, (_("Network ports: %s")) % port) 2245 self.update_treestore.set_value(niter, 3, False) 2246 niter = self.update_treestore.append(iter) 2247 self.update_treestore.set_value(niter, 1, (_("Network protocol: %s")) % protocol) 2248 self.update_treestore.set_value(niter, 3, False) 2249 setype = self.cur_dict["port"][(port, protocol)]["type"] 2250 niter = self.update_treestore.append(iter) 2251 self.update_treestore.set_value(niter, 3, False) 2252 self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s")) % setype) 2253 2254 for user in self.cur_dict["user"]: 2255 operation = self.cur_dict["user"][user]["action"] 2256 iter = self.update_treestore.append(None) 2257 self.update_treestore.set_value(iter, 0, True) 2258 self.update_treestore.set_value(iter, 2, operation) 2259 self.update_treestore.set_value(iter, 0, True) 2260 if operation == "-a": 2261 self.update_treestore.set_value(iter, 1, _("Add user")) 2262 if operation == "-d": 2263 self.update_treestore.set_value(iter, 1, _("Delete user")) 2264 if operation == "-m": 2265 self.update_treestore.set_value(iter, 1, _("Modify user")) 2266 2267 niter = self.update_treestore.append(iter) 2268 self.update_treestore.set_value(niter, 1, (_("SELinux User : %s")) % user) 2269 self.update_treestore.set_value(niter, 3, False) 2270 niter = self.update_treestore.append(iter) 2271 self.update_treestore.set_value(niter, 3, False) 2272 roles = self.cur_dict["user"][user]["role"] 2273 self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles) 2274 mls = self.cur_dict["user"][user].get("range", "") 2275 niter = self.update_treestore.append(iter) 2276 self.update_treestore.set_value(niter, 3, False) 2277 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2278 2279 for login in self.cur_dict["login"]: 2280 operation = self.cur_dict["login"][login]["action"] 2281 iter = self.update_treestore.append(None) 2282 self.update_treestore.set_value(iter, 0, True) 2283 self.update_treestore.set_value(iter, 2, operation) 2284 self.update_treestore.set_value(iter, 0, True) 2285 if operation == "-a": 2286 self.update_treestore.set_value(iter, 1, _("Add login mapping")) 2287 if operation == "-d": 2288 self.update_treestore.set_value(iter, 1, _("Delete login mapping")) 2289 if operation == "-m": 2290 self.update_treestore.set_value(iter, 1, _("Modify login mapping")) 2291 2292 niter = self.update_treestore.append(iter) 2293 self.update_treestore.set_value(niter, 3, False) 2294 self.update_treestore.set_value(niter, 1, (_("Login Name : %s")) % login) 2295 niter = self.update_treestore.append(iter) 2296 self.update_treestore.set_value(niter, 3, False) 2297 seuser = self.cur_dict["login"][login]["seuser"] 2298 self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser) 2299 mls = self.cur_dict["login"][login].get("range", "") 2300 niter = self.update_treestore.append(iter) 2301 self.update_treestore.set_value(niter, 3, False) 2302 self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls) 2303 2304 for path in self.cur_dict["fcontext-equiv"]: 2305 operation = self.cur_dict["fcontext-equiv"][path]["action"] 2306 iter = self.update_treestore.append(None) 2307 self.update_treestore.set_value(iter, 0, True) 2308 self.update_treestore.set_value(iter, 2, operation) 2309 self.update_treestore.set_value(iter, 0, True) 2310 if operation == "-a": 2311 self.update_treestore.set_value(iter, 1, (_("Add file equiv labeling."))) 2312 if operation == "-d": 2313 self.update_treestore.set_value(iter, 1, (_("Delete file equiv labeling."))) 2314 if operation == "-m": 2315 self.update_treestore.set_value(iter, 1, (_("Modify file equiv labeling."))) 2316 2317 niter = self.update_treestore.append(iter) 2318 self.update_treestore.set_value(niter, 3, False) 2319 self.update_treestore.set_value(niter, 1, (_("File path : %s")) % path) 2320 niter = self.update_treestore.append(iter) 2321 self.update_treestore.set_value(niter, 3, False) 2322 src = self.cur_dict["fcontext-equiv"][path]["src"] 2323 self.update_treestore.set_value(niter, 1, (_("Equivalence: %s")) % src) 2324 2325 self.show_popup(self.update_window) 2326 2327 def set_active_application_button(self): 2328 if self.boolean_radio_button.get_active(): 2329 self.active_button = self.boolean_radio_button 2330 if self.files_radio_button.get_active(): 2331 self.active_button = self.files_radio_button 2332 if self.transitions_radio_button.get_active(): 2333 self.active_button = self.transitions_radio_button 2334 if self.network_radio_button.get_active(): 2335 self.active_button = self.network_radio_button 2336 2337 def clearbuttons(self, clear=True): 2338 self.main_selection_window.hide() 2339 self.boolean_radio_button.set_visible(False) 2340 self.files_radio_button.set_visible(False) 2341 self.network_radio_button.set_visible(False) 2342 self.transitions_radio_button.set_visible(False) 2343 self.system_radio_button.set_visible(False) 2344 self.lockdown_radio_button.set_visible(False) 2345 self.user_radio_button.set_visible(False) 2346 self.login_radio_button.set_visible(False) 2347 if clear: 2348 self.completion_entry.set_text("") 2349 2350 def show_system_page(self): 2351 self.clearbuttons() 2352 self.system_radio_button.set_visible(True) 2353 self.lockdown_radio_button.set_visible(True) 2354 self.applications_selection_button.set_label(_("System")) 2355 self.system_radio_button.set_active(True) 2356 self.tab_change() 2357 self.idle_func() 2358 2359 def show_file_equiv_page(self, *args): 2360 self.clearbuttons() 2361 self.file_equiv_initialize() 2362 self.file_equiv_radio_button.set_active(True) 2363 self.applications_selection_button.set_label(_("File Equivalence")) 2364 self.tab_change() 2365 self.idle_func() 2366 self.add_button.set_sensitive(True) 2367 self.delete_button.set_sensitive(True) 2368 2369 def show_users_page(self): 2370 self.clearbuttons() 2371 self.login_radio_button.set_visible(True) 2372 self.user_radio_button.set_visible(True) 2373 self.applications_selection_button.set_label(_("Users")) 2374 self.login_radio_button.set_active(True) 2375 self.tab_change() 2376 self.user_initialize() 2377 self.login_initialize() 2378 self.idle_func() 2379 self.add_button.set_sensitive(True) 2380 self.delete_button.set_sensitive(True) 2381 2382 def show_applications_page(self): 2383 self.clearbuttons(False) 2384 self.boolean_radio_button.set_visible(True) 2385 self.files_radio_button.set_visible(True) 2386 self.network_radio_button.set_visible(True) 2387 self.transitions_radio_button.set_visible(True) 2388 self.boolean_radio_button.set_active(True) 2389 self.tab_change() 2390 self.idle_func() 2391 2392 def system_interface(self, *args): 2393 self.show_system_page() 2394 2395 def users_interface(self, *args): 2396 self.show_users_page() 2397 2398 def show_mislabeled_files(self, checkbutton, *args): 2399 iterlist = [] 2400 ctr = 0 2401 ipage = self.inner_notebook_files.get_current_page() 2402 if checkbutton.get_active() == True: 2403 for items in self.liststore: 2404 iter = self.treesort.get_iter(ctr) 2405 iter = self.treesort.convert_iter_to_child_iter(iter) 2406 iter = self.treefilter.convert_iter_to_child_iter(iter) 2407 if iter != None: 2408 if self.liststore.get_value(iter, 4) == False: 2409 iterlist.append(iter) 2410 ctr += 1 2411 for iters in iterlist: 2412 self.liststore.remove(iters) 2413 2414 elif self.application != None: 2415 self.liststore.clear() 2416 if ipage == EXE_PAGE: 2417 self.executable_files_initialize(self.application) 2418 elif ipage == WRITABLE_PAGE: 2419 self.writable_files_initialize(self.application) 2420 elif ipage == APP_PAGE: 2421 self.application_files_initialize(self.application) 2422 2423 def fix_mislabeled(self, path): 2424 cur = selinux.getfilecon(path)[1].split(":")[2] 2425 con = selinux.matchpathcon(path, 0)[1].split(":")[2] 2426 if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH": path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: 2427 self.dbus.restorecon(path) 2428 self.application_selected() 2429 2430 def new_updates(self, *args): 2431 self.update_button.set_sensitive(self.modified()) 2432 self.revert_button.set_sensitive(self.modified()) 2433 2434 def update_or_revert_changes(self, button, *args): 2435 self.update_gui() 2436 self.update = (button.get_label() == _("Update")) 2437 if self.update: 2438 self.update_window.set_title(_("Update Changes")) 2439 else: 2440 self.update_window.set_title(_("Revert Changes")) 2441 2442 def apply_changes_button_press(self, *args): 2443 self.close_popup() 2444 if self.update: 2445 self.update_the_system() 2446 else: 2447 self.revert_data() 2448 self.finish_init = False 2449 self.previously_modified_initialize(self.dbus.customized()) 2450 self.finish_init = True 2451 self.clear_filters() 2452 self.application_selected() 2453 self.new_updates() 2454 self.update_treestore.clear() 2455 2456 def update_the_system(self, *args): 2457 self.close_popup() 2458 update_buffer = self.format_update() 2459 self.wait_mouse() 2460 try: 2461 self.dbus.semanage(update_buffer) 2462 except dbus.exceptions.DBusException as e: 2463 print(e) 2464 self.ready_mouse() 2465 self.init_cur() 2466 2467 def ipage_value_lookup(self, lookup): 2468 ipage_values = {"Executable Files": 0, "Writable Files": 1, "Application File Type": 2, "Inbound": 1, "Outbound": 0} 2469 for value in ipage_values: 2470 if value == lookup: 2471 return ipage_values[value] 2472 return "Booleans" 2473 2474 def get_attributes_update(self, attribute): 2475 attribute = attribute.split(": ")[1] 2476 bool_id = attribute.split(": ")[0] 2477 if bool_id == "SELinux name": 2478 self.bool_revert = attribute 2479 else: 2480 return attribute 2481 2482 def format_update(self): 2483 self.revert_data() 2484 update_buffer = "" 2485 for k in self.cur_dict: 2486 if k in "boolean": 2487 for b in self.cur_dict[k]: 2488 update_buffer += "boolean -m -%d %s\n" % (self.cur_dict[k][b]["active"], b) 2489 if k in "login": 2490 for l in self.cur_dict[k]: 2491 if self.cur_dict[k][l]["action"] == "-d": 2492 update_buffer += "login -d %s\n" % l 2493 elif "range" in self.cur_dict[k][l]: 2494 update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l) 2495 else: 2496 update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l) 2497 if k in "user": 2498 for u in self.cur_dict[k]: 2499 if self.cur_dict[k][u]["action"] == "-d": 2500 update_buffer += "user -d %s\n" % u 2501 elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]: 2502 update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u) 2503 else: 2504 update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u) 2505 2506 if k in "fcontext-equiv": 2507 for f in self.cur_dict[k]: 2508 if self.cur_dict[k][f]["action"] == "-d": 2509 update_buffer += "fcontext -d %s\n" % f 2510 else: 2511 update_buffer += "fcontext %s -e %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["src"], f) 2512 2513 if k in "fcontext": 2514 for f in self.cur_dict[k]: 2515 if self.cur_dict[k][f]["action"] == "-d": 2516 update_buffer += "fcontext -d %s\n" % f 2517 else: 2518 update_buffer += "fcontext %s -t %s -f %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], self.cur_dict[k][f]["class"], f) 2519 2520 if k in "port": 2521 for port, protocol in self.cur_dict[k]: 2522 if self.cur_dict[k][(port, protocol)]["action"] == "-d": 2523 update_buffer += "port -d -p %s %s\n" % (protocol, port) 2524 else: 2525 update_buffer += "port %s -t %s -p %s %s\n" % (self.cur_dict[k][f]["action"], self.cur_dict[k][f]["type"], procotol, port) 2526 2527 return update_buffer 2528 2529 def revert_data(self): 2530 ctr = 0 2531 remove_list = [] 2532 update_buffer = "" 2533 for items in self.update_treestore: 2534 if not self.update_treestore[ctr][0]: 2535 remove_list.append(ctr) 2536 ctr += 1 2537 remove_list.reverse() 2538 for ctr in remove_list: 2539 self.remove_cur(ctr) 2540 2541 def reveal_advanced_system(self, label, *args): 2542 advanced = label.get_text() == ADVANCED_LABEL[0] 2543 if advanced: 2544 label.set_text(ADVANCED_LABEL[1]) 2545 else: 2546 label.set_text(ADVANCED_LABEL[0]) 2547 self.system_policy_label.set_visible(advanced) 2548 self.system_policy_type_combobox.set_visible(advanced) 2549 2550 def reveal_advanced(self, label, *args): 2551 advanced = label.get_text() == ADVANCED_LABEL[0] 2552 if advanced: 2553 label.set_text(ADVANCED_LABEL[1]) 2554 else: 2555 label.set_text(ADVANCED_LABEL[0]) 2556 self.files_mls_label.set_visible(advanced) 2557 self.files_mls_entry.set_visible(advanced) 2558 self.network_mls_label.set_visible(advanced) 2559 self.network_mls_entry.set_visible(advanced) 2560 2561 def on_show_advanced_search_window(self, label, *args): 2562 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2563 label.set_text(ADVANCED_SEARCH_LABEL[0]) 2564 self.close_popup() 2565 else: 2566 label.set_text(ADVANCED_SEARCH_LABEL[1]) 2567 self.show_popup(self.advanced_search_window) 2568 2569 def set_enforce_text(self, value): 2570 if value: 2571 self.status_bar.push(self.context_id, _("System Status: Enforcing")) 2572 self.current_status_enforcing.set_active(True) 2573 else: 2574 self.status_bar.push(self.context_id, _("System Status: Permissive")) 2575 self.current_status_permissive.set_active(True) 2576 2577 def set_enforce(self, button): 2578 if not self.finish_init: 2579 return 2580 2581 self.dbus.setenforce(button.get_active()) 2582 self.set_enforce_text(button.get_active()) 2583 2584 def on_browse_select(self, *args): 2585 filename = self.file_dialog.get_filename() 2586 if filename == None: 2587 return 2588 self.clear_entry = False 2589 self.file_dialog.hide() 2590 self.files_path_entry.set_text(filename) 2591 if self.import_export == 'Import': 2592 self.import_config(filename) 2593 elif self.import_export == 'Export': 2594 self.export_config(filename) 2595 2596 def recursive_path(self, *args): 2597 path = self.files_path_entry.get_text() 2598 if self.recursive_path_toggle.get_active(): 2599 if not path.endswith("(/.*)?"): 2600 self.files_path_entry.set_text(path + "(/.*)?") 2601 elif path.endswith("(/.*)?"): 2602 path = path.split("(/.*)?")[0] 2603 self.files_path_entry.set_text(path) 2604 2605 def highlight_entry_text(self, entry_obj, *args): 2606 txt = entry_obj.get_text() 2607 if self.clear_entry: 2608 entry_obj.set_text('') 2609 self.clear_entry = False 2610 2611 def autofill_add_files_entry(self, entry): 2612 text = entry.get_text() 2613 if text == '': 2614 return 2615 if text.endswith("(/.*)?"): 2616 self.recursive_path_toggle.set_active(True) 2617 for d in sepolicy.DEFAULT_DIRS: 2618 if text.startswith(d): 2619 for t in self.files_type_combolist: 2620 if t[0].endswith(sepolicy.DEFAULT_DIRS[d]): 2621 self.combo_set_active_text(self.files_type_combobox, t[0]) 2622 2623 def resize_columns(self, *args): 2624 self.boolean_column_1 = self.boolean_treeview.get_col(1) 2625 width = self.boolean_column_1.get_width() 2626 renderer = self.boolean_column_1.get_cell_renderers() 2627 2628 def browse_for_files(self, *args): 2629 self.file_dialog.show() 2630 2631 def close_config_window(self, *args): 2632 self.file_dialog.hide() 2633 2634 def change_default_policy(self, *args): 2635 if self.typeHistory == self.system_policy_type_combobox.get_active(): 2636 return 2637 2638 if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2639 self.system_policy_type_combobox.set_active(self.typeHistory) 2640 return None 2641 2642 self.dbus.change_default_policy(self.combo_get_active_text(self.system_policy_type_combobox)) 2643 self.dbus.relabel_on_boot(True) 2644 self.typeHistory = self.system_policy_type_combobox.get_active() 2645 2646 def change_default_mode(self, button): 2647 if not self.finish_init: 2648 return 2649 self.enabled_changed(button) 2650 if button.get_active(): 2651 self.dbus.change_default_mode(button.get_label().lower()) 2652 2653 def import_config_show(self, *args): 2654 self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) 2655 self.file_dialog.set_title("Import Configuration") 2656 self.file_dialog.show() 2657 #self.file_dialog.set_uri('/tmp') 2658 self.import_export = 'Import' 2659 2660 def export_config_show(self, *args): 2661 self.file_dialog.set_action(Gtk.FileChooserAction.SAVE) 2662 self.file_dialog.set_title("Export Configuration") 2663 self.file_dialog.show() 2664 self.import_export = 'Export' 2665 2666 def export_config(self, filename): 2667 self.wait_mouse() 2668 buf = self.dbus.customized() 2669 fd = open(filename, 'w') 2670 fd.write(buf) 2671 fd.close() 2672 self.ready_mouse() 2673 2674 def import_config(self, filename): 2675 fd = open(filename, "r") 2676 buf = fd.read() 2677 fd.close() 2678 self.wait_mouse() 2679 try: 2680 self.dbus.semanage(buf) 2681 except OSError: 2682 pass 2683 self.ready_mouse() 2684 2685 def init_dictionary(self, dic, app, ipage, operation, p, q, ftype, mls, changed, old): 2686 if (app, ipage, operation) not in dic: 2687 dic[app, ipage, operation] = {} 2688 if (p, q) not in dic[app, ipage, operation]: 2689 dic[app, ipage, operation][p, q] = {'type': ftype, 'mls': mls, 'changed': changed, 'old': old} 2690 2691 def translate_bool(self, b): 2692 b = b.split('-')[1] 2693 if b == '0': 2694 return False 2695 if b == '1': 2696 return True 2697 2698 def relabel_on_reboot(self, *args): 2699 active = self.relabel_button.get_active() 2700 exists = os.path.exists("/.autorelabel") 2701 2702 if active and exists: 2703 return 2704 if not active and not exists: 2705 return 2706 try: 2707 self.dbus.relabel_on_boot(active) 2708 except dbus.exceptions.DBusException as e: 2709 self.error(e) 2710 2711 def closewindow(self, window, *args): 2712 window.hide() 2713 self.recursive_path_toggle.set_active(False) 2714 self.window.set_sensitive(True) 2715 if self.moreTypes_window_files == window: 2716 self.show_popup(self.files_popup_window) 2717 if self.combo_get_active_text(self.files_type_combobox) == _('More...'): 2718 self.files_type_combobox.set_active(0) 2719 if self.error_check_window == window: 2720 if self.files_add: 2721 self.show_popup(self.files_popup_window) 2722 elif self.network_add: 2723 self.show_popup(self.network_popup_window) 2724 if self.files_mls_label.get_visible() or self.network_mls_label.get_visible(): 2725 self.advanced_text_files.set_visible(True) 2726 self.files_mls_label.set_visible(False) 2727 self.files_mls_entry.set_visible(False) 2728 self.advanced_text_network.set_visible(True) 2729 self.network_mls_label.set_visible(False) 2730 self.network_mls_entry.set_visible(False) 2731 if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]: 2732 self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0]) 2733 return True 2734 2735 def wait_mouse(self): 2736 self.window.get_window().set_cursor(self.busy_cursor) 2737 self.idle_func() 2738 2739 def ready_mouse(self): 2740 self.window.get_window().set_cursor(self.ready_cursor) 2741 self.idle_func() 2742 2743 def verify(self, message, title=""): 2744 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.INFO, 2745 Gtk.ButtonsType.YES_NO, 2746 message) 2747 dlg.set_title(title) 2748 dlg.set_position(Gtk.WindowPosition.MOUSE) 2749 dlg.show_all() 2750 rc = dlg.run() 2751 dlg.destroy() 2752 return rc 2753 2754 def error(self, message): 2755 dlg = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, 2756 Gtk.ButtonsType.CLOSE, 2757 message) 2758 dlg.set_position(Gtk.WindowPosition.MOUSE) 2759 dlg.show_all() 2760 dlg.run() 2761 dlg.destroy() 2762 2763 def enabled_changed(self, radio): 2764 if not radio.get_active(): 2765 return 2766 label = radio.get_label() 2767 if label == 'Disabled' and self.enforce_mode != DISABLED: 2768 if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?")) == Gtk.ResponseType.NO: 2769 self.enforce_button.set_active(True) 2770 2771 if label != 'Disabled' and self.enforce_mode == DISABLED: 2772 if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == Gtk.ResponseType.NO: 2773 self.enforce_button.set_active(True) 2774 self.enforce_button = radio 2775 2776 def clear_filters(self, *args): 2777 self.filter_entry.set_text('') 2778 self.show_modified_only.set_active(False) 2779 2780 def unconfined_toggle(self, *args): 2781 if not self.finish_init: 2782 return 2783 self.wait_mouse() 2784 if self.enable_unconfined_button.get_active(): 2785 self.dbus.semanage("module -e unconfined") 2786 else: 2787 self.dbus.semanage("module -d unconfined") 2788 self.ready_mouse() 2789 2790 def permissive_toggle(self, *args): 2791 if not self.finish_init: 2792 return 2793 self.wait_mouse() 2794 if self.enable_permissive_button.get_active(): 2795 self.dbus.semanage("module -e permissivedomains") 2796 else: 2797 self.dbus.semanage("module -d permissivedomains") 2798 self.ready_mouse() 2799 2800 def confirmation_close(self, button, *args): 2801 if len(self.update_treestore) > 0: 2802 if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO: 2803 return True 2804 self.quit() 2805 2806 def quit(self, *args): 2807 sys.exit(0) 2808 2809 if __name__ == '__main__': 2810 start = SELinuxGui() 2811