Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/AnonR/smanonr..../lib/python3..../site-pac...
File: seobject.py
# Copyright (C) 2005-2013 Red Hat
[0] Fix | Delete
# see file 'COPYING' for use and warranty information
[1] Fix | Delete
#
[2] Fix | Delete
# semanage is a tool for managing SELinux configuration files
[3] Fix | Delete
#
[4] Fix | Delete
# This program is free software; you can redistribute it and/or
[5] Fix | Delete
# modify it under the terms of the GNU General Public License as
[6] Fix | Delete
# published by the Free Software Foundation; either version 2 of
[7] Fix | Delete
# the License, or (at your option) any later version.
[8] Fix | Delete
#
[9] Fix | Delete
# This program is distributed in the hope that it will be useful,
[10] Fix | Delete
# but WITHOUT ANY WARRANTY; without even the implied warranty of
[11] Fix | Delete
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
[12] Fix | Delete
# GNU General Public License for more details.
[13] Fix | Delete
#
[14] Fix | Delete
# You should have received a copy of the GNU General Public License
[15] Fix | Delete
# along with this program; if not, write to the Free Software
[16] Fix | Delete
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
[17] Fix | Delete
# 02111-1307 USA
[18] Fix | Delete
#
[19] Fix | Delete
#
[20] Fix | Delete
[21] Fix | Delete
import pwd
[22] Fix | Delete
import grp
[23] Fix | Delete
import selinux
[24] Fix | Delete
import os
[25] Fix | Delete
import re
[26] Fix | Delete
import sys
[27] Fix | Delete
import stat
[28] Fix | Delete
import socket
[29] Fix | Delete
from semanage import *
[30] Fix | Delete
PROGNAME = "selinux-python"
[31] Fix | Delete
import sepolicy
[32] Fix | Delete
import setools
[33] Fix | Delete
import ipaddress
[34] Fix | Delete
[35] Fix | Delete
try:
[36] Fix | Delete
import gettext
[37] Fix | Delete
kwargs = {}
[38] Fix | Delete
if sys.version_info < (3,):
[39] Fix | Delete
kwargs['unicode'] = True
[40] Fix | Delete
gettext.install(PROGNAME,
[41] Fix | Delete
localedir="/usr/share/locale",
[42] Fix | Delete
codeset='utf-8',
[43] Fix | Delete
**kwargs)
[44] Fix | Delete
except:
[45] Fix | Delete
try:
[46] Fix | Delete
import builtins
[47] Fix | Delete
builtins.__dict__['_'] = str
[48] Fix | Delete
except ImportError:
[49] Fix | Delete
import __builtin__
[50] Fix | Delete
__builtin__.__dict__['_'] = unicode
[51] Fix | Delete
[52] Fix | Delete
import syslog
[53] Fix | Delete
[54] Fix | Delete
file_types = {}
[55] Fix | Delete
file_types[""] = SEMANAGE_FCONTEXT_ALL
[56] Fix | Delete
file_types["all files"] = SEMANAGE_FCONTEXT_ALL
[57] Fix | Delete
file_types["a"] = SEMANAGE_FCONTEXT_ALL
[58] Fix | Delete
file_types["regular file"] = SEMANAGE_FCONTEXT_REG
[59] Fix | Delete
file_types["--"] = SEMANAGE_FCONTEXT_REG
[60] Fix | Delete
file_types["f"] = SEMANAGE_FCONTEXT_REG
[61] Fix | Delete
file_types["-d"] = SEMANAGE_FCONTEXT_DIR
[62] Fix | Delete
file_types["directory"] = SEMANAGE_FCONTEXT_DIR
[63] Fix | Delete
file_types["d"] = SEMANAGE_FCONTEXT_DIR
[64] Fix | Delete
file_types["-c"] = SEMANAGE_FCONTEXT_CHAR
[65] Fix | Delete
file_types["character device"] = SEMANAGE_FCONTEXT_CHAR
[66] Fix | Delete
file_types["c"] = SEMANAGE_FCONTEXT_CHAR
[67] Fix | Delete
file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK
[68] Fix | Delete
file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK
[69] Fix | Delete
file_types["b"] = SEMANAGE_FCONTEXT_BLOCK
[70] Fix | Delete
file_types["-s"] = SEMANAGE_FCONTEXT_SOCK
[71] Fix | Delete
file_types["socket"] = SEMANAGE_FCONTEXT_SOCK
[72] Fix | Delete
file_types["s"] = SEMANAGE_FCONTEXT_SOCK
[73] Fix | Delete
file_types["-l"] = SEMANAGE_FCONTEXT_LINK
[74] Fix | Delete
file_types["l"] = SEMANAGE_FCONTEXT_LINK
[75] Fix | Delete
file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK
[76] Fix | Delete
file_types["p"] = SEMANAGE_FCONTEXT_PIPE
[77] Fix | Delete
file_types["-p"] = SEMANAGE_FCONTEXT_PIPE
[78] Fix | Delete
file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE
[79] Fix | Delete
[80] Fix | Delete
file_type_str_to_option = {"all files": "a",
[81] Fix | Delete
"regular file": "f",
[82] Fix | Delete
"directory": "d",
[83] Fix | Delete
"character device": "c",
[84] Fix | Delete
"block device": "b",
[85] Fix | Delete
"socket": "s",
[86] Fix | Delete
"symbolic link": "l",
[87] Fix | Delete
"named pipe": "p"}
[88] Fix | Delete
[89] Fix | Delete
ftype_to_audit = {"": "any",
[90] Fix | Delete
"a" : "any",
[91] Fix | Delete
"b": "block",
[92] Fix | Delete
"c": "char",
[93] Fix | Delete
"d": "dir",
[94] Fix | Delete
"f": "file",
[95] Fix | Delete
"l": "symlink",
[96] Fix | Delete
"p": "pipe",
[97] Fix | Delete
"s": "socket"}
[98] Fix | Delete
[99] Fix | Delete
try:
[100] Fix | Delete
import audit
[101] Fix | Delete
#test if audit module is enabled
[102] Fix | Delete
audit.audit_close(audit.audit_open())
[103] Fix | Delete
[104] Fix | Delete
class logger:
[105] Fix | Delete
[106] Fix | Delete
def __init__(self):
[107] Fix | Delete
self.audit_fd = audit.audit_open()
[108] Fix | Delete
self.log_list = []
[109] Fix | Delete
self.log_change_list = []
[110] Fix | Delete
[111] Fix | Delete
def log(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[112] Fix | Delete
[113] Fix | Delete
sep = "-"
[114] Fix | Delete
if sename != oldsename:
[115] Fix | Delete
msg += sep + "sename"
[116] Fix | Delete
sep = ","
[117] Fix | Delete
if serole != oldserole:
[118] Fix | Delete
msg += sep + "role"
[119] Fix | Delete
sep = ","
[120] Fix | Delete
if serange != oldserange:
[121] Fix | Delete
msg += sep + "range"
[122] Fix | Delete
sep = ","
[123] Fix | Delete
[124] Fix | Delete
self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_ASSIGN, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
[125] Fix | Delete
[126] Fix | Delete
def log_remove(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[127] Fix | Delete
self.log_list.append([self.audit_fd, audit.AUDIT_ROLE_REMOVE, sys.argv[0], str(msg), name, 0, sename, serole, serange, oldsename, oldserole, oldserange, "", "", ""])
[128] Fix | Delete
[129] Fix | Delete
def log_change(self, msg):
[130] Fix | Delete
self.log_change_list.append([self.audit_fd, audit.AUDIT_USER_MAC_CONFIG_CHANGE, str(msg), "semanage", "", "", ""])
[131] Fix | Delete
[132] Fix | Delete
def commit(self, success):
[133] Fix | Delete
for l in self.log_list:
[134] Fix | Delete
audit.audit_log_semanage_message(*(l + [success]))
[135] Fix | Delete
for l in self.log_change_list:
[136] Fix | Delete
audit.audit_log_user_comm_message(*(l + [success]))
[137] Fix | Delete
[138] Fix | Delete
self.log_list = []
[139] Fix | Delete
self.log_change_list = []
[140] Fix | Delete
except (OSError, ImportError):
[141] Fix | Delete
class logger:
[142] Fix | Delete
[143] Fix | Delete
def __init__(self):
[144] Fix | Delete
self.log_list = []
[145] Fix | Delete
[146] Fix | Delete
def log(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[147] Fix | Delete
message = " %s name=%s" % (msg, name)
[148] Fix | Delete
if sename != "":
[149] Fix | Delete
message += " sename=" + sename
[150] Fix | Delete
if oldsename != "":
[151] Fix | Delete
message += " oldsename=" + oldsename
[152] Fix | Delete
if serole != "":
[153] Fix | Delete
message += " role=" + serole
[154] Fix | Delete
if oldserole != "":
[155] Fix | Delete
message += " old_role=" + oldserole
[156] Fix | Delete
if serange != "" and serange is not None:
[157] Fix | Delete
message += " MLSRange=" + serange
[158] Fix | Delete
if oldserange != "" and oldserange is not None:
[159] Fix | Delete
message += " old_MLSRange=" + oldserange
[160] Fix | Delete
self.log_list.append(message)
[161] Fix | Delete
[162] Fix | Delete
def log_remove(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[163] Fix | Delete
self.log(msg, name, sename, serole, serange, oldsename, oldserole, oldserange)
[164] Fix | Delete
[165] Fix | Delete
def log_change(self, msg):
[166] Fix | Delete
self.log_list.append(" %s" % msg)
[167] Fix | Delete
[168] Fix | Delete
def commit(self, success):
[169] Fix | Delete
if success == 1:
[170] Fix | Delete
message = "Successful: "
[171] Fix | Delete
else:
[172] Fix | Delete
message = "Failed: "
[173] Fix | Delete
for l in self.log_list:
[174] Fix | Delete
syslog.syslog(syslog.LOG_INFO, message + l)
[175] Fix | Delete
[176] Fix | Delete
[177] Fix | Delete
class nulllogger:
[178] Fix | Delete
[179] Fix | Delete
def log(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[180] Fix | Delete
pass
[181] Fix | Delete
[182] Fix | Delete
def log_remove(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
[183] Fix | Delete
pass
[184] Fix | Delete
[185] Fix | Delete
def log_change(self, msg):
[186] Fix | Delete
pass
[187] Fix | Delete
[188] Fix | Delete
def commit(self, success):
[189] Fix | Delete
pass
[190] Fix | Delete
[191] Fix | Delete
[192] Fix | Delete
def validate_level(raw):
[193] Fix | Delete
sensitivity = "s[0-9]*"
[194] Fix | Delete
category = "c[0-9]*"
[195] Fix | Delete
cat_range = category + r"(\." + category + ")?"
[196] Fix | Delete
categories = cat_range + r"(\," + cat_range + ")*"
[197] Fix | Delete
reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
[198] Fix | Delete
return re.search("^" + reg + "$", raw)
[199] Fix | Delete
[200] Fix | Delete
[201] Fix | Delete
def translate(raw, prepend=1):
[202] Fix | Delete
filler = "a:b:c:"
[203] Fix | Delete
if prepend == 1:
[204] Fix | Delete
context = "%s%s" % (filler, raw)
[205] Fix | Delete
else:
[206] Fix | Delete
context = raw
[207] Fix | Delete
(rc, trans) = selinux.selinux_raw_to_trans_context(context)
[208] Fix | Delete
if rc != 0:
[209] Fix | Delete
return raw
[210] Fix | Delete
if prepend:
[211] Fix | Delete
trans = trans[len(filler):]
[212] Fix | Delete
if trans == "":
[213] Fix | Delete
return raw
[214] Fix | Delete
else:
[215] Fix | Delete
return trans
[216] Fix | Delete
[217] Fix | Delete
[218] Fix | Delete
def untranslate(trans, prepend=1):
[219] Fix | Delete
filler = "a:b:c:"
[220] Fix | Delete
if prepend == 1:
[221] Fix | Delete
context = "%s%s" % (filler, trans)
[222] Fix | Delete
else:
[223] Fix | Delete
context = trans
[224] Fix | Delete
[225] Fix | Delete
(rc, raw) = selinux.selinux_trans_to_raw_context(context)
[226] Fix | Delete
if rc != 0:
[227] Fix | Delete
return trans
[228] Fix | Delete
if prepend:
[229] Fix | Delete
raw = raw[len(filler):]
[230] Fix | Delete
if raw == "":
[231] Fix | Delete
return trans
[232] Fix | Delete
else:
[233] Fix | Delete
return raw
[234] Fix | Delete
[235] Fix | Delete
[236] Fix | Delete
class semanageRecords:
[237] Fix | Delete
transaction = False
[238] Fix | Delete
handle = None
[239] Fix | Delete
store = None
[240] Fix | Delete
args = None
[241] Fix | Delete
[242] Fix | Delete
def __init__(self, args = None):
[243] Fix | Delete
global handle
[244] Fix | Delete
if args:
[245] Fix | Delete
# legacy code - args was store originally
[246] Fix | Delete
if type(args) == str:
[247] Fix | Delete
self.store = args
[248] Fix | Delete
else:
[249] Fix | Delete
self.args = args
[250] Fix | Delete
self.noreload = getattr(args, "noreload", False)
[251] Fix | Delete
if not self.store:
[252] Fix | Delete
self.store = getattr(args, "store", "")
[253] Fix | Delete
[254] Fix | Delete
self.sh = self.get_handle(self.store)
[255] Fix | Delete
[256] Fix | Delete
rc, localstore = selinux.selinux_getpolicytype()
[257] Fix | Delete
if self.store == "" or self.store == localstore:
[258] Fix | Delete
self.mylog = logger()
[259] Fix | Delete
else:
[260] Fix | Delete
sepolicy.load_store_policy(self.store)
[261] Fix | Delete
selinux.selinux_set_policy_root("%s%s" % (selinux.selinux_path(), self.store))
[262] Fix | Delete
self.mylog = nulllogger()
[263] Fix | Delete
[264] Fix | Delete
def set_reload(self, load):
[265] Fix | Delete
self.noreload = not load
[266] Fix | Delete
[267] Fix | Delete
def get_handle(self, store):
[268] Fix | Delete
global is_mls_enabled
[269] Fix | Delete
[270] Fix | Delete
if semanageRecords.handle:
[271] Fix | Delete
return semanageRecords.handle
[272] Fix | Delete
[273] Fix | Delete
handle = semanage_handle_create()
[274] Fix | Delete
if not handle:
[275] Fix | Delete
raise ValueError(_("Could not create semanage handle"))
[276] Fix | Delete
[277] Fix | Delete
if not semanageRecords.transaction and store != "":
[278] Fix | Delete
semanage_select_store(handle, store, SEMANAGE_CON_DIRECT)
[279] Fix | Delete
semanageRecords.store = store
[280] Fix | Delete
[281] Fix | Delete
if not semanage_is_managed(handle):
[282] Fix | Delete
semanage_handle_destroy(handle)
[283] Fix | Delete
raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
[284] Fix | Delete
[285] Fix | Delete
rc = semanage_access_check(handle)
[286] Fix | Delete
if rc < SEMANAGE_CAN_READ:
[287] Fix | Delete
semanage_handle_destroy(handle)
[288] Fix | Delete
raise ValueError(_("Cannot read policy store."))
[289] Fix | Delete
[290] Fix | Delete
rc = semanage_connect(handle)
[291] Fix | Delete
if rc < 0:
[292] Fix | Delete
semanage_handle_destroy(handle)
[293] Fix | Delete
raise ValueError(_("Could not establish semanage connection"))
[294] Fix | Delete
[295] Fix | Delete
is_mls_enabled = semanage_mls_enabled(handle)
[296] Fix | Delete
if is_mls_enabled < 0:
[297] Fix | Delete
semanage_handle_destroy(handle)
[298] Fix | Delete
raise ValueError(_("Could not test MLS enabled status"))
[299] Fix | Delete
[300] Fix | Delete
semanageRecords.handle = handle
[301] Fix | Delete
return semanageRecords.handle
[302] Fix | Delete
[303] Fix | Delete
def deleteall(self):
[304] Fix | Delete
raise ValueError(_("Not yet implemented"))
[305] Fix | Delete
[306] Fix | Delete
def start(self):
[307] Fix | Delete
if semanageRecords.transaction:
[308] Fix | Delete
raise ValueError(_("Semanage transaction already in progress"))
[309] Fix | Delete
self.begin()
[310] Fix | Delete
semanageRecords.transaction = True
[311] Fix | Delete
[312] Fix | Delete
def begin(self):
[313] Fix | Delete
if semanageRecords.transaction:
[314] Fix | Delete
return
[315] Fix | Delete
rc = semanage_begin_transaction(self.sh)
[316] Fix | Delete
if rc < 0:
[317] Fix | Delete
raise ValueError(_("Could not start semanage transaction"))
[318] Fix | Delete
[319] Fix | Delete
def customized(self):
[320] Fix | Delete
raise ValueError(_("Not yet implemented"))
[321] Fix | Delete
[322] Fix | Delete
def commit(self):
[323] Fix | Delete
if semanageRecords.transaction:
[324] Fix | Delete
return
[325] Fix | Delete
[326] Fix | Delete
if self.noreload:
[327] Fix | Delete
semanage_set_reload(self.sh, 0)
[328] Fix | Delete
rc = semanage_commit(self.sh)
[329] Fix | Delete
if rc < 0:
[330] Fix | Delete
self.mylog.commit(0)
[331] Fix | Delete
raise ValueError(_("Could not commit semanage transaction"))
[332] Fix | Delete
self.mylog.commit(1)
[333] Fix | Delete
[334] Fix | Delete
def finish(self):
[335] Fix | Delete
if not semanageRecords.transaction:
[336] Fix | Delete
raise ValueError(_("Semanage transaction not in progress"))
[337] Fix | Delete
semanageRecords.transaction = False
[338] Fix | Delete
self.commit()
[339] Fix | Delete
[340] Fix | Delete
[341] Fix | Delete
class moduleRecords(semanageRecords):
[342] Fix | Delete
[343] Fix | Delete
def __init__(self, args = None):
[344] Fix | Delete
semanageRecords.__init__(self, args)
[345] Fix | Delete
[346] Fix | Delete
def get_all(self):
[347] Fix | Delete
l = []
[348] Fix | Delete
(rc, mlist, number) = semanage_module_list_all(self.sh)
[349] Fix | Delete
if rc < 0:
[350] Fix | Delete
raise ValueError(_("Could not list SELinux modules"))
[351] Fix | Delete
[352] Fix | Delete
for i in range(number):
[353] Fix | Delete
mod = semanage_module_list_nth(mlist, i)
[354] Fix | Delete
[355] Fix | Delete
rc, name = semanage_module_info_get_name(self.sh, mod)
[356] Fix | Delete
if rc < 0:
[357] Fix | Delete
raise ValueError(_("Could not get module name"))
[358] Fix | Delete
[359] Fix | Delete
rc, enabled = semanage_module_info_get_enabled(self.sh, mod)
[360] Fix | Delete
if rc < 0:
[361] Fix | Delete
raise ValueError(_("Could not get module enabled"))
[362] Fix | Delete
[363] Fix | Delete
rc, priority = semanage_module_info_get_priority(self.sh, mod)
[364] Fix | Delete
if rc < 0:
[365] Fix | Delete
raise ValueError(_("Could not get module priority"))
[366] Fix | Delete
[367] Fix | Delete
rc, lang_ext = semanage_module_info_get_lang_ext(self.sh, mod)
[368] Fix | Delete
if rc < 0:
[369] Fix | Delete
raise ValueError(_("Could not get module lang_ext"))
[370] Fix | Delete
[371] Fix | Delete
l.append((name, enabled, priority, lang_ext))
[372] Fix | Delete
[373] Fix | Delete
# sort the list so they are in name order, but with higher priorities coming first
[374] Fix | Delete
l.sort(key=lambda t: t[3], reverse=True)
[375] Fix | Delete
l.sort(key=lambda t: t[0])
[376] Fix | Delete
return l
[377] Fix | Delete
[378] Fix | Delete
def customized(self):
[379] Fix | Delete
all = self.get_all()
[380] Fix | Delete
if len(all) == 0:
[381] Fix | Delete
return []
[382] Fix | Delete
return ["-d %s" % x[0] for x in [t for t in all if t[1] == 0]]
[383] Fix | Delete
[384] Fix | Delete
def list(self, heading=1, locallist=0):
[385] Fix | Delete
all = self.get_all()
[386] Fix | Delete
if len(all) == 0:
[387] Fix | Delete
return
[388] Fix | Delete
[389] Fix | Delete
if heading:
[390] Fix | Delete
print("\n%-25s %-9s %s\n" % (_("Module Name"), _("Priority"), _("Language")))
[391] Fix | Delete
for t in all:
[392] Fix | Delete
if t[1] == 0:
[393] Fix | Delete
disabled = _("Disabled")
[394] Fix | Delete
else:
[395] Fix | Delete
if locallist:
[396] Fix | Delete
continue
[397] Fix | Delete
disabled = ""
[398] Fix | Delete
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
[399] Fix | Delete
[400] Fix | Delete
def add(self, file, priority):
[401] Fix | Delete
if not os.path.exists(file):
[402] Fix | Delete
raise ValueError(_("Module does not exist: %s ") % file)
[403] Fix | Delete
[404] Fix | Delete
rc = semanage_set_default_priority(self.sh, priority)
[405] Fix | Delete
if rc < 0:
[406] Fix | Delete
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
[407] Fix | Delete
[408] Fix | Delete
rc = semanage_module_install_file(self.sh, file)
[409] Fix | Delete
if rc >= 0:
[410] Fix | Delete
self.commit()
[411] Fix | Delete
[412] Fix | Delete
def set_enabled(self, module, enable):
[413] Fix | Delete
for m in module.split():
[414] Fix | Delete
rc, key = semanage_module_key_create(self.sh)
[415] Fix | Delete
if rc < 0:
[416] Fix | Delete
raise ValueError(_("Could not create module key"))
[417] Fix | Delete
[418] Fix | Delete
rc = semanage_module_key_set_name(self.sh, key, m)
[419] Fix | Delete
if rc < 0:
[420] Fix | Delete
raise ValueError(_("Could not set module key name"))
[421] Fix | Delete
[422] Fix | Delete
rc = semanage_module_set_enabled(self.sh, key, enable)
[423] Fix | Delete
if rc < 0:
[424] Fix | Delete
if enable:
[425] Fix | Delete
raise ValueError(_("Could not enable module %s") % m)
[426] Fix | Delete
else:
[427] Fix | Delete
raise ValueError(_("Could not disable module %s") % m)
[428] Fix | Delete
self.commit()
[429] Fix | Delete
[430] Fix | Delete
def delete(self, module, priority):
[431] Fix | Delete
rc = semanage_set_default_priority(self.sh, priority)
[432] Fix | Delete
if rc < 0:
[433] Fix | Delete
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
[434] Fix | Delete
[435] Fix | Delete
for m in module.split():
[436] Fix | Delete
rc = semanage_module_remove(self.sh, m)
[437] Fix | Delete
if rc < 0 and rc != -2:
[438] Fix | Delete
raise ValueError(_("Could not remove module %s (remove failed)") % m)
[439] Fix | Delete
[440] Fix | Delete
self.commit()
[441] Fix | Delete
[442] Fix | Delete
def deleteall(self):
[443] Fix | Delete
l = [x[0] for x in [t for t in self.get_all() if t[1] == 0]]
[444] Fix | Delete
for m in l:
[445] Fix | Delete
self.set_enabled(m, True)
[446] Fix | Delete
[447] Fix | Delete
[448] Fix | Delete
class dontauditClass(semanageRecords):
[449] Fix | Delete
[450] Fix | Delete
def __init__(self, args = None):
[451] Fix | Delete
semanageRecords.__init__(self, args)
[452] Fix | Delete
[453] Fix | Delete
def toggle(self, dontaudit):
[454] Fix | Delete
if dontaudit not in ["on", "off"]:
[455] Fix | Delete
raise ValueError(_("dontaudit requires either 'on' or 'off'"))
[456] Fix | Delete
self.begin()
[457] Fix | Delete
semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
[458] Fix | Delete
self.commit()
[459] Fix | Delete
[460] Fix | Delete
[461] Fix | Delete
class permissiveRecords(semanageRecords):
[462] Fix | Delete
[463] Fix | Delete
def __init__(self, args = None):
[464] Fix | Delete
semanageRecords.__init__(self, args)
[465] Fix | Delete
[466] Fix | Delete
def get_all(self):
[467] Fix | Delete
l = []
[468] Fix | Delete
(rc, mlist, number) = semanage_module_list(self.sh)
[469] Fix | Delete
if rc < 0:
[470] Fix | Delete
raise ValueError(_("Could not list SELinux modules"))
[471] Fix | Delete
[472] Fix | Delete
for i in range(number):
[473] Fix | Delete
mod = semanage_module_list_nth(mlist, i)
[474] Fix | Delete
name = semanage_module_get_name(mod)
[475] Fix | Delete
if name and name.startswith("permissive_"):
[476] Fix | Delete
l.append(name.split("permissive_")[1])
[477] Fix | Delete
return l
[478] Fix | Delete
[479] Fix | Delete
def customized(self):
[480] Fix | Delete
return ["-a %s" % x for x in sorted(self.get_all())]
[481] Fix | Delete
[482] Fix | Delete
def list(self, heading=1, locallist=0):
[483] Fix | Delete
all = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]]
[484] Fix | Delete
if len(all) == 0:
[485] Fix | Delete
return
[486] Fix | Delete
[487] Fix | Delete
if heading:
[488] Fix | Delete
print("\n%-25s\n" % (_("Builtin Permissive Types")))
[489] Fix | Delete
customized = self.get_all()
[490] Fix | Delete
for t in all:
[491] Fix | Delete
if t not in customized:
[492] Fix | Delete
print(t)
[493] Fix | Delete
[494] Fix | Delete
if len(customized) == 0:
[495] Fix | Delete
return
[496] Fix | Delete
[497] Fix | Delete
if heading:
[498] Fix | Delete
print("\n%-25s\n" % (_("Customized Permissive Types")))
[499] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function