sepolgen: Make use of setools optional within sepolgen

We still want to be able to use sepolgen even if setools isn't installed. Degrade functionality, but still work if it can't be found. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwlash@redhat.com>
2025-01-27 07:43:24 +00:00 · 2012-03-06 10:43:22 -05:00 · 2012-03-06 10:43:22 -05:00 · 0ea11e7315
commit 0ea11e7315
parent d36ba198ba
2 changed files with 26 additions and 18 deletions
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@ -379,7 +379,12 @@ class permissiveRecords(semanageRecords):
               return l

 	def list(self, heading = 1, locallist = 0):
-		import setools
+		try:
+			import setools
+		except:
+			print "only able to list permissive types when setools is installed"
+			return
+
 		all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
 		if len(all) == 0:
 			return 
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@ -30,7 +30,10 @@ import access
 import interfaces
 import matching
 import selinux.audit2why as audit2why
-from setools import *
+try:
+    from setools import *
+except:
+    pass

 # Constants for the level of explanation from the generation
 # routines
@ -172,23 +175,23 @@ class PolicyGenerator:
                rule.comment += "#!!!! This avc is a constraint violation.  You will need to add an attribute to either the source or target type to make it work.\n"
                rule.comment += "#Constraint rule: "

-            if av.type == audit2why.TERULE:
-                if "write" in av.perms:
-                    if "dir" in av.obj_class or "open" in av.perms:
-                        if not self.domains:
-                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
-                        types=[]
+            try:
+                if ( av.type == audit2why.TERULE and
+                     "write" in av.perms and
+                     ( "dir" in av.obj_class or "open" in av.perms )):
+                    if not self.domains:
+                        self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
+                    types=[]

-                        try:
-                            for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
-                                if i not in self.domains:
-                                    types.append(i)
-                            if len(types) == 1:
-                                rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-                            elif len(types) >= 1:
-                                rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-                        except:
-                            pass
+                    for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
+                        if i not in self.domains:
+                            types.append(i)
+                    if len(types) == 1:
+                        rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
+                    elif len(types) >= 1:
+                        rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
+            except:
+                pass
            self.module.children.append(rule)