RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-29 00:32:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

sepolgen: Make use of setools optional within sepolgen

Browse Source 
We still want to be able to use sepolgen even if setools isn't
installed.  Degrade functionality, but still work if it can't be found.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwlash@redhat.com>
This commit is contained in:
Dan Walsh 2012-03-06 10:43:22 -05:00 committed by Eric Paris
parent d36ba198ba
commit 0ea11e7315
2 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policycoreutils/semanage/seobject.py
View File

@ -379,7 +379,12 @@ class permissiveRecords(semanageRecords):
return l return l
def list(self, heading = 1, locallist = 0): def list(self, heading = 1, locallist = 0):
import setools try:
import setools
except:
print "only able to list permissive types when setools is installed"
return
all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE))) all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
if len(all) == 0: if len(all) == 0:
return return

37
sepolgen/src/sepolgen/policygen.py
View File

@ -30,7 +30,10 @@ import access
import interfaces import interfaces
import matching import matching
import selinux.audit2why as audit2why import selinux.audit2why as audit2why
from setools import * try:
from setools import *
except:
pass
# Constants for the level of explanation from the generation # Constants for the level of explanation from the generation
# routines # routines
@ -172,23 +175,23 @@ class PolicyGenerator:
rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n" rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
rule.comment += "#Constraint rule: " rule.comment += "#Constraint rule: "
if av.type == audit2why.TERULE: try:
if "write" in av.perms: if ( av.type == audit2why.TERULE and
if "dir" in av.obj_class or "open" in av.perms: "write" in av.perms and
if not self.domains: ( "dir" in av.obj_class or "open" in av.perms )):
self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"] if not self.domains:
types=[] self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
types=[]
try: for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})): if i not in self.domains:
if i not in self.domains: types.append(i)
types.append(i) if len(types) == 1:
if len(types) == 1: rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) elif len(types) >= 1:
elif len(types) >= 1: rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) except:
except: pass
pass
self.module.children.append(rule) self.module.children.append(rule)