## modulesPage.py - show selinux mappings ## Copyright (C) 2006-2009 Red Hat, Inc. ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ## Author: Dan Walsh import sys from subprocess import Popen, PIPE try: from subprocess import getstatusoutput except ImportError: from commands import getstatusoutput from gi.repository import GObject, Gtk import selinux from semanagePage import * ## ## I18N ## PROGNAME = "selinux-gui" try: import gettext kwargs = {} if sys.version_info < (3,): kwargs['unicode'] = True t = gettext.translation(PROGNAME, localedir="/usr/share/locale", **kwargs, fallback=True) _ = t.gettext except: try: import builtins builtins.__dict__['_'] = str except ImportError: import __builtin__ __builtin__.__dict__['_'] = unicode class modulesPage(semanagePage): def __init__(self, xml): semanagePage.__init__(self, xml, "modules", _("Policy Module")) self.module_filter = xml.get_object("modulesFilterEntry") self.module_filter.connect("focus_out_event", self.filter_changed) self.module_filter.connect("activate", self.filter_changed) self.audit_enabled = False self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) self.view.set_model(self.store) self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING) col = Gtk.TreeViewColumn(_("Module Name"), Gtk.CellRendererText(), text=0) col.set_sort_column_id(0) col.set_resizable(True) self.view.append_column(col) self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING) col = Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=1) self.enable_audit_button = xml.get_object("enableAuditButton") self.enable_audit_button.connect("clicked", self.enable_audit) self.new_button = xml.get_object("newModuleButton") self.new_button.connect("clicked", self.new_module) col.set_sort_column_id(1) col.set_resizable(True) self.view.append_column(col) self.store.set_sort_column_id(2, Gtk.SortType.ASCENDING) col = Gtk.TreeViewColumn(_("Kind"), Gtk.CellRendererText(), text=2) col.set_sort_column_id(2) col.set_resizable(True) self.view.append_column(col) self.store.set_sort_func(1, self.sort_int, "") status, self.policy_type = selinux.selinux_getpolicytype() self.load() def sort_int(self, treemodel, iter1, iter2, user_data): try: p1 = int(treemodel.get_value(iter1, 1)) p2 = int(treemodel.get_value(iter1, 1)) if p1 > p2: return 1 if p1 == p2: return 0 return -1 except: return 0 def load(self, filter=""): self.filter = filter self.store.clear() try: fd = Popen("semodule -lfull", shell=True, stdout=PIPE).stdout l = fd.readlines() fd.close() for i in l: priority, module, kind = i.decode('utf-8').split() if not (self.match(module, filter) or self.match(priority, filter)): continue iter = self.store.append() self.store.set_value(iter, 0, module.strip()) self.store.set_value(iter, 1, priority.strip()) self.store.set_value(iter, 2, kind.strip()) except: pass self.view.get_selection().select_path((0,)) def new_module(self, args): try: Popen(["selinux-polgengui"]) except ValueError as e: self.error(e.args[0]) def delete(self): store, iter = self.view.get_selection().get_selected() module = store.get_value(iter, 0) priority = store.get_value(iter, 1) try: self.wait() status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module)) self.ready() if status != 0: self.error(output) else: store.remove(iter) self.view.get_selection().select_path((0,)) except ValueError as e: self.error(e.args[0]) def enable_audit(self, button): self.audit_enabled = not self.audit_enabled try: self.wait() if self.audit_enabled: status, output = getstatusoutput("semodule -DB") button.set_label(_("Disable Audit")) else: status, output = getstatusoutput("semodule -B") button.set_label(_("Enable Audit")) self.ready() if status != 0: self.error(output) except ValueError as e: self.error(e.args[0]) def disable_audit(self, button): try: self.wait() status, output = getstatusoutput("semodule -B") self.ready() if status != 0: self.error(output) except ValueError as e: self.error(e.args[0]) def propertiesDialog(self): # Do nothing return def addDialog(self): dialog = Gtk.FileChooserDialog(_("Load Policy Module"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_default_response(Gtk.ResponseType.OK) filter = Gtk.FileFilter() filter.set_name("Policy Files") filter.add_pattern("*.pp") dialog.add_filter(filter) response = dialog.run() if response == Gtk.ResponseType.OK: self.add(dialog.get_filename()) dialog.destroy() def add(self, file): try: self.wait() status, output = getstatusoutput("semodule -i %s" % file) self.ready() if status != 0: self.error(output) else: self.load() except ValueError as e: self.error(e.args[0])