mirror of
https://github.com/SELinuxProject/setools
synced 2025-04-07 10:01:20 +00:00
56 lines
1.5 KiB
Python
56 lines
1.5 KiB
Python
# Copyright 2015, Tresys Technology, LLC
|
|
# Copyright 2018, Chris PeBenito <pebenito@ieee.org>
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
import os
|
|
import subprocess
|
|
import tempfile
|
|
|
|
from setools import SELinuxPolicy
|
|
|
|
|
|
def compile_policy(source_file, mls=True, xen=False):
|
|
"""
|
|
Compile the specified source policy. Checkpolicy is
|
|
assumed to be /usr/bin/checkpolicy. Otherwise the path
|
|
must be specified in the CHECKPOLICY environment variable.
|
|
|
|
Return:
|
|
A SELinuxPolicy object.
|
|
"""
|
|
# create a temp file for the binary policy
|
|
# and then have checkpolicy overwrite it.
|
|
fd, policy_path = tempfile.mkstemp()
|
|
os.close(fd)
|
|
|
|
if "USERSPACE_SRC" in os.environ:
|
|
command = [os.environ['USERSPACE_SRC'] + "/checkpolicy/checkpolicy"]
|
|
elif "CHECKPOLICY" in os.environ:
|
|
command = [os.environ['CHECKPOLICY']]
|
|
else:
|
|
command = ["/usr/bin/checkpolicy"]
|
|
|
|
if mls:
|
|
command.append("-M")
|
|
|
|
if xen:
|
|
command.extend(["-t", "xen", "-c", "30"])
|
|
|
|
command.extend(["-o", policy_path, "-U", "reject", source_file])
|
|
|
|
with open(os.devnull, "w") as null:
|
|
subprocess.check_call(command, stdout=null, shell=False, close_fds=True)
|
|
|
|
try:
|
|
policy = SELinuxPolicy(policy_path)
|
|
except Exception:
|
|
# This should never be hit, since this policy
|
|
# successfully compiled with checkpolicy above.
|
|
# If we do, clean up the binary policy since
|
|
# tearDownClass() does not run.
|
|
os.unlink(policy_path)
|
|
raise
|
|
|
|
return policy
|