disabled ;ˆl–äY>”ªi?u¾ ]¸Ü ŠbÑ¿Ï „h …ßa—Ým_J å2ÛR‚œP Ül7iLZ7ÿÎ?÷#! /usr/bin/python -Es # Copyright (C) 2012-2013 Red Hat # AUTHOR: Dan Walsh # AUTHOR: Miroslav Grepl # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # 02111-1307 USA # # __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains'] import string import argparse import selinux import sepolicy from sepolicy import * from sepolgen import util import subprocess import sys import os import re import time typealias_types = { "antivirus_t": ("amavis_t", "clamd_t", "clamscan_t", "freshclam_t"), "cluster_t": ("rgmanager_t", "corosync_t", "aisexec_t", "pacemaker_t"), "svirt_t": ("qemu_t"), "httpd_t": ("phpfpm_t"), } equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]} equiv_dirs = ["/var"] modules_dict = None def gen_modules_dict(path="/usr/share/selinux/devel/policy.xml"): global modules_dict if modules_dict: return modules_dict import xml.etree.ElementTree modules_dict = {} try: tree = xml.etree.ElementTree.fromstring(policy_xml(path)) for l in tree.findall("layer"): for m in l.findall("module"): name = m.get("name") if name == "user" or name == "unconfined": continue if name == "unprivuser": name = "user" if name == "unconfineduser": name = "unconfined" for b in m.findall("summary"): modules_dict[name] = b.text except IOError as e: pass return modules_dict users = None users_range = None def get_all_users_info(): global users global users_range if users and users_range: return users, users_range users = [] users_range = {} allusers = [] allusers_info = info(USER) for d in allusers_info: allusers.append(d['name']) users_range[d['name'].split("_")[0]] = d['range'] for u in allusers: if u not in ["system_u", "root", "unconfined_u"]: users.append(u.replace("_u", "")) users.sort() return users, users_range all_entrypoints = None def get_entrypoints(): global all_entrypoints if not all_entrypoints: all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE, "entry_type")[0]["types"] return all_entrypoints domains = None def gen_domains(): global domains if domains: return domains domains = [] for d in get_all_domains(): found = False domain = d[:-2] # if domain + "_exec_t" not in get_entrypoints(): # continue if domain in domains: continue domains.append(domain) for role in get_all_roles(): if role[:-2] in domains or role == "system_r": continue domains.append(role[:-2]) domains.sort() return domains types = None def _gen_types(): global types if types: return types all_types = sepolicy.info(sepolicy.TYPE) types = {} for rec in all_types: