@@ -51,6 +51,112 @@ TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
+# Autofill for adding files *************************
+DEFAULT_DIRS = {}
+DEFAULT_DIRS["/etc"] = "etc_t"
+DEFAULT_DIRS["/tmp"] = "tmp_t"
+DEFAULT_DIRS["/usr/lib/systemd/system"] = "unit_file_t"
+DEFAULT_DIRS["/lib/systemd/system"] = "unit_file_t"
+DEFAULT_DIRS["/etc/systemd/system"] = "unit_file_t"
+DEFAULT_DIRS["/var/cache"] = "var_cache_t"
+DEFAULT_DIRS["/var/lib"] = "var_lib_t"
+DEFAULT_DIRS["/var/log"] = "log_t"
+DEFAULT_DIRS["/var/run"] = "var_run_t"
+DEFAULT_DIRS["/run"] = "var_run_t"
+DEFAULT_DIRS["/run/lock"] = "var_lock_t"
+DEFAULT_DIRS["/var/run/lock"] = "var_lock_t"
+DEFAULT_DIRS["/var/spool"] = "var_spool_t"
+DEFAULT_DIRS["/var/www"] = "content_t"
+
+file_type_str = {}
+file_type_str["a"] = _("all files")
+file_type_str["f"] = _("regular file")
+file_type_str["d"] = _("directory")
+file_type_str["c"] = _("character device")
+file_type_str["b"] = _("block device")
+file_type_str["s"] = _("socket file")
+file_type_str["l"] = _("symbolic link")
+file_type_str["p"] = _("named pipe")
+
+trans_file_type_str = {}
+trans_file_type_str[""] = "a"
+trans_file_type_str["--"] = "f"
+trans_file_type_str["-d"] = "d"
+trans_file_type_str["-c"] = "c"
+trans_file_type_str["-b"] = "b"
+trans_file_type_str["-s"] = "s"
+trans_file_type_str["-l"] = "l"
+trans_file_type_str["-p"] = "p"
+
+# cache the lookup results
+file_equiv_modified = None
+file_equiv = None
+local_files = None
+fcdict = None
+methods = []
+all_types = None
+user_types = None
+role_allows = None
+portrecs = None
+portrecsbynum = None
+all_domains = None
+roles = None
+selinux_user_list = None
+login_mappings = None
+file_types = None
+port_types = None
+bools = None
+all_attributes = None
+booleans = None
+booleans_dict = None
+
+
+def get_installed_policy(root="/"):
+ try:
+ path = root + selinux.selinux_binary_policy_path()
+ policies = glob.glob("%s.*" % path)
+ policies.sort()
+ return policies[-1]
+ except:
+ pass
+ raise ValueError(_("No SELinux Policy installed"))
+
+
+def policy(policy_file):
+ global all_domains
+ global all_attributes
+ global bools
+ global all_types
+ global role_allows
+ global users
+ global roles
+ global file_types
+ global port_types
+ all_domains = None
+ all_attributes = None
+ bools = None
+ all_types = None
+ role_allows = None
+ users = None
+ roles = None
+ file_types = None
+ port_types = None
+ global _pol
+
+ try:
+ _policy.policy(policy_file)
+ except:
+ raise ValueError(_("Failed to read %s policy file") % policy_file)
+
+
+try:
+ policy_file = get_installed_policy()
+ policy(policy_file)
+except ValueError as e:
+ if selinux.is_selinux_enabled() == 1:
+ raise e
+
+
def info(setype, name=None):
dict_list = _policy.info(setype, name)
return dict_list
@@ -107,26 +213,6 @@ def get_conditionals_format_text(cond):
def get_types_from_attribute(attribute):
return info(ATTRIBUTE, attribute)[0]["types"]
-file_type_str = {}
-file_type_str["a"] = _("all files")
-file_type_str["f"] = _("regular file")
-file_type_str["d"] = _("directory")
-file_type_str["c"] = _("character device")
-file_type_str["b"] = _("block device")
-file_type_str["s"] = _("socket file")
-file_type_str["l"] = _("symbolic link")
-file_type_str["p"] = _("named pipe")
-
-trans_file_type_str = {}
-trans_file_type_str[""] = "a"
-trans_file_type_str["--"] = "f"
-trans_file_type_str["-d"] = "d"
-trans_file_type_str["-c"] = "c"
-trans_file_type_str["-b"] = "b"
-trans_file_type_str["-s"] = "s"
-trans_file_type_str["-l"] = "l"
-trans_file_type_str["-p"] = "p"
-
def get_file_types(setype):
flist = []
@@ -209,18 +295,14 @@ def find_file(reg):
def find_all_files(domain, exclude_list=[]):
- all_entrypoints = []
executable_files = get_entrypoints(domain)
for exe in executable_files.keys():
if exe.endswith("_exec_t") and exe not in exclude_list:
for path in executable_files[exe]:
for f in find_file(path):
return f
- #all_entrypoints.append(f)
return None
-#return all_entrypoints
-
def find_entrypoint_path(exe, exclude_list=[]):
fcdict = get_fcdict()
@@ -243,8 +325,6 @@ def read_file_equiv(edict, fc_path, modify):
edict[f[0]] = {"equiv": f[1], "modify": modify}
return edict
-file_equiv_modified = None
-
def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()):
global file_equiv_modified
@@ -254,8 +334,6 @@ def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()):
file_equiv_modified = read_file_equiv(file_equiv_modified, fc_path + ".subs", modify=True)
return file_equiv_modified
-file_equiv = None
-
def get_file_equiv(fc_path=selinux.selinux_file_context_path()):
global file_equiv
@@ -265,8 +343,6 @@ def get_file_equiv(fc_path=selinux.selinux_file_context_path()):
file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify=False)
return file_equiv
-local_files = None
-
def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
global local_files
@@ -291,8 +367,6 @@ def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
pass
return local_files
-fcdict = None
-
def get_fcdict(fc_path=selinux.selinux_file_context_path()):
global fcdict
@@ -431,19 +505,6 @@ def get_entrypoints(setype):
return mpaths
-def get_installed_policy(root="/"):
- try:
- path = root + selinux.selinux_binary_policy_path()
- policies = glob.glob("%s.*" % path)
- policies.sort()
- return policies[-1]
- except:
- pass
- raise ValueError(_("No SELinux Policy installed"))
-
-methods = []
-
-
def get_methods():
global methods
if len(methods) > 0:
@@ -464,8 +525,6 @@ def get_methods():
methods.sort()
return methods
-all_types = None
-
def get_all_types():
global all_types
@@ -473,8 +532,6 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE))
return all_types
-user_types = None
-
def get_user_types():
global user_types
@@ -482,8 +539,6 @@ def get_user_types():
user_types = info(ATTRIBUTE, "userdomain")[0]["types"]
return user_types
-role_allows = None
-
def get_all_role_allows():
global role_allows
@@ -513,9 +568,6 @@ def get_all_entrypoint_domains():
all_domains.append(m[0])
return all_domains
-portrecs = None
-portrecsbynum = None
-
def gen_interfaces():
import commands
@@ -558,8 +610,6 @@ def gen_port_dict():
return (portrecs, portrecsbynum)
-all_domains = None
-
def get_all_domains():
global all_domains
@@ -567,8 +617,6 @@ def get_all_domains():
all_domains = info(ATTRIBUTE, "domain")[0]["types"]
return all_domains
-roles = None
-
def get_all_roles():
global roles
@@ -579,8 +627,6 @@ def get_all_roles():
roles.sort()
return roles
-selinux_user_list = None
-
def get_selinux_users():
global selinux_user_list
@@ -590,8 +636,6 @@ def get_selinux_users():
x['range'] = "".join(x['range'].split(" "))
return selinux_user_list
-login_mappings = None
-
def get_login_mappings():
global login_mappings
@@ -616,8 +660,6 @@ def get_all_users():
users.sort()
return users
-file_types = None
-
def get_all_file_types():
global file_types
@@ -627,8 +669,6 @@ def get_all_file_types():
file_types.sort()
return file_types
-port_types = None
-
def get_all_port_types():
global port_types
@@ -638,8 +678,6 @@ def get_all_port_types():
port_types.sort()
return port_types
-bools = None
-
def get_all_bools():
global bools
@@ -655,23 +693,6 @@ def prettyprint(f, trim):
def markup(f):
return f
-# Autofill for adding files *************************
-DEFAULT_DIRS = {}
-DEFAULT_DIRS["/etc"] = "etc_t"
-DEFAULT_DIRS["/tmp"] = "tmp_t"
-DEFAULT_DIRS["/usr/lib/systemd/system"] = "unit_file_t"
-DEFAULT_DIRS["/lib/systemd/system"] = "unit_file_t"
-DEFAULT_DIRS["/etc/systemd/system"] = "unit_file_t"
-DEFAULT_DIRS["/var/cache"] = "var_cache_t"
-DEFAULT_DIRS["/var/lib"] = "var_lib_t"
-DEFAULT_DIRS["/var/log"] = "log_t"
-DEFAULT_DIRS["/var/run"] = "var_run_t"
-DEFAULT_DIRS["/run"] = "var_run_t"
-DEFAULT_DIRS["/run/lock"] = "var_lock_t"
-DEFAULT_DIRS["/var/run/lock"] = "var_lock_t"
-DEFAULT_DIRS["/var/spool"] = "var_spool_t"
-DEFAULT_DIRS["/var/www"] = "content_t"
-
def get_description(f, markup=markup):
@@ -765,8 +786,6 @@ def get_description(f, markup=markup):
return txt + "treat the files as %s data." % prettyprint(f, "_t")
-all_attributes = None
-
def get_all_attributes():
global all_attributes
@@ -775,38 +794,6 @@ def get_all_attributes():
return all_attributes
-def policy(policy_file):
- global all_domains
- global all_attributes
- global bools
- global all_types
- global role_allows
- global users
- global roles
- global file_types
- global port_types
- all_domains = None
- all_attributes = None
- bools = None
- all_types = None
- role_allows = None
- users = None
- roles = None
- file_types = None
- port_types = None
- try:
- _policy.policy(policy_file)
- except:
- raise ValueError(_("Failed to read %s policy file") % policy_file)
-
-try:
- policy_file = get_installed_policy()
- policy(policy_file)
-except ValueError as e:
- if selinux.is_selinux_enabled() == 1:
- raise e
-
-
def _dict_has_perms(dict, perms):
for perm in perms:
if perm not in dict[PERMS]:
@@ -849,8 +836,6 @@ def get_bools(setype):
bools.append((b[0], enabled))
return (domainbools, bools)
-booleans = None
-
def get_all_booleans():
global booleans
@@ -858,8 +843,6 @@ def get_all_booleans():
booleans = selinux.security_get_boolean_names()[1]
return booleans
-booleans_dict = None
-
def policy_xml(path="/usr/share/selinux/devel/policy.xml"):
try:
This has no functional or code changes other than grouping lines together for clarity. Signed-off-by: Jason Zaman <jason@perfinion.com> --- policycoreutils/sepolicy/sepolicy/__init__.py | 229 ++++++++++++-------------- 1 file changed, 106 insertions(+), 123 deletions(-)