From patchwork Sun Sep 24 17:04:56 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolas Iooss <nicolas.iooss@m4x.org>
X-Patchwork-Id: 9968093
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9520B6020C for <patchwork-selinux@patchwork.kernel.org>;
	Sun, 24 Sep 2017 17:08:20 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7FD5328C22
	for <patchwork-selinux@patchwork.kernel.org>;
	Sun, 24 Sep 2017 17:08:20 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7481D28C30; Sun, 24 Sep 2017 17:08:20 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from USFB19PA16.eemsg.mail.mil (uphb19pa13.eemsg.mail.mil
	[214.24.26.87])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D337328C22
	for <patchwork-selinux@patchwork.kernel.org>;
	Sun, 24 Sep 2017 17:08:18 +0000 (UTC)
Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3])
	by USFB19PA16.eemsg.mail.mil with ESMTP/TLS/AES256-SHA;
	24 Sep 2017 17:08:12 +0000
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2017 17:08:08 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8OH7a2D023268;
	Sun, 24 Sep 2017 13:07:40 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	v8OH7Wjg143979 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Sun, 24 Sep 2017 13:07:32 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8OH7VBc023266
	for <selinux@tycho.nsa.gov>; Sun, 24 Sep 2017 13:07:32 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1AEAwCJ5cdZfycbGNZcHQEFAQsBgy8oZ?=
	=?us-ascii?q?24njwqPBpo8EwiJRlcBAgEBAQEBAhMBAQsWhXYGgQk5ARdXGYhhgVIDAQGpYYQ?=
	=?us-ascii?q?RhzSDK4ICgVGKWgGFKgWKEocpj2SCLoUvg1yDRoVQkxOVRoE5gWUyITJRhEoMg?=
	=?us-ascii?q?kl0hU0NF4IcAQEB?=
X-IPAS-Result: =?us-ascii?q?A1AEAwCJ5cdZfycbGNZcHQEFAQsBgy8oZ24njwqPBpo8Ewi?=
	=?us-ascii?q?JRlcBAgEBAQEBAhMBAQsWhXYGgQk5ARdXGYhhgVIDAQGpYYQRhzSDK4ICgVGKW?=
	=?us-ascii?q?gGFKgWKEocpj2SCLoUvg1yDRoVQkxOVRoE5gWUyITJRhEoMgkl0hU0NF4IcAQE?=
	=?us-ascii?q?B?=
X-IronPort-AV: E=Sophos;i="5.42,433,1500955200";
   d="scan'208";a="62099"
Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35])
	by goalie.tycho.ncsc.mil with ESMTP; 24 Sep 2017 13:07:10 -0400
Received: from upbd19pa06.eemsg.mail.mil ([214.24.27.39])
	by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2017 17:07:09 +0000
X-EEMSG-check-005: 0
X-EEMSG-check-006: 000-001;d843d803-fe9b-4e5a-9fcd-b2fe85b9286b
Authentication-Results: UPDC3CPA04.eemsg.mail.mil;
	dkim=neutral (message not signed) header.i=none
X-EEMSG-check-008: 189476392|UPDC3CPA04_EEMSG_MP20.csd.disa.mil
X-EEMSG-SBRS: 3.5
X-EEMSG-ORIG-IP: 129.104.30.34
X-EEMSG-check-002: true
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A0BBAgDi5MdZhyIeaIFcHAEBBAEBCgEBgy+BD24njwqPBpo8EwiJRkMUAQIBAQEBAQEBEwEBAQoLCQgoL4UZBoEJOQEXVxmIYYFSBAGpXoQRhzSDK4ICgVGKWgGFKgWKEocpj2SCLoUvg1yDRoVQkxOVRoE5NoEvMiEyUYRKDIJJdIVNDReCHAEBAQ
X-IPAS-Result: 
 A0BBAgDi5MdZhyIeaIFcHAEBBAEBCgEBgy+BD24njwqPBpo8EwiJRkMUAQIBAQEBAQEBEwEBAQoLCQgoL4UZBoEJOQEXVxmIYYFSBAGpXoQRhzSDK4ICgVGKWgGFKgWKEocpj2SCLoUvg1yDRoVQkxOVRoE5NoEvMiEyUYRKDIJJdIVNDReCHAEBAQ
Received: from mx1.polytechnique.org ([129.104.30.34])
	by UPDC3CPA04.eemsg.mail.mil with ESMTP; 24 Sep 2017 17:07:07 +0000
Received: from localhost.localdomain (abo-251-56-69.avi.modulonet.fr
	[85.69.56.251])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ssl.polytechnique.org (Postfix) with ESMTPSA id 02650564806
	for <selinux@tycho.nsa.gov>; Sun, 24 Sep 2017 19:05:33 +0200 (CEST)
From: Nicolas Iooss <nicolas.iooss@m4x.org>
To: selinux@tycho.nsa.gov
Date: Sun, 24 Sep 2017 19:04:56 +0200
Message-Id: <20170924170456.5531-2-nicolas.iooss@m4x.org>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20170924170456.5531-1-nicolas.iooss@m4x.org>
References: <20170924170456.5531-1-nicolas.iooss@m4x.org>
X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 24
	19:05:34 2017 +0200 (CEST))
X-Org-Mail: nicolas.iooss.2010@polytechnique.org
Subject: [PATCH 2/2] sepolicy: support non-MLS policy in gui
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

Several "sepolic gui" tabs raise exceptions when using a policy without
MLS because some dictionaries describing users and logins lack level and
range properties. Use conditions and get() where appropriate in order
to make "sepolicy gui" usable again with a non-MLS policy.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 python/sepolicy/sepolicy/__init__.py |  5 +++--
 python/sepolicy/sepolicy/gui.py      | 31 +++++++++++++++++++------------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index bf2494a813c8..89346aba0b15 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -879,8 +879,9 @@ def get_selinux_users():
     global selinux_user_list
     if not selinux_user_list:
         selinux_user_list = list(info(USER))
-        for x in selinux_user_list:
-            x['range'] = "".join(x['range'].split(" "))
+        if _pol.mls:
+            for x in selinux_user_list:
+                x['range'] = "".join(x['range'].split(" "))
     return selinux_user_list
 
 
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 007c94a71c08..6562aa850c98 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -907,8 +907,8 @@ class SELinuxGui():
             if "object_r" in roles:
                 roles.remove("object_r")
             self.user_liststore.set_value(iter, 1, ", ".join(roles))
-            self.user_liststore.set_value(iter, 2, u["level"])
-            self.user_liststore.set_value(iter, 3, u["range"])
+            self.user_liststore.set_value(iter, 2, u.get("level", ""))
+            self.user_liststore.set_value(iter, 3, u.get("range", ""))
             self.user_liststore.set_value(iter, 4, True)
         self.ready_mouse()
 
@@ -1755,14 +1755,14 @@ class SELinuxGui():
         if self.login_mls_entry.get_text() == "":
             for u in sepolicy.get_selinux_users():
                 if seuser == u['name']:
-                    self.login_mls_entry.set_text(u['range'])
+                    self.login_mls_entry.set_text(u.get('range', ''))
 
     def user_roles_combobox_change(self, combo, *args):
         serole = self.combo_get_active_text(combo)
         if self.user_mls_entry.get_text() == "":
             for u in sepolicy.get_all_roles():
                 if serole == u['name']:
-                    self.user_mls_entry.set_text(u['range'])
+                    self.user_mls_entry.set_text(u.get('range', ''))
 
     def get_selected_iter(self):
         iter = None
@@ -1973,7 +1973,10 @@ class SELinuxGui():
             self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
         else:
             iter = self.liststore.append(None)
-            self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+            if mls_range or level:
+                self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+            else:
+                self.cur_dict["user"][name] = {"action": "-a", "role": roles}
 
         self.liststore.set_value(iter, 0, name)
         self.liststore.set_value(iter, 1, roles)
@@ -2089,8 +2092,8 @@ class SELinuxGui():
             user_dict = self.cust_dict["user"]
             for user in user_dict:
                 roles = user_dict[user]["role"]
-                mls = user_dict[user]["range"]
-                level = user_dict[user]["level"]
+                mls = user_dict[user].get("range", "")
+                level = user_dict[user].get("level", "")
                 iter = self.user_delete_liststore.append()
                 self.user_delete_liststore.set_value(iter, 1, user)
                 self.user_delete_liststore.set_value(iter, 2, roles)
@@ -2104,7 +2107,7 @@ class SELinuxGui():
             login_dict = self.cust_dict["login"]
             for login in login_dict:
                 seuser = login_dict[login]["seuser"]
-                mls = login_dict[login]["range"]
+                mls = login_dict[login].get("range", "")
                 iter = self.login_delete_liststore.append()
                 self.login_delete_liststore.set_value(iter, 1, seuser)
                 self.login_delete_liststore.set_value(iter, 2, login)
@@ -2268,7 +2271,7 @@ class SELinuxGui():
             self.update_treestore.set_value(niter, 3, False)
             roles = self.cur_dict["user"][user]["role"]
             self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles)
-            mls = self.cur_dict["user"][user]["range"]
+            mls = self.cur_dict["user"][user].get("range", "")
             niter = self.update_treestore.append(iter)
             self.update_treestore.set_value(niter, 3, False)
             self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2293,7 +2296,7 @@ class SELinuxGui():
             self.update_treestore.set_value(niter, 3, False)
             seuser = self.cur_dict["login"][login]["seuser"]
             self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser)
-            mls = self.cur_dict["login"][login]["range"]
+            mls = self.cur_dict["login"][login].get("range", "")
             niter = self.update_treestore.append(iter)
             self.update_treestore.set_value(niter, 3, False)
             self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2487,14 +2490,18 @@ class SELinuxGui():
                 for l in self.cur_dict[k]:
                     if self.cur_dict[k][l]["action"] == "-d":
                         update_buffer += "login -d %s\n" % l
-                    else:
+                    elif "range" in self.cur_dict[k][l]:
                         update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l)
+                    else:
+                        update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l)
             if k in "user":
                 for u in self.cur_dict[k]:
                     if self.cur_dict[k][u]["action"] == "-d":
                         update_buffer += "user -d %s\n" % u
-                    else:
+                    elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]:
                         update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
+                    else:
+                        update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u)
 
             if k in "fcontext-equiv":
                 for f in self.cur_dict[k]: