1*2d543d20SAndroid Build Coastguard Worker## domainsPage.py - show selinux domains 2*2d543d20SAndroid Build Coastguard Worker## Copyright (C) 2009 Red Hat, Inc. 3*2d543d20SAndroid Build Coastguard Worker 4*2d543d20SAndroid Build Coastguard Worker## This program is free software; you can redistribute it and/or modify 5*2d543d20SAndroid Build Coastguard Worker## it under the terms of the GNU General Public License as published by 6*2d543d20SAndroid Build Coastguard Worker## the Free Software Foundation; either version 2 of the License, or 7*2d543d20SAndroid Build Coastguard Worker## (at your option) any later version. 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Worker## This program is distributed in the hope that it will be useful, 10*2d543d20SAndroid Build Coastguard Worker## but WITHOUT ANY WARRANTY; without even the implied warranty of 11*2d543d20SAndroid Build Coastguard Worker## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12*2d543d20SAndroid Build Coastguard Worker## GNU General Public License for more details. 13*2d543d20SAndroid Build Coastguard Worker 14*2d543d20SAndroid Build Coastguard Worker## You should have received a copy of the GNU General Public License 15*2d543d20SAndroid Build Coastguard Worker## along with this program; if not, write to the Free Software 16*2d543d20SAndroid Build Coastguard Worker## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17*2d543d20SAndroid Build Coastguard Worker 18*2d543d20SAndroid Build Coastguard Worker## Author: Dan Walsh 19*2d543d20SAndroid Build Coastguard Workerimport os 20*2d543d20SAndroid Build Coastguard Workertry: 21*2d543d20SAndroid Build Coastguard Worker from subprocess import getstatusoutput 22*2d543d20SAndroid Build Coastguard Workerexcept ImportError: 23*2d543d20SAndroid Build Coastguard Worker from commands import getstatusoutput 24*2d543d20SAndroid Build Coastguard Worker 25*2d543d20SAndroid Build Coastguard Workerimport sys 26*2d543d20SAndroid Build Coastguard Workerfrom gi.repository import GObject, Gtk 27*2d543d20SAndroid Build Coastguard Workerimport sepolicy 28*2d543d20SAndroid Build Coastguard Workerfrom semanagePage import * 29*2d543d20SAndroid Build Coastguard Worker 30*2d543d20SAndroid Build Coastguard Worker## 31*2d543d20SAndroid Build Coastguard Worker## I18N 32*2d543d20SAndroid Build Coastguard Worker## 33*2d543d20SAndroid Build Coastguard WorkerPROGNAME = "selinux-gui" 34*2d543d20SAndroid Build Coastguard Workertry: 35*2d543d20SAndroid Build Coastguard Worker import gettext 36*2d543d20SAndroid Build Coastguard Worker kwargs = {} 37*2d543d20SAndroid Build Coastguard Worker if sys.version_info < (3,): 38*2d543d20SAndroid Build Coastguard Worker kwargs['unicode'] = True 39*2d543d20SAndroid Build Coastguard Worker t = gettext.translation(PROGNAME, 40*2d543d20SAndroid Build Coastguard Worker localedir="/usr/share/locale", 41*2d543d20SAndroid Build Coastguard Worker **kwargs, 42*2d543d20SAndroid Build Coastguard Worker fallback=True) 43*2d543d20SAndroid Build Coastguard Worker _ = t.gettext 44*2d543d20SAndroid Build Coastguard Workerexcept: 45*2d543d20SAndroid Build Coastguard Worker try: 46*2d543d20SAndroid Build Coastguard Worker import builtins 47*2d543d20SAndroid Build Coastguard Worker builtins.__dict__['_'] = str 48*2d543d20SAndroid Build Coastguard Worker except ImportError: 49*2d543d20SAndroid Build Coastguard Worker import __builtin__ 50*2d543d20SAndroid Build Coastguard Worker __builtin__.__dict__['_'] = unicode 51*2d543d20SAndroid Build Coastguard Worker 52*2d543d20SAndroid Build Coastguard Worker 53*2d543d20SAndroid Build Coastguard Workerclass domainsPage(semanagePage): 54*2d543d20SAndroid Build Coastguard Worker 55*2d543d20SAndroid Build Coastguard Worker def __init__(self, xml): 56*2d543d20SAndroid Build Coastguard Worker semanagePage.__init__(self, xml, "domains", _("Process Domain")) 57*2d543d20SAndroid Build Coastguard Worker self.domain_filter = xml.get_object("domainsFilterEntry") 58*2d543d20SAndroid Build Coastguard Worker self.domain_filter.connect("focus_out_event", self.filter_changed) 59*2d543d20SAndroid Build Coastguard Worker self.domain_filter.connect("activate", self.filter_changed) 60*2d543d20SAndroid Build Coastguard Worker 61*2d543d20SAndroid Build Coastguard Worker self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) 62*2d543d20SAndroid Build Coastguard Worker self.view.set_model(self.store) 63*2d543d20SAndroid Build Coastguard Worker self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING) 64*2d543d20SAndroid Build Coastguard Worker col = Gtk.TreeViewColumn(_("Domain Name"), Gtk.CellRendererText(), text=0) 65*2d543d20SAndroid Build Coastguard Worker col.set_sort_column_id(0) 66*2d543d20SAndroid Build Coastguard Worker col.set_resizable(True) 67*2d543d20SAndroid Build Coastguard Worker self.view.append_column(col) 68*2d543d20SAndroid Build Coastguard Worker self.store.set_sort_column_id(0, Gtk.SortType.ASCENDING) 69*2d543d20SAndroid Build Coastguard Worker col = Gtk.TreeViewColumn(_("Mode"), Gtk.CellRendererText(), text=1) 70*2d543d20SAndroid Build Coastguard Worker col.set_sort_column_id(1) 71*2d543d20SAndroid Build Coastguard Worker col.set_resizable(True) 72*2d543d20SAndroid Build Coastguard Worker self.view.append_column(col) 73*2d543d20SAndroid Build Coastguard Worker self.view.get_selection().connect("changed", self.itemSelected) 74*2d543d20SAndroid Build Coastguard Worker 75*2d543d20SAndroid Build Coastguard Worker self.permissive_button = xml.get_object("permissiveButton") 76*2d543d20SAndroid Build Coastguard Worker self.enforcing_button = xml.get_object("enforcingButton") 77*2d543d20SAndroid Build Coastguard Worker 78*2d543d20SAndroid Build Coastguard Worker self.domains = sepolicy.get_all_entrypoint_domains() 79*2d543d20SAndroid Build Coastguard Worker self.load() 80*2d543d20SAndroid Build Coastguard Worker 81*2d543d20SAndroid Build Coastguard Worker def get_modules(self): 82*2d543d20SAndroid Build Coastguard Worker modules = [] 83*2d543d20SAndroid Build Coastguard Worker fd = os.popen("semodule -l") 84*2d543d20SAndroid Build Coastguard Worker mods = fd.readlines() 85*2d543d20SAndroid Build Coastguard Worker fd.close() 86*2d543d20SAndroid Build Coastguard Worker for l in mods: 87*2d543d20SAndroid Build Coastguard Worker modules.append(l.split()[0]) 88*2d543d20SAndroid Build Coastguard Worker return modules 89*2d543d20SAndroid Build Coastguard Worker 90*2d543d20SAndroid Build Coastguard Worker def load(self, filter=""): 91*2d543d20SAndroid Build Coastguard Worker self.filter = filter 92*2d543d20SAndroid Build Coastguard Worker self.store.clear() 93*2d543d20SAndroid Build Coastguard Worker try: 94*2d543d20SAndroid Build Coastguard Worker modules = self.get_modules() 95*2d543d20SAndroid Build Coastguard Worker for domain in self.domains: 96*2d543d20SAndroid Build Coastguard Worker if not self.match(domain, filter): 97*2d543d20SAndroid Build Coastguard Worker continue 98*2d543d20SAndroid Build Coastguard Worker iter = self.store.append() 99*2d543d20SAndroid Build Coastguard Worker self.store.set_value(iter, 0, domain) 100*2d543d20SAndroid Build Coastguard Worker t = "permissive_%s_t" % domain 101*2d543d20SAndroid Build Coastguard Worker if t in modules: 102*2d543d20SAndroid Build Coastguard Worker self.store.set_value(iter, 1, _("Permissive")) 103*2d543d20SAndroid Build Coastguard Worker else: 104*2d543d20SAndroid Build Coastguard Worker self.store.set_value(iter, 1, "") 105*2d543d20SAndroid Build Coastguard Worker except: 106*2d543d20SAndroid Build Coastguard Worker pass 107*2d543d20SAndroid Build Coastguard Worker self.view.get_selection().select_path((0,)) 108*2d543d20SAndroid Build Coastguard Worker 109*2d543d20SAndroid Build Coastguard Worker def itemSelected(self, selection): 110*2d543d20SAndroid Build Coastguard Worker store, iter = selection.get_selected() 111*2d543d20SAndroid Build Coastguard Worker if iter is None: 112*2d543d20SAndroid Build Coastguard Worker return 113*2d543d20SAndroid Build Coastguard Worker p = store.get_value(iter, 1) == _("Permissive") 114*2d543d20SAndroid Build Coastguard Worker self.permissive_button.set_sensitive(not p) 115*2d543d20SAndroid Build Coastguard Worker self.enforcing_button.set_sensitive(p) 116*2d543d20SAndroid Build Coastguard Worker 117*2d543d20SAndroid Build Coastguard Worker def deleteDialog(self): 118*2d543d20SAndroid Build Coastguard Worker # Do nothing 119*2d543d20SAndroid Build Coastguard Worker return self.delete() 120*2d543d20SAndroid Build Coastguard Worker 121*2d543d20SAndroid Build Coastguard Worker def delete(self): 122*2d543d20SAndroid Build Coastguard Worker selection = self.view.get_selection() 123*2d543d20SAndroid Build Coastguard Worker store, iter = selection.get_selected() 124*2d543d20SAndroid Build Coastguard Worker domain = store.get_value(iter, 0) 125*2d543d20SAndroid Build Coastguard Worker try: 126*2d543d20SAndroid Build Coastguard Worker self.wait() 127*2d543d20SAndroid Build Coastguard Worker status, output = getstatusoutput("semanage permissive -d %s_t" % domain) 128*2d543d20SAndroid Build Coastguard Worker self.ready() 129*2d543d20SAndroid Build Coastguard Worker if status != 0: 130*2d543d20SAndroid Build Coastguard Worker self.error(output) 131*2d543d20SAndroid Build Coastguard Worker else: 132*2d543d20SAndroid Build Coastguard Worker domain = store.set_value(iter, 1, "") 133*2d543d20SAndroid Build Coastguard Worker self.itemSelected(selection) 134*2d543d20SAndroid Build Coastguard Worker 135*2d543d20SAndroid Build Coastguard Worker except ValueError as e: 136*2d543d20SAndroid Build Coastguard Worker self.error(e.args[0]) 137*2d543d20SAndroid Build Coastguard Worker 138*2d543d20SAndroid Build Coastguard Worker def propertiesDialog(self): 139*2d543d20SAndroid Build Coastguard Worker # Do nothing 140*2d543d20SAndroid Build Coastguard Worker return 141*2d543d20SAndroid Build Coastguard Worker 142*2d543d20SAndroid Build Coastguard Worker def addDialog(self): 143*2d543d20SAndroid Build Coastguard Worker # Do nothing 144*2d543d20SAndroid Build Coastguard Worker return self.add() 145*2d543d20SAndroid Build Coastguard Worker 146*2d543d20SAndroid Build Coastguard Worker def add(self): 147*2d543d20SAndroid Build Coastguard Worker selection = self.view.get_selection() 148*2d543d20SAndroid Build Coastguard Worker store, iter = selection.get_selected() 149*2d543d20SAndroid Build Coastguard Worker domain = store.get_value(iter, 0) 150*2d543d20SAndroid Build Coastguard Worker try: 151*2d543d20SAndroid Build Coastguard Worker self.wait() 152*2d543d20SAndroid Build Coastguard Worker status, output = getstatusoutput("semanage permissive -a %s_t" % domain) 153*2d543d20SAndroid Build Coastguard Worker self.ready() 154*2d543d20SAndroid Build Coastguard Worker if status != 0: 155*2d543d20SAndroid Build Coastguard Worker self.error(output) 156*2d543d20SAndroid Build Coastguard Worker else: 157*2d543d20SAndroid Build Coastguard Worker domain = store.set_value(iter, 1, _("Permissive")) 158*2d543d20SAndroid Build Coastguard Worker self.itemSelected(selection) 159*2d543d20SAndroid Build Coastguard Worker 160*2d543d20SAndroid Build Coastguard Worker except ValueError as e: 161*2d543d20SAndroid Build Coastguard Worker self.error(e.args[0]) 162