|
 |
a13ffa |
From ef95e893d5afb70bd8fb44348972b42607674cfe Mon Sep 17 00:00:00 2001
|
|
|
a13ffa |
From: Dan Walsh <dwalsh@redhat.com>
|
|
|
a13ffa |
Date: Tue, 18 Mar 2014 09:26:38 -0400
|
|
|
a13ffa |
Subject: [PATCH 3/5] Add ability to list the actual active modules
|
|
|
a13ffa |
|
|
|
a13ffa |
---
|
|
|
a13ffa |
policycoreutils/sepolicy/sepolicy/__init__.py | 19 +++++++++++++++
|
|
|
a13ffa |
policycoreutils/sepolicy/sepolicy/interface.py | 32 +++++++++++++++++---------
|
|
|
a13ffa |
2 files changed, 40 insertions(+), 11 deletions(-)
|
|
|
a13ffa |
|
|
|
a13ffa |
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
|
|
a13ffa |
index e3943c0..f7f05cb 100644
|
|
|
a13ffa |
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
|
|
a13ffa |
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
|
|
a13ffa |
@@ -137,6 +137,25 @@ def get_all_modules():
|
|
|
a13ffa |
|
|
|
a13ffa |
return all_modules
|
|
|
a13ffa |
|
|
|
a13ffa |
+def get_all_modules_from_mod_lst():
|
|
|
a13ffa |
+ mod_lst_path = ["/usr/share/selinux/targeted/base.lst","/usr/share/selinux/targeted/modules-base.lst","/usr/share/selinux/targeted/modules-contrib.lst"]
|
|
|
a13ffa |
+ all_modules = []
|
|
|
a13ffa |
+ mod_temp = []
|
|
|
a13ffa |
+ for i in mod_lst_path:
|
|
|
a13ffa |
+ try:
|
|
|
a13ffa |
+ fd = open(i,"r")
|
|
|
a13ffa |
+ modules = fd.readlines()
|
|
|
a13ffa |
+ fd.close()
|
|
|
a13ffa |
+ modules = modules[0].split(" ")[:-1]
|
|
|
a13ffa |
+ for m in modules:
|
|
|
a13ffa |
+ mod_temp.append(m[:-3])
|
|
|
a13ffa |
+ all_modules.extend(mod_temp)
|
|
|
a13ffa |
+ mod_temp = []
|
|
|
a13ffa |
+ except:
|
|
|
a13ffa |
+ all_modules = []
|
|
|
a13ffa |
+
|
|
|
a13ffa |
+ return all_modules
|
|
|
a13ffa |
+
|
|
|
a13ffa |
def get_file_types(setype):
|
|
|
a13ffa |
flist=[]
|
|
|
a13ffa |
mpaths={}
|
|
|
a13ffa |
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
|
|
|
a13ffa |
index 63cff9b..b17f6af 100644
|
|
|
a13ffa |
--- a/policycoreutils/sepolicy/sepolicy/interface.py
|
|
|
a13ffa |
+++ b/policycoreutils/sepolicy/sepolicy/interface.py
|
|
|
a13ffa |
@@ -119,12 +119,20 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
|
|
a13ffa |
global interface_dict
|
|
|
a13ffa |
import os
|
|
|
a13ffa |
import xml.etree.ElementTree
|
|
|
a13ffa |
+ from sepolicy import get_all_modules, get_all_modules_from_mod_lst
|
|
|
a13ffa |
if interface_dict:
|
|
|
a13ffa |
return interface_dict
|
|
|
a13ffa |
|
|
|
a13ffa |
+ active_modules = []
|
|
|
a13ffa |
interface_dict = {}
|
|
|
a13ffa |
param_list = []
|
|
|
a13ffa |
|
|
|
a13ffa |
+ if get_all_modules_from_mod_lst():
|
|
|
a13ffa |
+ active_modules = get_all_modules_from_mod_lst()
|
|
|
a13ffa |
+ else:
|
|
|
a13ffa |
+ print((_("Using only non-base modules.")))
|
|
|
a13ffa |
+ active_modules = get_all_modules()
|
|
|
a13ffa |
+
|
|
|
a13ffa |
xml_path = """
|
|
|
a13ffa |
<policy>
|
|
|
a13ffa |
<layer name="admin">
|
|
|
a13ffa |
@@ -142,16 +150,17 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
|
|
a13ffa |
tree = xml.etree.ElementTree.fromstring(xml_path)
|
|
|
a13ffa |
for l in tree.findall("layer"):
|
|
|
a13ffa |
for m in l.findall("module"):
|
|
|
a13ffa |
- for i in m.getiterator('interface'):
|
|
|
a13ffa |
- for e in i.findall("param"):
|
|
|
a13ffa |
- param_list.append(e.get('name'))
|
|
|
a13ffa |
- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"]
|
|
|
a13ffa |
- param_list = []
|
|
|
a13ffa |
- for i in m.getiterator('template'):
|
|
|
a13ffa |
- for e in i.findall("param"):
|
|
|
a13ffa |
- param_list.append(e.get('name'))
|
|
|
a13ffa |
- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"]
|
|
|
a13ffa |
- param_list = []
|
|
|
a13ffa |
+ if m.get("name") in active_modules:
|
|
|
a13ffa |
+ for i in m.getiterator('interface'):
|
|
|
a13ffa |
+ for e in i.findall("param"):
|
|
|
a13ffa |
+ param_list.append(e.get('name'))
|
|
|
a13ffa |
+ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"]
|
|
|
a13ffa |
+ param_list = []
|
|
|
a13ffa |
+ for i in m.getiterator('template'):
|
|
|
a13ffa |
+ for e in i.findall("param"):
|
|
|
a13ffa |
+ param_list.append(e.get('name'))
|
|
|
a13ffa |
+ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"]
|
|
|
a13ffa |
+ param_list = []
|
|
|
a13ffa |
except IOError as e:
|
|
|
a13ffa |
pass
|
|
|
a13ffa |
return interface_dict
|
|
|
a13ffa |
@@ -196,13 +205,14 @@ def get_xml_file(if_file):
|
|
|
a13ffa |
|
|
|
a13ffa |
def interface_compile_test(interface, path = "/usr/share/selinux/devel/policy.xml"):
|
|
|
a13ffa |
exclude_interfaces = ["userdom","kernel","corenet","files", "dev"]
|
|
|
a13ffa |
+ exclude_interface_name = ["selinux_genbool"]
|
|
|
a13ffa |
exclude_interface_type = ["template"]
|
|
|
a13ffa |
|
|
|
a13ffa |
import subprocess, os
|
|
|
a13ffa |
policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"}
|
|
|
a13ffa |
idict = get_interface_dict(path)
|
|
|
a13ffa |
|
|
|
a13ffa |
- if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
|
|
|
a13ffa |
+ if not (interface in exclude_interface_name or interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
|
|
|
a13ffa |
print((_("Compiling %s interface" % interface)))
|
|
|
a13ffa |
try:
|
|
|
a13ffa |
fd = open(policy_files['te'], "w")
|
|
|
a13ffa |
--
|
|
|
a13ffa |
2.1.0
|
|
|
a13ffa |
|