From ef95e893d5afb70bd8fb44348972b42607674cfe Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 18 Mar 2014 09:26:38 -0400
Subject: [PATCH 3/5] Add ability to list the actual active modules
---
policycoreutils/sepolicy/sepolicy/__init__.py | 19 +++++++++++++++
policycoreutils/sepolicy/sepolicy/interface.py | 32 +++++++++++++++++---------
2 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index e3943c0..f7f05cb 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -137,6 +137,25 @@ def get_all_modules():
return all_modules
+def get_all_modules_from_mod_lst():
+ mod_lst_path = ["/usr/share/selinux/targeted/base.lst","/usr/share/selinux/targeted/modules-base.lst","/usr/share/selinux/targeted/modules-contrib.lst"]
+ all_modules = []
+ mod_temp = []
+ for i in mod_lst_path:
+ try:
+ fd = open(i,"r")
+ modules = fd.readlines()
+ fd.close()
+ modules = modules[0].split(" ")[:-1]
+ for m in modules:
+ mod_temp.append(m[:-3])
+ all_modules.extend(mod_temp)
+ mod_temp = []
+ except:
+ all_modules = []
+
+ return all_modules
+
def get_file_types(setype):
flist=[]
mpaths={}
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
index 63cff9b..b17f6af 100644
--- a/policycoreutils/sepolicy/sepolicy/interface.py
+++ b/policycoreutils/sepolicy/sepolicy/interface.py
@@ -119,12 +119,20 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
global interface_dict
import os
import xml.etree.ElementTree
+ from sepolicy import get_all_modules, get_all_modules_from_mod_lst
if interface_dict:
return interface_dict
+ active_modules = []
interface_dict = {}
param_list = []
+ if get_all_modules_from_mod_lst():
+ active_modules = get_all_modules_from_mod_lst()
+ else:
+ print((_("Using only non-base modules.")))
+ active_modules = get_all_modules()
+
xml_path = """<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<policy>
<layer name="admin">
@@ -142,16 +150,17 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
tree = xml.etree.ElementTree.fromstring(xml_path)
for l in tree.findall("layer"):
for m in l.findall("module"):
- for i in m.getiterator('interface'):
- for e in i.findall("param"):
- param_list.append(e.get('name'))
- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"]
- param_list = []
- for i in m.getiterator('template'):
- for e in i.findall("param"):
- param_list.append(e.get('name'))
- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"]
- param_list = []
+ if m.get("name") in active_modules:
+ for i in m.getiterator('interface'):
+ for e in i.findall("param"):
+ param_list.append(e.get('name'))
+ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"]
+ param_list = []
+ for i in m.getiterator('template'):
+ for e in i.findall("param"):
+ param_list.append(e.get('name'))
+ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"]
+ param_list = []
except IOError as e:
pass
return interface_dict
@@ -196,13 +205,14 @@ def get_xml_file(if_file):
def interface_compile_test(interface, path = "/usr/share/selinux/devel/policy.xml"):
exclude_interfaces = ["userdom","kernel","corenet","files", "dev"]
+ exclude_interface_name = ["selinux_genbool"]
exclude_interface_type = ["template"]
import subprocess, os
policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"}
idict = get_interface_dict(path)
- if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
+ if not (interface in exclude_interface_name or interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
print((_("Compiling %s interface" % interface)))
try:
fd = open(policy_files['te'], "w")
--
2.1.0