From ef95e893d5afb70bd8fb44348972b42607674cfe Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 18 Mar 2014 09:26:38 -0400 Subject: [PATCH 3/5] Add ability to list the actual active modules --- policycoreutils/sepolicy/sepolicy/__init__.py | 19 +++++++++++++++ policycoreutils/sepolicy/sepolicy/interface.py | 32 +++++++++++++++++--------- 2 files changed, 40 insertions(+), 11 deletions(-) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py index e3943c0..f7f05cb 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -137,6 +137,25 @@ def get_all_modules(): return all_modules +def get_all_modules_from_mod_lst(): + mod_lst_path = ["/usr/share/selinux/targeted/base.lst","/usr/share/selinux/targeted/modules-base.lst","/usr/share/selinux/targeted/modules-contrib.lst"] + all_modules = [] + mod_temp = [] + for i in mod_lst_path: + try: + fd = open(i,"r") + modules = fd.readlines() + fd.close() + modules = modules[0].split(" ")[:-1] + for m in modules: + mod_temp.append(m[:-3]) + all_modules.extend(mod_temp) + mod_temp = [] + except: + all_modules = [] + + return all_modules + def get_file_types(setype): flist=[] mpaths={} diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py index 63cff9b..b17f6af 100644 --- a/policycoreutils/sepolicy/sepolicy/interface.py +++ b/policycoreutils/sepolicy/sepolicy/interface.py @@ -119,12 +119,20 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"): global interface_dict import os import xml.etree.ElementTree + from sepolicy import get_all_modules, get_all_modules_from_mod_lst if interface_dict: return interface_dict + active_modules = [] interface_dict = {} param_list = [] + if get_all_modules_from_mod_lst(): + active_modules = get_all_modules_from_mod_lst() + else: + print((_("Using only non-base modules."))) + active_modules = get_all_modules() + xml_path = """ @@ -142,16 +150,17 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"): tree = xml.etree.ElementTree.fromstring(xml_path) for l in tree.findall("layer"): for m in l.findall("module"): - for i in m.getiterator('interface'): - for e in i.findall("param"): - param_list.append(e.get('name')) - interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"] - param_list = [] - for i in m.getiterator('template'): - for e in i.findall("param"): - param_list.append(e.get('name')) - interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"] - param_list = [] + if m.get("name") in active_modules: + for i in m.getiterator('interface'): + for e in i.findall("param"): + param_list.append(e.get('name')) + interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"] + param_list = [] + for i in m.getiterator('template'): + for e in i.findall("param"): + param_list.append(e.get('name')) + interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"] + param_list = [] except IOError as e: pass return interface_dict @@ -196,13 +205,14 @@ def get_xml_file(if_file): def interface_compile_test(interface, path = "/usr/share/selinux/devel/policy.xml"): exclude_interfaces = ["userdom","kernel","corenet","files", "dev"] + exclude_interface_name = ["selinux_genbool"] exclude_interface_type = ["template"] import subprocess, os policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"} idict = get_interface_dict(path) - if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): + if not (interface in exclude_interface_name or interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): print((_("Compiling %s interface" % interface))) try: fd = open(policy_files['te'], "w") -- 2.1.0