Daniel J Walsh de82d8
#! /usr/bin/env python
Daniel J Walsh de82d8
# Copyright (C) 2006 Red Hat 
Daniel J Walsh de82d8
# see file 'COPYING' for use and warranty information
Daniel J Walsh de82d8
#
Daniel J Walsh de82d8
# policygentool is a tool for the initial generation of SELinux policy
Daniel J Walsh de82d8
#
Daniel J Walsh de82d8
#    This program is free software; you can redistribute it and/or
Daniel J Walsh de82d8
#    modify it under the terms of the GNU General Public License as
Daniel J Walsh de82d8
#    published by the Free Software Foundation; either version 2 of
Daniel J Walsh de82d8
#    the License, or (at your option) any later version.
Daniel J Walsh de82d8
#
Daniel J Walsh de82d8
#    This program is distributed in the hope that it will be useful,
Daniel J Walsh de82d8
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
Daniel J Walsh de82d8
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Daniel J Walsh de82d8
#    GNU General Public License for more details.
Daniel J Walsh de82d8
#
Daniel J Walsh de82d8
#    You should have received a copy of the GNU General Public License
Daniel J Walsh de82d8
#    along with this program; if not, write to the Free Software
Daniel J Walsh de82d8
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
Daniel J Walsh de82d8
#                                        02111-1307  USA
Daniel J Walsh de82d8
#
Daniel J Walsh de82d8
#  
Daniel J Walsh de82d8
import os, sys, getopt
Daniel J Walsh de82d8
import seobject
Daniel J Walsh de82d8
import re
Daniel J Walsh de82d8
Daniel J Walsh de82d8
########################### Interface File #############################
Daniel J Walsh de82d8
interface="\n\
Daniel J Walsh faa80b
## <summary>policy for TEMPLATETYPE</summary>\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
########################################\n\
Daniel J Walsh de82d8
## <summary>\n\
Daniel J Walsh de82d8
##	Execute a domain transition to run TEMPLATETYPE.\n\
Daniel J Walsh de82d8
## </summary>\n\
Daniel J Walsh de82d8
## <param name=\"domain\">\n\
Daniel J Walsh de82d8
##	Domain allowed to transition.\n\
Daniel J Walsh de82d8
## </param>\n\
Daniel J Walsh de82d8
#\n\
Daniel J Walsh de82d8
interface(`TEMPLATETYPE_domtrans',`\n\
Daniel J Walsh de82d8
	gen_requires(`\n\
Daniel J Walsh de82d8
		type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;\n\
Daniel J Walsh de82d8
	')\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
	domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
	allow $1 TEMPLATETYPE_t:fd use;\n\
Daniel J Walsh de82d8
	allow TEMPLATETYPE_t $1:fd use;\n\
Daniel J Walsh faa80b
	allow TEMPLATETYPE_t:$1:fifo_file rw_file_perms;\n\
Daniel J Walsh faa80b
	allow TEMPLATETYPE_t $1:process sigchld;\n\
Daniel J Walsh de82d8
')\n\
Daniel J Walsh de82d8
"
Daniel J Walsh de82d8
Daniel J Walsh de82d8
########################### Type Enforcement File #############################
Daniel J Walsh de82d8
te="\n\
Daniel J Walsh b28beb
policy_module(TEMPLATETYPE,1.0.0)\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
########################################\n\
Daniel J Walsh de82d8
#\n\
Daniel J Walsh de82d8
# Declarations\n\
Daniel J Walsh de82d8
#\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
type TEMPLATETYPE_t;\n\
Daniel J Walsh de82d8
type TEMPLATETYPE_exec_t;\n\
Daniel J Walsh de82d8
domain_type(TEMPLATETYPE_t)\n\
Daniel J Walsh de82d8
init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
########################################\n\
Daniel J Walsh de82d8
#\n\
Daniel J Walsh de82d8
# TEMPLATETYPE local policy\n\
Daniel J Walsh de82d8
#\n\
Daniel J Walsh de82d8
# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.\n"
Daniel J Walsh de82d8
Daniel J Walsh de82d8
########################### File Context ##################################
Daniel J Walsh de82d8
fc="\n\
Daniel J Walsh de82d8
# TEMPLATETYPE executable will have:\n\
Daniel J Walsh de82d8
# label: system_u:object_r:TEMPLATETYPE_exec_t\n\
Daniel J Walsh de82d8
# MLS sensitivity: s0\n\
Daniel J Walsh de82d8
# MCS categories: <none>\n\
Daniel J Walsh de82d8
\n\
Daniel J Walsh de82d8
EXECUTABLE		--	gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)\n\
Daniel J Walsh de82d8
"
Daniel J Walsh de82d8
def errorExit(error):
Daniel J Walsh de82d8
	sys.stderr.write("%s: " % sys.argv[0])
Daniel J Walsh de82d8
	sys.stderr.write("%s\n" % error)
Daniel J Walsh de82d8
	sys.stderr.flush()
Daniel J Walsh de82d8
	sys.exit(1)
Daniel J Walsh de82d8
Daniel J Walsh de82d8
Daniel J Walsh de82d8
def write_te_file(module):
Daniel J Walsh de82d8
	file="%s.te" % module
Daniel J Walsh de82d8
	newte=re.sub("TEMPLATETYPE", module, te)
Daniel J Walsh de82d8
	if os.path.exists(file):
Daniel J Walsh de82d8
		errorExit("%s already exists" % file)
Daniel J Walsh de82d8
	fd = open(file, 'w')
Daniel J Walsh de82d8
	fd.write(newte)
Daniel J Walsh de82d8
	fd.close()
Daniel J Walsh de82d8
Daniel J Walsh de82d8
def write_if_file(module):
Daniel J Walsh de82d8
	file="%s.if" % module
Daniel J Walsh de82d8
	newif=re.sub("TEMPLATETYPE", module, interface)
Daniel J Walsh de82d8
	if os.path.exists(file):
Daniel J Walsh de82d8
		errorExit("%s already exists" % file)
Daniel J Walsh de82d8
	fd = open(file, 'w')
Daniel J Walsh de82d8
	fd.write(newif)
Daniel J Walsh de82d8
	fd.close()
Daniel J Walsh de82d8
Daniel J Walsh de82d8
def write_fc_file(module, executable):
Daniel J Walsh de82d8
	file="%s.fc" % module
Daniel J Walsh de82d8
	newfc=re.sub("TEMPLATETYPE", module, fc)
Daniel J Walsh de82d8
	newfc=re.sub("EXECUTABLE", executable, newfc)
Daniel J Walsh de82d8
	if os.path.exists(file):
Daniel J Walsh de82d8
		errorExit("%s already exists" % file)
Daniel J Walsh de82d8
	fd = open(file, 'w')
Daniel J Walsh de82d8
	fd.write(newfc)
Daniel J Walsh de82d8
	fd.close()
Daniel J Walsh de82d8
Daniel J Walsh de82d8
def gen_policy(module, executable):
Daniel J Walsh de82d8
	write_te_file(module)
Daniel J Walsh de82d8
	write_if_file(module)
Daniel J Walsh de82d8
	write_fc_file(module, executable)
Daniel J Walsh de82d8
	
Daniel J Walsh de82d8
if __name__ == '__main__':
Daniel J Walsh de82d8
	def usage(message = ""):
Daniel J Walsh de82d8
		print '%s ModuleName Executable' % sys.argv[0]
Daniel J Walsh de82d8
		sys.exit(1)
Daniel J Walsh de82d8
		
Daniel J Walsh de82d8
	if len(sys.argv) != 3:
Daniel J Walsh de82d8
		usage()
Daniel J Walsh de82d8
Daniel J Walsh de82d8
	gen_policy(sys.argv[1], sys.argv[2])
Daniel J Walsh de82d8
Daniel J Walsh de82d8