Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame policygentool

Blob History Raw

Daniel J Walsh	de82d8	`#! /usr/bin/env python`
Daniel J Walsh	de82d8	`# Copyright (C) 2006 Red Hat`
Daniel J Walsh	de82d8	`# see file 'COPYING' for use and warranty information`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`# policygentool is a tool for the initial generation of SELinux policy`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`# This program is free software; you can redistribute it and/or`
Daniel J Walsh	de82d8	`# modify it under the terms of the GNU General Public License as`
Daniel J Walsh	de82d8	`# published by the Free Software Foundation; either version 2 of`
Daniel J Walsh	de82d8	`# the License, or (at your option) any later version.`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`# This program is distributed in the hope that it will be useful,`
Daniel J Walsh	de82d8	`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
Daniel J Walsh	de82d8	`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Daniel J Walsh	de82d8	`# GNU General Public License for more details.`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`# You should have received a copy of the GNU General Public License`
Daniel J Walsh	de82d8	`# along with this program; if not, write to the Free Software`
Daniel J Walsh	de82d8	`# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA`
Daniel J Walsh	de82d8	`# 02111-1307 USA`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`#`
Daniel J Walsh	de82d8	`import os, sys, getopt`
Daniel J Walsh	de82d8	`import seobject`
Daniel J Walsh	de82d8	`import re`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`########################### Interface File #############################`
Daniel J Walsh	de82d8	`interface="\n\`
Daniel J Walsh	de82d8	`## <summary>TEMPLATETYPE policy</summary>\n\`
Daniel J Walsh	de82d8	`## <desc>\n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## More descriptive text about TEMPLATETYPE. The <desc>\n\`
Daniel J Walsh	de82d8	`## tag can also use , , and \n\`
Daniel J Walsh	de82d8	`## html tags for formatting.\n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## This policy supports the following TEMPLATETYPE features:\n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## Feature A \n\`
Daniel J Walsh	de82d8	`## Feature B \n\`
Daniel J Walsh	de82d8	`## Feature C \n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## \n\`
Daniel J Walsh	de82d8	`## </desc>\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`########################################\n\`
Daniel J Walsh	de82d8	`## <summary>\n\`
Daniel J Walsh	de82d8	`## Execute a domain transition to run TEMPLATETYPE.\n\`
Daniel J Walsh	de82d8	`## </summary>\n\`
Daniel J Walsh	de82d8	`## <param name=\"domain\">\n\`
Daniel J Walsh	de82d8	`## Domain allowed to transition.\n\`
Daniel J Walsh	de82d8	`## </param>\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	interface(`TEMPLATETYPE_domtrans',`\n\
Daniel J Walsh	de82d8	gen_requires(`\n\
Daniel J Walsh	de82d8	`type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;\n\`
Daniel J Walsh	de82d8	`')\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`allow $1 TEMPLATETYPE_t:fd use;\n\`
Daniel J Walsh	de82d8	`allow TEMPLATETYPE_t $1:fd use;\n\`
Daniel J Walsh	de82d8	`allow $1 TEMPLATETYPE_t:fifo_file rw_file_perms;\n\`
Daniel J Walsh	de82d8	`allow $1 TEMPLATETYPE_t:process sigchld;\n\`
Daniel J Walsh	de82d8	`')\n\`
Daniel J Walsh	de82d8	`"`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`########################### Type Enforcement File #############################`
Daniel J Walsh	de82d8	`te="\n\`
Daniel J Walsh	de82d8	`policy_module(TEMPLATE,1.0.0)\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`########################################\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	`# Declarations\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`type TEMPLATETYPE_t;\n\`
Daniel J Walsh	de82d8	`type TEMPLATETYPE_exec_t;\n\`
Daniel J Walsh	de82d8	`domain_type(TEMPLATETYPE_t)\n\`
Daniel J Walsh	de82d8	`init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`########################################\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	`# TEMPLATETYPE local policy\n\`
Daniel J Walsh	de82d8	`#\n\`
Daniel J Walsh	de82d8	`# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.\n"`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`########################### File Context ##################################`
Daniel J Walsh	de82d8	`fc="\n\`
Daniel J Walsh	de82d8	`# TEMPLATETYPE executable will have:\n\`
Daniel J Walsh	de82d8	`# label: system_u:object_r:TEMPLATETYPE_exec_t\n\`
Daniel J Walsh	de82d8	`# MLS sensitivity: s0\n\`
Daniel J Walsh	de82d8	`# MCS categories: <none>\n\`
Daniel J Walsh	de82d8	`\n\`
Daniel J Walsh	de82d8	`EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)\n\`
Daniel J Walsh	de82d8	`"`
Daniel J Walsh	de82d8	`def errorExit(error):`
Daniel J Walsh	de82d8	`sys.stderr.write("%s: " % sys.argv[0])`
Daniel J Walsh	de82d8	`sys.stderr.write("%s\n" % error)`
Daniel J Walsh	de82d8	`sys.stderr.flush()`
Daniel J Walsh	de82d8	`sys.exit(1)`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`def write_te_file(module):`
Daniel J Walsh	de82d8	`file="%s.te" % module`
Daniel J Walsh	de82d8	`newte=re.sub("TEMPLATETYPE", module, te)`
Daniel J Walsh	de82d8	`if os.path.exists(file):`
Daniel J Walsh	de82d8	`errorExit("%s already exists" % file)`
Daniel J Walsh	de82d8	`fd = open(file, 'w')`
Daniel J Walsh	de82d8	`fd.write(newte)`
Daniel J Walsh	de82d8	`fd.close()`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`def write_if_file(module):`
Daniel J Walsh	de82d8	`file="%s.if" % module`
Daniel J Walsh	de82d8	`newif=re.sub("TEMPLATETYPE", module, interface)`
Daniel J Walsh	de82d8	`if os.path.exists(file):`
Daniel J Walsh	de82d8	`errorExit("%s already exists" % file)`
Daniel J Walsh	de82d8	`fd = open(file, 'w')`
Daniel J Walsh	de82d8	`fd.write(newif)`
Daniel J Walsh	de82d8	`fd.close()`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`def write_fc_file(module, executable):`
Daniel J Walsh	de82d8	`file="%s.fc" % module`
Daniel J Walsh	de82d8	`newfc=re.sub("TEMPLATETYPE", module, fc)`
Daniel J Walsh	de82d8	`newfc=re.sub("EXECUTABLE", executable, newfc)`
Daniel J Walsh	de82d8	`if os.path.exists(file):`
Daniel J Walsh	de82d8	`errorExit("%s already exists" % file)`
Daniel J Walsh	de82d8	`fd = open(file, 'w')`
Daniel J Walsh	de82d8	`fd.write(newfc)`
Daniel J Walsh	de82d8	`fd.close()`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`def gen_policy(module, executable):`
Daniel J Walsh	de82d8	`write_te_file(module)`
Daniel J Walsh	de82d8	`write_if_file(module)`
Daniel J Walsh	de82d8	`write_fc_file(module, executable)`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`if __name__ == '__main__':`
Daniel J Walsh	de82d8	`def usage(message = ""):`
Daniel J Walsh	de82d8	`print '%s ModuleName Executable' % sys.argv[0]`
Daniel J Walsh	de82d8	`sys.exit(1)`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`if len(sys.argv) != 3:`
Daniel J Walsh	de82d8	`usage()`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8	`gen_policy(sys.argv[1], sys.argv[2])`
Daniel J Walsh	de82d8
Daniel J Walsh	de82d8

rpms / selinux-policy

Source Code

Blame policygentool