diff --git a/dbus/org.selinux.conf b/dbus/org.selinux.conf
index a3509781..1ae079d2 100644
--- a/dbus/org.selinux.conf
+++ b/dbus/org.selinux.conf
@@ -12,12 +12,8 @@
-
-
-
-
+
diff --git a/gui/Makefile b/gui/Makefile
index a72e58ce..d42348b5 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -9,7 +9,6 @@ TARGETS= \
booleansPage.py \
domainsPage.py \
fcontextPage.py \
-html_util.py \
loginsPage.py \
modulesPage.py \
polgen.ui \
diff --git a/gui/html_util.py b/gui/html_util.py
deleted file mode 100644
index 420f6b96..00000000
--- a/gui/html_util.py
+++ /dev/null
@@ -1,175 +0,0 @@
-# Authors: John Dennis
-#
-# Copyright (C) 2007 Red Hat, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-
-
-__all__ = [
- 'escape_html',
- 'unescape_html',
- 'html_to_text',
-
- 'html_document',
-]
-
-import htmllib
-import formatter as Formatter
-import string
-from types import *
-try:
- from io import StringIO
-except ImportError:
- from StringIO import StringIO
-
-#------------------------------------------------------------------------------
-
-
-class TextWriter(Formatter.DumbWriter):
-
- def __init__(self, file=None, maxcol=80, indent_width=4):
- Formatter.DumbWriter.__init__(self, file, maxcol)
- self.indent_level = 0
- self.indent_width = indent_width
- self._set_indent()
-
- def _set_indent(self):
- self.indent_col = self.indent_level * self.indent_width
- self.indent = ' ' * self.indent_col
-
- def new_margin(self, margin, level):
- self.indent_level = level
- self._set_indent()
-
- def send_label_data(self, data):
- data = data + ' '
- if len(data) > self.indent_col:
- self.send_literal_data(data)
- else:
- offset = self.indent_col - len(data)
- self.send_literal_data(' ' * offset + data)
-
- def send_flowing_data(self, data):
- if not data:
- return
- atbreak = self.atbreak or data[0] in string.whitespace
- col = self.col
- maxcol = self.maxcol
- write = self.file.write
- col = self.col
- if col == 0:
- write(self.indent)
- col = self.indent_col
- for word in data.split():
- if atbreak:
- if col + len(word) >= maxcol:
- write('\n' + self.indent)
- col = self.indent_col
- else:
- write(' ')
- col = col + 1
- write(word)
- col = col + len(word)
- atbreak = 1
- self.col = col
- self.atbreak = data[-1] in string.whitespace
-
-
-class HTMLParserAnchor(htmllib.HTMLParser):
-
- def __init__(self, formatter, verbose=0):
- htmllib.HTMLParser.__init__(self, formatter, verbose)
-
- def anchor_bgn(self, href, name, type):
- self.anchor = href
-
- def anchor_end(self):
- if self.anchor:
- self.handle_data(' (%s) ' % self.anchor)
- self.anchor = None
-
-#------------------------------------------------------------------------------
-
-
-def escape_html(s):
- if s is None:
- return None
- s = s.replace("&", "&") # Must be done first!
- s = s.replace("<", "<")
- s = s.replace(">", ">")
- s = s.replace("'", "'")
- s = s.replace('"', """)
- return s
-
-
-def unescape_html(s):
- if s is None:
- return None
- if '&' not in s:
- return s
- s = s.replace("<", "<")
- s = s.replace(">", ">")
- s = s.replace("'", "'")
- s = s.replace(""", '"')
- s = s.replace("&", "&") # Must be last
- return s
-
-
-def html_to_text(html, maxcol=80):
- try:
- buffer = StringIO()
- formatter = Formatter.AbstractFormatter(TextWriter(buffer, maxcol))
- parser = HTMLParserAnchor(formatter)
- parser.feed(html)
- parser.close()
- text = buffer.getvalue()
- buffer.close()
- return text
- except Exception as e:
- log_program.error('cannot convert html to text: %s' % e)
- return None
-
-
-def html_document(*body_components):
- '''Wrap the body components in a HTML document structure with a valid header.
- Accepts a variable number of arguments of which can be:
- * string
- * a sequences of strings (tuple or list).
- * a callable object taking no parameters and returning a string or sequence of strings.
- '''
- head = '\n \n \n \n \n'
- tail = '\n \n'
-
- doc = head
-
- for body_component in body_components:
- if type(body_component) is StringTypes:
- doc += body_component
- elif type(body_component) in [TupleType, ListType]:
- for item in body_component:
- doc += item
- elif callable(body_component):
- result = body_component()
- if type(result) in [TupleType, ListType]:
- for item in result:
- doc += item
- else:
- doc += result
- else:
- doc += body_component
-
- doc += tail
- return doc
diff --git a/libsepol/src/ibpkeys.c b/libsepol/src/ibpkeys.c
index 682bf5db..68a9bdfe 100644
--- a/libsepol/src/ibpkeys.c
+++ b/libsepol/src/ibpkeys.c
@@ -1,5 +1,6 @@
#include
#include
+#include
#include "debug.h"
#include "context.h"
@@ -176,7 +177,7 @@ int sepol_ibpkey_query(sepol_handle_t *handle,
return STATUS_SUCCESS;
err:
- ERR(handle, "could not query ibpkey subnet prefix: %#lx range %u - %u exists",
+ ERR(handle, "could not query ibpkey subnet prefix: %#" PRIx64 " range %u - %u exists",
subnet_prefix, low, high);
return STATUS_ERR;
}
@@ -203,7 +204,7 @@ int sepol_ibpkey_modify(sepol_handle_t *handle,
return STATUS_SUCCESS;
err:
- ERR(handle, "could not load ibpkey subnet prefix: %#lx range %u - %u exists",
+ ERR(handle, "could not load ibpkey subnet prefix: %#" PRIx64 " range %u - %u exists",
subnet_prefix, low, high);
if (ibpkey) {
context_destroy(&ibpkey->context[0]);
diff --git a/mcstrans/share/util/mlscolor-test b/mcstrans/share/util/mlscolor-test
index 7b8d809b..03fc4be4 100644
--- a/mcstrans/share/util/mlscolor-test
+++ b/mcstrans/share/util/mlscolor-test
@@ -1,7 +1,8 @@
#!/usr/bin/python -E
import sys
-import re
-from selinux import *
+import selinux
+
+
verbose = 0
errors = 0
@@ -18,19 +19,19 @@ for arg in sys.argv[1:]:
line = line.rstrip('\n')
# print line
context, expected = line.split("=")
- rc, raw = selinux_trans_to_raw_context(context)
+ rc, raw = selinux.selinux_trans_to_raw_context(context)
if rc < 0:
- print "Unable to get raw context of '%s'" % (context)
+ print("Unable to get raw context of '%s'" % (context))
errors += 1
continue
- rc, colors = selinux_raw_context_to_color(raw)
+ rc, colors = selinux.selinux_raw_context_to_color(raw)
if rc < 0:
- print "Unable to get colors for '%s'" % (context)
+ print("Unable to get colors for '%s'" % (context))
errors += 1
continue
colors = colors.rstrip()
if colors != expected:
- print "For '%s' got\n\t'%s' expected\n\t'%s'" % (context, colors, expected)
+ print("For '%s' got\n\t'%s' expected\n\t'%s'" % (context, colors, expected))
errors += 1
continue
f.close()
@@ -38,6 +39,6 @@ for arg in sys.argv[1:]:
s = "s"
if errors == 1:
s = ""
-print "mlscolor-test done with %d error%s" % (errors, s)
+print("mlscolor-test done with %d error%s" % (errors, s))
sys.exit(errors)
diff --git a/mcstrans/share/util/mlstrans-test b/mcstrans/share/util/mlstrans-test
index f854f7b3..c026d00e 100644
--- a/mcstrans/share/util/mlstrans-test
+++ b/mcstrans/share/util/mlstrans-test
@@ -1,31 +1,33 @@
#!/usr/bin/python -E
import sys
-import re
-from selinux import *
+import selinux
+
+
verbose = 0
errors = 0
def untrans(trans, val):
global errors, verbose
- (rc, raw) = selinux_trans_to_raw_context(trans)
+ (rc, raw) = selinux.selinux_trans_to_raw_context(trans)
if raw != val:
- print "untrans: '%s' -> '%s' != '%s' FAILED" % (trans, raw, val)
+ print("untrans: '%s' -> '%s' != '%s' FAILED" % (trans, raw, val))
errors += 1
else:
if verbose:
- print "untrans: %s -> %s != %s SUCCESS" % (trans, raw, val)
+ print("untrans: %s -> %s != %s SUCCESS" % (trans, raw, val))
def trans(raw, val):
global errors, verbose
- (rc, trans) = selinux_raw_to_trans_context(raw)
+ (rc, trans) = selinux.selinux_raw_to_trans_context(raw)
if trans != val:
- print "trans: '%s' -> '%s' != '%s' FAILED" % (raw, trans, val)
+ print("trans: '%s' -> '%s' != '%s' FAILED" % (raw, trans, val))
errors += 1
else:
if verbose:
- print "trans: %s -> %s != %s SUCCESS" % (raw, trans, val)
+ print("trans: %s -> %s != %s SUCCESS" % (raw, trans, val))
+
if len(sys.argv) > 1 and sys.argv[1] == "-v":
verbose = 1
@@ -38,8 +40,7 @@ for arg in sys.argv[1:]:
if not line.strip():
continue
line = line.rstrip('\n')
-# print line
- if (line.find("==") != -1):
+ if line.find("==") != -1:
t, r = line.split("==")
untrans("a:b:c:" + t, "a:b:c:" + r)
trans("a:b:c:" + r, "a:b:c:" + t)
@@ -51,6 +52,6 @@ for arg in sys.argv[1:]:
s = "s"
if errors == 1:
s = ""
-print "mlstrans-test done with %d error%s" % (errors, s)
+print("mlstrans-test done with %d error%s" % (errors, s))
sys.exit(errors)
diff --git a/python/chcat/chcat b/python/chcat/chcat
index 4bd9fc6a..5bef0073 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -4,7 +4,7 @@
#
# chcat is a script that allows you modify the Security label on a file
#
-#` Author: Daniel Walsh
+# Author: Daniel Walsh
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -22,14 +22,10 @@
# 02111-1307 USA
#
#
-try:
- from subprocess import getstatusoutput
-except ImportError:
- from commands import getstatusoutput
+import subprocess
import sys
import os
import pwd
-import string
import getopt
import selinux
import seobject
@@ -44,7 +40,7 @@ try:
localedir="/usr/share/locale",
codeset='utf-8',
**kwargs)
-except:
+except ImportError:
try:
import builtins
builtins.__dict__['_'] = str
@@ -86,8 +82,7 @@ def chcat_user_add(newcat, users):
if len(serange) > 1:
top = serange[1].split(":")
if len(top) > 1:
- cats.append(top[1])
- cats = expandCats(cats)
+ cats = expandCats(top[1].split(','))
for i in newcat[1:]:
if i not in cats:
@@ -99,12 +94,12 @@ def chcat_user_add(newcat, users):
new_serange = "%s-%s" % (serange[0], top[0])
if add_ind:
- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
else:
- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -140,10 +135,11 @@ def chcat_add(orig, newcat, objects, login_ind):
cat_string = "%s,%s" % (cat_string, c)
else:
cat_string = cat
- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f)
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+
+ cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -166,8 +162,7 @@ def chcat_user_remove(newcat, users):
if len(serange) > 1:
top = serange[1].split(":")
if len(top) > 1:
- cats.append(top[1])
- cats = expandCats(cats)
+ cats = expandCats(top[1].split(','))
for i in newcat[1:]:
if i in cats:
@@ -179,13 +174,15 @@ def chcat_user_remove(newcat, users):
new_serange = "%s-%s" % (serange[0], top[0])
if add_ind:
- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
else:
- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
+
return errors
@@ -224,12 +221,14 @@ def chcat_remove(orig, newcat, objects, login_ind):
continue
if len(cat) == 0:
- cmd = 'chcon -l %s %s' % (sensitivity, f)
+ new_serange = sensitivity
else:
- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat, f)
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+ new_serange = '%s:%s' % (sensitivity, cat)
+
+ cmd = ["chcon", "-l", new_serange, f]
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -247,17 +246,17 @@ def chcat_user_replace(newcat, users):
add_ind = 1
user = seusers["__default__"]
serange = user[1].split("-")
- new_serange = "%s-%s:%s" % (serange[0], newcat[0], string.join(newcat[1:], ","))
+ new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:]))
if new_serange[-1:] == ":":
new_serange = new_serange[:-1]
if add_ind:
- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
else:
- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -266,21 +265,18 @@ def chcat_replace(newcat, objects, login_ind):
if login_ind == 1:
return chcat_user_replace(newcat, objects)
errors = 0
+ # newcat[0] is the sensitivity level, newcat[1:] are the categories
if len(newcat) == 1:
- sensitivity = newcat[0]
- cmd = 'chcon -l %s ' % newcat[0]
+ new_serange = newcat[0]
else:
- sensitivity = newcat[0]
- cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1])
+ new_serange = "%s:%s" % (newcat[0], newcat[1])
for cat in newcat[2:]:
- cmd = '%s,%s' % (cmd, cat)
+ new_serange = '%s,%s' % (new_serange, cat)
- for f in objects:
- cmd = "%s %s" % (cmd, f)
-
- rc = getstatusoutput(cmd)
- if rc[0] != 0:
- print(rc[1])
+ cmd = ["chcon", "-l", new_serange] + objects
+ try:
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -384,7 +380,7 @@ def listusercats(users):
if len(users) == 0:
try:
users.append(os.getlogin())
- except:
+ except OSError:
users.append(pwd.getpwuid(os.getuid()).pw_name)
verify_users(users)
@@ -401,6 +397,7 @@ def error(msg):
print("%s: %s" % (sys.argv[0], msg))
sys.exit(1)
+
if __name__ == '__main__':
if selinux.is_selinux_mls_enabled() != 1:
error("Requires a mls enabled system")
@@ -435,7 +432,7 @@ if __name__ == '__main__':
except getopt.error as error:
errorExit(_("Options Error %s ") % error.msg)
- except ValueError as e:
+ except ValueError:
usage()
if delete_ind:
diff --git a/python/semanage/semanage b/python/semanage/semanage
index f4be9750..a192fac8 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -776,7 +776,7 @@ def setupDontauditParser(subparsers):
def handleExport(args):
- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module"]
+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
for i in manageditems:
print("%s -D" % i)
for i in manageditems:
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index c4c65621..efec0a55 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -747,7 +747,10 @@ class loginRecords(semanageRecords):
l = []
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
+ if ddict[k][1]:
+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
+ else:
+ l.append("-a -s %s %s" % (ddict[k][0], k))
return l
def list(self, heading=1, locallist=0):
@@ -1014,7 +1017,10 @@ class seluserRecords(semanageRecords):
l = []
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
+ if ddict[k][1] or ddict[k][2]:
+ l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
+ else:
+ l.append("-a -R '%s' %s" % (ddict[k][3], k))
return l
def list(self, heading=1, locallist=0):
@@ -1292,10 +1298,11 @@ class portRecords(semanageRecords):
l = []
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- if k[0] == k[1]:
- l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
+ if ddict[k][1]:
+ l.append("-a -t %s -r '%s' -p %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
else:
- l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], port))
return l
def list(self, heading=1, locallist=0):
@@ -1549,10 +1556,11 @@ class ibpkeyRecords(semanageRecords):
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- if k[0] == k[1]:
- l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
+ if ddict[k][1]:
+ l.append("-a -t %s -r '%s' -x %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
else:
- l.append("-a -t %s -x %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
+ l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], port))
return l
def list(self, heading=1, locallist=0):
@@ -1793,7 +1801,10 @@ class ibendportRecords(semanageRecords):
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- l.append("-a -t %s -r %s -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
+ if ddict[k][1]:
+ l.append("-a -t %s -r '%s' -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
+ else:
+ l.append("-a -t %s -z %s %s" % (ddict[k][0], k[1], k[0]))
return l
def list(self, heading=1, locallist=0):
@@ -2033,7 +2044,10 @@ class nodeRecords(semanageRecords):
l = []
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
+ if ddict[k][3]:
+ l.append("-a -M %s -p %s -t %s -r '%s' %s" % (k[1], k[2], ddict[k][2], ddict[k][3], k[0]))
+ else:
+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
return l
def list(self, heading=1, locallist=0):
@@ -2227,7 +2241,10 @@ class interfaceRecords(semanageRecords):
l = []
ddict = self.get_all(True)
for k in sorted(ddict.keys()):
- l.append("-a -t %s %s" % (ddict[k][2], k))
+ if ddict[k][3]:
+ l.append("-a -t %s -r '%s' %s" % (ddict[k][2], ddict[k][3], k))
+ else:
+ l.append("-a -t %s %s" % (ddict[k][2], k))
return l
def list(self, heading=1, locallist=0):
@@ -2609,7 +2626,10 @@ class fcontextRecords(semanageRecords):
fcon_dict = self.get_all(True)
for k in sorted(fcon_dict.keys()):
if fcon_dict[k]:
- l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
+ if fcon_dict[k][3]:
+ l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
+ else:
+ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
if len(self.equiv):
for target in self.equiv.keys():
diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
index 97e2342c..9fb93182 100644
--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
@@ -757,9 +757,9 @@ def p_attribute_def(p):
p[0] = a
def p_attribute_role_def(p):
- 'attribute_role_def : ATTRIBUTE_ROLE IDENTIFIER SEMI'
- a = refpolicy.Attribute_Role(p[2])
- p[0] = a
+ 'attribute_role_def : ATTRIBUTE_ROLE IDENTIFIER SEMI'
+ a = refpolicy.Attribute_Role(p[2])
+ p[0] = a
def p_typealias_def(p):
'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI'
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index cd7af7cf..fbeb731d 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -344,6 +344,8 @@ def search(types, seinfo=None):
tertypes.append(NEVERALLOW)
if AUDITALLOW in types:
tertypes.append(AUDITALLOW)
+ if DONTAUDIT in types:
+ tertypes.append(DONTAUDIT)
if len(tertypes) > 0:
q = setools.TERuleQuery(_pol,