sepolicy: rearrange vars together at the top

This has no functional or code changes other than grouping lines
together for clarity.

Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2016-09-22 23:17:27 +08:00 committed by Stephen Smalley
parent a17e04436c
commit c3176aeee8

View file

@ -51,6 +51,112 @@ TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow' ROLE_ALLOW = 'role_allow'
# Autofill for adding files *************************
DEFAULT_DIRS = {}
DEFAULT_DIRS["/etc"] = "etc_t"
DEFAULT_DIRS["/tmp"] = "tmp_t"
DEFAULT_DIRS["/usr/lib/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/lib/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/etc/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/var/cache"] = "var_cache_t"
DEFAULT_DIRS["/var/lib"] = "var_lib_t"
DEFAULT_DIRS["/var/log"] = "log_t"
DEFAULT_DIRS["/var/run"] = "var_run_t"
DEFAULT_DIRS["/run"] = "var_run_t"
DEFAULT_DIRS["/run/lock"] = "var_lock_t"
DEFAULT_DIRS["/var/run/lock"] = "var_lock_t"
DEFAULT_DIRS["/var/spool"] = "var_spool_t"
DEFAULT_DIRS["/var/www"] = "content_t"
file_type_str = {}
file_type_str["a"] = _("all files")
file_type_str["f"] = _("regular file")
file_type_str["d"] = _("directory")
file_type_str["c"] = _("character device")
file_type_str["b"] = _("block device")
file_type_str["s"] = _("socket file")
file_type_str["l"] = _("symbolic link")
file_type_str["p"] = _("named pipe")
trans_file_type_str = {}
trans_file_type_str[""] = "a"
trans_file_type_str["--"] = "f"
trans_file_type_str["-d"] = "d"
trans_file_type_str["-c"] = "c"
trans_file_type_str["-b"] = "b"
trans_file_type_str["-s"] = "s"
trans_file_type_str["-l"] = "l"
trans_file_type_str["-p"] = "p"
# cache the lookup results
file_equiv_modified = None
file_equiv = None
local_files = None
fcdict = None
methods = []
all_types = None
user_types = None
role_allows = None
portrecs = None
portrecsbynum = None
all_domains = None
roles = None
selinux_user_list = None
login_mappings = None
file_types = None
port_types = None
bools = None
all_attributes = None
booleans = None
booleans_dict = None
def get_installed_policy(root="/"):
try:
path = root + selinux.selinux_binary_policy_path()
policies = glob.glob("%s.*" % path)
policies.sort()
return policies[-1]
except:
pass
raise ValueError(_("No SELinux Policy installed"))
def policy(policy_file):
global all_domains
global all_attributes
global bools
global all_types
global role_allows
global users
global roles
global file_types
global port_types
all_domains = None
all_attributes = None
bools = None
all_types = None
role_allows = None
users = None
roles = None
file_types = None
port_types = None
global _pol
try:
_policy.policy(policy_file)
except:
raise ValueError(_("Failed to read %s policy file") % policy_file)
try:
policy_file = get_installed_policy()
policy(policy_file)
except ValueError as e:
if selinux.is_selinux_enabled() == 1:
raise e
def info(setype, name=None): def info(setype, name=None):
dict_list = _policy.info(setype, name) dict_list = _policy.info(setype, name)
return dict_list return dict_list
@ -107,26 +213,6 @@ def get_conditionals_format_text(cond):
def get_types_from_attribute(attribute): def get_types_from_attribute(attribute):
return info(ATTRIBUTE, attribute)[0]["types"] return info(ATTRIBUTE, attribute)[0]["types"]
file_type_str = {}
file_type_str["a"] = _("all files")
file_type_str["f"] = _("regular file")
file_type_str["d"] = _("directory")
file_type_str["c"] = _("character device")
file_type_str["b"] = _("block device")
file_type_str["s"] = _("socket file")
file_type_str["l"] = _("symbolic link")
file_type_str["p"] = _("named pipe")
trans_file_type_str = {}
trans_file_type_str[""] = "a"
trans_file_type_str["--"] = "f"
trans_file_type_str["-d"] = "d"
trans_file_type_str["-c"] = "c"
trans_file_type_str["-b"] = "b"
trans_file_type_str["-s"] = "s"
trans_file_type_str["-l"] = "l"
trans_file_type_str["-p"] = "p"
def get_file_types(setype): def get_file_types(setype):
flist = [] flist = []
@ -209,18 +295,14 @@ def find_file(reg):
def find_all_files(domain, exclude_list=[]): def find_all_files(domain, exclude_list=[]):
all_entrypoints = []
executable_files = get_entrypoints(domain) executable_files = get_entrypoints(domain)
for exe in executable_files.keys(): for exe in executable_files.keys():
if exe.endswith("_exec_t") and exe not in exclude_list: if exe.endswith("_exec_t") and exe not in exclude_list:
for path in executable_files[exe]: for path in executable_files[exe]:
for f in find_file(path): for f in find_file(path):
return f return f
#all_entrypoints.append(f)
return None return None
#return all_entrypoints
def find_entrypoint_path(exe, exclude_list=[]): def find_entrypoint_path(exe, exclude_list=[]):
fcdict = get_fcdict() fcdict = get_fcdict()
@ -243,8 +325,6 @@ def read_file_equiv(edict, fc_path, modify):
edict[f[0]] = {"equiv": f[1], "modify": modify} edict[f[0]] = {"equiv": f[1], "modify": modify}
return edict return edict
file_equiv_modified = None
def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()): def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()):
global file_equiv_modified global file_equiv_modified
@ -254,8 +334,6 @@ def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()):
file_equiv_modified = read_file_equiv(file_equiv_modified, fc_path + ".subs", modify=True) file_equiv_modified = read_file_equiv(file_equiv_modified, fc_path + ".subs", modify=True)
return file_equiv_modified return file_equiv_modified
file_equiv = None
def get_file_equiv(fc_path=selinux.selinux_file_context_path()): def get_file_equiv(fc_path=selinux.selinux_file_context_path()):
global file_equiv global file_equiv
@ -265,8 +343,6 @@ def get_file_equiv(fc_path=selinux.selinux_file_context_path()):
file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify=False) file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify=False)
return file_equiv return file_equiv
local_files = None
def get_local_file_paths(fc_path=selinux.selinux_file_context_path()): def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
global local_files global local_files
@ -291,8 +367,6 @@ def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
pass pass
return local_files return local_files
fcdict = None
def get_fcdict(fc_path=selinux.selinux_file_context_path()): def get_fcdict(fc_path=selinux.selinux_file_context_path()):
global fcdict global fcdict
@ -431,19 +505,6 @@ def get_entrypoints(setype):
return mpaths return mpaths
def get_installed_policy(root="/"):
try:
path = root + selinux.selinux_binary_policy_path()
policies = glob.glob("%s.*" % path)
policies.sort()
return policies[-1]
except:
pass
raise ValueError(_("No SELinux Policy installed"))
methods = []
def get_methods(): def get_methods():
global methods global methods
if len(methods) > 0: if len(methods) > 0:
@ -464,8 +525,6 @@ def get_methods():
methods.sort() methods.sort()
return methods return methods
all_types = None
def get_all_types(): def get_all_types():
global all_types global all_types
@ -473,8 +532,6 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE)) all_types = map(lambda x: x['name'], info(TYPE))
return all_types return all_types
user_types = None
def get_user_types(): def get_user_types():
global user_types global user_types
@ -482,8 +539,6 @@ def get_user_types():
user_types = info(ATTRIBUTE, "userdomain")[0]["types"] user_types = info(ATTRIBUTE, "userdomain")[0]["types"]
return user_types return user_types
role_allows = None
def get_all_role_allows(): def get_all_role_allows():
global role_allows global role_allows
@ -513,9 +568,6 @@ def get_all_entrypoint_domains():
all_domains.append(m[0]) all_domains.append(m[0])
return all_domains return all_domains
portrecs = None
portrecsbynum = None
def gen_interfaces(): def gen_interfaces():
import commands import commands
@ -558,8 +610,6 @@ def gen_port_dict():
return (portrecs, portrecsbynum) return (portrecs, portrecsbynum)
all_domains = None
def get_all_domains(): def get_all_domains():
global all_domains global all_domains
@ -567,8 +617,6 @@ def get_all_domains():
all_domains = info(ATTRIBUTE, "domain")[0]["types"] all_domains = info(ATTRIBUTE, "domain")[0]["types"]
return all_domains return all_domains
roles = None
def get_all_roles(): def get_all_roles():
global roles global roles
@ -579,8 +627,6 @@ def get_all_roles():
roles.sort() roles.sort()
return roles return roles
selinux_user_list = None
def get_selinux_users(): def get_selinux_users():
global selinux_user_list global selinux_user_list
@ -590,8 +636,6 @@ def get_selinux_users():
x['range'] = "".join(x['range'].split(" ")) x['range'] = "".join(x['range'].split(" "))
return selinux_user_list return selinux_user_list
login_mappings = None
def get_login_mappings(): def get_login_mappings():
global login_mappings global login_mappings
@ -616,8 +660,6 @@ def get_all_users():
users.sort() users.sort()
return users return users
file_types = None
def get_all_file_types(): def get_all_file_types():
global file_types global file_types
@ -627,8 +669,6 @@ def get_all_file_types():
file_types.sort() file_types.sort()
return file_types return file_types
port_types = None
def get_all_port_types(): def get_all_port_types():
global port_types global port_types
@ -638,8 +678,6 @@ def get_all_port_types():
port_types.sort() port_types.sort()
return port_types return port_types
bools = None
def get_all_bools(): def get_all_bools():
global bools global bools
@ -655,23 +693,6 @@ def prettyprint(f, trim):
def markup(f): def markup(f):
return f return f
# Autofill for adding files *************************
DEFAULT_DIRS = {}
DEFAULT_DIRS["/etc"] = "etc_t"
DEFAULT_DIRS["/tmp"] = "tmp_t"
DEFAULT_DIRS["/usr/lib/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/lib/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/etc/systemd/system"] = "unit_file_t"
DEFAULT_DIRS["/var/cache"] = "var_cache_t"
DEFAULT_DIRS["/var/lib"] = "var_lib_t"
DEFAULT_DIRS["/var/log"] = "log_t"
DEFAULT_DIRS["/var/run"] = "var_run_t"
DEFAULT_DIRS["/run"] = "var_run_t"
DEFAULT_DIRS["/run/lock"] = "var_lock_t"
DEFAULT_DIRS["/var/run/lock"] = "var_lock_t"
DEFAULT_DIRS["/var/spool"] = "var_spool_t"
DEFAULT_DIRS["/var/www"] = "content_t"
def get_description(f, markup=markup): def get_description(f, markup=markup):
@ -765,8 +786,6 @@ def get_description(f, markup=markup):
return txt + "treat the files as %s data." % prettyprint(f, "_t") return txt + "treat the files as %s data." % prettyprint(f, "_t")
all_attributes = None
def get_all_attributes(): def get_all_attributes():
global all_attributes global all_attributes
@ -775,38 +794,6 @@ def get_all_attributes():
return all_attributes return all_attributes
def policy(policy_file):
global all_domains
global all_attributes
global bools
global all_types
global role_allows
global users
global roles
global file_types
global port_types
all_domains = None
all_attributes = None
bools = None
all_types = None
role_allows = None
users = None
roles = None
file_types = None
port_types = None
try:
_policy.policy(policy_file)
except:
raise ValueError(_("Failed to read %s policy file") % policy_file)
try:
policy_file = get_installed_policy()
policy(policy_file)
except ValueError as e:
if selinux.is_selinux_enabled() == 1:
raise e
def _dict_has_perms(dict, perms): def _dict_has_perms(dict, perms):
for perm in perms: for perm in perms:
if perm not in dict[PERMS]: if perm not in dict[PERMS]:
@ -849,8 +836,6 @@ def get_bools(setype):
bools.append((b[0], enabled)) bools.append((b[0], enabled))
return (domainbools, bools) return (domainbools, bools)
booleans = None
def get_all_booleans(): def get_all_booleans():
global booleans global booleans
@ -858,8 +843,6 @@ def get_all_booleans():
booleans = selinux.security_get_boolean_names()[1] booleans = selinux.security_get_boolean_names()[1]
return booleans return booleans
booleans_dict = None
def policy_xml(path="/usr/share/selinux/devel/policy.xml"): def policy_xml(path="/usr/share/selinux/devel/policy.xml"):
try: try: