python/sepolicy: Add sepolicy.load_store_policy(store)

load_store_policy() allows to (re)load SELinux policy based on a store name. It is useful when SELinux is disabled and default policy is not installed; or when a user wants to query or manipulate another policy. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2019-01-03 13:03:38 +01:00 · 2019-01-03 13:03:38 +01:00 · ef359c97c9
commit ef359c97c9
parent e718c2ab77
1 changed files with 12 additions and 0 deletions
--- a/python/sepolicy/sepolicy/init.py
+++ b/python/sepolicy/sepolicy/init.py
@ -129,6 +129,13 @@ def get_installed_policy(root="/"):
        pass
    raise ValueError(_("No SELinux Policy installed"))

+def get_store_policy(store, root="/"):
+    try:
+        policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store))
+        policies.sort()
+        return policies[-1]
+    except:
+        return None

 def policy(policy_file):
    global all_domains
@ -156,6 +163,11 @@ def policy(policy_file):
    except:
        raise ValueError(_("Failed to read %s policy file") % policy_file)

+def load_store_policy(store):
+    policy_file = get_store_policy(store)
+    if not policy_file:
+        return None
+    policy(policy_file)

 try:
    policy_file = get_installed_policy()