* [PATCH 1/2] sepolicy: ignore comments and empty lines in file_contexts.subs_dist
@ 2017-09-24 17:04 Nicolas Iooss
2017-09-24 17:04 ` [PATCH 2/2] sepolicy: support non-MLS policy in gui Nicolas Iooss
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Iooss @ 2017-09-24 17:04 UTC (permalink / raw)
To: selinux
In refpolicy, file_contexts.subs_dist begins with comments:
# This file can is used to configure base path aliases as in:
#
# /aliased_path /original_path_as_configured_in_file_contexts
#
The first line gets parsed in read_file_equiv even though it is not a
valid path substitution and the second line triggers an exception when
accessing f[1]:
IndexError: list index out of range
Parse substitutions only for lines which are not comment.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/sepolicy/sepolicy/__init__.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index d41fc6ae1543..bf2494a813c8 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -526,10 +526,10 @@ def find_entrypoint_path(exe, exclude_list=[]):
def read_file_equiv(edict, fc_path, modify):
try:
with open(fc_path, "r") as fd:
- fc = fd.readlines()
- for e in fc:
+ for e in fd:
f = e.split()
- edict[f[0]] = {"equiv": f[1], "modify": modify}
+ if f and not f[0].startswith('#'):
+ edict[f[0]] = {"equiv": f[1], "modify": modify}
except OSError as e:
if e.errno != errno.ENOENT:
raise
--
2.14.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] sepolicy: support non-MLS policy in gui
2017-09-24 17:04 [PATCH 1/2] sepolicy: ignore comments and empty lines in file_contexts.subs_dist Nicolas Iooss
@ 2017-09-24 17:04 ` Nicolas Iooss
2017-09-25 17:10 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Iooss @ 2017-09-24 17:04 UTC (permalink / raw)
To: selinux
Several "sepolic gui" tabs raise exceptions when using a policy without
MLS because some dictionaries describing users and logins lack level and
range properties. Use conditions and get() where appropriate in order
to make "sepolicy gui" usable again with a non-MLS policy.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/sepolicy/sepolicy/__init__.py | 5 +++--
python/sepolicy/sepolicy/gui.py | 31 +++++++++++++++++++------------
2 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index bf2494a813c8..89346aba0b15 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -879,8 +879,9 @@ def get_selinux_users():
global selinux_user_list
if not selinux_user_list:
selinux_user_list = list(info(USER))
- for x in selinux_user_list:
- x['range'] = "".join(x['range'].split(" "))
+ if _pol.mls:
+ for x in selinux_user_list:
+ x['range'] = "".join(x['range'].split(" "))
return selinux_user_list
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 007c94a71c08..6562aa850c98 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -907,8 +907,8 @@ class SELinuxGui():
if "object_r" in roles:
roles.remove("object_r")
self.user_liststore.set_value(iter, 1, ", ".join(roles))
- self.user_liststore.set_value(iter, 2, u["level"])
- self.user_liststore.set_value(iter, 3, u["range"])
+ self.user_liststore.set_value(iter, 2, u.get("level", ""))
+ self.user_liststore.set_value(iter, 3, u.get("range", ""))
self.user_liststore.set_value(iter, 4, True)
self.ready_mouse()
@@ -1755,14 +1755,14 @@ class SELinuxGui():
if self.login_mls_entry.get_text() == "":
for u in sepolicy.get_selinux_users():
if seuser == u['name']:
- self.login_mls_entry.set_text(u['range'])
+ self.login_mls_entry.set_text(u.get('range', ''))
def user_roles_combobox_change(self, combo, *args):
serole = self.combo_get_active_text(combo)
if self.user_mls_entry.get_text() == "":
for u in sepolicy.get_all_roles():
if serole == u['name']:
- self.user_mls_entry.set_text(u['range'])
+ self.user_mls_entry.set_text(u.get('range', ''))
def get_selected_iter(self):
iter = None
@@ -1973,7 +1973,10 @@ class SELinuxGui():
self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
else:
iter = self.liststore.append(None)
- self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+ if mls_range or level:
+ self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+ else:
+ self.cur_dict["user"][name] = {"action": "-a", "role": roles}
self.liststore.set_value(iter, 0, name)
self.liststore.set_value(iter, 1, roles)
@@ -2089,8 +2092,8 @@ class SELinuxGui():
user_dict = self.cust_dict["user"]
for user in user_dict:
roles = user_dict[user]["role"]
- mls = user_dict[user]["range"]
- level = user_dict[user]["level"]
+ mls = user_dict[user].get("range", "")
+ level = user_dict[user].get("level", "")
iter = self.user_delete_liststore.append()
self.user_delete_liststore.set_value(iter, 1, user)
self.user_delete_liststore.set_value(iter, 2, roles)
@@ -2104,7 +2107,7 @@ class SELinuxGui():
login_dict = self.cust_dict["login"]
for login in login_dict:
seuser = login_dict[login]["seuser"]
- mls = login_dict[login]["range"]
+ mls = login_dict[login].get("range", "")
iter = self.login_delete_liststore.append()
self.login_delete_liststore.set_value(iter, 1, seuser)
self.login_delete_liststore.set_value(iter, 2, login)
@@ -2268,7 +2271,7 @@ class SELinuxGui():
self.update_treestore.set_value(niter, 3, False)
roles = self.cur_dict["user"][user]["role"]
self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles)
- mls = self.cur_dict["user"][user]["range"]
+ mls = self.cur_dict["user"][user].get("range", "")
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2293,7 +2296,7 @@ class SELinuxGui():
self.update_treestore.set_value(niter, 3, False)
seuser = self.cur_dict["login"][login]["seuser"]
self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser)
- mls = self.cur_dict["login"][login]["range"]
+ mls = self.cur_dict["login"][login].get("range", "")
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2487,14 +2490,18 @@ class SELinuxGui():
for l in self.cur_dict[k]:
if self.cur_dict[k][l]["action"] == "-d":
update_buffer += "login -d %s\n" % l
- else:
+ elif "range" in self.cur_dict[k][l]:
update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l)
+ else:
+ update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l)
if k in "user":
for u in self.cur_dict[k]:
if self.cur_dict[k][u]["action"] == "-d":
update_buffer += "user -d %s\n" % u
- else:
+ elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]:
update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
+ else:
+ update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u)
if k in "fcontext-equiv":
for f in self.cur_dict[k]:
--
2.14.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] sepolicy: support non-MLS policy in gui
2017-09-24 17:04 ` [PATCH 2/2] sepolicy: support non-MLS policy in gui Nicolas Iooss
@ 2017-09-25 17:10 ` Stephen Smalley
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2017-09-25 17:10 UTC (permalink / raw)
To: Nicolas Iooss, selinux
On Sun, 2017-09-24 at 19:04 +0200, Nicolas Iooss wrote:
> Several "sepolic gui" tabs raise exceptions when using a policy
> without
> MLS because some dictionaries describing users and logins lack level
> and
> range properties. Use conditions and get() where appropriate in order
> to make "sepolicy gui" usable again with a non-MLS policy.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Thanks, applied both.
> ---
> python/sepolicy/sepolicy/__init__.py | 5 +++--
> python/sepolicy/sepolicy/gui.py | 31 +++++++++++++++++++-------
> -----
> 2 files changed, 22 insertions(+), 14 deletions(-)
>
> diff --git a/python/sepolicy/sepolicy/__init__.py
> b/python/sepolicy/sepolicy/__init__.py
> index bf2494a813c8..89346aba0b15 100644
> --- a/python/sepolicy/sepolicy/__init__.py
> +++ b/python/sepolicy/sepolicy/__init__.py
> @@ -879,8 +879,9 @@ def get_selinux_users():
> global selinux_user_list
> if not selinux_user_list:
> selinux_user_list = list(info(USER))
> - for x in selinux_user_list:
> - x['range'] = "".join(x['range'].split(" "))
> + if _pol.mls:
> + for x in selinux_user_list:
> + x['range'] = "".join(x['range'].split(" "))
> return selinux_user_list
>
>
> diff --git a/python/sepolicy/sepolicy/gui.py
> b/python/sepolicy/sepolicy/gui.py
> index 007c94a71c08..6562aa850c98 100644
> --- a/python/sepolicy/sepolicy/gui.py
> +++ b/python/sepolicy/sepolicy/gui.py
> @@ -907,8 +907,8 @@ class SELinuxGui():
> if "object_r" in roles:
> roles.remove("object_r")
> self.user_liststore.set_value(iter, 1, ", ".join(roles))
> - self.user_liststore.set_value(iter, 2, u["level"])
> - self.user_liststore.set_value(iter, 3, u["range"])
> + self.user_liststore.set_value(iter, 2, u.get("level",
> ""))
> + self.user_liststore.set_value(iter, 3, u.get("range",
> ""))
> self.user_liststore.set_value(iter, 4, True)
> self.ready_mouse()
>
> @@ -1755,14 +1755,14 @@ class SELinuxGui():
> if self.login_mls_entry.get_text() == "":
> for u in sepolicy.get_selinux_users():
> if seuser == u['name']:
> - self.login_mls_entry.set_text(u['range'])
> + self.login_mls_entry.set_text(u.get('range',
> ''))
>
> def user_roles_combobox_change(self, combo, *args):
> serole = self.combo_get_active_text(combo)
> if self.user_mls_entry.get_text() == "":
> for u in sepolicy.get_all_roles():
> if serole == u['name']:
> - self.user_mls_entry.set_text(u['range'])
> + self.user_mls_entry.set_text(u.get('range', ''))
>
> def get_selected_iter(self):
> iter = None
> @@ -1973,7 +1973,10 @@ class SELinuxGui():
> self.cur_dict["user"][name] = {"action": "-m", "range":
> mls_range, "level": level, "role": roles, "oldrange": oldrange,
> "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
> else:
> iter = self.liststore.append(None)
> - self.cur_dict["user"][name] = {"action": "-a", "range":
> mls_range, "level": level, "role": roles}
> + if mls_range or level:
> + self.cur_dict["user"][name] = {"action": "-a",
> "range": mls_range, "level": level, "role": roles}
> + else:
> + self.cur_dict["user"][name] = {"action": "-a",
> "role": roles}
>
> self.liststore.set_value(iter, 0, name)
> self.liststore.set_value(iter, 1, roles)
> @@ -2089,8 +2092,8 @@ class SELinuxGui():
> user_dict = self.cust_dict["user"]
> for user in user_dict:
> roles = user_dict[user]["role"]
> - mls = user_dict[user]["range"]
> - level = user_dict[user]["level"]
> + mls = user_dict[user].get("range", "")
> + level = user_dict[user].get("level", "")
> iter = self.user_delete_liststore.append()
> self.user_delete_liststore.set_value(iter, 1, user)
> self.user_delete_liststore.set_value(iter, 2, roles)
> @@ -2104,7 +2107,7 @@ class SELinuxGui():
> login_dict = self.cust_dict["login"]
> for login in login_dict:
> seuser = login_dict[login]["seuser"]
> - mls = login_dict[login]["range"]
> + mls = login_dict[login].get("range", "")
> iter = self.login_delete_liststore.append()
> self.login_delete_liststore.set_value(iter, 1,
> seuser)
> self.login_delete_liststore.set_value(iter, 2,
> login)
> @@ -2268,7 +2271,7 @@ class SELinuxGui():
> self.update_treestore.set_value(niter, 3, False)
> roles = self.cur_dict["user"][user]["role"]
> self.update_treestore.set_value(niter, 1, (_("Roles:
> %s")) % roles)
> - mls = self.cur_dict["user"][user]["range"]
> + mls = self.cur_dict["user"][user].get("range", "")
> niter = self.update_treestore.append(iter)
> self.update_treestore.set_value(niter, 3, False)
> self.update_treestore.set_value(niter, 1, _("MLS/MCS
> Range: %s") % mls)
> @@ -2293,7 +2296,7 @@ class SELinuxGui():
> self.update_treestore.set_value(niter, 3, False)
> seuser = self.cur_dict["login"][login]["seuser"]
> self.update_treestore.set_value(niter, 1, (_("SELinux
> User: %s")) % seuser)
> - mls = self.cur_dict["login"][login]["range"]
> + mls = self.cur_dict["login"][login].get("range", "")
> niter = self.update_treestore.append(iter)
> self.update_treestore.set_value(niter, 3, False)
> self.update_treestore.set_value(niter, 1, _("MLS/MCS
> Range: %s") % mls)
> @@ -2487,14 +2490,18 @@ class SELinuxGui():
> for l in self.cur_dict[k]:
> if self.cur_dict[k][l]["action"] == "-d":
> update_buffer += "login -d %s\n" % l
> - else:
> + elif "range" in self.cur_dict[k][l]:
> update_buffer += "login %s -s %s -r %s %s\n"
> % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"],
> self.cur_dict[k][l]["range"], l)
> + else:
> + update_buffer += "login %s -s %s %s\n" %
> (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l)
> if k in "user":
> for u in self.cur_dict[k]:
> if self.cur_dict[k][u]["action"] == "-d":
> update_buffer += "user -d %s\n" % u
> - else:
> + elif "level" in self.cur_dict[k][u] and "range"
> in self.cur_dict[k][u]:
> update_buffer += "user %s -L %s -r %s -R %s
> %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"],
> self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
> + else:
> + update_buffer += "user %s -R %s %s\n" %
> (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u)
>
> if k in "fcontext-equiv":
> for f in self.cur_dict[k]:
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-25 17:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-24 17:04 [PATCH 1/2] sepolicy: ignore comments and empty lines in file_contexts.subs_dist Nicolas Iooss
2017-09-24 17:04 ` [PATCH 2/2] sepolicy: support non-MLS policy in gui Nicolas Iooss
2017-09-25 17:10 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.