eaiovnaovbqoebvqoeavibavo 3 Elf @s(ddlZejddddlmZddlmZddlmZddlmZddlZddl Z ddl Z ddl m Z m Z m Z ddlZ ddlZ ddlZddlZddlZddlZd Zy:ddlZiZejd0krd ed <ejefd ddeWnLyddlZeejd<Wn(ek r$ddlZeejd<YnXYnXiZxe j D]Z!e!ee j e!<q8We"de"dgZ#e"de"dgZ$ddZ%ddl&Z'e"de"dfZ(e"de"dfZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4d Z5dZ6dZ7dZ8d Z9d!Z:d"Z;d#d$d%d&d'd(d)d*d+g Ze?d/kr$e>Z@dS)1NGtkz3.0)r)Gdk)GLib) SELinuxDBus)DISABLED PERMISSIVE ENFORCINGzselinux-pythonTunicodez/usr/share/localezutf-8)Z localedirZcodeset_ZNoZYesZDisableZEnablecCs<|dkr|dkrdS|dkr dS|dkr,dS||k||kS)Nr)abrr/usr/lib/python3.6/gui.pycmpFsrz Advanced >>z Advanced <>zAdvanced Search < To change from Disabled to Enforcing mode - Change the system mode from Disabled to Permissive - Reboot, so that the system can relabel - Once the system is working as planned * Change the system mode to Enforcing c@seZdZd%ddZddZddZd d Zd d Zd dZddZ ddZ ddZ ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Zd9d:Zd;d<Zd=d>Z d?d@Z!dAdBZ"dCdDZ#dEdFZ$dGdHZ%dIdJZ&dKdLZ'dMdNZ(dOdPZ)dQdRZ*dSdTZ+dUdVZ,dWdXZ-dYdZZ.d[d\Z/d]d^Z0d_d`Z1dadbZ2dcddZ3dedfZ4dgdhZ5didjZ6dkdlZ7dmdnZ8dodpZ9dqdrZ:dsdtZ;dudvZd{d|Z?d}d~Z@ddZAddZBddZCddZDddZEddZFddZGddZHddZIddZJddZKddZLddZMddZNddZOddZPddZQddZRddZSddZTddZUddZVddZWddZXddZYddZZddZ[ddZ\ddZ]ddZ^ddZ_ddZ`ddZad&ddÄZbddńZcddDŽZdddɄZedd˄Zfdd̈́ZgddτZhddфZiddӄZjddՄZkddׄZlddلZmddۄZndd݄Zodd߄ZpddZqddZrddZsddZtddZuddZvddZwddZxddZyddZzddZ{ddZ|ddZ}ddZ~ddZddZddZddZddZddZdd Zd d Zd d ZddZddZddZd'ddZddZddZddZddZdd Zd!d"Zd#d$ZdS(( SELinuxGuiNFcQCsd|_d|_t|_t|_y|jj}Wn6tjjk r^}zt ||j WYdd}~XnX|j ||_ d|_ tj}tjjddd|_|jd}|j||jd|_|jd|_|jd |_|jd |_d |_|jd |_|jd |_tjtjj |_!tjtjj"|_#t$j%d|_&d|_'d|_(d|_)d|_*d|_+d|_,g|_-g|_.i|_/|jd|_0|jd|_1|jd|_2d|_3|jd|_4|jd|_5|j5j6|j7|jd|_8|jd|_9|jd|_:d|_;|jd|_<|jd|_=|jd|_>|jd|_?|jd|_@|jd|_A|jd|_B|jd|_C|jd|_D|jDjEd tjFjG|jd |_H|jHj6|j7|jd!|_I|jd"|_J|jd#|_K|jd$|_L|jd%|_M|jd&|_N|jNjEd tjFjG|jd'|_O|jOj6|j7|jd(|_P|jd)|_Q|jd*|_R|jd+|_S|jd,|_T|jd-|_U|jd.|_V|jd/|_W|jd0|_X|jd1|_Y|jd2|_Z|jd3|_[|jd4|_\|jd5|_]|jd6|_^|jd7|__|jd8|_`|j`jEd tjFjG|jd9|_a|jd:|_b|jbj6|j7|jd;|_c|jd<|_d|jd=|_e|jd>|_f|jd?|_g|jd@|_h|jdA|_i|jdB|_j|jdC|_k|jdD|_l|jdE|_m|jdF|_n|jdG|_o|jdH|_p|jdI|_q|jdJ|_r|jdK|_s|jdL|_tg|_u|jvdMkr|jkjwd|jmjwd|jtjwd|jdN|_x|jdO|_y|jdP|_z|j{|jdQ|_||jdR|_}|jdS|_~|jdT|_|jdU|_|jdV|_|jdW|_|jdX|_|jdY|_|jdZ|_|jd[|_|jd\|_|jd]|_|jd^|_|jd_|_|jd`|_|jda|_|jdb|_|jdc|_|jdd|_|jde|_|jdf|_|jdg|_|jdh|_|jdi|_|jdj|_|jdk|_|jdl|_|jdm|_|jdn|_|jdo|_|jdp|_|jdq|_|jdr|_|jds|_|jdt|_|jdu|_|jdv|_|jdw|_|jdx|_|jdy|_|jdz|_|jd{|_|jd||_|jd}|_|jd~|_|jjd|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jj6|j7|jd|_|jj|_|jd|_|jjEd tjFjG|jd|_|jj|_|jd|_|jd|_|jjEd tjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jd|_|jj6|j7|jd|_|jj|_|jd|_|jjEd tjFjG|jd|_|jj|_|jd|_|jj|_|jd|_|jd|_|jjEd tjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jd|_|jjEd tjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jd|_|jjEdMtjFjG|jd|_|jj6|j7|jd|_|jd|_|jd|_|jd|_|j|_|jj|_|jd|_|jd|_|jjEdtjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jj|_|jd|_|jd|_|jjEdMtjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jd|_|jjEd tjFjG|jd|_|jj6|j7|jd|_|jj|_|jd|_|jd|_|jd|_|jd|_|jjd |jjd |jj|jd|jj|j|jjd tj|jd|_|jd|_|jd|_|jd|_|jd|_|jjd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jjd|j|j|jdÃ|_|jjd|j|jc|jdă|_|jjd|j|jY|jdŃ|_|jjd|j|jJ|jdƃ|_ |j jd|j|j|jdǃ|_ |jd|_|jdȃ|_ |jdɃ|_ |jdʃ|_ |jd˃}|j jd|j|jg|_|jjd|j|jԃd|_d}|rddg|_-|r$||j-kr$|j-j|ntj|_-|j-jtjd΍|rj||j-krj|jtdσ||j |jt|j-} tj} x|j-D]} |j| | tt|jt| |_|jj|j|jj |j|j!xH| j"| gD]6} tj#| }|r|j|| |j.j|qW|jd7_qW|j$|jj%|j|j:j%|j8|j&|j'|j(|j)|j*|j+|j,|j-|j.|j/|j0|j1|j2|j3|j4|j5|j6|j7|j8|j9|j:|j;|j<|j=|j>|j?|j@|jA|jB|jC|jD|jE|j1|jF|jG|jH|jI|jJ|jJ|jK|jL|jM|jN|jO|jP|jQ|jR|jS|jT|jU|jV|jH|jW|jX|jY|jZ|j[|j\|j\|j\|j]|j^|j_|j7|j`|jadМB} |jb||jc| |jjtdjed|jf|jfd|_g|jj$|jj$|jhtikr|jjnV|j r|jjk|j |jjl|j |jm|j`n|jn|jjot|jpd|_tjqdS)NFT)Z plat_specificz /sepolicy/zsepolicy.gladeouter_notebookZSELinux_windowZMain_selection_menumain_advanced_labelrapplications_selection_buttonZ Revert_buttonr Zadd_path_dialogerror_check_windowerror_check_labeladvanced_search_windowZadvanced_filterZ advanced_sortadvanced_filter_entryadvanced_search_treeviewZ Login_labellogin_seuser_comboboxZlogin_seuser_liststorelogin_name_entrylogin_mls_labellogin_mls_entryZ Login_buttonlogin_treeviewlogin_liststore login_filterlogin_popup_windowlogin_delete_liststorelogin_delete_windowuser_popup_windowZ User_buttonuser_liststore user_filter user_treeviewuser_roles_comboboxZuser_roles_liststoreZ User_labeluser_name_entryuser_mls_labeluser_mls_level_entryuser_mls_entryZselinux_user_comboboxuser_delete_liststoreuser_delete_windowfile_equiv_labelfile_equiv_source_entryfile_equiv_dest_entryZfile_equiv_buttonfile_equiv_treeviewfile_equiv_liststorefile_equiv_popup_windowZfile_equiv_filterfile_equiv_delete_liststorefile_equiv_delete_windowapp_system_buttonZ System_buttonZLockdown_buttonZ Systems_boxZRelabel_buttonZRelabel_button_noadvanced_systemouter_notebook_frameZsystem_policy_type_labelselect_button_browsecancel_button_browsemoreTypes_window_filesZmore_types_file_liststoreZmoreTypes_treeview_filessystem_policy_type_liststoresystem_policy_type_comboboxrZEnforcing_button_defaultZPermissive_button_defaultZDisabled_button_defaultZenable_unconfinedZdisable_unconfinedZenable_permissiveZdisable_permissiveZ enable_ptraceZdisable_ptrace help_windowZ help_textv info_text help_imageforward_button back_button update_windowupdate_treeviewZUpdate_treestore apply_buttonZ Update_buttonZ Add_buttonZ Delete_buttonfiles_path_entrynetwork_ports_entryfiles_popup_windownetwork_popup_windowZ Network_labelZ files_labelZmake_path_recursiveZfiles_type_combo_storeZfiles_class_combo_storefiles_type_comboboxfiles_class_comboboxfiles_mls_labelfiles_mls_entryZAdvanced_text_filesZcancel_delete_filesZ tcp_buttonZ udp_buttonZnetwork_type_combo_storeZnetwork_type_comboboxnetwork_mls_labelnetwork_mls_entryZAdvanced_text_networkZcancel_network_deleteZShow_mislabeled_filesmislabeled_files_label warning_filesZ Modify_buttonfix_label_windowfixlabel_labelfix_label_cancelfiles_delete_windowfiles_delete_treeviewfiles_delete_liststorenetwork_delete_windownetwork_delete_treeviewnetwork_delete_liststore progress_barZExecutable_files_treeviewexecutable_files_filterZExecutable_files_tabZexecutable_files_treestoreZ files_buttonZWritable_files_treeviewZwritable_files_treestorewritable_files_filterZWritable_files_tabZApplication_files_treeviewapplication_files_filterZApplication_files_tabZapplication_files_treestoreZnetwork_buttonZoutbound_treeviewnetwork_out_liststorenetwork_out_filternetwork_out_tabZinbound_treeviewnetwork_in_liststorenetwork_in_filternetwork_in_tabZBoolean_treeviewboolean_liststoreboolean_filterZbooleans_more_detail_windowZbooleans_more_detail_treeviewZbooleans_more_detail_liststoreZBooleans_buttontransitions_into_treeviewtransitions_into_liststoretransitions_into_filterZTransitions_into_tabZTransitions_buttontransitions_from_treeviewtransitions_from_treestoretransitions_from_filterZTransitions_from_tabZfile_transitions_treeviewZfile_transitions_liststoreZfile_transitions_filterZfile_transitionsZ combobox_orgapplication_liststorecompletion_entryentrycompletion_objZShow_modified_only_toggleZEnforcing_labelZEnforcing_buttonZPermissive_button status_barzSELinux status filter_entry filter_boxadd_modify_delete_boxZactivateZfiles_toggle_deleteZtoggledZfile_equiv_toggle_delete1Zuser_toggle_deleteZlogin_toggle_deleteZnetwork_toggle_deleteZ toggle_updateZfiles_inner_notebookZnetwork_inner_notebookZtransitions_inner_notebook loading_guiZhttpd_tZabrt_t)keyz%s is not a valid domain)BZon_combo_button_clickedZon_disable_ptrace_toggledZ!on_SELinux_window_configure_eventZ%on_entrycompletion_obj_match_selectedZon_filter_changedZ"on_save_changes_file_equiv_clickedZon_save_changes_login_clickedZon_save_changes_user_clickedZon_save_changes_files_clickedZon_save_changes_network_clickedZ)on_Advanced_text_files_button_press_eventZitem_in_tree_selectedZ2on_Application_file_types_treeview_configure_eventon_save_delete_clickedZ)on_moreTypes_treeview_files_row_activatedZon_retry_button_files_clickedZon_make_path_recursive_toggledZ&on_files_path_entry_button_press_eventZon_files_path_entry_changedZon_select_type_files_clickedZon_choose_fileZon_Enforcing_button_toggledZon_confirmation_closeZon_column_clickedZ on_tab_switchZon_file_equiv_button_clickedzon_app/system_button_clickedzon_app/users_button_clickedon_show_advanced_search_windowZ on_Show_mislabeled_files_toggledZon_Browse_button_files_clickedZon_cancel_popup_clickedZon_treeview_cursor_changedZ on_login_seuser_combobox_changedZon_user_roles_combobox_changedZon_cancel_button_browse_clickedZon_apply_button_clickedZon_Revert_button_clickedZon_Update_button_clickedZ on_advanced_filter_entry_changedZ)on_advanced_search_treeview_row_activatedZ!on_Select_advanced_search_clickedZ!on_info_button_button_press_eventZon_back_button_clickedZon_forward_button_clickedZ#on_Boolean_treeview_columns_changedZon_completion_entry_changedZon_Add_button_clickedZon_Delete_button_clickedZon_Modify_button_clickedZon_Show_modified_only_toggledZon_cancel_button_config_clickedZon_Import_button_clickedZon_Export_button_clickedZon_enable_unconfined_toggledZon_enable_permissive_toggledZ&on_system_policy_type_combobox_changedZ#on_Enforcing_button_default_toggledZ$on_Permissive_button_default_toggledZ"on_Disabled_button_default_toggledZon_Relabel_button_toggled_cbZ%on_advanced_system_button_press_eventZon_files_type_combobox_changedZon_filter_row_changedZon_button_toggledZ gtk_main_quitr(r finish_initZ advanced_init START_PAGEopagerdbus customized exceptions DBusExceptionprintquitinit_cur application filter_txtrZBuilder distutils sysconfigZget_python_lib code_pathZ add_from_fileZ get_objectr$windowmain_selection_windowr%popupr& revert_buttonrZCursorZ CursorTypeZWATCH busy_cursorZLEFT_PTR ready_cursorselinuxselinux_getpolicytype initialtype current_popup import_export clear_entry files_add network_addmislabeled_filesZ all_domainsZinstalled_listZpreviously_modified file_dialogr'r(Z invalid_entryr)advanced_search_filterZset_visible_funcfilter_the_dataZadvanced_search_sortr*r+Zadvanced_search login_labelr,login_seuser_combolistr-r.r/login_radio_buttonr0r1Zset_sort_column_idZSortTypeZ ASCENDINGr2r3r4r5r6user_radio_buttonr7r8r9r:user_roles_combolist user_labelr;r<r=r>Z user_comboboxr?r@rArBrCfile_equiv_radio_buttonrDrErFZfile_equiv_treefilterrGrHrIsystem_radio_buttonlockdown_radio_buttonZ systems_boxrelabel_buttonrelabel_button_norJrKsystem_policy_labelrLrMrNmore_types_files_liststoremoreTypes_treeviewrOrPZ policy_listpopulate_system_policy set_visibleenforcing_button_defaultpermissive_button_defaultdisabled_button_defaultinitialize_system_default_modeenable_unconfined_buttondisable_unconfined_buttonenable_permissive_buttondisable_permissive_buttonZenable_ptrace_buttondisable_ptrace_buttonrQ help_textrRrSrTrUrVrWupdate_treestorerX update_button add_button delete_buttonrYrZr[r\popup_network_labelpopup_files_labelrecursive_path_togglefiles_type_combolistfiles_class_combolistr]r^r_r`advanced_text_filesZfiles_cancel_buttonnetwork_tcp_buttonnetwork_udp_buttonnetwork_port_type_combolistnetwork_port_type_comboboxrarbadvanced_text_networkZnetwork_cancel_buttonshow_mislabeled_files_onlyrcrd modify_button set_sensitivererfrgrhrirjrkrlrmrnexecutable_files_treeviewroexecutable_files_tabZget_tooltip_textZ executable_files_tab_tooltip_txtexecutable_files_liststorefiles_radio_buttonZfiles_button_tooltip_txtwritable_files_treeviewwritable_files_liststorerpwritable_files_tabZwritable_files_tab_tooltip_txtapplication_files_treeviewrqapplication_files_tabZ!application_files_tab_tooltip_txtapplication_files_liststorenetwork_radio_buttonZnetwork_button_tooltip_txtnetwork_out_treeviewrrrsrtZnetwork_out_tab_tooltip_txtnetwork_in_treeviewrurvrwZnetwork_in_tab_tooltip_txtboolean_treeviewrxryboolean_more_detail_windowZboolean_more_detail_treeview!boolean_more_detail_tree_data_setboolean_radio_button active_buttonZboolean_button_tooltip_txtrzr{r|transitions_into_tabZ transitions_into_tab_tooltip_txttransitions_radio_buttonZtransitions_button_tooltip_txtr}r~rtransitions_from_tabZ transitions_from_tab_tooltip_txttransitions_file_treeviewtransitions_file_liststoreZtransitions_file_filtertransitions_file_tabZ transitions_file_tab_tooltip_txtZ combobox_menurrrZset_minimum_key_lengthZset_text_columnZset_match_func match_funcZset_completionZset_icon_from_stockZ STOCK_FINDshow_modified_onlycurrent_status_labelcurrent_status_enforcingcurrent_status_permissiverZget_context_id context_idrrrcellZdel_cell_filesconnecton_toggle_updateZdel_cell_files_equivZ del_cell_userZdel_cell_loginZdel_cell_networkZ update_cellinner_notebook_filesinner_notebook_networkinner_notebook_transitionsZ all_entries on_toggleZloadingappendsepolicyZget_all_domainssortstrlowererrorr showlenZget_init_entrypoints_str combo_box_addfloatZ percentageZ set_fractionZset_pulse_step idle_funcgetZfind_entrypoint_pathhideZ set_modelopen_combo_menuon_disable_ptracehide_combo_menuset_application_labelget_filter_dataupdate_to_file_equivupdate_to_loginupdate_to_userupdate_to_filesupdate_to_networkreveal_advancedcursor_changed resize_wraprpopulate_type_comboinvalid_entry_retryrecursive_pathhighlight_entry_textautofill_add_files_entryselect_type_moreon_browse_select set_enforceconfirmation_closecolumn_clicked clear_filtersshow_file_equiv_pagesystem_interfaceusers_interfacershow_mislabeled_filesbrowse_for_files close_popuplogin_seuser_combobox_changeuser_roles_combobox_changeclose_config_windowapply_changes_button_pressupdate_or_revert_changesget_advanced_filter_dataadvanced_item_selectedadvanced_item_button_pushon_help_buttonon_help_back_clickedon_help_forward_clickedresize_columnsapplication_selectedadd_button_clickeddelete_button_clickedmodify_button_clickedon_show_modified_onlyimport_config_showexport_config_showunconfined_togglepermissive_togglechange_default_policychange_default_moderelabel_on_rebootreveal_advanced_systemshow_more_types tab_change closewindowpreviously_modified_initializeZconnect_signalsrZtimeout_add_secondsselinux_statuslockdown_initedstatusrshow_system_page set_labelset_textshow_applications_page clearbuttonsset_current_pagereinitmain)selfappZtestreZbuilderZ glade_filerpathlengthZentrypoint_dictdomainZ entrypointdicrrr__init__us                                                                                                                                                                                                                 "            zSELinuxGui.__init__cCs"i|_xtD]}i|j|<q WdS)N)cur_dictkeys)rPkrrrrss zSELinuxGui.init_curcCsLd}xB|jD]8}x2|j|D]$}||kr8|j||=dS|d7}qWq WdS)Nrr )rX)rPctrirZjrrr remove_curxs  zSELinuxGui.remove_curc Csytj|_Wntk r(t|_YnX|jtkr|jjd|jjd|jjd|j jd|j j |j t d|jjtn |j|jtjjdr|jjdn |jjdtjd}tjd}|tkr|j jd|tkr|jjd|tkr|jjddS)NFzSystem Status: Disabledz /.autorelabelTr )rZsecurity_getenforcerGOSErrorrrrrrrrpushrr rRrI DISABLED_TEXTset_enforce_textosrSexistsr set_activerrselinux_getenforcemoderrrr)rPZ policytypemoderrrrEs0               zSELinuxGui.selinux_statuscCs|jr dS|jd|_|jjtjdi|_xN|jjj dD]:}|j }t |dkr\qB|dt |dkd|j|d<qBW|j j|jdd  |j j|jd d  |j dS) NTZ deny_ptrace r r)ZpriorityDisabledr unconfinedripermissivedomains)rF wait_mouserrerZsecurity_get_boolean_activeZ module_dictrZ semodule_listsplitrrr ready_mouse)rPmmodrrr lockdown_inits $zSELinuxGui.lockdown_initcGs|j}|sdS|jtkr4|jdkr4|j|j||jtkrp|jj|d}|jdkrp|rp|j |jj|d|jt kr|jj|d}|r|j j |j j|dS)NZmore_detail_colr Zrestorecon_colrr )get_selected_iterr BOOLEANS_PAGEZget_namedisplay_more_detailr FILES_PAGE liststore get_valuefix_mislabeledTRANSITIONS_PAGErZclickedrrJ)rPtreeviewZtreepathZtreecolargsiterZvisibleZ bool_namerrrr s     zSELinuxGui.column_clickedcCsxtjrtjqWdS)N)rZevents_pendingZmain_iteration)rPrrrrs zSELinuxGui.idle_funcc Cs:y |jj|dj|dkrdSdStk r4YnXdS)Nrr TFr )rrwfindAttributeError)rPZ completionZ key_stringr|Z func_datarrrrs zSELinuxGui.match_funcc Cs|jj|jdk|jj|jt|jdky0td|j|j|jfd}|j}|j Wnt k rvd}YnX|j j }|j |d|ji|j j||jjd|j|j|jf|j|jdS)Nrr z %shelp/%s.txtrr#APPz %shelp/%s.png)rUr help_pagerTr help_listopenrreadcloseIOErrorrZ get_bufferrJrZ set_bufferrSZ set_from_file show_popuprQ)rPfdbufrrrrhelp_show_pages    zSELinuxGui.help_show_pagecGs|jd8_|jdS)Nr )rr)rPr{rrrr1szSELinuxGui.on_help_back_clickedcGs|jd7_|jdS)Nr )rr)rPr{rrrr2sz"SELinuxGui.on_help_forward_clickedcGstd|_g|_|jtkr.|jjtddg|_|jtkrV|jjtdddddg|_|jtkr|j j }|t kr|jjtd d g|_|t kr|jjtd d g|_|t kr|jjtd dg|_|jtkr$|jj }|tkr|jjtddg|_|tkr$|jjtddg|_|jtkr|jj }|tkrb|jjtdddddg|_|tkr|jjtddg|_|tkr|jjtddg|_|jtkr|jjtddddd d!d"g|_|jtkr|jjtd#d$d%d&d'g|_|jtkr$|jjtd(d)d*g|_|jtkrH|jjtd+d,g|_|jtkrl|jjtd-d.g|_|jS)/NrzHelp: Start PagestartzHelp: Booleans PageZbooleansZbooleans_toggledZ booleans_moreZbooleans_more_showzHelp: Executable Files PageZ files_execzHelp: Writable Files PageZ files_writezHelp: Application Types PageZ files_appz'Help: Outbound Network Connections PageZports_outboundz&Help: Inbound Network Connections PageZ ports_inboundz&Help: Transition from application PageZtransition_fromZtransition_from_booleanZtransition_from_boolean_1Ztransition_from_boolean_2z&Help: Transition into application PageZ transition_toz&Help: Transition application file PageZtransition_filezHelp: Systems PagesystemZsystem_boot_modeZsystem_current_modeZ system_exportZsystem_policy_typeZsystem_relabelzHelp: Lockdown PageZlockdownZlockdown_unconfinedZlockdown_permissiveZlockdown_ptracezHelp: Login PagerZ login_defaultzHelp: SELinux User PageuserszHelp: File Equivalence PageZ file_equiv)rrrrrQ set_titler rsrurget_current_pageEXE_PAGE WRITABLE_PAGEAPP_PAGE NETWORK_PAGEr OUTBOUND_PAGE INBOUND_PAGEryrTRANSITIONS_FROM_PAGETRANSITIONS_TO_PAGETRANSITIONS_FILE_PAGE SYSTEM_PAGE LOCKDOWN_PAGE LOGIN_PAGE USER_PAGEFILE_EQUIV_PAGEr)rPr{ipagerrrr0sl                   zSELinuxGui.on_help_buttoncGsX|jdkrDd|_|jj}|jj|dd|dd|jjn|jjd|_dS)Nrr rA)rrZ get_positionrZmoverr )rPr{locationrrrr )s    zSELinuxGui.open_combo_menucGs|jjd|_dS)Nr)rr r)rPr{rrrr 3s zSELinuxGui.hide_combo_menucGs d|_dS)NT)r )rPr{rrrr 7sz SELinuxGui.set_application_labelcGs t|dS)N)r)rPr{rrrr:szSELinuxGui.resize_wrapcCsHtjd|_|jtkr |j|_|jtkr2|j|_|jtkrD|j |_dS)Nr ) rrf enforce_moderrenforce_buttonrrrr)rPrrrr=s   z)SELinuxGui.initialize_system_default_modecCsvttjtjddd}|jd}xJ|D]B}|jj}|jj|d|||j krf|j j |||_ |d7}q,W|S)NT)topdownr r) nextrcwalkrZ selinux_pathrrOr set_valuerrPre typeHistory)rPtypesr[itemr|rrrrFs     z!SELinuxGui.populate_system_policycGs|jdkrdSyxtd|jD]p}yR|j||}|dksJ|dksJ|dkrLw |j|jdksp|jj|jdkrtdSWq ttfk rYq Xq WWn YnXdS)Nr#TrFr r r )rrange get_n_columnsrwr}rr~ TypeError)rPlistr|r{xvalrrrrSs  $zSELinuxGui.filter_the_datac Csx|jD]|}xv||D]j\}}dj||f} | |jdkrl|jd| ddkrTq||jd| dkrlq|j|dj|||qWq WdS)N,ractionz-dtypez, )rYjoinrXnetwork_initial_data_insert) rPrQnetdprotocol directionmodelrZtportsZpkeyrrr net_updatefszSELinuxGui.net_updatecCs|jtj}|jjx|D]}|jj}||drX|j|}|j||d}n|}||d}|jj|d||jj|d||jj|d||dq W|jdS)Nmodifyequivrr r) rlrZget_file_equivrEclearrmarkuprrn)rPZedictfr|namerrrrfile_equiv_initializeqs      z SELinuxGui.file_equiv_initializecCs|j|jjxtjD]}|jj}|jj|dt|d|d}d|kr\|jd|jj|ddj ||jj|d|j dd |jj|d |j d d |jj|d d qW|j dS)NrrrolesZobject_rr z, rlevelr#r rrT) rlr7rrget_selinux_usersrrrremoverrrn)rPur|rrrruser_initializes   zSELinuxGui.user_initializecCs|j|jjxftjD]Z}|jj}|jj|d|d|jj|d|d|jj|d|d|jj|ddqW|jdS) Nrrr seuserrmlsr T)rlr1rrZget_login_mappingsrrrn)rPrr|rrrlogin_initializes  zSELinuxGui.login_initializecCs|tjj|dddd}|j||dt|jtjj|dddd}|j||dt|jtjj|dddd}|j||dt|jdS)Ntcp name_connectT) check_bools name_bindudp)rnetworkget_network_connectrrrrrru)rPrQrrrrnetwork_initializes zSELinuxGui.network_initializecCsD|j}|j|d||j|d||j|d||j|dddS)Nrr rrT)rr)rPrrZportTyperr|rrrrs z&SELinuxGui.network_initial_data_insertcCsd}|j}x.|D]&}|d|kr0|j|dS|d7}qW|j|d}|j|dtdkrr|j|}|d}n|j}|j|d||j|dS)Nrr zMore...) get_modelreget_iterrwr Z insert_beforerr)rPcomboboxrr[rvr\niterr|rrrcombo_set_active_texts      z SELinuxGui.combo_set_active_textcCs2|j}|j}|dkrdS|j|}|j|dS)Nr)r get_activerrw)rPrrvindexr|rrrcombo_get_active_texts  z SELinuxGui.combo_get_active_textcCs:|dkr dS|jj}|jj|d||jj|d|dS)Nrr )rrr)rPrval1r|rrrrs  zSELinuxGui.combo_box_addcGsN|jj}|jd}|dkr"dS|jj|d}|j|j||j|jdS)Nr r) r get_selection get_selectedrrwrr]rCrN)rPr{rQr|rrrrs  zSELinuxGui.select_type_morecGsx|jj}|j\}}|j|}|jj|}|jj|d}|dkrFdS|jjd|j j |j |j |j j|dS)Nr r#)r+rrconvert_iter_to_child_iterrrrwr*rJr)r rr%r)rPr{rowrr|rQrrrr/s       z$SELinuxGui.advanced_item_button_pushcGs`|jj|}|jj|}|jj|d}|jjd|jj|j |j |j j||j dS)Nr r#) rrrrrwr*rJr)r rr%rr4)rPrzrSr{r|rQrrrr.s      z!SELinuxGui.advanced_item_selectedcCs4|r0t|dkr0x|jD]}||dkrdSqWdS)NrTF)rr)rPrQitemsrrrfind_applications   zSELinuxGui.find_applicationc Gs|jjd|jjd|jjd|jjd|jj}|j|sHdS|j |j j d|j j d|j j|jj|jj|jj|jj|jj|jj|jj|jjy(|ddkrtj|}|sdS||_Wntk rYnX|j|j|jj|j|j |d|_!|j"||j#||j$||j%||j&||j'||j(||j)j*t+d||j,j*t+d||j-j*t+d||j.j*t+d ||j/j*t+d ||j0j*t+d ||j1j*t+d ||j2j*t+d ||j3j4t+d||j5j4t+d||j6j4t+d||j3j*t+d||j5j*t+d||j6j*t+d||j7j*t+d|||_|j8j4|j|j9dS)NFr#Tr/z(File path used to enter the '%s' domain.z)Files to which the '%s' domain can write.z6Network Ports to which the '%s' is allowed to connect.z5Network Ports to which the '%s' is allowed to listen.z File Types defined for the '%s'.zODisplay boolean information that can be used to modify the policy for the '%s'.z;Display file type information that can be used by the '%s'.zADisplay network ports to which the '%s' can connect or listen to.z!Application Transitions Into '%s'z!Application Transitions From '%s'zFile Transitions From '%s'zVExecutables which will transition to '%s', when executing selected domains entrypoint.zQExecutables which will transition to a different domain, when '%s' executes them.z4Files by '%s' with transitions to a different label.zADisplay applications that can transition into or out of the '%s'.):rrrcrdrrJrget_textrrKrrrrrrurrrxr{r~rrrrZget_init_transtyper IndexErrorrlrDrrrNboolean_initializerexecutable_files_initializerwritable_files_initializetransitions_into_initializetransitions_from_initializeapplication_files_initializetransitions_files_initializerset_tooltip_textr rrtrwrrrrrrIrrrr&rn)rPr{rQrrrr4sr                            zSELinuxGui.application_selectedcCs tjtj|_tj|_dS)N)rrNZ get_fcdictfcdictZget_local_file_pathslocal_file_paths)rPrrrrN6s zSELinuxGui.reinitcCsi|_x|jdD]}|j}t|dkr0q|ddkr>q|d|jkrZi|j|d<|ddkrd|ddki|jd|d<|dd kr|d |d d |jd |d <|dd krd|d i|jd |d!<|ddkrd|d |d d|jd|d"<|ddkr6d|d i|jd|d#|d$f<|ddkrj|d |d |dd|jd|d%<|ddkr|ddkrd|jkri|jd<d|d i|jd|d&<n"d|d i|jd|d'|d f<|ddkrd|ddki|jd|d(<qWd|jkrdSxJd|jfd|jfgD]2\}}||jdkr.|j|jd|dq.Wx*tD]"}||jkrj|jj|iiqjWdS))Nrhrr z-Dractiverz-1rr r)rrr!rrs0)rrrolerr r)maskrrrz-ezfcontext-equivrrenabledz-drjrkr r r r r r r r r ) cust_dictrmrrrrerYupdate)rPrr\ZrecZsemodulebuttonrrrrD;sJ      ""&  " "   z)SELinuxGui.previously_modified_initializecCstj||_x|jjD]}t|j|dkr0q|j|d}xr|j|dD]`}||f|jdkr|jd||fddkrqN||jd||fdkrqN|j|j|||qNWqWdS)Nrr rrz-dr)rZget_entrypoints entrypointsrYrrXfiles_initial_data_insertr)rPrexe file_classrSrrrres z&SELinuxGui.executable_files_initializec Cs@y&tj|dd}tj|d}||kStk r:dSXdS)Nrr F)r matchpathcon getfileconr_)rPrSconcurrrr mislabeledss zSELinuxGui.mislabeledcCs|j|sdStj|dd}tj|d}d|_|j|dd|j|dd|j|dd|j|d|jdd|j|d |jdddS) Nrr Tr rr:rr)rrrrrrrm)rPtreerSr|rrrrrrset_mislabeled{s zSELinuxGui.set_mislabeledcCstj||_x|jjD]}t|j|dkrF|j|jd|tdq|j|d}xr|j|dD]`}||f|jdkr|jd||fddkrqd||jd||fdkrqd|j|j|||qdWqWdS) Nrz all filesr rrrz-dr) rZget_writable_fileswritable_filesrYrrrr rX)rPrwriterrSrrrrs z$SELinuxGui.writable_files_initializec Cs|jd}|dkr td}d}nl||f|jk}x:tj|D],}|j|}|j|d||j||||q:W|r|j|}|j|}|j|}|j|d||j|d||j|d||j|d|dS)NzMISSING FILE PATHFrr rr)rr rrZ find_filerrr) rPrvrSZ selinux_labelrr|rprrrrrs"     z$SELinuxGui.files_initial_data_insertcCsd|S)Nz %sr)rPrrrrrszSELinuxGui.markupcCs |rtjddtjdd|SdS)Nz$r#z^)resub)rPrrrrunmarkupszSELinuxGui.unmarkupcCstj||_x|jjD]}t|j|dkr0q|j|d}x|j|dD]p}tj||jd}||f|jdkr|jd||fddkrqN||jd||fdkrqN|j|j |||qNWqWdS)Nrr )rrrz-dr) rZget_file_types file_typesrYrZget_descriptionrrXrr)rPrrQrrSdescrrrrs z'SELinuxGui.application_files_initializecCs.d}x$|jD]}t|j|dkr dSq WdS)NrTF)rXr)rPr\rZrrrmodifieds  zSELinuxGui.modifiedcCsbx\tj|D]N}xH|D]@\}}||jdkr>|jd|d}tj|}|j|||qWq WdS)Nrr)rZ get_boolsrX boolean_descboolean_initial_data_insert)rPrblistrrr rrrrs  zSELinuxGui.boolean_initializecCsR|jj}|jj|d||jj|d||jj|d||jj|dtddS)Nrr rr zMore...)rxrrr )rPrr rr|rrrrs  z&SELinuxGui.boolean_initial_data_insertcCsbx\tj|D]N}d}d}d}d|kr,|d}d|kr<|d}d|krL|d}|j|||q WdS)Nrtargetsource)rZget_transitions_into$transitions_into_initial_data_insert)rPrrr executablerrrrrsz&SELinuxGui.transitions_into_initializecCsd|jj}|dkr0|jj|dt|ddn|jj|dd|jj|d||jj|d|dS)Nrr Defaultr)r{rrr)rPrrrr|rrrrs  z/SELinuxGui.transitions_into_initial_data_insertc Csxtj|D]}d}d}d}d|kr,|d}d|kr<|d}d|krL|d}|j|||y*x$|j|dD]}|j|||qlWWq tk rYq Xq WdS)Nrr transtypeZregex)rZget_transitions$transitions_from_initial_data_insertrKeyError)rPrrrrrZexecutable_typerrrrs z&SELinuxGui.transitions_from_initializecCs|jjd}|dkr6|jj|dd|jj|ddn|jj|}|jj|dt|ddd }|ddr|jj|dtd |n|jj|dtd ||jj|d|dd|jj|dd |jj|d||jj|d |dS)NrrrFr  rz:To disable this transition, go to the %sBoolean section%s.z9To enable this transition, go to the %sBoolean section%s.Tr )rr)r~rrrr )rPrrrr|rrrrrrs   z/SELinuxGui.transitions_from_initial_data_insertcCsJxDtj|D]6}d|kr"|d}nd}|j|d|d|d|q WdS)Nfilenamerclassr)rZget_file_transitions$transitions_files_inital_data_insert)rPrr\rrrrrs  z'SELinuxGui.transitions_files_initializecCsZ|jj}|jj|d||jj|d||jj|d||dkrFd}|jj|d|dS)Nrr r*r )rrr)rPrStclassdestrr|rrrr"s z/SELinuxGui.transitions_files_inital_data_insertcGs8|jd|_d|_d|_d|_|jjd|jj|j j d|j j d|j j d|j j d|jjr|jjt|j|_|j j d|jjr|j|j|j j d|j j |j|j j |j|j j |j|jjt|d|jkr|d}n |jj}|tkr*|j|_td}n6|tkrF|j|_td}n|tkr`|j |_td}|j!j"td||j#d |j$j"td ||j#d |jj"td ||j#d |j%jr|jj&|j j d|jjt'|d|j(kr|d}n |j(j}|t)kr |j*|_td }|t+kr:|j,|_td }|j!j"td|j#|d|j$j"td|j#|d|jj"td|j#|d|j-jr|jjt.|d|j/kr|d}n |j/j}|t0kr|j1|_|t2kr|j3|_|t4kr|j5|_|j6jr"|jjt7|j8j|j9jrL|j:|jjt;|j8j|j|_|j!j"td|j$j"td|jj"td|j?jr|jjt@|jj&|j j d|jA|_|j!j"td|j$j"td|jj"td|jBjr~|jjtC|jj&|j j d|jD|_|j!j"td|j$j"td|jj"td|jj|_E|jr(|j8j&|jjF|_|jjF|_|jjF|_xXtGd|jjHD]D}|jjI|}|r|jJd}tK|tLjMr|jjN||jOdqW|jjPjQ|jjddS)NFTrrrwritablerz4Add new %(TYPE)s file path for '%(DOMAIN)s' domains.)ZTYPEZDOMAINz3Delete %(TYPE)s file paths for '%(DOMAIN)s' domain.zModify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the list can be selected, this indicates they were modified previously.rzlisten for inbound connectionszMAdd new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.)rZPERMzVDelete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.zMModify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.z%Add new SELinux User/Role definition.z.Delete modified SELinux User/Role definitions.z7Modify selected modified SELinux User/Role definitions.z!Add new Login Mapping definition.z*Delete modified Login Mapping definitions.z3Modify selected modified Login Mapping definitions.z$Add new File Equivalence definition.z-Delete modified File Equivalence definitions.zModify selected modified File Equivalence definitions. Only bolded items in the list can be selected, this indicates they were modified previously.)Rr!rztreesort treefilterrvrrrr rrrrcrdrrr$rMrsrrrrrurrrrr rrrrrrrrrrrrrrrrrryrrr}rrzrrrrrrrqrrrr9rrr0rrrDrrrrZ get_columnZ get_cells isinstancerZCellRendererTextZ set_sort_func stripsortrZ unselect_all)rPr{rcategoryrcolrrrrrB+s                                                            zSELinuxGui.tab_changec Cs:|j\}}|j|j||}|j|j||}t||S)N)Zget_sort_column_idr rwr) rPrZrow1Zrow2Z user_dataZ sort_columnr rZval2rrrr%s zSELinuxGui.stripsortcCs|jj|}|jj|}|jj|jjtd|jj |dt j |j |jj |d}x,|D]$}|j |d|d|d|dq^W|j|jdS)NzBoolean %s Allow RulesrrrrZpermlist)ryrrrrrrr rxrwrZget_boolean_rulesrdisplay_more_detail_initr)rPwindowsrSitrrrrrrts    $zSELinuxGui.display_more_detailc Cs0|jj}|jj|dd|||dj|fdS)Nrzallow %s %s:%s { %s }; )rrrr)rPrrZ class_typeZ permissionr|rrrr(s z#SELinuxGui.display_more_detail_initcGsd|_|jtkrJ|jjtd|j|jjtd|j|j |dS|jt kr|j jtd|j|j jtd|j|j ||jj}|tkr|jjdn |jjdd|_|jtkr|jjtd |jjtd |j|d|_|jtkr2|jjtd |jjtd |j|d|_|jtkr|jjd |jjd |jjtd|jjtdd|_|j |j|j!dS)NFzGAdd Network Port for %s. Ports will be created when update is applied.zAdd Network Port for %szMAdd File Labeling for %s. File labels will be created when update is applied.zAdd File Labeling for %szex: /usr/sbin/Foobarzex: /var/lib/FoobarTzGAdd Login Mapping. User Mapping will be created when Update is applied.zAdd Login MappingzQAdd SELinux User Role. SELinux user roles will be created when update is applied.zAdd SELinux Usersr#zMAdd File Equivalency Mapping. Mapping will be created when update is applied.zAdd SELinux File Equivalency)"rrrrrJr rr\rinit_network_dialogrurr[init_files_dialogrrrrYrrrr3login_init_dialogrrr6user_init_dialogrrBrCrArFr new_updates)rPr{rrrrr5sB              zSELinuxGui.add_button_clickedcCs||_|jdS)N)rr)rPrrrrrszSELinuxGui.show_popupcGs|jj|jjddS)NT)rr rr)rPr{rrrr's  zSELinuxGui.close_popupc Gsd}|jr&|j}|s&|jjddSd|_|jtkr@|j||jtkr\|j j t d|j |j jt d|j d|_|j|d|_d}d}|jj}|tkr |jj|}||_|jj|d}|jj ||jj|d}|dkr|j|j||jj|d}|dkr |j|j||tkr|jj|}||_|jj|d}|jj ||jj|d} | dkr||j|j| |jj|d}|dkr|j|j||tkr\|j j|}||_|j!j|d}|jj |y&|j!j|d} | j"d dj"d } Wnt#k rYnX|j!j|d} | dkr<|j|j| | d}|dkr\|j|j||jt$kr|j%||j&j |j'j|d|j(j |j'j|d|j)j |j'j|d |j|j*|j'j|d|j+j t d |j,jt d |j-|j,|jt.kr~|j/||j0j |j1j|d|j2j |j1j|d|j|j3|j1j|d|j4j t d|j5jt d|j-|j5|jt6kr|j7j |j8|j9j|d|j:j |j8|j9j|d|j;j t d|jzr zUModify SELinux User Role. SELinux user roles will be modified when update is applied.zModify SELinux UserszLModify Login Mapping. Login Mapping will be modified when Update is applied.zModify Login MappingzPModify File Equivalency Mapping. Mapping will be created when update is applied.zModify SELinux File Equivalency)>rzrrrrrrrmodify_button_network_clickedrurrJr rr[rdelete_old_itemr-rrrrorrrwrYrr]r^rrprrrqrrmr~rr/r;r7r=r>r:rr6rrr.r-r1r/r,rr3rrBr rErCrArFr) rPr{r| operationrrrSftyperrZget_typerrrr7s                           z SELinuxGui.modify_button_clickedcGsB|jj|}|jj|d}|j|j||j|j|jjdS)Nr) rrrwrr]rr[rNr )rPrlocr{r|r5rrrrHs   zSELinuxGui.populate_type_combocCs.|dkr dS|jdrd}nd}|j|dS)NZ _script_tZ_tr)endswithrm)rPrUZ split_charrrr strip_domainOs  zSELinuxGui.strip_domaincCs x|D]}|j|rdSqWdS)NTF) startswith)rPr exclude_listrRrrr exclude_typeXs  zSELinuxGui.exclude_typec Gsg}|jjd|j|j|jj}|jj|jj|j |j }xN|j D]D}|dj |rN|d|j krN|dj d rN|j |j |dqNW|jjyx.tjD]$}|jj }|jj|dtj|qW|tko|jdkrXxR|jjD]D}|j |r|jj }|jj|d||jj }|jj|d|qW|jjd|jjdn(|tkr|jdkrxp|jjD]b} | j |r|j| | r| |jkr|jj }|jj|d| |jj }|jj|d| qzW|jjdn|tkr|jdkrxntjD]b} | j |r| j |rT|j| | rT|jj }|jj|d| |jj }|jj|d| qW|jjdWntk rtdYnX|jjd|jj d|jj }|jj|dt!ddS) NTrZ httpd_sysrFrrzMore...)"r^rrr[rrrrrr8rrr9rrr file_type_strrrrrYrerrr;r rZget_all_file_typesr~rr]r`rJr ) rPr{r:rZcomparedfilesr|rrrQrrrr-^s`       ,       (        zSELinuxGui.init_files_dialogcGs|j}|s|jjddS|jjtd|j|jjtd|jd|_ |j |d}d}d|_ |j}|j j |d}|jj||j j |d}|dkr|jjdn|d kr|jjd|j j |d }|dkr|j|j|||_ dS) NFzJModify Network Port for %s. Ports will be created when update is applied.zModify Network Port for %sr1r Trrrr)rrrrrrJr rr\rr3r,rrvrwrZrrerrr)rPr{r|r4rrrrrrrr2s.    z(SELinuxGui.modify_button_network_clickedc Gs|j|j|jj}|jj|jjdy:|tkrPt j j |j dddd}n8|t krt j j |j dddd}|t j j |j dddd7}g}xL|jD]@}x:||D].\}}||dd gkr|jd rq|j|qWqW|j|j|j }|dd kr|dd}|d }d} d} x@|D]8}|j|r2| } |jj} |jj| d|| d 7} qW|jj| Wntk r~YnX|jjd|jjddS)Nr#rrT)rrrZport_tZunreserved_port_tZ_typer r=r rrr r )rr\rrrrrZrJrrrrrrrYr7rrr8r9rrrer~rrb) rPr{rrZ port_typesrZrrZ short_domainr[foundr|rrrr,sF           zSELinuxGui.init_network_dialogcGsN|j|}|jjdkrJx0tjD]$}||dkr"|jj|jddq"WdS)Nr#rr)rr/rrrrJr)rPcombor{rrrrrr(s   z'SELinuxGui.login_seuser_combobox_changecGsN|j|}|jjdkrJx0tjD]$}||dkr"|jj|jddq"WdS)Nr#rr)rr>rr get_all_rolesrJr)rPr@r{Zserolerrrrr)s   z%SELinuxGui.user_roles_combobox_changecCsNd}|jsdS|jj}|s dS|j\}}|rJ|j|}|rJ|jj|}|S)N)rzrrrr#)rPr|rr"rrrrrs    zSELinuxGui.get_selected_itercGsf|jjd|j}|dkr,|jjddS|j| sH|j|d rLdS|jj|j|ddS)NFr r r )rrrrrv)rPr{r|rrrrs  zSELinuxGui.cursor_changedcGsn|j|j|jjtj}|jx*|D]"}|jj}|jj|dt |q,W|j j d|j j ddS)Nrr#) rr3rrrZ get_all_usersrrrrr-rJr/)rPr{rrr|rrrr.s     zSELinuxGui.login_init_dialogcGsn|j|j|jjtj}|jx*|D]"}|jj}|jj|dt |q,W|j j d|j j ddS)Nrr#) rr6rrrrArrrrr;rJr>)rPr{rrr|rrrr/ s     zSELinuxGui.user_init_dialogcCsh|jrdd|j}|jy|jj|Wn0tjjk rZ}z|j|WYdd}~XnX|jdS)Nzboolean -m -%d deny_ptrace) rrrlrsemanagerrrrn)rP checkbutton update_bufferrRrrrr s zSELinuxGui.on_disable_ptracecs|jjfdd}g}|jtkrh|js8|j|jSx.|jD]$}|d|jdkr@|j||q@W|jt kr|j j }|js|t kr|j |jS|tkr|j|jS|tkr|j|jSx2|jD](}|d|df|jdkr|j|qW|jtkrR|js|j|jSx:|jD]0}|d|df|jdkr|j||qW|jtkr|jd kst|jSx2|jD](}|d|jd kr||j||q|W|jtkr|js|jSx2|jD](}|d|jd kr|j||qW|jtkrP|jd ks|jSx2|jD](}|d|jd kr$|j||q$W|jjxB|D]:}|jj}x(tdD]}|jj||||qzWq`WdS) Ncs*g}x tdD]}|j||qW|S)Nr)rr)rlr\)rTrrdup_row!sz1SELinuxGui.on_show_modified_only..dup_rowrrrrr rTzfcontext-equivrr)rvrrrsrrrrrrurrrrrrrrrrrrrrrrrrr)rPrCrFZ append_listrrr|r\r)rTrr8sd                         z SELinuxGui.on_show_modified_onlyc Cs8|jd}|j|d||j|d||j|d|dS)Nrr r)rr) rPrrQrr4rSZfclassr5r|rrrinit_modified_files_liststorebs z(SELinuxGui.init_modified_files_liststorecGs tddS)Nzrestore to defualt clicked...)r)rPr{rrrrestore_to_defaulthszSELinuxGui.restore_to_defaultcGs(|j|j|jjd|jjddS)NT)rCr'r[rr\)rPr{rrrrks  zSELinuxGui.invalid_entry_retrycCsVt|dks|ddkrR|jj|jjd|jjd|jjtd|dSdS)NrrFzAThe entry '%s' is not a valid path. Paths must begin with a '/'.T) rr'rr[rr\r(rJr )rPZ insert_txtrrrerror_check_filesps   zSELinuxGui.error_check_filesc Csly t|}|dks|dkrtWnFtk rf|jj|jjd|jjd|jjt ddSXdS)Nr iFz'Port number must be between 1 and 65536T) int ValueErrorr'rr[rr\r(rJr )rPrZpnumrrrerror_check_networkys   zSELinuxGui.error_check_networkcGs2|jr.|j|jtdkr.|jj|jjdS)NzMore...)rrr]r r[r rNr)rPr{rrrrAs zSELinuxGui.show_more_typesc Gs |j|j|j}|jj}|jj}|jr|j}|jj |d}|jj |d}|jj |d}|j j |d||j j |d||j j |d|d|||||d|j d|<n"|j j d}d||d|j d|<|j j |d||j j |d||j j |d||jdS) Nrr rz-m)rrroldrange oldseuseroldnamerz-a)rrr)r'rr,r/rr-rrrr1rwrvrrXrr0) rPr{r mls_rangerr|rOrNrMrrrrs&    zSELinuxGui.update_to_loginc Gsj|j|j|j}|jj}|jj}|jj}|jr|j}|j j |d}|j j |d}|j j |d} |j j |d} |j j |d||j j |d||j j |d| |j j |d| d|||| | ||d|j d|<nD|j jd}|s|r d|||d |j d|<nd|d |j d|<|j j |d||j j |d||j j |d||j j |d||jdS) Nrr r rz-m)rrrrrMoldleveloldrolesrOrz-a)rrrr)rr)r'rr:r=rr>r;rrrr7rwrvrrXrr0) rPr{rrrPrr|rOrRrQrMrrrrs2    "  zSELinuxGui.update_to_usercGs|j|jj}|jj}|jrl|j}|j|jj|d}|j|jj|d}d|||d|j d|<n |jj d}d|d|j d|<|jj|d|j ||jj|d|j |dS)Nrr z-m)rsrcoldsrcolddestzfcontext-equivz-a)rrS) r'rCrrBrrrr rvrrXrr)rPr{r rSr|rUrTrrrrs   zSELinuxGui.update_to_file_equivc Gs0|jd|_|jj}|j|r&dS|j|j}|jj}|j|j}|j r|j }|j |j j |d}|j |j j|d}|j j |d} d|||| d|jd||f<n$|j jd}d|d |jd||f<|j j|d|j||j j|d|j||j j|d|j|d |_|jjd |jdS) NTrr rz-m)rroldtypeoldpathZoldclassrz-a)rrF)r'rrYrrIrr]r`r^rrrunmarkrvrwrrXrrrrer0) rPr{rSsetyperrr|rW oldsetypeZ oldtclassrrrrs,        zSELinuxGui.update_to_filesc Gs2d|_|jj}|j|rdS|jjr.d}nd}|j|j}|jj}|j r|j }|j |j j |d}|j |j j |d}|j |j j|d} d||| ||d|jd ||f<n&|j jd}d ||d |jd ||f<|j j|d||j j|d||j j|d|d |_|jj|jjd|jdS) NTrrrr rz-m)rrrrV oldprotocololdportsrz-a)rrrF)rrZrrLrrrrrbrrrrXrvrwrrXrr\r rrr0) rPr{rrrYrr|r\r[rZrrrrs0     "   zSELinuxGui.update_to_networkcGsd}|jjd|jtkr|jj|jd}xZ|D]R\}}|||fd}|jj}|jj|d||jj|d||jj|d|q4W|j |j dS|jt kr,|j j|jd}x`|D]X\} } || | fd}|j j}|j j|d| |j j|d||j j|dt j| qW|j |jdS|jtkr|jj|jd } x| D]|} | | d } | | jd d }| | jd d }|jj}|jj|d| |jj|d| |jj|d||jj|d|qRW|j |jdS|jtkrx|jj|jd}xd|D]\}||d}||jd d }|jj}|jj|d||jj|d||jj|d|qW|j |jdS|jtkr|jjxX|jD]N}|dr|jj}|jj|d|j|d|jj|d|j|dqW|j |jdSdS)NZAddFrrr rr rrrrr#rrrrr)rrrrrmrrrrrrkrurjrr<rhrr?rr@rr4r5rrGrEr rH)rPr{r4Z port_dictrrrYr|Z fcontext_dictrSrZ user_dictrrrrZ login_dictrrrrrrr6sv                                z SELinuxGui.delete_button_clickedcGsx|j|jtkrNx:|jD]0}|drd|dd|jd|d|df<qW|jtkrx>|jD]4}|dr`d|dd|jd|dt|df<q`W|jtkrx8|j D].}|drd|d|d d |jd |d<qW|jt kr(x>|j D]4}|drd|d|d|dd |jd |d<qW|jt krlx6|j D],}|dr|d|j||d|j||d|j||d|f7}qW|dkrxv|j|D]h\}}|j|||fddkrF|d||f7}n0|d|j||d|j||d||f7}qWqW|S)Nr#rzboolean -m -%d %s rrrz-dz login -d %s rzlogin %s -s %s -r %s %s rzlogin %s -s %s %s rz user -d %s rzuser %s -L %s -r %s -R %s %s rzuser %s -R %s %s zfcontext-equivzfcontext -d %s zfcontext %s -e %s %s rSrzfcontext %s -t %s -f %s %s rrrzport -d -p %s %s zport %s -t %s -p %s %s )rlrX) rPrDrZrrErrrrrrrrm sH" @2 (P4 4 D:zSELinuxGui.format_updatecCs`d}g}d}x.|jD]$}|j|ds0|j||d7}qW|jx|D]}|j|qJWdS)Nrr#r )rrreverser^)rPr[Z remove_listrDrrrrrl s    zSELinuxGui.revert_datacGsN|jtdk}|r$|jtdn|jtd|jj||jj|dS)Nrr )rADVANCED_LABELrJrrrP)rPlabelr{advancedrrrr@ s  z!SELinuxGui.reveal_advanced_systemcGsf|jtdk}|r$|jtdn|jtd|jj||jj||jj||jj|dS)Nrr )rrsrJr_rr`rarb)rPrtr{rurrrr s   zSELinuxGui.reveal_advancedcGsF|jtdkr(|jtd|jn|jtd|j|jdS)Nr r)rADVANCED_SEARCH_LABELrJr'rr))rPrtr{rrrr s  z)SELinuxGui.on_show_advanced_search_windowcCsJ|r&|jj|jtd|jjdn |jj|jtd|jjddS)NzSystem Status: EnforcingTzSystem Status: Permissive)rr`rr rrer)rProrrrrb s zSELinuxGui.set_enforce_textcCs,|js dS|jj|j|j|jdS)N)rrZ setenforcerrb)rPrrrrr szSELinuxGui.set_enforcecGs`|jj}|dkrdSd|_|jj|jj||jdkrH|j|n|jdkr\|j|dS)NFImportExport) r get_filenamerr rYrJr import_config export_config)rPr{rrrrr s      zSELinuxGui.on_browse_selectcGsX|jj}|jjr0|jdsT|jj|dn$|jdrT|jdd}|jj|dS)Nz(/.*)?r)rYrrrr7rJrm)rPr{rSrrrr# s    zSELinuxGui.recursive_pathcGs"|j}|jr|jdd|_dS)Nr#F)rrrJ)rPZ entry_objr{Ztxtrrrr, s zSELinuxGui.highlight_entry_textcCs~|j}|dkrdS|jdr*|jjdxNtjD]D}|j|r2x4|jD]*}|djtj|rH|j|j |dqHWq2WdS)Nr#z(/.*)?Tr) rr7rrerZ DEFAULT_DIRSr9rrr])rPrbtextr=rrrrr2 s     z#SELinuxGui.autofill_add_files_entrycGs&|jjd|_|jj}|jj}dS)Nr )rZget_colZboolean_column_1Z get_widthZget_cell_renderers)rPr{widthZrendererrrrr3> s zSELinuxGui.resize_columnscGs|jjdS)N)rr)rPr{rrrr&C szSELinuxGui.browse_for_filescGs|jjdS)N)rr )rPr{rrrr*F szSELinuxGui.close_config_windowcGsl|j|jjkrdS|jtdtjjkr<|jj|jdS|j j |j |j|j j d|jj|_dS)NzChanging the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?T) rrPrrhr rriNOrerr=rrelabel_on_boot)rPr{rrrr=I s z SELinuxGui.change_default_policycCs4|js dS|j||jr0|jj|jjdS)N)renabled_changedrrr>rjr)rPrrrrr>U s  zSELinuxGui.change_default_modecGs0|jjtjj|jjd|jjd|_dS)NzImport Configurationrw)r set_actionrFileChooserActionZOPENrrr)rPr{rrrr9\ s  zSELinuxGui.import_config_showcGs0|jjtjj|jjd|jjd|_dS)NzExport Configurationrx)rrrrZSAVErrr)rPr{rrrr:c s  zSELinuxGui.export_config_showcCs:|j|jj}t|d}|j||j|jdS)Nw)rlrrrrrrn)rPrrrrrrr{i s    zSELinuxGui.export_configc CsTt|d}|j}|j|jy|jj|Wntk rFYnX|jdS)Nr)rrrrlrrBr_rn)rPrrrrrrrzq s zSELinuxGui.import_configc CsV|||f|kri||||f<||f||||fkrR||| | d||||f||f<dS)N)rrchangedoldr) rPrVrQrr4rqr5rrrrrrinit_dictionary| szSELinuxGui.init_dictionarycCs*|jdd}|dkrdS|dkr&dSdS)N-r 0F1T)rm)rPrrrrtranslate_bool s zSELinuxGui.translate_boolcGsx|jj}tjjd}|r"|r"dS| r2| r2dSy|jj|Wn0tjjk rr}z|j |WYdd}~XnXdS)Nz /.autorelabel) rrrcrSrdrrrrr)rPr{rrdrRrrrr? s   zSELinuxGui.relabel_on_rebootcGs |j|jjd|jjd|j|krV|j|j|j|j t dkrV|j jd|j |kr|j rt|j|jn|j r|j|j|jjs|jjr|jjd|jjd|jjd|jjd|jjd|jjd|jjtdkr|jjtddS)NFTzMore...rr )r rrerrrNrr[rr]r r'rrr\r_Z get_visiblerarrr`rrbr%rrvrJ)rPrr{rrrrC s,             zSELinuxGui.closewindowcCs|jjj|j|jdS)N)r get_window set_cursorrr)rPrrrrl szSELinuxGui.wait_mousecCs|jjj|j|jdS)N)rrrrr)rPrrrrn szSELinuxGui.ready_mouser#cCsNtjddtjjtjj|}|j||jtjj |j |j }|j |S)Nr) r MessageDialog MessageTypeINFO ButtonsTypeZYES_NOr set_positionWindowPositionMOUSEshow_allrundestroy)rPmessagergdlgZrcrrrrh s zSELinuxGui.verifycCsDtjddtjjtjj|}|jtjj|j |j |j dS)Nr) rrrZERRORrZCLOSErrrrrr)rPrrrrrr szSELinuxGui.errorcCs|js dS|j}|dkrH|jtkrH|jtdtjjkrH|j j d|dkr||jtkr||jtdtjjkr||j j d||_ dS)NriaChanging to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot. Do you wish to continue?TzChanging to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?) rrjrrrhr rrir~rre)rPZradiortrrrr s  zSELinuxGui.enabled_changedcGs|jjd|jjddS)Nr#F)rrJrre)rPr{rrrr! s zSELinuxGui.clear_filterscGsB|js dS|j|jjr*|jjdn |jjd|jdS)Nzmodule -e unconfinedzmodule -d unconfined)rrlrrrrBrn)rPr{rrrr; s  zSELinuxGui.unconfined_togglecGsB|js dS|j|jjr*|jjdn |jjd|jdS)Nzmodule -e permissivedomainszmodule -d permissivedomains)rrlrrrrBrn)rPr{rrrr< s  zSELinuxGui.permissive_togglecGs:t|jdkr.|jtdtdtjjkr.dS|jdS)Nra0You are attempting to close the application without applying your changes. * To apply changes you have made during this session, click No and click Update. * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost.zLoss of data DialogT)rrrhr rrir~r)rPrr{rrrr szSELinuxGui.confirmation_closecGstjddS)Nr)sysexit)rPr{rrrr szSELinuxGui.quit)NF)T)r#)__name__ __module__ __qualname__rWrr^rErqr rrrr1r2r0r r r rrrrrrrrrrrrrrr/r.rr4rNrDrrrrrrr rr rrrrrrrrrBr%rtr(r5rr'r7rr8r;r-r2r,r(r)rrrr.r/r r8rGrHrrIrLrArrrrrr6rr_rr`rr-rrcrdrLrHr"rerKr#r$r%rxr0r,r+rkrprqrmrlr@rrrbrrrrrr3r&r*r=r>r9r:r{rzrrr?rCrlrnrhrrr!r;r<rrrrrrr"ss*  @        B*   } )Y 5+    D  A       /                 r"__main__)r )AZgiZrequire_versionZ gi.repositoryrrrZsepolicy.sedbusrrrrrrrZsepolicy.networkZsepolicy.manpagerrcrZ unicodedataZPROGNAMEgettextkwargs version_infoZinstallbuiltinsr__dict__ ImportErrorZ __builtin__r r]r<rr rrrZdistutils.sysconfigrrsrvrrrrrrrrrsrurryrrrrrrrYrar"rrrrrrs