diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.1/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2005-12-08 12:52:47.000000000 -0500
+++ policycoreutils-1.29.1/scripts/chcat 2005-12-09 18:20:29.000000000 -0500
@@ -25,26 +25,20 @@
import commands, sys, os, pwd, string, getopt, re, selinux
def chcat_add(orig, newcat, files):
+ if len(newcat) == 1:
+ raise ValueError("Requires at least one category")
errors=0
- cmd='chcon -l '
- if len(newcat) > 1:
- sensitivity=newcat[0]
- cat=newcat[1]
- else:
- sensitivity=0
- cat=newcat[0]
-
-
+ sensitivity=newcat[0]
+ cat=newcat[1]
+ cmd='chcon -l %s' % sensitivity
for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- if sensitivity == 0:
- sensitivity = clist[0]
- if len(clist) > 1:
- if clist[0] != sensitivity:
+ (rc, c) = selinux.getfilecon(f)
+ con=c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
print("Can not modify sensitivity levels using '+' on %s" % f)
- continue
+
+ if len(clist) > 1:
cats=clist[1].split(",")
if cat in cats:
print "%s is already in %s" % (f, orig)
@@ -64,23 +58,21 @@
return errors
def chcat_remove(orig, newcat, files):
+ if len(newcat) == 1:
+ raise ValueError("Requires at least one category")
errors=0
- if len(newcat) > 1:
- sensitivity=newcat[0]
- cat=newcat[1]
- else:
- sensitivity=0
- cat=newcat[0]
+ sensitivity=newcat[0]
+ cat=newcat[1]
+
for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- if sensitivity == 0:
- sensitivity = clist[0]
- if len(clist) > 1:
- if clist[0] != sensitivity:
+ (rc, c) = selinux.getfilecon(f)
+ con=c.split(":")[3:]
+ clist = translate(con)
+ if sensitivity != clist[0]:
print("Can not modify sensitivity levels using '+' on %s" % f)
continue
+
+ if len(clist) > 1:
cats=clist[1].split(",")
if cat not in cats:
print "%s is not in %s" % (f, orig)
@@ -108,51 +100,69 @@
def chcat_replace(orig, newcat, files):
errors=0
- if len(newcat) > 1:
+ if len(newcat) == 1:
+ if newcat[0][0] == "s" and newcat[0][1:].isdigit() and int(newcat[0][1:]) in range(0,16):
+ sensitivity=newcat[0]
+ cmd='chcon -l %s ' % newcat[0]
+ else:
+ cmd='chcon -l s0:%s ' % newcat[0]
+ else:
sensitivity=newcat[0]
cat=newcat[1]
cmd='chcon -l %s:%s ' % (sensitivity, cat)
- for f in files:
- cmd = "%s %s" % (cmd, f)
-
- rc=commands.getstatusoutput(cmd)
- if rc[0] != 0:
- print rc[1]
- errors += 1
- else:
- cat=newcat[0]
- for f in files:
- (rc, con) = selinux.getfilecon(f)
- (rc, raw) = selinux.selinux_trans_to_raw_context(con)
- clist=raw.split(":")[3:]
- sensitivity=clist[0]
- cmd='chcon -l %s:%s %s' % (sensitivity, cat, f)
- rc=commands.getstatusoutput(cmd)
- if rc[0] != 0:
- print rc[1]
- errors+=1
+ for f in files:
+ cmd = "%s %s" % (cmd, f)
+ rc=commands.getstatusoutput(cmd)
+ if rc[0] != 0:
+ print rc[1]
+ errors += 1
+
return errors
-def chcat(cats, files):
- errors=0
+def check_replace(cats):
+ plus_ind=0
+ replace_ind=0
for c in cats:
- if len(c) > 0 and c[0] == "+":
- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
- rlist=raw.split(":")
- errors += chcat_add(c[1:], rlist[3:], files)
- continue
- if len(c) > 0 and c[0] == "-":
- (rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c[1:])
- rlist=raw.split(":")
- errors += chcat_remove(c[1:], rlist[3:], files)
- continue
+ if len(c) > 0 and ( c[0] == "+" or c[0] == "-" ):
+ if replace_ind:
+ raise ValueError("Can not combine +/- with other types of categories")
+ plus_ind=1
+ else:
+ replace_ind=1
+ if plus_ind:
+ raise ValueError("Can not combine +/- with other types of categories")
+ return replace_ind
+def translate(cats):
+ newcat=[]
+ for c in cats:
(rc, raw) = selinux.selinux_trans_to_raw_context("a:b:c:%s" % c)
- rlist=raw.split(":")
- errors += chcat_replace(c[1:], rlist[3:], files)
-
- return errors
+ rlist=raw.split(":")[3:]
+ if len(rlist) > 1:
+ if len(newcat) == 0:
+ newcat.append(rlist[0])
+ else:
+ if newcat[0] != rlist[0]:
+ raise ValueError("Can not have multiple sensitivities")
+ newcat.append(rlist[1])
+ else:
+ if rlist[0][0] == "s" and rlist[0][1:].isdigit() and int(rlist[0][1:]) in range(0,16):
+
+ if len(newcat) == 0:
+ newcat.append(rlist[0])
+ else:
+ if newcat[0] != rlist[0]:
+ raise ValueError("Can not have multiple sensitivities")
+ else:
+ if len(newcat) == 0:
+ newcat.append("s0")
+ else:
+ if newcat[0] != "s0":
+ raise ValueError("Can not have multiple sensitivities")
+ newcat.append(rlist[0])
+
+ return newcat
def usage():
print "Usage %s CATEGORY File ..." % sys.argv[0]
@@ -190,26 +200,36 @@
usage()
except:
usage()
+
if delete_ind:
- sys.exit(chcat([""], cmds))
+ sys.exit(chcat_replace(["s0"], ["s0"], cmds))
+
if len(cmds) < 2:
usage()
- cats=cmds[0].split(",")
set_ind=0
+ cats=cmds[0].split(",")
mod_ind=0
- for i in cats:
- if i[0]=='+' or i[0]=="-":
- mod_ind=1
- if set_ind == 1:
- error("You can not use '%s' with previous categories" % i)
- else:
- if mod_ind == 1 or set_ind==1:
- error("You can not use '%s' with previous categories" % i)
- set_ind=1
-
+ errors=0
files=cmds[1:]
- sys.exit(chcat(cats, files))
+ try:
+ if check_replace(cats):
+ errors=chcat_replace(cats,translate(cats), files)
+ else:
+ for c in cats:
+ l=[]
+ l.append(c[1:])
+ if len(c) > 0 and c[0] == "+":
+ errors += chcat_add(c[1:],translate(l), files)
+ continue
+ if len(c) > 0 and c[0] == "-":
+ errors += chcat_remove(c[1:],translate(l), files)
+ continue
+ except ValueError, e:
+ error(e)
+
+ sys.exit(errors)
+