diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 08b053d..a1ed498 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,7 +1,47 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.50/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.52/gui/Makefile
+--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.52/gui/Makefile 2008-07-03 13:15:10.000000000 -0400
+@@ -0,0 +1,36 @@
++# Installation directories.
++PREFIX ?= ${DESTDIR}/usr
++SHAREDIR ?= $(PREFIX)/share/system-config-selinux
++
++TARGETS= \
++booleansPage.py \
++fcontextPage.py \
++loginsPage.py \
++mappingsPage.py \
++modulesPage.py \
++polgen.py \
++polgen.glade \
++portsPage.py \
++lockdown.glade \
++semanagePage.py \
++statusPage.py \
++system-config-selinux.glade \
++translationsPage.py \
++usersPage.py \
++selinux.tbl
++
++all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py
++
++install: all
++ -mkdir -p $(SHAREDIR)/templates
++ install -m 755 system-config-selinux.py $(SHAREDIR)
++ install -m 755 polgengui.py $(SHAREDIR)
++ install -m 755 lockdown.py $(SHAREDIR)
++ install -m 644 $(TARGETS) $(SHAREDIR)
++ install -m 644 templates/*.py $(SHAREDIR)/templates/
++
++clean:
++
++indent:
++
++relabel:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.52/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/booleansPage.py 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,230 @@
++++ policycoreutils-2.0.52/gui/booleansPage.py 2008-07-03 13:08:37.000000000 -0400
+@@ -0,0 +1,237 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
+#
@@ -84,6 +124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+class booleansPage:
+ def __init__(self, xml, doDebug=None):
+ self.xml = xml
++ xml.signal_connect("on_lockdown_clicked", self.on_lockdown_clicked)
+ self.window = self.xml.get_widget("mainWindow").get_root_window()
+ self.local = False
+ self.types=[]
@@ -220,6 +261,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+ commands.getstatusoutput(setsebool)
+ self.ready()
+
++ def on_lockdown_clicked(self, button):
++ try:
++ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/lockdown.py")
++ except ValueError, e:
++ self.error(e.args[0])
++
+ def on_local_clicked(self, button):
+ self.local = not self.local
+ self.revertButton.set_sensitive(self.local)
@@ -232,9 +279,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.50/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.52/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/fcontextPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/fcontextPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -453,10 +500,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.50/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.52/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/lockdown.glade 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,2065 @@
++++ policycoreutils-2.0.52/gui/lockdown.glade 2008-07-03 12:38:35.000000000 -0400
+@@ -0,0 +1,771 @@
+
+
+
@@ -529,7 +576,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-+
++
+ True
+ gtk-media-next
+ 1
@@ -551,7 +598,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-+
++
+ True
+ gtk-media-previous
+ 1
@@ -565,17 +612,45 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-+
++
++
++
++
++
++
++
+
++
++
++
++
+
+
+
@@ -706,346 +789,315 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-+
-+ True
-+ False
-+ True
-+ GTK_POS_TOP
-+ False
-+ False
++
++ False
++ 0
+
+
-+
++
+ True
+ False
+ 0
+
+
-+
++
+ True
-+ False
++ True
++ GTK_POLICY_ALWAYS
++ GTK_POLICY_ALWAYS
++ GTK_SHADOW_NONE
++ GTK_CORNER_TOP_LEFT
++
++
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ GTK_BUTTONBOX_END
+ 0
+
+
-+
++
+ True
++ True
+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
++ gtk-apply
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
+
-+
-+
-+
++
++
++ True
++ True
++ True
++ gtk-save-as
++ True
++ GTK_RELIEF_NORMAL
++ True
++
+
-+
-+ 0
-+ True
-+ True
-+
+
++
++
++ 0
++ False
++ False
++ GTK_PACK_END
++
++
++
++
++
++ True
++ 0
+
+
-+
++
+ True
-+ True
-+ 0
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
+
+
-+
++
+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
++ 0.5
++ 0.5
++ 0
++ 0
++ 0
++ 0
++ 0
++ 0
+
+
-+
++
+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
++ False
++ 2
+
+
-+
++
+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-yes
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
++ gtk-yes
++ 4
++ 0.5
++ 0.5
++ 0
++ 0
++
++
++ 0
++ False
++ False
++
++
+
-+
-+
-+ True
-+ Enable
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
++
++
++ Enable
++ True
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
+
++
++ 0
++ False
++ False
++
+
+
+
+
-+
-+ 0
-+ False
-+ False
-+
+
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++ enable_radiobutton
+
+
-+
++
+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
-+ enable_radiobutton
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
++ 0.5
++ 0.5
++ 0
++ 0
++ 0
++ 0
++ 0
++ 0
++
++
++
++ True
++ False
++ 2
+
+
-+
++
+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-no
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Disable
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
++ gtk-no
++ 4
++ 0.5
++ 0.5
++ 0
++ 0
+
++
++ 0
++ False
++ False
++
+
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
-+ enable_radiobutton
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
+
+
-+
++
+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-undo
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Default
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
++ Disable
++ True
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
+
++
++ 0
++ False
++ False
++
+
+
+
+
-+
-+ 0
-+ False
-+ False
-+
+
+
+
-+ 11
++ 0
+ False
+ False
+
+
+
+
-+
++
+ True
-+ GTK_BUTTONBOX_END
-+ 0
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++ enable_radiobutton
+
+
-+
++
+ True
-+ True
-+ True
-+ gtk-cancel
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
-+
-+
++ 0.5
++ 0.5
++ 0
++ 0
++ 0
++ 0
++ 0
++ 0
+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-media-previous
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
-+
-+
++
++
++ True
++ False
++ 2
+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-media-forward
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
++
++
++ True
++ gtk-undo
++ 4
++ 0.5
++ 0.5
++ 0
++ 0
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ Default
++ True
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 0
++ False
++ False
++
++
++
++
+
+
+
@@ -1057,3554 +1109,175 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+
+
+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label37
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Revert boolean setting to system default
-+ gtk-revert-to-saved
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Booleans
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
++ 11
++ False
++ False
+
+
+
+
-+
++
+ True
-+ False
++ GTK_BUTTONBOX_END
+ 0
+
+
-+
++
+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
++ True
++ True
++ gtk-quit
++ True
++ GTK_RELIEF_NORMAL
++ True
++
+
-+
-+ 10
-+ False
-+ False
-+
+
+
+
-+
++
+ True
++ True
+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
++ gtk-media-previous
++ True
++ GTK_RELIEF_NORMAL
++ True
++
+
-+
-+ 0
-+ True
-+ True
-+
+
-+
-+
-+ 10
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
+
+
-+
++
+ True
++ True
+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
++ gtk-media-forward
++ True
++ GTK_RELIEF_NORMAL
++ True
++
+
+
+
+
+ 0
-+ True
-+ True
++ False
++ False
+
+
+
+
-+ False
-+ True
++ 0
++ True
++ True
+
+
++
++
++ True
++ True
++
++
++
++
++
++
++ 0
++ True
++ True
++
++
+
-+
-+
-+ True
-+ label50
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
++
++
++ True
++ True
++ True
++
++
++ 0
++ True
++ True
++
++
++
+
-+
-+
-+ True
-+ False
-+ 0
++
++ 5
++ Select file name to save boolean settings.
++ GTK_FILE_CHOOSER_ACTION_SAVE
++ True
++ False
++ False
++ False
++ Save Boolean Configuration File
++ GTK_WINDOW_TOPLEVEL
++ GTK_WIN_POS_MOUSE
++ False
++ True
++ False
++ True
++ False
++ False
++ GDK_WINDOW_TYPE_HINT_DIALOG
++ GDK_GRAVITY_NORTH_WEST
++ True
++ False
+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
++
++
++ True
++ False
++ 2
+
-+
-+
-+ True
-+ Add File Context
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
++
++
++ True
++ GTK_BUTTONBOX_END
+
-+
-+
-+ True
-+ Modify File Context
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete File Context
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between all and customized file context
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label38
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add SELinux User Mapping
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify SELinux User Mapping
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete SELinux User Mapping
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label39
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add Translation
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify Translation
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete Translation
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label41
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add SELinux User
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify SELinux User
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Add SELinux User
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label40
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ False
-+ True
-+
-+
-+
-+ True
-+ Add Network Port
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Edit Network Port
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete Network Port
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+
-+
-+
-+ 32
-+ True
-+
-+
-+
-+
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Ports
-+ Group View
-+ True
-+ gtk-indent
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Ports
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label42
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Generate new policy module
-+ gtk-new
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Load policy module
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Remove loadable policy module
-+ gtk-remove
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+
-+
-+
-+ 10
-+ True
-+
-+
-+
-+
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Enable/Disable additional audit rules, that are normally not reported in the log files.
-+ Enable Audit
-+ True
-+ gtk-zoom-in
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label44
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+ True
-+ True
-+
-+
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade.bak policycoreutils-2.0.50/gui/lockdown.glade.bak
---- nsapolicycoreutils/gui/lockdown.glade.bak 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/lockdown.glade.bak 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,2065 @@
-+
-+
-+
-+
-+
-+
-+
-+
-+ 5
-+ False
-+ system-config-selinux
-+ Copyright (c)2006 Red Hat, Inc.
-+Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com>
-+ False
-+ Daniel Walsh <dwalsh@redhat.com>
-+
-+ translator-credits
-+ system-config-selinux.png
-+
-+
-+
-+ 800
-+ 500
-+ SELinux Boolean Lockdown
-+ GTK_WINDOW_TOPLEVEL
-+ GTK_WIN_POS_NONE
-+ False
-+ True
-+ False
-+ system-config-selinux.png
-+ True
-+ False
-+ False
-+ GDK_WINDOW_TYPE_HINT_NORMAL
-+ GDK_GRAVITY_NORTH_WEST
-+ True
-+ False
-+ True
-+
-+
-+
-+ True
-+ True
-+
-+
-+
-+ True
-+ GTK_SHADOW_NONE
-+
-+
-+
-+
-+
-+
-+ BONOBO_DOCK_TOP
-+ 0
-+ 0
-+ 0
-+ BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED
-+
-+
-+
-+
-+
-+ True
-+ True
-+ 0
-+
-+
-+
-+ 5
-+ True
-+ 0
-+ 0.5
-+ GTK_SHADOW_NONE
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 1
-+ 1
-+ 0
-+ 0
-+ 12
-+ 0
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ 300
-+ True
-+ Select Management Object
-+ True
-+ False
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+
-+
-+
-+
-+
-+ True
-+ <b>Select:</b>
-+ False
-+ True
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ label_item
-+
-+
-+
-+
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ True
-+ GTK_POS_TOP
-+ False
-+ False
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ 0
-+
-+
-+
-+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+
-+
-+
-+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-yes
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Enable
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
-+ enable_radiobutton
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+
-+
-+
-+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-no
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Disable
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ False
-+ False
-+ True
-+ enable_radiobutton
-+
-+
-+
-+ True
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+ 0
-+
-+
-+
-+ True
-+ False
-+ 2
-+
-+
-+
-+ True
-+ gtk-undo
-+ 4
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Default
-+ True
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+ 11
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ GTK_BUTTONBOX_END
-+ 0
-+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-cancel
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-media-previous
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-media-forward
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label37
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Revert boolean setting to system default
-+ gtk-revert-to-saved
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Booleans
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 10
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label50
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add File Context
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify File Context
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete File Context
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between all and customized file context
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label38
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add SELinux User Mapping
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify SELinux User Mapping
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete SELinux User Mapping
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label39
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add Translation
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify Translation
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete Translation
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label41
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Add SELinux User
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Modify SELinux User
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Add SELinux User
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label40
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ False
-+ True
-+
-+
-+
-+ True
-+ Add Network Port
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Edit Network Port
-+ gtk-properties
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Delete Network Port
-+ gtk-delete
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+
-+
-+
-+ 32
-+ True
-+
-+
-+
-+
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Ports
-+ Group View
-+ True
-+ gtk-indent
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Toggle between Customized and All Ports
-+ Customized
-+ True
-+ gtk-find
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ label42
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ GTK_ORIENTATION_HORIZONTAL
-+ GTK_TOOLBAR_BOTH
-+ True
-+ True
-+
-+
-+
-+ True
-+ Generate new policy module
-+ gtk-new
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Load policy module
-+ gtk-add
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ Remove loadable policy module
-+ gtk-remove
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+
-+
-+
-+ 10
-+ True
-+
-+
-+
-+
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ Enable/Disable additional audit rules, that are normally not reported in the log files.
-+ Enable Audit
-+ True
-+ gtk-zoom-in
-+ True
-+ True
-+ False
-+
-+
-+
-+ False
-+ True
-+
-+
-+
-+
-+ 0
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ False
-+ 0
-+
-+
-+
-+ True
-+ Filter
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ 10
-+ False
-+ False
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ 5
-+ False
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ GTK_POLICY_ALWAYS
-+ GTK_POLICY_ALWAYS
-+ GTK_SHADOW_NONE
-+ GTK_CORNER_TOP_LEFT
-+
-+
-+
-+ True
-+ True
-+ True
-+ False
-+ False
-+ True
-+ False
-+ False
-+ False
-+
-+
-+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+ False
-+ True
-+
-+
++
++
++ True
++ True
++ True
++ gtk-cancel
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -6
++
++
+
-+
-+
-+ True
-+ label44
-+ False
-+ False
-+ GTK_JUSTIFY_LEFT
-+ False
-+ False
-+ 0.5
-+ 0.5
-+ 0
-+ 0
-+ PANGO_ELLIPSIZE_NONE
-+ -1
-+ False
-+ 0
-+
-+
-+ tab
-+
-+
++
++
++ True
++ True
++ True
++ True
++ gtk-save
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -5
+
-+
-+ True
-+ True
-+
+
+
++
++ 0
++ False
++ True
++ GTK_PACK_END
++
+
+
-+
-+ 0
-+ True
-+ True
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+
-+
-+ 0
-+ True
-+ True
-+
+
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.50/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.52/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/lockdown.gladep 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,7 @@
-+
-+
-+
-+
-+
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep.bak policycoreutils-2.0.50/gui/lockdown.gladep.bak
---- nsapolicycoreutils/gui/lockdown.gladep.bak 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/lockdown.gladep.bak 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/lockdown.gladep 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,7 @@
+
+
@@ -4613,10 +1286,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep.bak
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.50/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.52/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/lockdown.py 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,331 @@
++++ policycoreutils-2.0.52/gui/lockdown.py 2008-07-03 12:38:24.000000000 -0400
+@@ -0,0 +1,382 @@
+#!/usr/bin/python
+#
+# lockdown.py - GUI for Booleans page in system-config-securitylevel
@@ -4649,6 +1322,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+import selinux
+import seobject
+import gtkhtml2
++import commands
++import tempfile
++
+from html_util import *
+
+gnome.program_init("SELinux Boolean Lockdown Tool", "5")
@@ -4706,13 +1382,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ xml.signal_connect("on_cancel_clicked", self.cancel)
+ xml.signal_connect("on_forward_clicked", self.forward)
+ xml.signal_connect("on_previous_clicked", self.previous)
++ xml.signal_connect("on_save_clicked", self.save)
++ xml.signal_connect("on_apply_clicked", self.apply)
+ self.xml = xml
+ self.mainWindow = self.xml.get_widget("mainWindow")
++ self.forwardbutton = self.xml.get_widget("forwardButton")
+ self.window = self.xml.get_widget("mainWindow").get_root_window()
+ self.busy_cursor = gtk.gdk.Cursor(gtk.gdk.WATCH)
+ self.ready_cursor = gtk.gdk.Cursor(gtk.gdk.LEFT_PTR)
+ self.radiobox = self.xml.get_widget("radiobox")
-+
++ self.savebox = self.xml.get_widget("savebox")
++ self.file_dialog = self.xml.get_widget("filechooserdialog")
+ self.vbox = self.xml.get_widget("vbox")
+ self.enable_radiobutton = self.xml.get_widget("enable_radiobutton")
+ self.enable_radiobutton.connect("toggled", self.toggled)
@@ -4721,7 +1401,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ self.default_radiobutton = self.xml.get_widget("default_radiobutton")
+ self.default_radiobutton.connect("toggled", self.toggled)
+ self.html_scrolledwindow = self.xml.get_widget("html_scrolledwindow")
-+
+ self.view = xml.get_widget("booleanView")
+ self.view.get_selection().connect("changed", self.itemSelected)
+
@@ -4792,6 +1471,46 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ def cancel(self, args):
+ gtk.main_quit()
+
++ def error(self, message):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
++ gtk.BUTTONS_CLOSE,
++ message)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ dlg.run()
++ dlg.destroy()
++
++ def __out(self):
++ out = ''
++ for c in self.booldict.keys():
++ for b in self.booldict[c]:
++ out += "%s=%s\n" % (b, self.booldict[c][b][0])
++ return out
++
++ def save(self, args):
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE)
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_OK:
++ try:
++ fd = open(self.file_dialog.get_filename(), "w")
++ fd.write(self.__out())
++ fd.close()
++
++ except IOError, e:
++ self.error(e)
++
++ def apply(self, args):
++ fd = tempfile.NamedTemporaryFile(dir = "/var/lib/selinux")
++ fd.write(self.__out())
++ fd.flush()
++ self.wait()
++ rc, err = commands.getstatusoutput("semanage boolean -m -F %s" % fd.name)
++ self.ready()
++ fd.close()
++ if rc != 0:
++ self.error(err)
++
+ def forward(self, args):
+ selection = self.view.get_selection()
+ store, iter = selection.get_selected()
@@ -4886,7 +1605,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ cats = self.booldict.keys()
+ cats.sort()
+ for cat in cats:
-+ html += self.html_table((_("Category: ") + cat), self.html_cat(cat))
++ html += self.html_table((_("Category: %s
") % cat), self.html_cat(cat))
+ return html
+
+ def itemSelected(self, selection):
@@ -4907,23 +1626,26 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ html = ''
+
+ self.radiobox.hide()
++ self.savebox.hide()
++
+ if self.name == _("Begin"):
-+ html += self.html_head(_("Welcome to the SELinux Lockdown Tool, Blah Blah, Blah"))
++ html += self.html_head(_("Welcome to the SELinux Lockdown Tool.
This tool can be used to lockdown SELinux booleans.The tool will generate a configuration file which can be used to lockdown this system or other SELinux systems.
"))
+ html += self.html_all()
+ else:
+ if self.name == _("Finish"):
+ if self.cat != None:
-+ cat_finish="%s %s %s" % (_("Categories: "),self.cat,_("Finish"))
-+ html += self.html_all(cat_finish, self.html_cat(self.cat))
++ html += self.html_head(_("Category %s booleans completed
") % self.cat)
++ html += self.html_table(_("Current settings:
"), self.html_cat(self.cat))
+ else:
-+ html += self.html_head(self.name)
++ html += self.html_head(_("Finish:
"))
+ html += self.html_all()
++ self.savebox.show()
+ else:
+ if self.store.iter_has_child(iter):
-+ html += self.html_table(_("Category: ") + self.name, self.html_cat(self.name))
++ html += self.html_table(_("Category: %s
Current Settings
") % self.name, self.html_cat(self.name))
+ else:
+ self.radiobox.show()
-+ html += self.html_table(_("Boolean: ") + self.name, tr_fmt % td_fmt(self.booleans.get_desc(self.name)))
++ html += self.html_table(_("Boolean: %s
") % self.name, tr_fmt % td_fmt(self.booleans.get_desc(self.name)))
+ if self.booldict[self.cat][self.name][0] == ENABLE:
+ self.enable_radiobutton.set_active(True)
+ if self.booldict[self.cat][self.name][0] == DISABLE:
@@ -4941,6 +1663,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ self.mainWindow.connect("destroy", self.cancel)
+
+ self.mainWindow.show_all()
++ self.radiobox.hide()
++ self.savebox.hide()
+ gtk.main()
+
+if __name__ == "__main__":
@@ -4948,9 +1672,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+
+ app = booleanWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.50/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.52/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/loginsPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/loginsPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5113,74 +1837,33 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+ return False
+
+ iter = self.store.append()
-+ self.store.set_value(iter, 0, target)
-+ self.store.set_value(iter, 1, seuser)
-+ self.store.set_value(iter, 2, seobject.translate(serange))
-+
-+ def modify(self):
-+ target=self.loginsNameEntry.get_text().strip()
-+ serange=self.loginsMLSEntry.get_text().strip()
-+ if serange == "":
-+ serange = "s0"
-+ list_model = self.loginsSelinuxUserCombo.get_model()
-+ iter = self.loginsSelinuxUserCombo.get_active_iter()
-+ seuser=list_model.get_value(iter,0)
-+ self.wait()
-+ (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target))
-+ self.ready()
-+ if rc != 0:
-+ self.error(out)
-+ return False
-+
-+ store, iter = self.view.get_selection().get_selected()
-+ self.store.set_value(iter, 0, target)
-+ self.store.set_value(iter, 1, seuser)
-+ self.store.set_value(iter, 2, seobject.translate(serange))
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.50/gui/Makefile
---- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/Makefile 2008-07-01 21:56:24.000000000 -0400
-@@ -0,0 +1,37 @@
-+# Installation directories.
-+PREFIX ?= ${DESTDIR}/usr
-+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
-+
-+TARGETS= \
-+booleansPage.py \
-+fcontextPage.py \
-+loginsPage.py \
-+mappingsPage.py \
-+modulesPage.py \
-+polgen.py \
-+polgen.glade \
-+portsPage.py \
-+lockdown.py \
-+lockdown.glade \
-+semanagePage.py \
-+statusPage.py \
-+system-config-selinux.glade \
-+translationsPage.py \
-+usersPage.py \
-+selinux.tbl
-+
-+all: $(TARGETS) system-config-selinux.py polgengui.py templates
-+
-+install: all
-+ -mkdir -p $(SHAREDIR)/templates
-+ install -m 755 system-config-selinux.py $(SHAREDIR)
-+ install -m 755 polgengui.py $(SHAREDIR)
-+ install -m 755 lockdown.py $(SHAREDIR)
-+ install -m 644 $(TARGETS) $(SHAREDIR)
-+ install -m 644 templates/*.py $(SHAREDIR)/templates/
-+
-+clean:
-+
-+indent:
++ self.store.set_value(iter, 0, target)
++ self.store.set_value(iter, 1, seuser)
++ self.store.set_value(iter, 2, seobject.translate(serange))
++
++ def modify(self):
++ target=self.loginsNameEntry.get_text().strip()
++ serange=self.loginsMLSEntry.get_text().strip()
++ if serange == "":
++ serange = "s0"
++ list_model = self.loginsSelinuxUserCombo.get_model()
++ iter = self.loginsSelinuxUserCombo.get_active_iter()
++ seuser=list_model.get_value(iter,0)
++ self.wait()
++ (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target))
++ self.ready()
++ if rc != 0:
++ self.error(out)
++ return False
++
++ store, iter = self.view.get_selection().get_selected()
++ self.store.set_value(iter, 0, target)
++ self.store.set_value(iter, 1, seuser)
++ self.store.set_value(iter, 2, seobject.translate(serange))
+
-+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.50/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.52/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/mappingsPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/mappingsPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5238,9 +1921,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.50/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.52/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/modulesPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/modulesPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,195 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5437,9 +2120,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.50/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.52/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/polgen.glade 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/polgen.glade 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,3284 @@
+
+
@@ -8725,44 +5408,52 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.50/gui/polgengui.py
---- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/polgengui.py 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,623 @@
-+#!/usr/bin/python -E
-+#
-+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.52/gui/polgen.py
+--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.52/gui/polgen.py 2008-07-02 13:43:21.000000000 -0400
+@@ -0,0 +1,925 @@
++#!/usr/bin/python
+#
-+# Dan Walsh
++# Copyright (C) 2007, 2008 Red Hat
++# see file 'COPYING' for use and warranty information
+#
-+# Copyright 2007, 2008 Red Hat, Inc.
++# policygentool is a tool for the initial generation of SELinux policy
+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
+#
-+import signal
-+import string
-+import gtk
-+import gtk.glade
-+import os
-+import gobject
-+import gnome
-+import sys
-+import polgen
++#
++import os, sys, stat
+import re
+import commands
+
++from templates import executable
++from templates import boolean
++from templates import etc_rw
++from templates import var_spool
++from templates import var_lib
++from templates import var_log
++from templates import var_run
++from templates import tmp
++from templates import rw
++from templates import network
++from templates import script
++from templates import user
++import seobject
++import sepolgen.interfaces as interfaces
++import sepolgen.defaults as defaults
+
+##
+## I18N
@@ -8781,1509 +5472,1501 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
-+gnome.program_init("SELinux Policy Generation Tool", "5")
-+
-+version = "1.0"
-+
-+sys.path.append('/usr/share/system-config-selinux')
-+sys.path.append('.')
-+
-+# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
-+def foreach(model, path, iter, selected):
-+ selected.append(model.get_value(iter, 0))
-+
-+##
-+## Pull in the Glade file
-+##
-+if os.access("polgen.glade", os.F_OK):
-+ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME)
-+else:
-+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
-+
-+FILE = 1
-+DIR = 2
-+
-+class childWindow:
-+ START_PAGE = 0
-+ SELECT_TYPE_PAGE = 1
-+ APP_PAGE = 2
-+ EXISTING_USER_PAGE = 3
-+ TRANSITION_PAGE = 4
-+ USER_TRANSITION_PAGE = 5
-+ ADMIN_PAGE = 6
-+ ROLE_PAGE = 7
-+ IN_NET_PAGE = 8
-+ OUT_NET_PAGE = 9
-+ COMMON_APPS_PAGE = 10
-+ FILES_PAGE = 11
-+ BOOLEAN_PAGE = 12
-+ SELECT_DIR_PAGE = 13
-+ GEN_POLICY_PAGE = 14
-+ GEN_USER_POLICY_PAGE = 15
-+
-+ def __init__(self):
-+ self.xml = xml
-+ self.all_types=polgen.get_all_types()
-+ self.all_modules=polgen.get_all_modules()
-+ self.name=""
-+ xml.signal_connect("on_delete_clicked", self.delete)
-+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
-+ xml.signal_connect("on_exec_select_clicked", self.exec_select)
-+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
-+ xml.signal_connect("on_add_clicked", self.add)
-+ xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
-+ xml.signal_connect("on_add_dir_clicked", self.add_dir)
-+ xml.signal_connect("on_about_clicked", self.on_about_clicked)
-+ xml.get_widget ("cancel_button").connect("clicked",self.quit)
-+ self.forward_button = xml.get_widget ("forward_button")
-+ self.forward_button.connect("clicked",self.forward)
-+ self.back_button = xml.get_widget ("back_button")
-+ self.back_button.connect("clicked",self.back)
++methods = []
++fn = defaults.interface_info()
++try:
++ fd = open(fn)
++ # List of per_role_template interfaces
++ ifs = interfaces.InterfaceSet()
++ ifs.from_file(fd)
++ methods = ifs.interfaces.keys()
++ fd.close()
++except:
++ sys.stderr.write("could not open interface info [%s]\n" % fn)
++ sys.exit(1)
+
-+ self.boolean_dialog = xml.get_widget ("boolean_dialog")
-+ self.boolean_name_entry = xml.get_widget ("boolean_name_entry")
-+ self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
++def get_all_roles():
++ roles = []
++ output = commands.getoutput("/usr/bin/seinfo -r").split()
++ for r in output:
++ if r != "object_r" and r.endswith("_r"):
++ roles.append(r)
++ roles.sort()
++ return roles
+
-+ self.notebook = xml.get_widget ("notebook1")
-+ self.pages={}
-+ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ]
-+ for i in polgen.USERS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
-+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
-+ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++def get_all_types():
++ all_types = []
++ try:
++ rc, output=commands.getstatusoutput("/usr/bin/seinfo --type")
++ output = commands.getoutput("/usr/bin/seinfo --type").split()
++ for t in output:
++ if t.endswith("_t"):
++ all_types.append(t[:-2])
++ except:
++ pass
+
-+ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ return all_types
+
-+ for i in polgen.APPLICATIONS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
-+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
-+
-+ self.current_page = 0
-+ self.back_button.set_sensitive(0)
++def get_all_modules():
++ try:
++ all_modules = []
++ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null")
++ if rc == 0:
++ l = output.split("\n")
++ for i in l:
++ all_modules.append(i.split()[0])
++ except:
++ pass
+
-+ self.network_buttons = {}
++ return all_modules
+
-+ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
-+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
-+ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
-+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
-+ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
++def get_all_users():
++ users = seobject.seluserRecords().get_all().keys()
++ users.remove("system_u")
++ users.remove("root")
++ users.sort()
++ return users
+
++ALL = 0
++RESERVED = 1
++UNRESERVED = 2
++PORTS = 3
++ADMIN_TRANSITION_INTERFACE = "_admin$"
++USER_TRANSITION_INTERFACE = "_per_role_template$"
+
-+ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
-+ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
-+ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
-+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
++DAEMON = 0
++INETD = 1
++USER = 2
++CGI = 3
++XUSER = 4
++TUSER = 5
++LUSER = 6
++AUSER = 7
++EUSER = 8
++RUSER = 9
+
-+ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
++APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
++USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
+
-+ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
-+ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
-+ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
-+ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
++def verify_ports(ports):
++ if ports == "":
++ return []
++ max_port=2**16
++ try:
++ temp = []
++ for a in ports.split(","):
++ r = a.split("-")
++ if len(r) > 2:
++ raise ValueError
++ if len(r) == 1:
++ begin = int (r[0])
++ end = int (r[0])
++ else:
++ begin = int (r[0])
++ end = int (r[1])
++
++ if begin > end:
++ raise ValueError
++
++ for p in range(begin, end + 1):
++ if p < 1 or p > max_port:
++ raise ValueError
++ temp.append(p)
++ return temp
++ except ValueError:
++ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
+
-+ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
++class policy:
+
-+ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
-+ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
-+ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
++ def __init__(self, name, type):
++ ports = seobject.portRecords()
++ self.ports = ports.get_all()
++
++ self.DEFAULT_DIRS = {}
++ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
++ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
++ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
++ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
++ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+
-+ for b in self.network_buttons.keys():
-+ b.connect("clicked",self.network_all_clicked)
++ self.DEFAULT_TYPES = (\
++( self.generate_daemon_types, self.generate_daemon_rules), \
++( self.generate_inetd_types, self.generate_inetd_rules), \
++( self.generate_userapp_types, self.generate_userapp_rules), \
++( self.generate_cgi_types, self.generate_cgi_rules), \
++( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
++( self.generate_min_login_user_types, self.generate_login_user_rules), \
++( self.generate_login_user_types, self.generate_login_user_rules), \
++( self.generate_admin_user_types, self.generate_login_user_rules), \
++( self.generate_existing_user_types, self.generate_existing_user_rules), \
++( self.generate_root_user_types, self.generate_root_user_rules))
++ if name == "":
++ raise ValueError(_("You must enter a name for your confined process/user"))
++ if type == CGI:
++ self.name = "httpd_%s_script" % name
++ else:
++ self.name = name
++ self.file_name = name
+
-+ self.boolean_treeview = self.xml.get_widget("boolean_treeview")
-+ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING)
-+ self.boolean_treeview.set_model(self.boolean_store)
-+ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0)
-+ self.boolean_treeview.append_column(col)
-+ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1)
-+ self.boolean_treeview.append_column(col)
++ self.type = type
++ self.initscript = ""
++ self.program = ""
++ self.in_tcp = [False, False, False, []]
++ self.in_udp = [False, False, False, []]
++ self.out_tcp = [False, False, False, []]
++ self.out_udp = [False, False, False, []]
++ self.use_tmp = False
++ self.use_uid = False
++ self.use_syslog = False
++ self.use_pam = False
++ self.use_dbus = False
++ self.use_audit = False
++ self.use_terminal = False
++ self.use_mail = False
++ self.booleans = {}
++ self.files = {}
++ self.dirs = {}
++ self.found_tcp_ports=[]
++ self.found_udp_ports=[]
++ self.need_tcp_type=False
++ self.need_udp_type=False
++ self.admin_domains = []
++ self.transition_domains = []
++ self.roles = []
++ self.all_roles = get_all_roles()
+
-+ self.role_treeview = self.xml.get_widget("role_treeview")
-+ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.role_treeview.set_model(self.role_store)
-+ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
-+ self.role_treeview.append_column(col)
++ def __isnetset(self, l):
++ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
+
-+ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
-+ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.existing_user_treeview.set_model(self.existing_user_store)
-+ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
-+ self.existing_user_treeview.append_column(col)
++ def set_admin_domains(self, admin_domains):
++ self.admin_domains = admin_domains
+
-+ roles = polgen.get_all_roles()
-+ for i in roles:
-+ iter = self.role_store.append()
-+ self.role_store.set_value(iter, 0, i[:-2])
++ def set_admin_roles(self, roles):
++ self.roles = roles
+
-+ self.types = polgen.get_all_types()
++ def set_transition_domains(self, transition_domains):
++ self.transition_domains = transition_domains
+
-+ self.transition_treeview = self.xml.get_widget("transition_treeview")
-+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.transition_treeview.set_model(self.transition_store)
-+ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.transition_treeview.append_column(col)
++ def set_transition_users(self, transition_users):
++ self.transition_users = transition_users
+
-+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
-+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.user_transition_treeview.set_model(self.user_transition_store)
-+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.user_transition_treeview.append_column(col)
++ def use_in_udp(self):
++ return self.__isnetset(self.in_udp)
++
++ def use_out_udp(self):
++ return self.__isnetset(self.out_udp)
++
++ def use_udp(self):
++ return self.use_in_udp() or self.use_out_udp()
+
-+ for i in polgen.get_all_users():
-+ iter = self.user_transition_store.append()
-+ self.user_transition_store.set_value(iter, 0, i)
-+ iter = self.existing_user_store.append()
-+ self.existing_user_store.set_value(iter, 0, i)
++ def use_in_tcp(self):
++ return self.__isnetset(self.in_tcp)
++
++ def use_out_tcp(self):
++ return self.__isnetset(self.out_tcp)
++
++ def use_tcp(self):
++ return self.use_in_tcp() or self.use_out_tcp()
+
-+ self.admin_treeview = self.xml.get_widget("admin_treeview")
-+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
-+ self.admin_treeview.set_model(self.admin_store)
-+ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
-+ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
-+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
-+ self.admin_treeview.append_column(col)
++ def use_network(self):
++ return self.use_tcp() or self.use_udp()
++
++ def find_port(self, port):
++ for begin,end in self.ports.keys():
++ if port >= begin and port <= end:
++ return self.ports[begin,end]
++ return None
+
-+ for i in polgen.methods:
-+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
-+ if len(m) > 0:
-+ if "%s_exec" % m[0] in self.types:
-+ iter = self.transition_store.append()
-+ self.transition_store.set_value(iter, 0, m[0])
-+ continue
++ def set_program(self, program):
++ if self.type not in APPLICATIONS:
++ raise ValueError(_("USER Types are not allowed executables"))
+
-+ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
-+ if len(m) > 0:
-+ iter = self.admin_store.append()
-+ self.admin_store.set_value(iter, 0, m[0])
-+ continue
-+
-+ def confine_application(self):
-+ return self.get_type() in polgen.APPLICATIONS
++ self.program = program
+
-+ def forward(self, arg):
-+ type = self.get_type()
-+ if self.current_page == self.START_PAGE:
-+ self.back_button.set_sensitive(1)
++ def set_init_script(self, initscript):
++ if self.type != DAEMON:
++ raise ValueError(_("Only DAEMON apps can use an init script"))
+
-+ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
-+ if self.on_select_type_page_next():
-+ return
++ self.initscript = initscript
+
-+ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
-+ if self.on_in_net_page_next():
-+ return
++ def set_in_tcp(self, all, reserved, unreserved, ports):
++ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
+
-+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
-+ if self.on_out_net_page_next():
-+ return
++ def set_in_udp(self, all, reserved, unreserved, ports):
++ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
+
-+ if self.pages[type][self.current_page] == self.APP_PAGE:
-+ if self.on_name_page_next():
-+ return
++ def set_out_tcp(self, all, ports):
++ self.out_tcp = [ all , False, False, verify_ports(ports) ]
+
-+ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
-+ if self.on_existing_user_page_next():
-+ return
++ def set_out_udp(self, all, ports):
++ self.out_udp = [ all , False, False, verify_ports(ports) ]
+
-+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
-+ outputdir = self.output_entry.get_text()
-+ if not os.path.isdir(outputdir):
-+ self.error(_("%s must be a directory") % outputdir )
-+ return False
++ def set_use_syslog(self, val):
++ if val != True and val != False:
++ raise ValueError(_("use_syslog must be a boolean value "))
+
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.generate_policy()
-+ else:
-+ self.current_page = self.current_page + 1
-+ self.notebook.set_current_page(self.pages[type][self.current_page])
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.forward_button.set_label(gtk.STOCK_APPLY)
-+
-+ def back(self,arg):
-+ type = self.get_type()
-+ if self.pages[type][self.current_page] in self.finish_page:
-+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
-+
-+ self.current_page = self.current_page - 1
-+ self.notebook.set_current_page(self.pages[type][self.current_page])
-+ if self.current_page == 0:
-+ self.back_button.set_sensitive(0)
-+
-+ def network_all_clicked(self, button):
-+ active = button.get_active()
-+ for b in self.network_buttons[button]:
-+ b.set_sensitive(not active)
-+
-+ def verify(self, message, title="" ):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
-+ gtk.BUTTONS_YES_NO,
-+ message)
-+ dlg.set_title(title)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ rc = dlg.run()
-+ dlg.destroy()
-+ return rc
++ self.use_syslog = val
++
++ def set_use_pam(self, val):
++ self.use_pam = val == True
++
++ def set_use_dbus(self, val):
++ self.use_dbus = val == True
++
++ def set_use_audit(self, val):
++ self.use_audit = val == True
++
++ def set_use_terminal(self, val):
++ self.use_terminal = val == True
++
++ def set_use_mail(self, val):
++ self.use_mail = val == True
++
++ def set_use_tmp(self, val):
++ if self.type not in APPLICATIONS:
++ raise ValueError(_("USER Types autoomatically get a tmp type"))
+
-+ def info(self, message):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
-+ gtk.BUTTONS_OK,
-+ message)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ dlg.run()
-+ dlg.destroy()
++ if val:
++ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
++ else:
++ self.DEFAULT_DIRS["tmp"][1]=[]
++
++ def set_use_uid(self, val):
++ self.use_uid = val == True
+
-+ def error(self, message):
-+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
-+ gtk.BUTTONS_CLOSE,
-+ message)
-+ dlg.set_position(gtk.WIN_POS_MOUSE)
-+ dlg.show_all()
-+ dlg.run()
-+ dlg.destroy()
++ def generate_uid_rules(self):
++ if self.use_uid:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
++ else:
++ return ""
+
-+ def get_name(self):
-+ if self.existing_user_radiobutton.get_active():
-+ store, iter = self.existing_user_treeview.get_selection().get_selected()
-+ if iter == None:
-+ raise(_("You must select a user"))
-+ return store.get_value(iter, 0)
-+ else:
-+ return self.name_entry.get_text()
++ def generate_syslog_rules(self):
++ if self.use_syslog:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
++ else:
++ return ""
+
-+ def get_type(self):
-+ if self.cgi_radiobutton.get_active():
-+ return polgen.CGI
-+ if self.user_radiobutton.get_active():
-+ return polgen.USER
-+ if self.init_radiobutton.get_active():
-+ return polgen.DAEMON
-+ if self.inetd_radiobutton.get_active():
-+ return polgen.INETD
-+ if self.login_user_radiobutton.get_active():
-+ return polgen.LUSER
-+ if self.admin_user_radiobutton.get_active():
-+ return polgen.AUSER
-+ if self.xwindows_user_radiobutton.get_active():
-+ return polgen.XUSER
-+ if self.terminal_user_radiobutton.get_active():
-+ return polgen.TUSER
-+ if self.root_user_radiobutton.get_active():
-+ return polgen.RUSER
-+ if self.existing_user_radiobutton.get_active():
-+ return polgen.EUSER
++ def generate_pam_rules(self):
++ newte =""
++ if self.use_pam:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
++ return newte
+
-+ def generate_policy(self, *args):
-+ outputdir = self.output_entry.get_text()
-+ try:
-+ my_policy=polgen.policy(self.get_name(), self.get_type())
-+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
-+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
-+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
-+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
++ def generate_audit_rules(self):
++ newte =""
++ if self.use_audit:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
++ return newte
+
-+ iter= self.boolean_store.get_iter_first()
-+ while(iter):
-+ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
-+ iter= self.boolean_store.iter_next(iter)
++ def generate_dbus_rules(self):
++ newte =""
++ if self.use_dbus:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
++ return newte
+
-+ if self.get_type() in polgen.APPLICATIONS:
-+ my_policy.set_program(self.exec_entry.get_text())
-+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
-+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
-+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
-+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
++ def generate_mail_rules(self):
++ newte =""
++ if self.use_mail:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
++ return newte
+
-+ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
-+ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
-+ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
-+ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
-+ if self.get_type() is polgen.DAEMON:
-+ my_policy.set_init_script(self.init_script_entry.get_text())
-+ if self.get_type() == polgen.USER:
-+ selected = []
-+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_users(selected)
++ def generate_network_action(self, protocol, action, port_name):
++ line = ""
++ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
++ if method in methods:
++ line = "%s(%s_t)\n" % (method, self.name)
+ else:
-+ if self.get_type() == polgen.RUSER:
-+ selected = []
-+ self.admin_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_admin_domains(selected)
-+ selected = []
-+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_users(selected)
-+ else:
-+ selected = []
-+ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_transition_domains(selected)
-+
-+ selected = []
-+ self.role_treeview.get_selection().selected_foreach(foreach, selected)
-+ my_policy.set_admin_roles(selected)
-+
-+ iter= self.store.get_iter_first()
-+ while(iter):
-+ if self.store.get_value(iter, 1) == FILE:
-+ my_policy.add_file(self.store.get_value(iter, 0))
-+ else:
-+ my_policy.add_dir(self.store.get_value(iter, 0))
-+ iter= self.store.iter_next(iter)
++ line = """
++gen_require(`
++ type %s_t;
++')
++allow %s_t %s_t:%s_socket name_%s;
++""" % (port_name, self.name, port_name, protocol, action)
++ return line
+
-+ self.info(my_policy.generate(outputdir))
-+ return False
-+ except ValueError, e:
-+ self.error(e.message)
-+
-+ def delete(self, args):
-+ store, iter = self.view.get_selection().get_selected()
-+ if iter != None:
-+ store.remove(iter)
-+ self.view.get_selection().select_path ((0,))
-+
-+ def delete_boolean(self, args):
-+ store, iter = self.boolean_treeview.get_selection().get_selected()
-+ if iter != None:
-+ store.remove(iter)
-+ self.boolean_treeview.get_selection().select_path ((0,))
++ def generate_network_types(self):
++ for i in self.in_tcp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_tcp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("tcp", "bind", port_name)
++# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_tcp_ports:
++ self.found_tcp_ports.append(line)
+
-+ def add_boolean(self,type):
-+ self.boolean_name_entry.set_text("")
-+ self.boolean_description_entry.set_text("")
-+ rc = self.boolean_dialog.run()
-+ self.boolean_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ iter = self.boolean_store.append()
-+ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
-+ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
-+
-+ def __add(self,type):
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ for i in self.file_dialog.get_filenames():
-+ iter = self.store.append()
-+ self.store.set_value(iter, 0, i)
-+ self.store.set_value(iter, 1, type)
-+
-+ def exec_select(self, args):
-+ self.file_dialog.set_select_multiple(0)
-+ self.file_dialog.set_title(_("Select executable file to be confined."))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_current_folder("/usr/sbin")
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.exec_entry.set_text(self.file_dialog.get_filename())
++ for i in self.out_tcp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_tcp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("tcp", "connect", port_name)
++# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_tcp_ports:
++ self.found_tcp_ports.append(line)
++
++ for i in self.in_udp[PORTS]:
++ rec = self.find_port(int(i))
++ if rec == None:
++ self.need_udp_type = True;
++ else:
++ port_name = rec[0][:-2]
++ line = self.generate_network_action("udp", "bind", port_name)
++# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
++ if line not in self.found_udp_ports:
++ self.found_udp_ports.append(line)
++
++ if self.need_udp_type == True or self.need_tcp_type == True:
++ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
++ return ""
++
++ def __find_path(self, file):
++ for d in self.DEFAULT_DIRS:
++ if file.find(d) == 0:
++ self.DEFAULT_DIRS[d][1].append(file)
++ return self.DEFAULT_DIRS[d]
++ self.DEFAULT_DIRS["rw"][1].append(file)
++ return self.DEFAULT_DIRS["rw"]
++
++ def add_boolean(self, name, description):
++ self.booleans[name] = description
+
-+ def init_script_select(self, args):
-+ self.file_dialog.set_select_multiple(0)
-+ self.file_dialog.set_title(_("Select init script file to be confined."))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_current_folder("/etc/rc.d/init.d")
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.init_script_entry.set_text(self.file_dialog.get_filename())
++ def add_file(self, file):
++ self.files[file] = self.__find_path(file)
+
-+ def add(self, args):
-+ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
-+ self.file_dialog.set_current_folder("/")
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
-+ self.file_dialog.set_select_multiple(1)
-+ self.__add(FILE)
++ def add_dir(self, file):
++ self.dirs[file] = self.__find_path(file)
++
++ def generate_network_rules(self):
++ newte = ""
++ if self.use_network():
++ newte = "\n"
+
-+ def add_dir(self, args):
-+ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
-+ self.file_dialog.set_current_folder("/")
-+ self.file_dialog.set_select_multiple(1)
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
-+ self.__add(DIR)
-+
-+ def on_about_clicked(self, args):
-+ dlg = xml.get_widget ("about_dialog")
-+ dlg.run ()
-+ dlg.hide ()
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
++
++ if self.use_tcp():
++ newte += "\n"
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
+
-+ def quit(self, args):
-+ gtk.main_quit()
++ if self.use_in_tcp():
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
+
-+ def setupScreen(self):
-+ # Bring in widgets from glade file.
-+ self.mainWindow = self.xml.get_widget("main_window")
-+ self.druid = self.xml.get_widget("druid")
-+ self.type = 0
-+ self.name_entry = self.xml.get_widget("name_entry")
-+ self.name_entry.connect("focus_out_event",self.on_name_entry_changed)
-+ self.exec_entry = self.xml.get_widget("exec_entry")
-+ self.exec_button = self.xml.get_widget("exec_button")
-+ self.init_script_entry = self.xml.get_widget("init_script_entry")
-+ self.init_script_button = self.xml.get_widget("init_script_button")
-+ self.output_entry = self.xml.get_widget("output_entry")
-+ self.output_entry.set_text(os.getcwd())
-+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
-+
-+ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
-+ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
-+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
-+ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
-+ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
-+ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
++ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
+
-+ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
-+ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
-+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
-+ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
-+ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
-+ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
-+ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
-+ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
-+ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
-+ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
-+ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
-+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
-+ self.view = self.xml.get_widget("write_treeview")
-+ self.file_dialog = self.xml.get_widget("filechooserdialog")
++ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
+
-+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
-+ self.view.set_model(self.store)
-+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
-+ col.set_resizable(True)
-+ self.view.append_column(col)
-+ self.view.get_selection().select_path ((0,))
+
-+ def output_button_clicked(self, *args):
-+ self.file_dialog.set_title(_("Select directory to generate policy files in"))
-+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
-+ self.file_dialog.set_select_multiple(0)
-+ rc = self.file_dialog.run()
-+ self.file_dialog.hide()
-+ if rc == gtk.RESPONSE_CANCEL:
-+ return
-+ self.output_entry.set_text(self.file_dialog.get_filename())
-+
-+ def on_name_entry_changed(self, entry, third):
-+ name = entry.get_text()
-+ if self.name != name:
-+ if name in self.all_types:
-+ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
-+ entry.set_text("")
-+ return False
-+ if name in self.all_modules:
-+ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
-+ entry.set_text("")
-+ return False
++ if self.in_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
++ if self.in_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
++ if self.in_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
++
++ if self.out_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
++ if self.out_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
++ if self.out_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
+
-+ file = "/etc/rc.d/init.d/" + name
-+ if os.path.isfile(file) and self.init_script_entry.get_text() == "":
-+ self.init_script_entry.set_text(file)
-+
-+ file = "/usr/sbin/" + name
-+ if os.path.isfile(file) and self.exec_entry.get_text() == "":
-+ self.exec_entry.set_text(file)
++ for i in self.found_tcp_ports:
++ newte += i
+
-+ self.name = name
-+ return False
++ if self.use_udp():
++ newte += "\n"
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
+
-+ def on_in_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.in_tcp_entry.get_text())
-+ polgen.verify_ports(self.in_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
-+ def on_out_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.out_tcp_entry.get_text())
-+ polgen.verify_ports(self.out_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
-+ def on_select_type_page_next(self, *args):
-+ self.exec_entry.set_sensitive(self.confine_application())
-+ self.exec_button.set_sensitive(self.confine_application())
-+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
-+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
++ if self.need_udp_type:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
++ if self.use_in_udp():
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
++ if self.in_udp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
++ if self.in_udp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
++ if self.in_udp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
+
-+ def on_existing_user_page_next(self, *args):
-+ store, iter = self.view.get_selection().get_selected()
-+ if iter != None:
-+ self.error(_("You must select a user"))
-+ return True
-+
-+ def on_name_page_next(self, *args):
-+ name=self.name_entry.get_text()
-+ if name == "":
-+ self.error(_("You must enter a name"))
-+ return True
-+
-+ if self.confine_application():
-+ exe = self.exec_entry.get_text()
-+ if exe == "":
-+ self.error(_("You must enter a executable"))
-+ return True
++ for i in self.found_udp_ports:
++ newte += i
++ return newte
++
++ def generate_transition_rules(self):
++ newte = ""
++ for app in self.transition_domains:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
++ newte += re.sub("APPLICATION", app, tmp)
+
-+ def stand_alone(self):
-+ desktopName = _("Configue SELinux")
++ if self.type == USER:
++ for u in self.transition_users:
++ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
++ newte += re.sub("USER", u, temp)
+
-+ self.setupScreen()
-+ self.mainWindow.connect("destroy", self.quit)
++ return newte
+
-+ self.mainWindow.show_all()
-+ gtk.main()
++ def generate_admin_rules(self):
++ newte = ""
++ if self.type == RUSER:
++ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
++
++ for app in self.admin_domains:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
++ newte += re.sub("APPLICATION", app, tmp)
++
++ for u in self.transition_users:
++ role = u[:-2]
++ if (role + "_r") in self.all_roles:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
++ newte += re.sub("USER", role, tmp)
++
++ return newte
++
++ def generate_dbus_if(self):
++ newif =""
++ if self.use_dbus:
++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
++ return newif
++
++ def generate_admin_if(self):
++ newif = ""
++ if self.initscript != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
++
++ if newif != "":
++ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
++ ret += newif
++ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
++ return ret
++
++ return ""
++
++ def generate_cgi_types(self):
++ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
++
++ def generate_userapp_types(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
++
++ def generate_inetd_types(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
++
++ def generate_min_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
++
++ def generate_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
++
++ def generate_admin_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
+
-+if __name__ == "__main__":
-+ signal.signal (signal.SIGINT, signal.SIG_DFL)
++ def generate_existing_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
++
++ def generate_x_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
++
++ def generate_root_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
++
++ def generate_daemon_types(self):
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
++ if self.initscript != "":
++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
++ return newte
++
++ def generate_tmp_types(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
++ else:
++ return ""
++
++ def generate_booleans(self):
++ newte = ""
++ for b in self.booleans:
++ tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
++ newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
++ return newte
+
-+ app = childWindow()
-+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.50/gui/polgen.py
---- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/polgen.py 2008-07-01 21:48:14.000000000 -0400
-@@ -0,0 +1,925 @@
-+#!/usr/bin/python
-+#
-+# Copyright (C) 2007, 2008 Red Hat
-+# see file 'COPYING' for use and warranty information
-+#
-+# policygentool is a tool for the initial generation of SELinux policy
-+#
-+# This program is free software; you can redistribute it and/or
-+# modify it under the terms of the GNU General Public License as
-+# published by the Free Software Foundation; either version 2 of
-+# the License, or (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-+# 02111-1307 USA
-+#
-+#
-+import os, sys, stat
-+import re
-+import commands
++ def generate_boolean_rules(self):
++ newte = ""
++ for b in self.booleans:
++ newte += re.sub("BOOLEAN", b, boolean.te_rules)
++ return newte
+
-+from templates import executable
-+from templates import boolean
-+from templates import etc_rw
-+from templates import var_spool
-+from templates import var_lib
-+from templates import var_log
-+from templates import var_run
-+from templates import tmp
-+from templates import rw
-+from templates import network
-+from templates import script
-+from templates import user
-+import seobject
-+import sepolgen.interfaces as interfaces
-+import sepolgen.defaults as defaults
++ def generate_cgi_te(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
-+##
-+## I18N
-+##
-+PROGNAME="system-config-selinux"
++ def generate_daemon_rules(self):
++ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
+
-+import gettext
-+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
-+gettext.textdomain(PROGNAME)
-+try:
-+ gettext.install(PROGNAME,
-+ localedir="/usr/share/locale",
-+ unicode=False,
-+ codeset = 'utf-8')
-+except IOError:
-+ import __builtin__
-+ __builtin__.__dict__['_'] = unicode
++ return newif
++
++ def generate_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
++
++ def generate_existing_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
++
++ def generate_x_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
++
++ def generate_root_user_rules(self):
++ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
++ return newte
++
++ def generate_userapp_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
++
++ def generate_inetd_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
++
++ def generate_tmp_rules(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
++ else:
++ return ""
++
++ def generate_cgi_rules(self):
++ newte = ""
++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
++ return newte
++
++ def generate_user_if(self):
++ newif =""
++ if self.use_terminal or self.type == USER:
++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
++ return newif
+
-+methods = []
-+fn = defaults.interface_info()
-+try:
-+ fd = open(fn)
-+ # List of per_role_template interfaces
-+ ifs = interfaces.InterfaceSet()
-+ ifs.from_file(fd)
-+ methods = ifs.interfaces.keys()
-+ fd.close()
-+except:
-+ sys.stderr.write("could not open interface info [%s]\n" % fn)
-+ sys.exit(1)
++
++ def generate_if(self):
++ newif = ""
++ if self.program != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
++ if self.initscript != "":
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
++
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
++ for i in self.DEFAULT_DIRS[d][1]:
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
++ break
++ newif += self.generate_user_if()
++ newif += self.generate_dbus_if()
++ newif += self.generate_admin_if()
++
++ return newif
+
-+def get_all_roles():
-+ roles = []
-+ output = commands.getoutput("/usr/bin/seinfo -r").split()
-+ for r in output:
-+ if r != "object_r" and r.endswith("_r"):
-+ roles.append(r)
-+ roles.sort()
-+ return roles
++ def generate_default_types(self):
++ return self.DEFAULT_TYPES[self.type][0]()
++
++ def generate_default_rules(self):
++ return self.DEFAULT_TYPES[self.type][1]()
++
++ def generate_roles_rules(self):
++ newte = ""
++ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
++ roles = ""
++ if len(self.roles) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
++ for role in self.roles:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
++ newte += re.sub("ROLE", role, tmp)
++ return newte
++
++ def generate_te(self):
++ newte = self.generate_default_types()
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ # CGI scripts already have a rw_t
++ if self.type != CGI or d != "rw":
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
+
-+def get_all_types():
-+ all_types = []
-+ try:
-+ rc, output=commands.getstatusoutput("/usr/bin/seinfo --type")
-+ output = commands.getoutput("/usr/bin/seinfo --type").split()
-+ for t in output:
-+ if t.endswith("_t"):
-+ all_types.append(t[:-2])
-+ except:
-+ pass
++ newte += self.generate_network_types()
++ newte += self.generate_tmp_types()
++ newte += self.generate_booleans()
++ newte += self.generate_default_rules()
++ newte += self.generate_boolean_rules()
+
-+ return all_types
++ for d in self.DEFAULT_DIRS:
++ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
++ for i in self.DEFAULT_DIRS[d][1]:
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
++ break
+
-+def get_all_modules():
-+ try:
-+ all_modules = []
-+ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null")
-+ if rc == 0:
-+ l = output.split("\n")
-+ for i in l:
-+ all_modules.append(i.split()[0])
-+ except:
-+ pass
++ newte += self.generate_network_rules()
++ newte += self.generate_tmp_rules()
++ newte += self.generate_uid_rules()
++ newte += self.generate_syslog_rules()
++ newte += self.generate_pam_rules()
++ newte += self.generate_dbus_rules()
++ newte += self.generate_audit_rules()
++ newte += self.generate_mail_rules()
++ newte += self.generate_roles_rules()
++ newte += self.generate_transition_rules()
++ newte += self.generate_admin_rules()
++ return newte
++
++ def generate_fc(self):
++ newfc = ""
++ if self.program == "":
++ raise ValueError(_("You must enter the executable path for your confined process"))
+
-+ return all_modules
++ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
++ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
-+def get_all_users():
-+ users = seobject.seluserRecords().get_all().keys()
-+ users.remove("system_u")
-+ users.remove("root")
-+ users.sort()
-+ return users
++ if self.initscript != "":
++ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
++ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ALL = 0
-+RESERVED = 1
-+UNRESERVED = 2
-+PORTS = 3
-+ADMIN_TRANSITION_INTERFACE = "_admin$"
-+USER_TRANSITION_INTERFACE = "_per_role_template$"
++ for i in self.files.keys():
++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
++ else:
++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
++ t2 = re.sub("FILENAME", i, t1)
++ newfc += re.sub("FILETYPE", self.files[i][0], t2)
+
-+DAEMON = 0
-+INETD = 1
-+USER = 2
-+CGI = 3
-+XUSER = 4
-+TUSER = 5
-+LUSER = 6
-+AUSER = 7
-+EUSER = 8
-+RUSER = 9
++ for i in self.dirs.keys():
++ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
++ t2 = re.sub("FILENAME", i, t1)
++ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
+
-+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
-+USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
++ return newfc
++
++ def generate_user_sh(self):
++ newsh = ""
++ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
++ roles = ""
++ for role in self.roles:
++ roles += " %s_r" % role
++ if roles != "":
++ roles += " system_r"
++ if self.type == EUSER:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.eusers)
++ else:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
++ newsh += re.sub("ROLES", roles, tmp)
+
-+def verify_ports(ports):
-+ if ports == "":
-+ return []
-+ max_port=2**16
-+ try:
-+ temp = []
-+ for a in ports.split(","):
-+ r = a.split("-")
-+ if len(r) > 2:
-+ raise ValueError
-+ if len(r) == 1:
-+ begin = int (r[0])
-+ end = int (r[0])
-+ else:
-+ begin = int (r[0])
-+ end = int (r[1])
-+
-+ if begin > end:
-+ raise ValueError
-+
-+ for p in range(begin, end + 1):
-+ if p < 1 or p > max_port:
-+ raise ValueError
-+ temp.append(p)
-+ return temp
-+ except ValueError:
-+ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
++ if self.type == RUSER:
++ for u in self.transition_users:
++ tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
++ newsh += re.sub("USER", u, tmp)
++ return newsh
++
++ def generate_sh(self):
++ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
++ if self.type == EUSER:
++ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
++ else:
++ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
++ if self.program != "":
++ newsh += re.sub("FILENAME", self.program, script.restorecon)
++ if self.initscript != "":
++ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
+
-+class policy:
++ for i in self.files.keys():
++ newsh += re.sub("FILENAME", i, script.restorecon)
+
-+ def __init__(self, name, type):
-+ ports = seobject.portRecords()
-+ self.ports = ports.get_all()
-+
-+ self.DEFAULT_DIRS = {}
-+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
-+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
-+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
-+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
-+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
-+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
-+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
++ for i in self.dirs.keys():
++ newsh += re.sub("FILENAME", i, script.restorecon)
+
-+ self.DEFAULT_TYPES = (\
-+( self.generate_daemon_types, self.generate_daemon_rules), \
-+( self.generate_inetd_types, self.generate_inetd_rules), \
-+( self.generate_userapp_types, self.generate_userapp_rules), \
-+( self.generate_cgi_types, self.generate_cgi_rules), \
-+( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
-+( self.generate_min_login_user_types, self.generate_login_user_rules), \
-+( self.generate_login_user_types, self.generate_login_user_rules), \
-+( self.generate_admin_user_types, self.generate_login_user_rules), \
-+( self.generate_existing_user_types, self.generate_existing_user_rules), \
-+( self.generate_root_user_types, self.generate_root_user_rules))
-+ if name == "":
-+ raise ValueError(_("You must enter a name for your confined process/user"))
-+ if type == CGI:
-+ self.name = "httpd_%s_script" % name
-+ else:
-+ self.name = name
-+ self.file_name = name
++ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
++ if self.find_port(i) == None:
++ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
++ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ self.type = type
-+ self.initscript = ""
-+ self.program = ""
-+ self.in_tcp = [False, False, False, []]
-+ self.in_udp = [False, False, False, []]
-+ self.out_tcp = [False, False, False, []]
-+ self.out_udp = [False, False, False, []]
-+ self.use_tmp = False
-+ self.use_uid = False
-+ self.use_syslog = False
-+ self.use_pam = False
-+ self.use_dbus = False
-+ self.use_audit = False
-+ self.use_terminal = False
-+ self.use_mail = False
-+ self.booleans = {}
-+ self.files = {}
-+ self.dirs = {}
-+ self.found_tcp_ports=[]
-+ self.found_udp_ports=[]
-+ self.need_tcp_type=False
-+ self.need_udp_type=False
-+ self.admin_domains = []
-+ self.transition_domains = []
-+ self.roles = []
-+ self.all_roles = get_all_roles()
++ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
++ if self.find_port(i) == None:
++ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
++ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ def __isnetset(self, l):
-+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
++ newsh += self.generate_user_sh()
++
++ return newsh
++
++ def write_te(self, out_dir):
++ if self.type == EUSER:
++ tefile = "%s/my%s.te" % (out_dir, self.file_name)
++ else:
++ tefile = "%s/%s.te" % (out_dir, self.file_name)
++ fd = open(tefile, "w")
++ fd.write(self.generate_te())
++ fd.close()
++ return tefile
+
-+ def set_admin_domains(self, admin_domains):
-+ self.admin_domains = admin_domains
++ def write_sh(self, out_dir):
++ if self.type == EUSER:
++ shfile = "%s/my%s.sh" % (out_dir, self.file_name)
++ else:
++ shfile = "%s/%s.sh" % (out_dir, self.file_name)
++ fd = open(shfile, "w")
++ fd.write(self.generate_sh())
++ fd.close()
++ os.chmod(shfile, 0750)
++ return shfile
+
-+ def set_admin_roles(self, roles):
-+ self.roles = roles
++ def write_if(self, out_dir):
++ if self.type == EUSER:
++ iffile = "%s/my%s.if" % (out_dir, self.file_name)
++ else:
++ iffile = "%s/%s.if" % (out_dir, self.file_name)
++ fd = open(iffile, "w")
++ fd.write(self.generate_if())
++ fd.close()
++ return iffile
+
-+ def set_transition_domains(self, transition_domains):
-+ self.transition_domains = transition_domains
++ def write_fc(self,out_dir):
++ if self.type == EUSER:
++ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
++ else:
++ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
++ if self.type in APPLICATIONS:
++ fd = open(fcfile, "w")
++ fd.write(self.generate_fc())
++ fd.close()
++ return fcfile
+
-+ def set_transition_users(self, transition_users):
-+ self.transition_users = transition_users
++ def generate(self, out_dir = "."):
++ out = "Created the following files:\n"
++ out += "%-25s %s\n" % (_("Type Enforcement file"), self.write_te(out_dir))
++ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
++ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir))
++ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir))
++ return out
+
-+ def use_in_udp(self):
-+ return self.__isnetset(self.in_udp)
-+
-+ def use_out_udp(self):
-+ return self.__isnetset(self.out_udp)
-+
-+ def use_udp(self):
-+ return self.use_in_udp() or self.use_out_udp()
++def errorExit(error):
++ sys.stderr.write("%s: " % sys.argv[0])
++ sys.stderr.write("%s\n" % error)
++ sys.stderr.flush()
++ sys.exit(1)
+
-+ def use_in_tcp(self):
-+ return self.__isnetset(self.in_tcp)
-+
-+ def use_out_tcp(self):
-+ return self.__isnetset(self.out_tcp)
-+
-+ def use_tcp(self):
-+ return self.use_in_tcp() or self.use_out_tcp()
+
-+ def use_network(self):
-+ return self.use_tcp() or self.use_udp()
-+
-+ def find_port(self, port):
-+ for begin,end in self.ports.keys():
-+ if port >= begin and port <= end:
-+ return self.ports[begin,end]
-+ return None
++if __name__ == '__main__':
++ mypolicy = policy("mycgi", CGI)
++ mypolicy.set_program("/var/www/cgi-bin/cgi")
++ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(False)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.set_out_tcp(0,"8000")
++ print mypolicy.generate("/var/tmp")
+
-+ def set_program(self, program):
-+ if self.type not in APPLICATIONS:
-+ raise ValueError(_("USER Types are not allowed executables"))
++ mypolicy = policy("myuser", USER)
++ mypolicy.set_program("/usr/bin/myuser")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_file("/var/lib/myuser/myuser.sock")
++ mypolicy.set_out_tcp(0,"8000")
++ mypolicy.set_transition_users(["unconfined", "staff"])
++ print mypolicy.generate("/var/tmp")
++
+
-+ self.program = program
++ mypolicy = policy("myrwho", DAEMON)
++ mypolicy.set_program("/usr/sbin/myrwhod")
++ mypolicy.set_init_script("/etc/init.d/myrwhod")
++ mypolicy.add_dir("/etc/nasd")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_dir("/var/run/myrwho")
++ mypolicy.add_dir("/var/lib/myrwho")
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("myinetd", INETD)
++ mypolicy.set_program("/usr/bin/mytest")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_tmp(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.add_file("/var/lib/mysql/mysql.sock")
++ mypolicy.add_file("/var/run/rpcbind.sock")
++ mypolicy.add_file("/var/run/daemon.pub")
++ mypolicy.add_file("/var/log/daemon.log")
++ mypolicy.add_dir("/var/lib/daemon")
++ mypolicy.add_dir("/etc/daemon")
++ mypolicy.add_dir("/etc/daemon/special")
++ mypolicy.set_use_uid(True)
++ mypolicy.set_use_syslog(True)
++ mypolicy.set_use_pam(True)
++ mypolicy.set_use_audit(True)
++ mypolicy.set_use_dbus(True)
++ mypolicy.set_use_terminal(True)
++ mypolicy.set_use_mail(True)
++ mypolicy.set_out_tcp(0,"8000")
++ print mypolicy.generate("/var/tmp")
+
-+ def set_init_script(self, initscript):
-+ if self.type != DAEMON:
-+ raise ValueError(_("Only DAEMON apps can use an init script"))
++ mypolicy = policy("mytuser", TUSER)
++ mypolicy.set_transition_domains(["sudo"])
++ mypolicy.set_admin_roles(["mydbadm"])
++ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("myxuser", XUSER)
++ mypolicy.set_in_tcp(1, 1, 1, "28920")
++ mypolicy.set_in_udp(0, 0, 1, "1513")
++ mypolicy.set_transition_domains(["mozilla"])
++ print mypolicy.generate("/var/tmp")
++
++ mypolicy = policy("mydbadm", RUSER)
++ mypolicy.set_admin_domains(["postgresql", "mysql"])
++ print mypolicy.generate("/var/tmp")
++
++ sys.exit(0)
++
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.52/gui/polgengui.py
+--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.52/gui/polgengui.py 2008-07-02 13:43:21.000000000 -0400
+@@ -0,0 +1,623 @@
++#!/usr/bin/python -E
++#
++# polgengui.py - GUI for SELinux Config tool in system-config-selinux
++#
++# Dan Walsh
++#
++# Copyright 2007, 2008 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++#
++import signal
++import string
++import gtk
++import gtk.glade
++import os
++import gobject
++import gnome
++import sys
++import polgen
++import re
++import commands
+
-+ self.initscript = initscript
+
-+ def set_in_tcp(self, all, reserved, unreserved, ports):
-+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
++##
++## I18N
++##
++PROGNAME="system-config-selinux"
+
-+ def set_in_udp(self, all, reserved, unreserved, ports):
-+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
++import gettext
++gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
++gettext.textdomain(PROGNAME)
++try:
++ gettext.install(PROGNAME,
++ localedir="/usr/share/locale",
++ unicode=False,
++ codeset = 'utf-8')
++except IOError:
++ import __builtin__
++ __builtin__.__dict__['_'] = unicode
+
-+ def set_out_tcp(self, all, ports):
-+ self.out_tcp = [ all , False, False, verify_ports(ports) ]
++gnome.program_init("SELinux Policy Generation Tool", "5")
+
-+ def set_out_udp(self, all, ports):
-+ self.out_udp = [ all , False, False, verify_ports(ports) ]
++version = "1.0"
+
-+ def set_use_syslog(self, val):
-+ if val != True and val != False:
-+ raise ValueError(_("use_syslog must be a boolean value "))
-+
-+ self.use_syslog = val
-+
-+ def set_use_pam(self, val):
-+ self.use_pam = val == True
-+
-+ def set_use_dbus(self, val):
-+ self.use_dbus = val == True
-+
-+ def set_use_audit(self, val):
-+ self.use_audit = val == True
-+
-+ def set_use_terminal(self, val):
-+ self.use_terminal = val == True
-+
-+ def set_use_mail(self, val):
-+ self.use_mail = val == True
-+
-+ def set_use_tmp(self, val):
-+ if self.type not in APPLICATIONS:
-+ raise ValueError(_("USER Types autoomatically get a tmp type"))
++sys.path.append('/usr/share/system-config-selinux')
++sys.path.append('.')
+
-+ if val:
-+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
-+ else:
-+ self.DEFAULT_DIRS["tmp"][1]=[]
-+
-+ def set_use_uid(self, val):
-+ self.use_uid = val == True
++# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
++def foreach(model, path, iter, selected):
++ selected.append(model.get_value(iter, 0))
+
-+ def generate_uid_rules(self):
-+ if self.use_uid:
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
-+ else:
-+ return ""
++##
++## Pull in the Glade file
++##
++if os.access("polgen.glade", os.F_OK):
++ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME)
++else:
++ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
+
-+ def generate_syslog_rules(self):
-+ if self.use_syslog:
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
-+ else:
-+ return ""
++FILE = 1
++DIR = 2
+
-+ def generate_pam_rules(self):
-+ newte =""
-+ if self.use_pam:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
-+ return newte
++class childWindow:
++ START_PAGE = 0
++ SELECT_TYPE_PAGE = 1
++ APP_PAGE = 2
++ EXISTING_USER_PAGE = 3
++ TRANSITION_PAGE = 4
++ USER_TRANSITION_PAGE = 5
++ ADMIN_PAGE = 6
++ ROLE_PAGE = 7
++ IN_NET_PAGE = 8
++ OUT_NET_PAGE = 9
++ COMMON_APPS_PAGE = 10
++ FILES_PAGE = 11
++ BOOLEAN_PAGE = 12
++ SELECT_DIR_PAGE = 13
++ GEN_POLICY_PAGE = 14
++ GEN_USER_POLICY_PAGE = 15
++
++ def __init__(self):
++ self.xml = xml
++ self.all_types=polgen.get_all_types()
++ self.all_modules=polgen.get_all_modules()
++ self.name=""
++ xml.signal_connect("on_delete_clicked", self.delete)
++ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
++ xml.signal_connect("on_exec_select_clicked", self.exec_select)
++ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
++ xml.signal_connect("on_add_clicked", self.add)
++ xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
++ xml.signal_connect("on_add_dir_clicked", self.add_dir)
++ xml.signal_connect("on_about_clicked", self.on_about_clicked)
++ xml.get_widget ("cancel_button").connect("clicked",self.quit)
++ self.forward_button = xml.get_widget ("forward_button")
++ self.forward_button.connect("clicked",self.forward)
++ self.back_button = xml.get_widget ("back_button")
++ self.back_button.connect("clicked",self.back)
+
-+ def generate_audit_rules(self):
-+ newte =""
-+ if self.use_audit:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
-+ return newte
++ self.boolean_dialog = xml.get_widget ("boolean_dialog")
++ self.boolean_name_entry = xml.get_widget ("boolean_name_entry")
++ self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
+
-+ def generate_dbus_rules(self):
-+ newte =""
-+ if self.use_dbus:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
-+ return newte
++ self.notebook = xml.get_widget ("notebook1")
++ self.pages={}
++ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ]
++ for i in polgen.USERS:
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
++ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
-+ def generate_mail_rules(self):
-+ newte =""
-+ if self.use_mail:
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
-+ return newte
++ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
-+ def generate_network_action(self, protocol, action, port_name):
-+ line = ""
-+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
-+ if method in methods:
-+ line = "%s(%s_t)\n" % (method, self.name)
-+ else:
-+ line = """
-+gen_require(`
-+ type %s_t;
-+')
-+allow %s_t %s_t:%s_socket name_%s;
-+""" % (port_name, self.name, port_name, protocol, action)
-+ return line
-+
-+ def generate_network_types(self):
-+ for i in self.in_tcp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_tcp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("tcp", "bind", port_name)
-+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_tcp_ports:
-+ self.found_tcp_ports.append(line)
++ for i in polgen.APPLICATIONS:
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
++ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
++
++ self.current_page = 0
++ self.back_button.set_sensitive(0)
+
-+ for i in self.out_tcp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_tcp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("tcp", "connect", port_name)
-+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_tcp_ports:
-+ self.found_tcp_ports.append(line)
-+
-+ for i in self.in_udp[PORTS]:
-+ rec = self.find_port(int(i))
-+ if rec == None:
-+ self.need_udp_type = True;
-+ else:
-+ port_name = rec[0][:-2]
-+ line = self.generate_network_action("udp", "bind", port_name)
-+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
-+ if line not in self.found_udp_ports:
-+ self.found_udp_ports.append(line)
-+
-+ if self.need_udp_type == True or self.need_tcp_type == True:
-+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
-+ return ""
-+
-+ def __find_path(self, file):
-+ for d in self.DEFAULT_DIRS:
-+ if file.find(d) == 0:
-+ self.DEFAULT_DIRS[d][1].append(file)
-+ return self.DEFAULT_DIRS[d]
-+ self.DEFAULT_DIRS["rw"][1].append(file)
-+ return self.DEFAULT_DIRS["rw"]
-+
-+ def add_boolean(self, name, description):
-+ self.booleans[name] = description
++ self.network_buttons = {}
+
-+ def add_file(self, file):
-+ self.files[file] = self.__find_path(file)
++ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
++ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
++ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
++ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
++ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
+
-+ def add_dir(self, file):
-+ self.dirs[file] = self.__find_path(file)
-+
-+ def generate_network_rules(self):
-+ newte = ""
-+ if self.use_network():
-+ newte = "\n"
+
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
-+
-+ if self.use_tcp():
-+ newte += "\n"
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
++ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
++ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
++ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
++ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
+
-+ if self.use_in_tcp():
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
++ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
+
-+ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
++ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
++ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
++ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
++ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
+
-+ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
++ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
+
++ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
++ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
++ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
+
-+ if self.in_tcp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
-+ if self.in_tcp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
-+ if self.in_tcp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
-+
-+ if self.out_tcp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
-+ if self.out_tcp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
-+ if self.out_tcp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
++ for b in self.network_buttons.keys():
++ b.connect("clicked",self.network_all_clicked)
+
-+ for i in self.found_tcp_ports:
-+ newte += i
++ self.boolean_treeview = self.xml.get_widget("boolean_treeview")
++ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING)
++ self.boolean_treeview.set_model(self.boolean_store)
++ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0)
++ self.boolean_treeview.append_column(col)
++ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1)
++ self.boolean_treeview.append_column(col)
+
-+ if self.use_udp():
-+ newte += "\n"
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
++ self.role_treeview = self.xml.get_widget("role_treeview")
++ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.role_treeview.set_model(self.role_store)
++ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
++ self.role_treeview.append_column(col)
+
-+ if self.need_udp_type:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
-+ if self.use_in_udp():
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
-+ if self.in_udp[ALL]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
-+ if self.in_udp[RESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
-+ if self.in_udp[UNRESERVED]:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
++ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
++ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.existing_user_treeview.set_model(self.existing_user_store)
++ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
++ self.existing_user_treeview.append_column(col)
+
-+ for i in self.found_udp_ports:
-+ newte += i
-+ return newte
-+
-+ def generate_transition_rules(self):
-+ newte = ""
-+ for app in self.transition_domains:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
-+ newte += re.sub("APPLICATION", app, tmp)
++ roles = polgen.get_all_roles()
++ for i in roles:
++ iter = self.role_store.append()
++ self.role_store.set_value(iter, 0, i[:-2])
+
-+ if self.type == USER:
-+ for u in self.transition_users:
-+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
-+ newte += re.sub("USER", u, temp)
++ self.types = polgen.get_all_types()
+
-+ return newte
++ self.transition_treeview = self.xml.get_widget("transition_treeview")
++ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.transition_treeview.set_model(self.transition_store)
++ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.transition_treeview.append_column(col)
+
-+ def generate_admin_rules(self):
-+ newte = ""
-+ if self.type == RUSER:
-+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
-+
-+ for app in self.admin_domains:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
-+ newte += re.sub("APPLICATION", app, tmp)
++ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
++ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.user_transition_treeview.set_model(self.user_transition_store)
++ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.user_transition_treeview.append_column(col)
+
-+ for u in self.transition_users:
-+ role = u[:-2]
-+ if (role + "_r") in self.all_roles:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
-+ newte += re.sub("USER", role, tmp)
++ for i in polgen.get_all_users():
++ iter = self.user_transition_store.append()
++ self.user_transition_store.set_value(iter, 0, i)
++ iter = self.existing_user_store.append()
++ self.existing_user_store.set_value(iter, 0, i)
+
-+ return newte
++ self.admin_treeview = self.xml.get_widget("admin_treeview")
++ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.admin_treeview.set_model(self.admin_store)
++ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.admin_treeview.append_column(col)
+
-+ def generate_dbus_if(self):
-+ newif =""
-+ if self.use_dbus:
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
-+ return newif
++ for i in polgen.methods:
++ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
++ if len(m) > 0:
++ if "%s_exec" % m[0] in self.types:
++ iter = self.transition_store.append()
++ self.transition_store.set_value(iter, 0, m[0])
++ continue
+
-+ def generate_admin_if(self):
-+ newif = ""
-+ if self.initscript != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
++ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
++ if len(m) > 0:
++ iter = self.admin_store.append()
++ self.admin_store.set_value(iter, 0, m[0])
++ continue
++
++ def confine_application(self):
++ return self.get_type() in polgen.APPLICATIONS
+
-+ if newif != "":
-+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
-+ ret += newif
-+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
-+ return ret
-+
-+ return ""
-+
-+ def generate_cgi_types(self):
-+ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
-+
-+ def generate_userapp_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
-+
-+ def generate_inetd_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
-+
-+ def generate_min_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
-+
-+ def generate_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
-+
-+ def generate_admin_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
++ def forward(self, arg):
++ type = self.get_type()
++ if self.current_page == self.START_PAGE:
++ self.back_button.set_sensitive(1)
+
-+ def generate_existing_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
-+
-+ def generate_x_login_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
-+
-+ def generate_root_user_types(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
-+
-+ def generate_daemon_types(self):
-+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
-+ if self.initscript != "":
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
-+ return newte
-+
-+ def generate_tmp_types(self):
-+ if self.use_tmp:
-+ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
-+ else:
-+ return ""
-+
-+ def generate_booleans(self):
-+ newte = ""
-+ for b in self.booleans:
-+ tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
-+ newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
-+ return newte
++ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
++ if self.on_select_type_page_next():
++ return
+
-+ def generate_boolean_rules(self):
-+ newte = ""
-+ for b in self.booleans:
-+ newte += re.sub("BOOLEAN", b, boolean.te_rules)
-+ return newte
++ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
++ if self.on_in_net_page_next():
++ return
+
-+ def generate_cgi_te(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
++ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
++ if self.on_out_net_page_next():
++ return
+
-+ def generate_daemon_rules(self):
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
++ if self.pages[type][self.current_page] == self.APP_PAGE:
++ if self.on_name_page_next():
++ return
+
-+ return newif
-+
-+ def generate_login_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
-+
-+ def generate_existing_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
-+
-+ def generate_x_login_user_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
-+
-+ def generate_root_user_rules(self):
-+ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
-+ return newte
-+
-+ def generate_userapp_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
-+
-+ def generate_inetd_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
-+
-+ def generate_tmp_rules(self):
-+ if self.use_tmp:
-+ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
-+ else:
-+ return ""
-+
-+ def generate_cgi_rules(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
-+ return newte
-+
-+ def generate_user_if(self):
-+ newif =""
-+ if self.use_terminal or self.type == USER:
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
-+ return newif
++ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
++ if self.on_existing_user_page_next():
++ return
+
-+
-+ def generate_if(self):
-+ newif = ""
-+ if self.program != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
-+ if self.initscript != "":
-+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
-+
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
-+ for i in self.DEFAULT_DIRS[d][1]:
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
-+ break
-+ newif += self.generate_user_if()
-+ newif += self.generate_dbus_if()
-+ newif += self.generate_admin_if()
-+
-+ return newif
++ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
++ outputdir = self.output_entry.get_text()
++ if not os.path.isdir(outputdir):
++ self.error(_("%s must be a directory") % outputdir )
++ return False
++
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.generate_policy()
++ else:
++ self.current_page = self.current_page + 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.forward_button.set_label(gtk.STOCK_APPLY)
++
++ def back(self,arg):
++ type = self.get_type()
++ if self.pages[type][self.current_page] in self.finish_page:
++ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
+
-+ def generate_default_types(self):
-+ return self.DEFAULT_TYPES[self.type][0]()
-+
-+ def generate_default_rules(self):
-+ return self.DEFAULT_TYPES[self.type][1]()
-+
-+ def generate_roles_rules(self):
-+ newte = ""
-+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
-+ roles = ""
-+ if len(self.roles) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
-+ for role in self.roles:
-+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
-+ newte += re.sub("ROLE", role, tmp)
-+ return newte
++ self.current_page = self.current_page - 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.current_page == 0:
++ self.back_button.set_sensitive(0)
+
-+ def generate_te(self):
-+ newte = self.generate_default_types()
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ # CGI scripts already have a rw_t
-+ if self.type != CGI or d != "rw":
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
++ def network_all_clicked(self, button):
++ active = button.get_active()
++ for b in self.network_buttons[button]:
++ b.set_sensitive(not active)
++
++ def verify(self, message, title="" ):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
++ gtk.BUTTONS_YES_NO,
++ message)
++ dlg.set_title(title)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ rc = dlg.run()
++ dlg.destroy()
++ return rc
+
-+ newte += self.generate_network_types()
-+ newte += self.generate_tmp_types()
-+ newte += self.generate_booleans()
-+ newte += self.generate_default_rules()
-+ newte += self.generate_boolean_rules()
++ def info(self, message):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
++ gtk.BUTTONS_OK,
++ message)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ dlg.run()
++ dlg.destroy()
++
++ def error(self, message):
++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
++ gtk.BUTTONS_CLOSE,
++ message)
++ dlg.set_position(gtk.WIN_POS_MOUSE)
++ dlg.show_all()
++ dlg.run()
++ dlg.destroy()
++
++ def get_name(self):
++ if self.existing_user_radiobutton.get_active():
++ store, iter = self.existing_user_treeview.get_selection().get_selected()
++ if iter == None:
++ raise(_("You must select a user"))
++ return store.get_value(iter, 0)
++ else:
++ return self.name_entry.get_text()
++
++ def get_type(self):
++ if self.cgi_radiobutton.get_active():
++ return polgen.CGI
++ if self.user_radiobutton.get_active():
++ return polgen.USER
++ if self.init_radiobutton.get_active():
++ return polgen.DAEMON
++ if self.inetd_radiobutton.get_active():
++ return polgen.INETD
++ if self.login_user_radiobutton.get_active():
++ return polgen.LUSER
++ if self.admin_user_radiobutton.get_active():
++ return polgen.AUSER
++ if self.xwindows_user_radiobutton.get_active():
++ return polgen.XUSER
++ if self.terminal_user_radiobutton.get_active():
++ return polgen.TUSER
++ if self.root_user_radiobutton.get_active():
++ return polgen.RUSER
++ if self.existing_user_radiobutton.get_active():
++ return polgen.EUSER
++
++ def generate_policy(self, *args):
++ outputdir = self.output_entry.get_text()
++ try:
++ my_policy=polgen.policy(self.get_name(), self.get_type())
++ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
++ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
++ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
++ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
+
-+ for d in self.DEFAULT_DIRS:
-+ if len(self.DEFAULT_DIRS[d][1]) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
-+ for i in self.DEFAULT_DIRS[d][1]:
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
-+ break
++ iter= self.boolean_store.get_iter_first()
++ while(iter):
++ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
++ iter= self.boolean_store.iter_next(iter)
+
-+ newte += self.generate_network_rules()
-+ newte += self.generate_tmp_rules()
-+ newte += self.generate_uid_rules()
-+ newte += self.generate_syslog_rules()
-+ newte += self.generate_pam_rules()
-+ newte += self.generate_dbus_rules()
-+ newte += self.generate_audit_rules()
-+ newte += self.generate_mail_rules()
-+ newte += self.generate_roles_rules()
-+ newte += self.generate_transition_rules()
-+ newte += self.generate_admin_rules()
-+ return newte
-+
-+ def generate_fc(self):
-+ newfc = ""
-+ if self.program == "":
-+ raise ValueError(_("You must enter the executable path for your confined process"))
++ if self.get_type() in polgen.APPLICATIONS:
++ my_policy.set_program(self.exec_entry.get_text())
++ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
++ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
++ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
++ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
+
-+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
++ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
++ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
++ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
++ if self.get_type() is polgen.DAEMON:
++ my_policy.set_init_script(self.init_script_entry.get_text())
++ if self.get_type() == polgen.USER:
++ selected = []
++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_users(selected)
++ else:
++ if self.get_type() == polgen.RUSER:
++ selected = []
++ self.admin_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_admin_domains(selected)
++ selected = []
++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_users(selected)
++ else:
++ selected = []
++ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_domains(selected)
++
++ selected = []
++ self.role_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_admin_roles(selected)
++
++ iter= self.store.get_iter_first()
++ while(iter):
++ if self.store.get_value(iter, 1) == FILE:
++ my_policy.add_file(self.store.get_value(iter, 0))
++ else:
++ my_policy.add_dir(self.store.get_value(iter, 0))
++ iter= self.store.iter_next(iter)
++
++ self.info(my_policy.generate(outputdir))
++ return False
++ except ValueError, e:
++ self.error(e.message)
++
++ def delete(self, args):
++ store, iter = self.view.get_selection().get_selected()
++ if iter != None:
++ store.remove(iter)
++ self.view.get_selection().select_path ((0,))
+
-+ if self.initscript != "":
-+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ def delete_boolean(self, args):
++ store, iter = self.boolean_treeview.get_selection().get_selected()
++ if iter != None:
++ store.remove(iter)
++ self.boolean_treeview.get_selection().select_path ((0,))
+
-+ for i in self.files.keys():
-+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
-+ else:
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
-+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.files[i][0], t2)
++ def add_boolean(self,type):
++ self.boolean_name_entry.set_text("")
++ self.boolean_description_entry.set_text("")
++ rc = self.boolean_dialog.run()
++ self.boolean_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ iter = self.boolean_store.append()
++ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
++ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
++
++ def __add(self,type):
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ for i in self.file_dialog.get_filenames():
++ iter = self.store.append()
++ self.store.set_value(iter, 0, i)
++ self.store.set_value(iter, 1, type)
++
++ def exec_select(self, args):
++ self.file_dialog.set_select_multiple(0)
++ self.file_dialog.set_title(_("Select executable file to be confined."))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_current_folder("/usr/sbin")
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.exec_entry.set_text(self.file_dialog.get_filename())
+
-+ for i in self.dirs.keys():
-+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
-+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
++ def init_script_select(self, args):
++ self.file_dialog.set_select_multiple(0)
++ self.file_dialog.set_title(_("Select init script file to be confined."))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_current_folder("/etc/rc.d/init.d")
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.init_script_entry.set_text(self.file_dialog.get_filename())
+
-+ return newfc
-+
-+ def generate_user_sh(self):
-+ newsh = ""
-+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
-+ roles = ""
-+ for role in self.roles:
-+ roles += " %s_r" % role
-+ if roles != "":
-+ roles += " system_r"
-+ if self.type == EUSER:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.eusers)
-+ else:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
-+ newsh += re.sub("ROLES", roles, tmp)
++ def add(self, args):
++ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
++ self.file_dialog.set_current_folder("/")
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
++ self.file_dialog.set_select_multiple(1)
++ self.__add(FILE)
+
-+ if self.type == RUSER:
-+ for u in self.transition_users:
-+ tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
-+ newsh += re.sub("USER", u, tmp)
-+ return newsh
++ def add_dir(self, args):
++ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
++ self.file_dialog.set_current_folder("/")
++ self.file_dialog.set_select_multiple(1)
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
++ self.__add(DIR)
+
-+ def generate_sh(self):
-+ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
-+ if self.type == EUSER:
-+ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
-+ else:
-+ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
-+ if self.program != "":
-+ newsh += re.sub("FILENAME", self.program, script.restorecon)
-+ if self.initscript != "":
-+ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
-+
-+ for i in self.files.keys():
-+ newsh += re.sub("FILENAME", i, script.restorecon)
++ def on_about_clicked(self, args):
++ dlg = xml.get_widget ("about_dialog")
++ dlg.run ()
++ dlg.hide ()
+
-+ for i in self.dirs.keys():
-+ newsh += re.sub("FILENAME", i, script.restorecon)
++ def quit(self, args):
++ gtk.main_quit()
+
-+ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
-+ if self.find_port(i) == None:
-+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
-+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
++ def setupScreen(self):
++ # Bring in widgets from glade file.
++ self.mainWindow = self.xml.get_widget("main_window")
++ self.druid = self.xml.get_widget("druid")
++ self.type = 0
++ self.name_entry = self.xml.get_widget("name_entry")
++ self.name_entry.connect("focus_out_event",self.on_name_entry_changed)
++ self.exec_entry = self.xml.get_widget("exec_entry")
++ self.exec_button = self.xml.get_widget("exec_button")
++ self.init_script_entry = self.xml.get_widget("init_script_entry")
++ self.init_script_button = self.xml.get_widget("init_script_button")
++ self.output_entry = self.xml.get_widget("output_entry")
++ self.output_entry.set_text(os.getcwd())
++ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
++
++ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
++ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
++ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
++ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
++ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
++ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
+
-+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
-+ if self.find_port(i) == None:
-+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
-+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
++ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
++ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
++ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
++ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
++ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
++ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
++ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
++ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
++ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
++ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
++ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
++ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
++ self.view = self.xml.get_widget("write_treeview")
++ self.file_dialog = self.xml.get_widget("filechooserdialog")
+
-+ newsh += self.generate_user_sh()
-+
-+ return newsh
-+
-+ def write_te(self, out_dir):
-+ if self.type == EUSER:
-+ tefile = "%s/my%s.te" % (out_dir, self.file_name)
-+ else:
-+ tefile = "%s/%s.te" % (out_dir, self.file_name)
-+ fd = open(tefile, "w")
-+ fd.write(self.generate_te())
-+ fd.close()
-+ return tefile
++ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
++ self.view.set_model(self.store)
++ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
++ col.set_resizable(True)
++ self.view.append_column(col)
++ self.view.get_selection().select_path ((0,))
+
-+ def write_sh(self, out_dir):
-+ if self.type == EUSER:
-+ shfile = "%s/my%s.sh" % (out_dir, self.file_name)
-+ else:
-+ shfile = "%s/%s.sh" % (out_dir, self.file_name)
-+ fd = open(shfile, "w")
-+ fd.write(self.generate_sh())
-+ fd.close()
-+ os.chmod(shfile, 0750)
-+ return shfile
++ def output_button_clicked(self, *args):
++ self.file_dialog.set_title(_("Select directory to generate policy files in"))
++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
++ self.file_dialog.set_select_multiple(0)
++ rc = self.file_dialog.run()
++ self.file_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ self.output_entry.set_text(self.file_dialog.get_filename())
++
++ def on_name_entry_changed(self, entry, third):
++ name = entry.get_text()
++ if self.name != name:
++ if name in self.all_types:
++ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
++ entry.set_text("")
++ return False
++ if name in self.all_modules:
++ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
++ entry.set_text("")
++ return False
+
-+ def write_if(self, out_dir):
-+ if self.type == EUSER:
-+ iffile = "%s/my%s.if" % (out_dir, self.file_name)
-+ else:
-+ iffile = "%s/%s.if" % (out_dir, self.file_name)
-+ fd = open(iffile, "w")
-+ fd.write(self.generate_if())
-+ fd.close()
-+ return iffile
++ file = "/etc/rc.d/init.d/" + name
++ if os.path.isfile(file) and self.init_script_entry.get_text() == "":
++ self.init_script_entry.set_text(file)
++
++ file = "/usr/sbin/" + name
++ if os.path.isfile(file) and self.exec_entry.get_text() == "":
++ self.exec_entry.set_text(file)
+
-+ def write_fc(self,out_dir):
-+ if self.type == EUSER:
-+ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
-+ else:
-+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
-+ if self.type in APPLICATIONS:
-+ fd = open(fcfile, "w")
-+ fd.write(self.generate_fc())
-+ fd.close()
-+ return fcfile
++ self.name = name
++ return False
+
-+ def generate(self, out_dir = "."):
-+ out = "Created the following files:\n"
-+ out += "%-25s %s\n" % (_("Type Enforcement file"), self.write_te(out_dir))
-+ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
-+ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir))
-+ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir))
-+ return out
++ def on_in_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.in_tcp_entry.get_text())
++ polgen.verify_ports(self.in_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
++ def on_out_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.out_tcp_entry.get_text())
++ polgen.verify_ports(self.out_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
++ def on_select_type_page_next(self, *args):
++ self.exec_entry.set_sensitive(self.confine_application())
++ self.exec_button.set_sensitive(self.confine_application())
++ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
++ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
+
-+def errorExit(error):
-+ sys.stderr.write("%s: " % sys.argv[0])
-+ sys.stderr.write("%s\n" % error)
-+ sys.stderr.flush()
-+ sys.exit(1)
++ def on_existing_user_page_next(self, *args):
++ store, iter = self.view.get_selection().get_selected()
++ if iter != None:
++ self.error(_("You must select a user"))
++ return True
++
++ def on_name_page_next(self, *args):
++ name=self.name_entry.get_text()
++ if name == "":
++ self.error(_("You must enter a name"))
++ return True
++
++ if self.confine_application():
++ exe = self.exec_entry.get_text()
++ if exe == "":
++ self.error(_("You must enter a executable"))
++ return True
+
++ def stand_alone(self):
++ desktopName = _("Configue SELinux")
+
-+if __name__ == '__main__':
-+ mypolicy = policy("mycgi", CGI)
-+ mypolicy.set_program("/var/www/cgi-bin/cgi")
-+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(False)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++ self.setupScreen()
++ self.mainWindow.connect("destroy", self.quit)
+
-+ mypolicy = policy("myuser", USER)
-+ mypolicy.set_program("/usr/bin/myuser")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
-+ mypolicy.set_out_tcp(0,"8000")
-+ mypolicy.set_transition_users(["unconfined", "staff"])
-+ print mypolicy.generate("/var/tmp")
-+
++ self.mainWindow.show_all()
++ gtk.main()
+
-+ mypolicy = policy("myrwho", DAEMON)
-+ mypolicy.set_program("/usr/sbin/myrwhod")
-+ mypolicy.set_init_script("/etc/init.d/myrwhod")
-+ mypolicy.add_dir("/etc/nasd")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_dir("/var/run/myrwho")
-+ mypolicy.add_dir("/var/lib/myrwho")
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("myinetd", INETD)
-+ mypolicy.set_program("/usr/bin/mytest")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
-+ mypolicy.set_in_udp(1, 0, 0, "1513")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_tmp(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.add_file("/var/lib/mysql/mysql.sock")
-+ mypolicy.add_file("/var/run/rpcbind.sock")
-+ mypolicy.add_file("/var/run/daemon.pub")
-+ mypolicy.add_file("/var/log/daemon.log")
-+ mypolicy.add_dir("/var/lib/daemon")
-+ mypolicy.add_dir("/etc/daemon")
-+ mypolicy.add_dir("/etc/daemon/special")
-+ mypolicy.set_use_uid(True)
-+ mypolicy.set_use_syslog(True)
-+ mypolicy.set_use_pam(True)
-+ mypolicy.set_use_audit(True)
-+ mypolicy.set_use_dbus(True)
-+ mypolicy.set_use_terminal(True)
-+ mypolicy.set_use_mail(True)
-+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++if __name__ == "__main__":
++ signal.signal (signal.SIGINT, signal.SIG_DFL)
+
-+ mypolicy = policy("mytuser", TUSER)
-+ mypolicy.set_transition_domains(["sudo"])
-+ mypolicy.set_admin_roles(["mydbadm"])
-+ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("myxuser", XUSER)
-+ mypolicy.set_in_tcp(1, 1, 1, "28920")
-+ mypolicy.set_in_udp(0, 0, 1, "1513")
-+ mypolicy.set_transition_domains(["mozilla"])
-+ print mypolicy.generate("/var/tmp")
-+
-+ mypolicy = policy("mydbadm", RUSER)
-+ mypolicy.set_admin_domains(["postgresql", "mysql"])
-+ print mypolicy.generate("/var/tmp")
-+
-+ sys.exit(0)
-+
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.50/gui/portsPage.py
++ app = childWindow()
++ app.stand_alone()
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.52/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/portsPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/portsPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,258 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -10543,9 +7226,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.50/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.52/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/selinux.tbl 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/selinux.tbl 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -10781,10 +7464,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.50/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.52/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/semanagePage.py 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,170 @@
++++ policycoreutils-2.0.52/gui/semanagePage.py 2008-07-03 13:10:29.000000000 -0400
+@@ -0,0 +1,169 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
@@ -10943,7 +7626,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+ except ValueError, e:
+ self.error(e.args[0])
+ self.dialog.hide()
-+
+
+ def on_local_clicked(self, button):
+ self.local = not self.local
@@ -10955,9 +7637,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.50/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.52/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/statusPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/statusPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,191 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -11150,10 +7832,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.50/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.52/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/system-config-selinux.glade 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,3203 @@
++++ policycoreutils-2.0.52/gui/system-config-selinux.glade 2008-07-03 13:08:31.000000000 -0400
+@@ -0,0 +1,3221 @@
+
+
+
@@ -12974,6 +9656,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ True
+
+
++
++
++
++ True
++ Run booleans lockdown wizard
++ Lockdown...
++ True
++ gtk-print-error
++ True
++ True
++ False
++
++
++
++ False
++ True
++
++
+
+
+ 0
@@ -14357,9 +11057,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.50/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.52/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/system-config-selinux.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/system-config-selinux.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
@@ -14548,9 +11248,31 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.50/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.52/gui/templates/__init__.py
+--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.52/gui/templates/__init__.py 2008-07-02 13:43:21.000000000 -0400
+@@ -0,0 +1,18 @@
++#
++# Copyright (C) 2007 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++#
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.52/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/boolean.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/boolean.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14592,9 +11314,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py
+')
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.50/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.52/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/etc_rw.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/etc_rw.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14725,9 +11447,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.50/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.52/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/executable.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/executable.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,327 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15056,31 +11778,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.50/gui/templates/__init__.py
---- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/__init__.py 2008-07-01 14:59:58.000000000 -0400
-@@ -0,0 +1,18 @@
-+#
-+# Copyright (C) 2007 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+#
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.50/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.52/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/network.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/network.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -15162,9 +11862,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.50/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.52/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/rw.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/rw.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15294,9 +11994,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.50/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.52/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/script.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/script.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,105 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15403,9 +12103,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+# Adding roles to SELinux user USER
+/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.50/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.52/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/semodule.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/semodule.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15448,9 +12148,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.50/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.52/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/tmp.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/tmp.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15549,9 +12249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+ TEMPLATETYPE_manage_tmp($1)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.50/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.52/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/user.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/user.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15735,9 +12435,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.50/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.52/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/var_lib.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/var_lib.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,158 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -15897,9 +12597,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.50/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.52/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/var_log.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/var_log.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,110 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16011,9 +12711,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.50/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.52/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/var_run.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/var_run.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,118 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16133,9 +12833,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.50/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.52/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/templates/var_spool.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/templates/var_spool.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -16266,9 +12966,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.50/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.52/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/translationsPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/translationsPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -16388,9 +13088,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.50/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.52/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.50/gui/usersPage.py 2008-07-01 14:59:58.000000000 -0400
++++ policycoreutils-2.0.52/gui/usersPage.py 2008-07-02 13:43:21.000000000 -0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a82cdf3..c4a56bd 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -7,6 +7,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.52/VERSION
+--- nsapolicycoreutils/VERSION 2008-07-02 17:19:15.000000000 -0400
++++ policycoreutils-2.0.52/VERSION 2008-07-02 13:42:54.000000000 -0400
+@@ -1 +1 @@
+-2.0.52
++2.0.51
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-02 13:43:21.000000000 -0400
@@ -38,34 +44,194 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:15.000000000 -0400
-+++ policycoreutils-2.0.52/semanage/semanage 2008-07-02 13:43:21.000000000 -0400
-@@ -297,9 +297,10 @@
- if object == "user":
++++ policycoreutils-2.0.52/semanage/semanage 2008-07-03 13:06:55.000000000 -0400
+@@ -51,7 +51,7 @@
+ semanage interface -{a|d|m} [-tr] interface_spec
+ semanage fcontext -{a|d|m} [-frst] file_spec
+ semanage translation -{a|d|m} [-T] level
+-semanage boolean -{d|m} boolean
++semanage boolean -{d|m} [-F] boolean | boolean_file
+ semanage permissive -{d|a} type
+
+ Primary Options:
+@@ -79,6 +79,7 @@
+ -l (symbolic link)
+ -p (named pipe)
+
++ -F, --file Treat target as an input file for command, change multiple settings
+ -p, --proto Port protocol (tcp or udp)
+ -P, --prefix Prefix for home directory labeling
+ -L, --level Default SELinux Level (MLS/MCS Systems only)
+@@ -114,7 +115,7 @@
+ valid_option["translation"] = []
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
+ valid_option["boolean"] = []
+- valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
++ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
+ valid_option["permissive"] = []
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ return valid_option
+@@ -136,13 +137,14 @@
+ seuser = ""
+ prefix = ""
+ heading=1
+- value=0
+- add = 0
+- modify = 0
+- delete = 0
+- deleteall = 0
+- list = 0
+- locallist = 0
++ value = ""
++ add = False
++ modify = False
++ delete = False
++ deleteall = False
++ list = False
++ locallist = False
++ use_file = False
+ store = ""
+ if len(sys.argv) < 3:
+ usage(_("Requires 2 or more arguments"))
+@@ -155,11 +157,12 @@
+ args = sys.argv[2:]
+
+ gopts, cmds = getopt.getopt(args,
+- '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
++ '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+ 'ftype=',
++ 'file',
+ 'help',
+ 'list',
+ 'modify',
+@@ -185,18 +188,22 @@
+ if o == "-a" or o == "--add":
+ if modify or delete:
+ usage()
+- add = 1
++ add = True
+
+ if o == "-d" or o == "--delete":
+ if modify or add:
+ usage()
+- delete = 1
++ delete = True
+ if o == "-D" or o == "--deleteall":
+ if modify:
+ usage()
+- deleteall = 1
++ deleteall = True
+ if o == "-f" or o == "--ftype":
+ ftype=a
++
++ if o == "-F" or o == "--file":
++ use_file = True
++
+ if o == "-h" or o == "--help":
+ usage()
+
+@@ -204,12 +211,12 @@
+ heading=0
+
+ if o == "-C" or o == "--locallist":
+- locallist=1
++ locallist = True
+
+ if o == "-m"or o == "--modify":
+ if delete or add:
+ usage()
+- modify = 1
++ modify = True
+
+ if o == "-S" or o == '--store':
+ store = a
+@@ -220,7 +227,7 @@
+ serange = a
+
+ if o == "-l" or o == "--list":
+- list = 1
++ list = True
+
+ if o == "-L" or o == '--level':
+ if is_mls_enabled == 0:
+@@ -246,9 +253,9 @@
+ setrans = a
+
+ if o == "--on" or o == "-1":
+- value = 1
++ value = True
+ if o == "-off" or o == "-0":
+- value = 0
++ value = False
+
+ if object == "login":
+ OBJECT = seobject.loginRecords(store)
+@@ -275,7 +282,10 @@
+ OBJECT = seobject.permissiveRecords(store)
+
+ if list:
+- OBJECT.list(heading, locallist)
++ if object == "boolean":
++ OBJECT.list(heading, locallist, use_file)
++ else:
++ OBJECT.list(heading, locallist)
+ sys.exit(0);
+
+ if deleteall:
+@@ -298,8 +308,6 @@
rlist = roles.split()
if len(rlist) == 0:
-- raise ValueError(_("You must specify a role"))
+ raise ValueError(_("You must specify a role"))
- if prefix == "":
- raise ValueError(_("You must specify a prefix"))
-+ raise ValueError(_("You must specify a role"))
-+ if prefix == "":
-+ prefix = "user"
-+
OBJECT.add(target, rlist, selevel, serange, prefix)
if object == "port":
+@@ -317,7 +325,12 @@
+
+ if modify:
+ if object == "boolean":
+- OBJECT.modify(target, value)
++ if use_file:
++ OBJECT.modify(target, use_file = use_file)
++ else:
++ if value == "":
++ raise ValueError(_("boolean requires value"))
++ OBJECT.modify(target, value)
+
+ if object == "login":
+ OBJECT.modify(target, seuser, serange)
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:15.000000000 -0400
-+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-02 13:43:21.000000000 -0400
-@@ -3,7 +3,7 @@
++++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-03 13:14:31.000000000 -0400
+@@ -3,9 +3,9 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
.br
- .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
+-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
++.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
+ .br
+ .B semanage login \-{a|d|m} [\-sr] login_name
.br
-@@ -87,6 +87,9 @@
+@@ -54,6 +54,11 @@
+ File Type. This is used with fcontext.
+ Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
+ .TP
++.I \-F, \-\-file
++Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
++
++Currently booleans only.
++.TP
+ .I \-h, \-\-help
+ display this message
+ .TP
+@@ -87,6 +92,9 @@
.I \-s, \-\-seuser
SELinux user name
.TP
@@ -75,3 +241,124 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
.I \-t, \-\-type
SELinux Type for the object
.TP
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.52/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2008-07-02 17:19:15.000000000 -0400
++++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-03 13:07:45.000000000 -0400
+@@ -567,7 +562,7 @@
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def add(self, name, roles, selevel, serange, prefix):
++ def add(self, name, roles, selevel, serange, prefix = "user"):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -1448,53 +1443,58 @@
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def modify(self, name, value = ""):
+- if value == "":
+- raise ValueError(_("Requires value"))
+-
+- (rc,k) = semanage_bool_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError(_("Could not create a key for %s") % name)
+-
+- (rc,exists) = semanage_bool_exists(self.sh, k)
+- if rc < 0:
+- raise ValueError(_("Could not check if boolean %s is defined") % name)
+- if not exists:
+- raise ValueError(_("Boolean %s is not defined") % name)
+-
+- (rc,b) = semanage_bool_query(self.sh, k)
+- if rc < 0:
+- raise ValueError(_("Could not query file context %s") % name)
++ def __mod(self, name, value):
++ (rc,k) = semanage_bool_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % name)
++ (rc,exists) = semanage_bool_exists(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not check if boolean %s is defined") % name)
++ if not exists:
++ raise ValueError(_("Boolean %s is not defined") % name)
++
++ (rc,b) = semanage_bool_query(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not query file context %s") % name)
+
+- if value != "":
+- nvalue = int(value)
+- semanage_bool_set_value(b, nvalue)
++ if value != "":
++ nvalue = int(value)
++ semanage_bool_set_value(b, nvalue)
+ else:
+ raise ValueError(_("You must specify a value"))
++
++ rc = semanage_bool_set_active(self.sh, k, b)
++ if rc < 0:
++ raise ValueError(_("Could not set active value of boolean %s") % name)
++ rc = semanage_bool_modify_local(self.sh, k, b)
++ if rc < 0:
++ raise ValueError(_("Could not modify boolean %s") % name)
++ semanage_bool_key_free(k)
++ semanage_bool_free(b)
+
++ def modify(self, name, value=False, use_file=False):
++
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+-
+- rc = semanage_bool_set_active(self.sh, k, b)
+- if rc < 0:
+- raise ValueError(_("Could not set active value of boolean %s") % name)
+- rc = semanage_bool_modify_local(self.sh, k, b)
+- if rc < 0:
+- raise ValueError(_("Could not modify boolean %s") % name)
++ if use_file:
++ fd = open(name)
++ for b in fd.read().split():
++ bool, val = b.split("=")
++ self.__mod(bool, val)
++ fd.close()
++ else:
++ self.__mod(name, value)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify boolean %s") % name)
+
+- semanage_bool_key_free(k)
+- semanage_bool_free(b)
+-
+ def delete(self, name):
+- (rc,k) = semanage_bool_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError(_("Could not create a key for %s") % name)
+
++ (rc,k) = semanage_bool_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % name)
+ (rc,exists) = semanage_bool_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
+@@ -1571,8 +1571,15 @@
+ else:
+ return _("unknown")
+
+- def list(self, heading = 1, locallist = 0):
++ def list(self, heading = True, locallist = False, use_file = False):
+ on_off = (_("off"),_("on"))
++ if use_file:
++ ddict = self.get_all(locallist)
++ keys = ddict.keys()
++ for k in keys:
++ if ddict[k]:
++ print "%s=%s" % (k, ddict[k][2])
++ return
+ if heading:
+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
+ ddict = self.get_all(locallist)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2f1fc99..0576edc 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.52
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,6 +192,10 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
+* Wed Jul 2 2008 Dan Walsh 2.0.52-2
+- Add lockdown wizard
+- Allow semanage booleans to take an input file an process lots of booleans at once.
+
* Wed Jul 2 2008 Dan Walsh 2.0.52-1
- Default prefix to "user"