#! /usr/bin/env python
# Copyright (C) 2006 Red Hat 
# see file 'COPYING' for use and warranty information
#
# policygentool is a tool for the initial generation of SELinux policy
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of the GNU General Public License as
#    published by the Free Software Foundation; either version 2 of
#    the License, or (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
#                                        02111-1307  USA
#
#  
import os, sys, getopt
import seobject
import re

########################### Interface File #############################
interface="\n\
## <summary>policy for TEMPLATETYPE</summary>\n\
\n\
########################################\n\
## <summary>\n\
##	Execute a domain transition to run TEMPLATETYPE.\n\
## </summary>\n\
## <param name=\"domain\">\n\
##	Domain allowed to transition.\n\
## </param>\n\
#\n\
interface(`TEMPLATETYPE_domtrans',`\n\
	gen_requires(`\n\
		type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;\n\
	')\n\
\n\
	domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)\n\
\n\
	allow $1 TEMPLATETYPE_t:fd use;\n\
	allow TEMPLATETYPE_t $1:fd use;\n\
	allow TEMPLATETYPE_t:$1:fifo_file rw_file_perms;\n\
	allow TEMPLATETYPE_t $1:process sigchld;\n\
')\n\
"

########################### Type Enforcement File #############################
te="\n\
policy_module(TEMPLATETYPE,1.0.0)\n\
\n\
########################################\n\
#\n\
# Declarations\n\
#\n\
\n\
type TEMPLATETYPE_t;\n\
type TEMPLATETYPE_exec_t;\n\
domain_type(TEMPLATETYPE_t)\n\
init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)\n\
\n\
########################################\n\
#\n\
# TEMPLATETYPE local policy\n\
#\n\
# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.\n"

########################### File Context ##################################
fc="\n\
# TEMPLATETYPE executable will have:\n\
# label: system_u:object_r:TEMPLATETYPE_exec_t\n\
# MLS sensitivity: s0\n\
# MCS categories: <none>\n\
\n\
EXECUTABLE		--	gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)\n\
"
def errorExit(error):
	sys.stderr.write("%s: " % sys.argv[0])
	sys.stderr.write("%s\n" % error)
	sys.stderr.flush()
	sys.exit(1)


def write_te_file(module):
	file="%s.te" % module
	newte=re.sub("TEMPLATETYPE", module, te)
	if os.path.exists(file):
		errorExit("%s already exists" % file)
	fd = open(file, 'w')
	fd.write(newte)
	fd.close()

def write_if_file(module):
	file="%s.if" % module
	newif=re.sub("TEMPLATETYPE", module, interface)
	if os.path.exists(file):
		errorExit("%s already exists" % file)
	fd = open(file, 'w')
	fd.write(newif)
	fd.close()

def write_fc_file(module, executable):
	file="%s.fc" % module
	newfc=re.sub("TEMPLATETYPE", module, fc)
	newfc=re.sub("EXECUTABLE", executable, newfc)
	if os.path.exists(file):
		errorExit("%s already exists" % file)
	fd = open(file, 'w')
	fd.write(newfc)
	fd.close()

def gen_policy(module, executable):
	write_te_file(module)
	write_if_file(module)
	write_fc_file(module, executable)
	
if __name__ == '__main__':
	def usage(message = ""):
		print '%s ModuleName Executable' % sys.argv[0]
		sys.exit(1)
		
	if len(sys.argv) != 3:
		usage()

	gen_policy(sys.argv[1], sys.argv[2])