-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD+pmIACgkQrlYvE4MpobMFEACgm+Oo5OC4BfTyV+lng08/QJim
0isAn22baBaBJ2oMXx6AkQH4GwLxB8M5
=lcQy
-----END PGP SIGNATURE-----
>From a5113d78d26ec56c4c969ee2f2edfcfe7aca879a Mon Sep 17 00:00:00 2001
From: rhatdan <dwalsh@xxxxxxxxxx>
Date: Thu, 4 Oct 2012 15:35:48 -0400
Subject: [PATCH 35/84] policycoreutils: gui: switch to use sepolicy
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/gui/Makefile | 8 +-
policycoreutils/gui/domainsPage.py | 4 +-
policycoreutils/gui/polgen.py | 1372 ---------------------------
policycoreutils/gui/polgengui.py | 107 ++-
policycoreutils/gui/templates/__init__.py | 17 -
policycoreutils/gui/templates/boolean.py | 39 -
policycoreutils/gui/templates/etc_rw.py | 139 ---
policycoreutils/gui/templates/executable.py | 450 ---------
policycoreutils/gui/templates/network.py | 101 --
policycoreutils/gui/templates/rw.py | 154 ---
policycoreutils/gui/templates/script.py | 126 ---
policycoreutils/gui/templates/semodule.py | 40 -
policycoreutils/gui/templates/tmp.py | 129 ---
policycoreutils/gui/templates/unit_file.py | 72 --
policycoreutils/gui/templates/user.py | 204 ----
policycoreutils/gui/templates/var_cache.py | 157 ---
policycoreutils/gui/templates/var_lib.py | 161 ----
policycoreutils/gui/templates/var_log.py | 115 ---
policycoreutils/gui/templates/var_run.py | 102 --
policycoreutils/gui/templates/var_spool.py | 156 ---
policycoreutils/po/Makefile | 13 -
policycoreutils/po/POTFILES.in | 13 -
22 files changed, 64 insertions(+), 3615 deletions(-)
delete mode 100644 policycoreutils/gui/polgen.py
delete mode 100644 policycoreutils/gui/templates/__init__.py
delete mode 100644 policycoreutils/gui/templates/boolean.py
delete mode 100644 policycoreutils/gui/templates/etc_rw.py
delete mode 100644 policycoreutils/gui/templates/executable.py
delete mode 100644 policycoreutils/gui/templates/network.py
delete mode 100644 policycoreutils/gui/templates/rw.py
delete mode 100644 policycoreutils/gui/templates/script.py
delete mode 100644 policycoreutils/gui/templates/semodule.py
delete mode 100644 policycoreutils/gui/templates/tmp.py
delete mode 100644 policycoreutils/gui/templates/unit_file.py
delete mode 100644 policycoreutils/gui/templates/user.py
delete mode 100644 policycoreutils/gui/templates/var_cache.py
delete mode 100644 policycoreutils/gui/templates/var_lib.py
delete mode 100644 policycoreutils/gui/templates/var_log.py
delete mode 100644 policycoreutils/gui/templates/var_run.py
delete mode 100644 policycoreutils/gui/templates/var_spool.py
diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile
index 1464971..b5abbb9 100644
--- a/policycoreutils/gui/Makefile
+++ b/policycoreutils/gui/Makefile
@@ -18,17 +18,15 @@ statusPage.py \
system-config-selinux.glade \
usersPage.py
-all: $(TARGETS) system-config-selinux.py polgengui.py templates polgen.py
+all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
- -mkdir -p $(SHAREDIR)/templates
+ -mkdir -p $(SHAREDIR)
-mkdir -p $(BINDIR)
install -m 755 system-config-selinux.py $(SHAREDIR)
install -m 755 polgengui.py $(SHAREDIR)
- install -m 755 polgen.py $(SHAREDIR)
- (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
+ install -m 755 sepolgen $(BINDIR)
install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 templates/*.py $(SHAREDIR)/templates/
clean:
diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py
index 03451b6..91c88a8 100644
--- a/policycoreutils/gui/domainsPage.py
+++ b/policycoreutils/gui/domainsPage.py
@@ -26,7 +26,7 @@ import sys
import seobject
import selinux
from semanagePage import *;
-import polgen
+from sepolicy.generate import get_all_domains
##
## I18N
@@ -68,7 +68,7 @@ class domainsPage(semanagePage):
self.permissive_button = xml.get_widget("permissiveButton")
self.enforcing_button = xml.get_widget("enforcingButton")
- self.domains=polgen.get_all_domains()
+ self.domains=get_all_domains()
self.load()
def get_modules(self):
diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py
deleted file mode 100644
index 51fb8d7..0000000
--- a/policycoreutils/gui/polgen.py
+++ /dev/null
@@ -1,1372 +0,0 @@
-#!/usr/bin/python -Es
-#
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-import os, sys, stat
-import re
-import commands
-import setools
-
-from templates import executable
-from templates import boolean
-from templates import etc_rw
-from templates import unit_file
-from templates import var_cache
-from templates import var_spool
-from templates import var_lib
-from templates import var_log
-from templates import var_run
-from templates import tmp
-from templates import rw
-from templates import network
-from templates import script
-from templates import user
-import sepolgen.interfaces as interfaces
-import sepolgen.defaults as defaults
-
-##
-## I18N
-##
-PROGNAME="policycoreutils"
-
-import gettext
-gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
-gettext.textdomain(PROGNAME)
-try:
- gettext.install(PROGNAME,
- localedir="/usr/share/locale",
- unicode=False,
- codeset = 'utf-8')
-except IOError:
- import __builtin__
- __builtin__.__dict__['_'] = unicode
-
-methods = []
-fn = defaults.interface_info()
-try:
- fd = open(fn)
- # List of per_role_template interfaces
- ifs = interfaces.InterfaceSet()
- ifs.from_file(fd)
- methods = ifs.interfaces.keys()
- fd.close()
-except:
- sys.stderr.write("could not open interface info [%s]\n" % fn)
- sys.exit(1)
-
-all_types = None
-def get_all_types():
- global all_types
- if all_types == None:
- all_types = map(lambda x: x['name'], setools.seinfo(setools.TYPE))
- return all_types
-
-def get_all_ports():
- dict = {}
- for p in setools.seinfo(setools.PORT):
- if p['type'] == "reserved_port_t" or \
- p['type'] == "port_t" or \
- p['type'] == "hi_reserved_port_t":
- continue
- dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
- return dict
-
-def get_all_roles():
- roles = map(lambda x: x['name'], setools.seinfo(setools.ROLE))
- roles.remove("object_r")
- roles.sort()
- return roles
-
-def get_all_attributes():
- attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE))
- attributes.sort()
- return attributes
-
-def get_all_domains():
- all_domains = []
- types=get_all_types()
- types.sort()
- for i in types:
- m = re.findall("(.*)%s" % "_exec_t$", i)
- if len(m) > 0:
- if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains:
- all_domains.append(m[0])
- return all_domains
-
-def get_all_modules():
- try:
- all_modules = []
- rc, output=commands.getstatusoutput("semodule -l 2>/dev/null")
- if rc == 0:
- l = output.split("\n")
- for i in l:
- all_modules.append(i.split()[0])
- except:
- pass
-
- return all_modules
-
-def get_all_users():
- users = map(lambda x: x['name'], setools.seinfo(setools.USER))
- users.remove("system_u")
- users.remove("root")
- users.sort()
- return users
-
-ALL = 0
-RESERVED = 1
-UNRESERVED = 2
-PORTS = 3
-ADMIN_TRANSITION_INTERFACE = "_admin$"
-USER_TRANSITION_INTERFACE = "_role$"
-
-DAEMON = 0
-DBUS = 1
-INETD = 2
-CGI = 3
-USER = 4
-SANDBOX = 5
-TUSER = 6
-XUSER = 7
-LUSER = 8
-AUSER = 9
-RUSER = 10
-EUSER = 11
-
-poltype={}
-poltype[DAEMON] = _("Standard Init Daemon")
-poltype[DBUS] = _("DBUS System Daemon")
-poltype[INETD] = _("Internet Services Daemon")
-poltype[CGI] = _("Web Application/Script (CGI)")
-poltype[USER] = _("User Application")
-poltype[SANDBOX] = _("Sandbox")
-poltype[TUSER] = _("Minimal Terminal User Role")
-poltype[XUSER] = _("Minimal X Windows User Role")
-poltype[LUSER] = _("User Role")
-poltype[AUSER] = _("Admin User Role")
-poltype[RUSER] = _("Root Admin User Role")
-
-APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ]
-USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
-
-def verify_ports(ports):
- if ports == "":
- return []
- max_port=2**16
- try:
- temp = []
- for a in ports.split(","):
- r = a.split("-")
- if len(r) > 2:
- raise ValueError
- if len(r) == 1:
- begin = int (r[0])
- end = int (r[0])
- else:
- begin = int (r[0])
- end = int (r[1])
-
- if begin > end:
- raise ValueError
-
- for p in range(begin, end + 1):
- if p < 1 or p > max_port:
- raise ValueError
- temp.append(p)
- return temp
- except ValueError:
- raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port ))
-
-class policy:
-
- def __init__(self, name, type):
- self.ports = []
- try:
- self.ports = get_all_ports()
- except ValueError, e:
- print "Can not get port types, must be root for this information"
- except RuntimeError, e:
- print "Can not get port types", e
-
- self.symbols = {}
- self.symbols["openlog"] = "set_use_kerberos(True)"
- self.symbols["openlog"] = "set_use_kerb_rcache(True)"
- self.symbols["openlog"] = "set_use_syslog(True)"
- self.symbols["gethostby"] = "set_use_resolve(True)"
- self.symbols["getaddrinfo"] = "set_use_resolve(True)"
- self.symbols["getnameinfo"] = "set_use_resolve(True)"
- self.symbols["krb"] = "set_use_kerberos(True)"
- self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
- self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
- self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
- self.symbols["__syslog_chk"] = "set_use_syslog(True)"
- self.symbols["getpwnam"] = "set_use_uid(True)"
- self.symbols["getpwuid"] = "set_use_uid(True)"
- self.symbols["dbus_"] = "set_use_dbus(True)"
- self.symbols["pam_"] = "set_use_pam(True)"
- self.symbols["pam_"] = "set_use_audit(True)"
- self.symbols["fork"] = "add_process('fork')"
- self.symbols["transition"] = "add_process('transition')"
- self.symbols["sigchld"] = "add_process('sigchld')"
- self.symbols["sigkill"] = "add_process('sigkill')"
- self.symbols["sigstop"] = "add_process('sigstop')"
- self.symbols["signull"] = "add_process('signull')"
- self.symbols["signal"] = "add_process('signal')"
- self.symbols["ptrace"] = "add_process('ptrace')"
- self.symbols["getsched"] = "add_process('getsched')"
- self.symbols["setsched"] = "add_process('setsched')"
- self.symbols["getsession"] = "add_process('getsession')"
- self.symbols["getpgid"] = "add_process('getpgid')"
- self.symbols["setpgid"] = "add_process('setpgid')"
- self.symbols["getcap"] = "add_process('getcap')"
- self.symbols["setcap"] = "add_process('setcap')"
- self.symbols["share"] = "add_process('share')"
- self.symbols["getattr"] = "add_process('getattr')"
- self.symbols["setexec"] = "add_process('setexec')"
- self.symbols["setfscreate"] = "add_process('setfscreate')"
- self.symbols["noatsecure"] = "add_process('noatsecure')"
- self.symbols["siginh"] = "add_process('siginh')"
- self.symbols["setrlimit"] = "add_process('setrlimit')"
- self.symbols["rlimitinh"] = "add_process('rlimitinh')"
- self.symbols["dyntransition"] = "add_process('dyntransition')"
- self.symbols["setcurrent"] = "add_process('setcurrent')"
- self.symbols["execmem"] = "add_process('execmem')"
- self.symbols["execstack"] = "add_process('execstack')"
- self.symbols["execheap"] = "add_process('execheap')"
- self.symbols["setkeycreate"] = "add_process('setkeycreate')"
- self.symbols["setsockcreate"] = "add_process('setsockcreate')"
-
- self.symbols["chown"] = "add_capability('chown')"
- self.symbols["dac_override"] = "add_capability('dac_override')"
- self.symbols["dac_read_search"] = "add_capability('dac_read_search')"
- self.symbols["fowner"] = "add_capability('fowner')"
- self.symbols["fsetid"] = "add_capability('fsetid')"
- self.symbols["kill"] = "add_capability('kill')"
- self.symbols["setgid"] = "add_capability('setgid')"
- self.symbols["setresuid"] = "add_capability('setuid')"
- self.symbols["setuid"] = "add_capability('setuid')"
- self.symbols["setpcap"] = "add_capability('setpcap')"
- self.symbols["linux_immutable"] = "add_capability('linux_immutable')"
- self.symbols["net_bind_service"] = "add_capability('net_bind_service')"
- self.symbols["net_broadcast"] = "add_capability('net_broadcast')"
- self.symbols["net_admin"] = "add_capability('net_admin')"
- self.symbols["net_raw"] = "add_capability('net_raw')"
- self.symbols["ipc_lock"] = "add_capability('ipc_lock')"
- self.symbols["ipc_owner"] = "add_capability('ipc_owner')"
- self.symbols["sys_module"] = "add_capability('sys_module')"
- self.symbols["sys_rawio"] = "add_capability('sys_rawio')"
- self.symbols["chroot"] = "add_capability('sys_chroot')"
- self.symbols["sys_chroot"] = "add_capability('sys_chroot')"
- self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')"
- self.symbols["sys_pacct"] = "add_capability('sys_pacct')"
- self.symbols["mount"] = "add_capability('sys_admin')"
- self.symbols["unshare"] = "add_capability('sys_admin')"
- self.symbols["sys_admin"] = "add_capability('sys_admin')"
- self.symbols["sys_boot"] = "add_capability('sys_boot')"
- self.symbols["sys_nice"] = "add_capability('sys_nice')"
- self.symbols["sys_resource"] = "add_capability('sys_resource')"
- self.symbols["sys_time"] = "add_capability('sys_time')"
- self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')"
- self.symbols["mknod"] = "add_capability('mknod')"
- self.symbols["lease"] = "add_capability('lease')"
- self.symbols["audit_write"] = "add_capability('audit_write')"
- self.symbols["audit_control"] = "add_capability('audit_control')"
- self.symbols["setfcap"] = "add_capability('setfcap')"
-
- self.DEFAULT_DIRS = {}
- self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
- self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp];
- self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
- self.DEFAULT_DIRS["/usr/lib/systemd/system"] = ["unit_file", [], unit_file];
- self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file];
- self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file];
- self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache];
- self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
- self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
- self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
- self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
-
- self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/usr/lib/systemd/system", "/lib/systemd/system" ]
-
- self.DEFAULT_TYPES = (\
-( self.generate_daemon_types, self.generate_daemon_rules), \
-( self.generate_dbusd_types, self.generate_dbusd_rules), \
-( self.generate_inetd_types, self.generate_inetd_rules), \
-( self.generate_cgi_types, self.generate_cgi_rules), \
-( self.generate_sandbox_types, self.generate_sandbox_rules), \
-( self.generate_userapp_types, self.generate_userapp_rules), \
-( self.generate_existing_user_types, self.generate_existing_user_rules), \
-( self.generate_min_login_user_types, self.generate_login_user_rules), \
-( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
-( self.generate_login_user_types, self.generate_login_user_rules), \
-( self.generate_admin_user_types, self.generate_login_user_rules), \
-( self.generate_root_user_types, self.generate_root_user_rules))
- if name == "":
- raise ValueError(_("You must enter a name for your confined process/user"))
- if not name.isalnum():
- raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
-
- if type == CGI:
- self.name = "httpd_%s_script" % name
- else:
- self.name = name
-
- self.file_name = name
-
- self.capabilities = []
- self.processes = []
- self.type = type
- self.initscript = ""
- self.program = ""
- self.in_tcp = [False, False, False, []]
- self.in_udp = [False, False, False, []]
- self.out_tcp = [False, False, False, []]
- self.out_udp = [False, False, False, []]
- self.use_resolve = False
- self.use_tmp = False
- self.use_uid = False
- self.use_syslog = False
- self.use_kerberos = False
- self.manage_krb5_rcache = False
- self.use_pam = False
- self.use_dbus = False
- self.use_audit = False
- self.use_etc = True
- self.use_localization = True
- self.use_fd = True
- self.use_terminal = False
- self.use_mail = False
- self.booleans = {}
- self.files = {}
- self.dirs = {}
- self.found_tcp_ports=[]
- self.found_udp_ports=[]
- self.need_tcp_type=False
- self.need_udp_type=False
- self.admin_domains = []
- self.transition_domains = []
- self.transition_users = []
- self.roles = []
-
- def __isnetset(self, l):
- return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
-
- def set_admin_domains(self, admin_domains):
- self.admin_domains = admin_domains
-
- def set_admin_roles(self, roles):
- self.roles = roles
-
- def set_transition_domains(self, transition_domains):
- self.transition_domains = transition_domains
-
- def set_transition_users(self, transition_users):
- self.transition_users = transition_users
-
- def use_in_udp(self):
- return self.__isnetset(self.in_udp)
-
- def use_out_udp(self):
- return self.__isnetset(self.out_udp)
-
- def use_udp(self):
- return self.use_in_udp() or self.use_out_udp()
-
- def use_in_tcp(self):
- return self.__isnetset(self.in_tcp)
-
- def use_out_tcp(self):
- return self.__isnetset(self.out_tcp)
-
- def use_tcp(self):
- return self.use_in_tcp() or self.use_out_tcp()
-
- def use_network(self):
- return self.use_tcp() or self.use_udp()
-
- def find_port(self, port, protocol="tcp"):
- for begin,end,p in self.ports.keys():
- if port >= begin and port <= end and protocol == p:
- return self.ports[begin, end, protocol]
- return None
-
- def set_program(self, program):
- if self.type not in APPLICATIONS:
- raise ValueError(_("User Role types can not be assigned executables."))
-
- self.program = program
-
- def set_init_script(self, initscript):
- if self.type != DAEMON:
- raise ValueError(_("Only Daemon apps can use an init script.."))
-
- self.initscript = initscript
-
- def set_in_tcp(self, all, reserved, unreserved, ports):
- self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
-
- def set_in_udp(self, all, reserved, unreserved, ports):
- self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
-
- def set_out_tcp(self, all, ports):
- self.out_tcp = [ all , False, False, verify_ports(ports) ]
-
- def set_out_udp(self, all, ports):
- self.out_udp = [ all , False, False, verify_ports(ports) ]
-
- def set_use_resolve(self, val):
- if val != True and val != False:
- raise ValueError(_("use_resolve must be a boolean value "))
-
- self.use_resolve = val
-
- def set_use_syslog(self, val):
- if val != True and val != False:
- raise ValueError(_("use_syslog must be a boolean value "))
-
- self.use_syslog = val
-
- def set_use_kerberos(self, val):
- if val != True and val != False:
- raise ValueError(_("use_kerberos must be a boolean value "))
-
- self.use_kerberos = val
-
- def set_manage_krb5_rcache(self, val):
- if val != True and val != False:
- raise ValueError(_("manage_krb5_rcache must be a boolean value "))
-
- self.manage_krb5_rcache = val
-
- def set_use_pam(self, val):
- self.use_pam = val == True
-
- def set_use_dbus(self, val):
- self.use_dbus = val == True
-
- def set_use_audit(self, val):
- self.use_audit = val == True
-
- def set_use_etc(self, val):
- self.use_etc = val == True
-
- def set_use_localization(self, val):
- self.use_localization = val == True
-
- def set_use_fd(self, val):
- self.use_fd = val == True
-
- def set_use_terminal(self, val):
- self.use_terminal = val == True
-
- def set_use_mail(self, val):
- self.use_mail = val == True
-
- def set_use_tmp(self, val):
- if self.type in USERS:
- raise ValueError(_("USER Types automatically get a tmp type"))
-
- if val:
- self.DEFAULT_DIRS["/tmp"][1].append("/tmp");
- else:
- self.DEFAULT_DIRS["/tmp"][1]=[]
-
- def set_use_uid(self, val):
- self.use_uid = val == True
-
- def generate_uid_rules(self):
- if self.use_uid:
- return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
- else:
- return ""
-
- def generate_syslog_rules(self):
- if self.use_syslog:
- return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
- else:
- return ""
-
- def generate_resolve_rules(self):
- if self.use_resolve:
- return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules)
- else:
- return ""
-
- def generate_kerberos_rules(self):
- if self.use_kerberos:
- return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
- else:
- return ""
-
- def generate_manage_krb5_rcache_rules(self):
- if self.manage_krb5_rcache:
- return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
- else:
- return ""
-
- def generate_pam_rules(self):
- newte =""
- if self.use_pam:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
- return newte
-
- def generate_audit_rules(self):
- newte =""
- if self.use_audit:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
- return newte
-
- def generate_etc_rules(self):
- newte =""
- if self.use_etc:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_etc_rules)
- return newte
-
- def generate_fd_rules(self):
- newte =""
- if self.use_fd:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_fd_rules)
- return newte
-
- def generate_localization_rules(self):
- newte =""
- if self.use_localization:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_localization_rules)
- return newte
-
- def generate_dbus_rules(self):
- newte =""
- if self.type != DBUS and self.use_dbus:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
- return newte
-
- def generate_mail_rules(self):
- newte =""
- if self.use_mail:
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules)
- return newte
-
- def generate_network_action(self, protocol, action, port_name):
- line = ""
- method = "corenet_%s_%s_%s" % (protocol, action, port_name)
- if method in methods:
- line = "%s(%s_t)\n" % (method, self.name)
- else:
- line = """
-gen_require(`
- type %s_t;
-')
-allow %s_t %s_t:%s_socket name_%s;
-""" % (port_name, self.name, port_name, protocol, action)
- return line
-
- def generate_network_types(self):
- for i in self.in_tcp[PORTS]:
- rec = self.find_port(int(i), "tcp")
- if rec == None:
- self.need_tcp_type = True;
- else:
- port_name = rec[0][:-2]
- line = self.generate_network_action("tcp", "bind", port_name)
-# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
- if line not in self.found_tcp_ports:
- self.found_tcp_ports.append(line)
-
- for i in self.out_tcp[PORTS]:
- rec = self.find_port(int(i), "tcp")
- if rec == None:
- self.need_tcp_type = True;
- else:
- port_name = rec[0][:-2]
- line = self.generate_network_action("tcp", "connect", port_name)
-# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
- if line not in self.found_tcp_ports:
- self.found_tcp_ports.append(line)
-
- for i in self.in_udp[PORTS]:
- rec = self.find_port(int(i),"udp")
- if rec == None:
- self.need_udp_type = True;
- else:
- port_name = rec[0][:-2]
- line = self.generate_network_action("udp", "bind", port_name)
-# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
- if line not in self.found_udp_ports:
- self.found_udp_ports.append(line)
-
- if self.need_udp_type == True or self.need_tcp_type == True:
- return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
- return ""
-
- def __find_path(self, file):
- for d in self.DEFAULT_DIRS:
- if file.find(d) == 0:
- self.DEFAULT_DIRS[d][1].append(file)
- return self.DEFAULT_DIRS[d]
- self.DEFAULT_DIRS["rw"][1].append(file)
- return self.DEFAULT_DIRS["rw"]
-
- def add_capability(self, capability):
- if capability not in self.capabilities:
- self.capabilities.append(capability)
-
- def add_process(self, process):
- if process not in self.processes:
- self.processes.append(process)
-
- def add_boolean(self, name, description):
- self.booleans[name] = description
-
- def add_file(self, file):
- self.files[file] = self.__find_path(file)
-
- def add_dir(self, file):
- self.dirs[file] = self.__find_path(file)
-
- def generate_capabilities(self):
- newte = ""
- self.capabilities.sort()
- if len(self.capabilities) > 0:
- newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities))
- return newte
-
- def generate_process(self):
- newte = ""
- self.processes.sort()
- if len(self.processes) > 0:
- newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes))
- return newte
-
-
- def generate_network_rules(self):
- newte = ""
- if self.use_network():
- newte = "\n"
-
- newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
-
- if self.use_tcp():
- newte += "\n"
- newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
-
- if self.use_in_tcp():
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
-
- if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
-
- if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
-
-
- if self.in_tcp[ALL]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
- if self.in_tcp[RESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
- if self.in_tcp[UNRESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
-
- if self.out_tcp[ALL]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
- if self.out_tcp[RESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
- if self.out_tcp[UNRESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
-
- for i in self.found_tcp_ports:
- newte += i
-
- if self.use_udp():
- newte += "\n"
- newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
-
- if self.need_udp_type:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
- if self.use_in_udp():
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
- if self.in_udp[ALL]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
- if self.in_udp[RESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
- if self.in_udp[UNRESERVED]:
- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
-
- for i in self.found_udp_ports:
- newte += i
- return newte
-
- def generate_transition_rules(self):
- newte = ""
- for app in self.transition_domains:
- tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
- newte += re.sub("APPLICATION", app, tmp)
-
- if self.type == USER:
- for u in self.transition_users:
- temp = re.sub("TEMPLATETYPE", self.name, executable.te_run_rules)
- newte += re.sub("USER", u.split("_u")[0], temp)
-
- return newte
-
- def generate_admin_rules(self):
- newte = ""
- if self.type == RUSER:
- newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
-
- for app in self.admin_domains:
- tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
- newte += re.sub("APPLICATION", app, tmp)
-
- all_roles = []
- try:
- all_roles = get_all_roles()
- except ValueError, e:
- print "Can not get all roles, must be root for this information"
- except RuntimeError, e:
- print "Can not get all roles", e
-
- for u in self.transition_users:
- role = u.split("_u")[0]
-
- if (role + "_r") in all_roles:
- tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
- newte += re.sub("USER", role, tmp)
-
- return newte
-
- def generate_dbus_if(self):
- newif = ""
- if self.use_dbus:
- newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules)
- return newif
-
- def generate_sandbox_if(self):
- newif = ""
- if self.type != SANDBOX:
- return newif
- newif = re.sub("TEMPLATETYPE", self.name, executable.if_sandbox_rules)
- return newif
-
-
- def generate_admin_if(self):
- newif = ""
- newtypes = ""
- if self.initscript != "":
- newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types)
- newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
- for d in self.DEFAULT_KEYS:
- if len(self.DEFAULT_DIRS[d][1]) > 0:
- newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types)
- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
-
- if newif != "":
- ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
- ret += newtypes
-
- ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin)
- ret += newif
- ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
- return ret
-
- return ""
-
- def generate_cgi_types(self):
- return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
-
- def generate_sandbox_types(self):
- return re.sub("TEMPLATETYPE", self.file_name, executable.te_sandbox_types)
-
- def generate_userapp_types(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
-
- def generate_inetd_types(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
-
- def generate_dbusd_types(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_types)
-
- def generate_min_login_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
-
- def generate_login_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
-
- def generate_admin_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
-
- def generate_existing_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
-
- def generate_x_login_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
-
- def generate_root_user_types(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
-
- def generate_daemon_types(self):
- newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
- if self.initscript != "":
- newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
- return newte
-
- def generate_tmp_types(self):
- if self.use_tmp:
- return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
- else:
- return ""
-
- def generate_booleans(self):
- newte = ""
- for b in self.booleans:
- tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
- newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
- return newte
-
- def generate_boolean_rules(self):
- newte = ""
- for b in self.booleans:
- newte += re.sub("BOOLEAN", b, boolean.te_rules)
- return newte
-
- def generate_sandbox_te(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_types)
-
- def generate_cgi_te(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
-
- def generate_daemon_rules(self):
- newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
-
- return newif
-
- def generate_login_user_rules(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
-
- def generate_existing_user_rules(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
-
- def generate_x_login_user_rules(self):
- return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
-
- def generate_root_user_rules(self):
- newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
- return newte
-
- def generate_userapp_rules(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
-
- def generate_inetd_rules(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
-
- def generate_dbusd_rules(self):
- return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_rules)
-
- def generate_tmp_rules(self):
- if self.use_tmp:
- return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
- else:
- return ""
-
- def generate_cgi_rules(self):
- newte = ""
- newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
- return newte
-
- def generate_sandbox_rules(self):
- newte = ""
- newte += re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_rules)
- return newte
-
- def generate_user_if(self):
- newif =""
- if self.use_terminal or self.type == USER:
- newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
-
- if self.type in ( TUSER, XUSER, AUSER, LUSER):
- newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules)
- return newif
-
- def generate_if(self):
- newif = ""
- newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules)
- if self.program != "":
- newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
- if self.initscript != "":
- newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
-
- for d in self.DEFAULT_KEYS:
- if len(self.DEFAULT_DIRS[d][1]) > 0:
- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
- for i in self.DEFAULT_DIRS[d][1]:
- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
- break
- newif += self.generate_user_if()
- newif += self.generate_dbus_if()
- newif += self.generate_admin_if()
- newif += self.generate_sandbox_if()
-
- return newif
-
- def generate_default_types(self):
- return self.DEFAULT_TYPES[self.type][0]()
-
- def generate_default_rules(self):
- return self.DEFAULT_TYPES[self.type][1]()
-
- def generate_roles_rules(self):
- newte = ""
- if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
- roles = ""
- if len(self.roles) > 0:
- newte += re.sub("TEMPLATETYPE", self.name, user.te_sudo_rules)
- newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
- for role in self.roles:
- tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
- newte += re.sub("ROLE", role, tmp)
- return newte
-
- def generate_te(self):
- newte = self.generate_default_types()
- for d in self.DEFAULT_KEYS:
- if len(self.DEFAULT_DIRS[d][1]) > 0:
- # CGI scripts already have a rw_t
- if self.type != CGI or d != "rw":
- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
-
- newte +="""
-########################################
-#
-# %s local policy
-#
-""" % self.name
- newte += self.generate_capabilities()
- newte += self.generate_process()
- newte += self.generate_network_types()
- newte += self.generate_tmp_types()
- newte += self.generate_booleans()
- newte += self.generate_default_rules()
- newte += self.generate_boolean_rules()
-
- for d in self.DEFAULT_KEYS:
- if len(self.DEFAULT_DIRS[d][1]) > 0:
- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
- for i in self.DEFAULT_DIRS[d][1]:
- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
- break
-
- newte += self.generate_tmp_rules()
- newte += self.generate_network_rules()
- newte += self.generate_fd_rules()
- newte += self.generate_etc_rules()
- newte += self.generate_pam_rules()
- newte += self.generate_uid_rules()
- newte += self.generate_audit_rules()
- newte += self.generate_syslog_rules()
- newte += self.generate_localization_rules()
- newte += self.generate_resolve_rules()
- newte += self.generate_roles_rules()
- newte += self.generate_mail_rules()
- newte += self.generate_transition_rules()
- newte += self.generate_admin_rules()
- newte += self.generate_dbus_rules()
- newte += self.generate_kerberos_rules()
- newte += self.generate_manage_krb5_rcache_rules()
-
- return newte
-
- def generate_fc(self):
- newfc = ""
- fclist = []
- if self.type in USERS + [ SANDBOX ]:
- return re.sub("EXECUTABLE", self.program, executable.fc_user)
- if self.program == "":
- raise ValueError(_("You must enter the executable path for your confined process"))
-
- t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
- fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
-
- if self.initscript != "":
- t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
- fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
-
- for i in self.files.keys():
- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
- t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
- else:
- t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
- t2 = re.sub("FILENAME", i, t1)
- fclist.append(re.sub("FILETYPE", self.files[i][0], t2))
-
- for i in self.dirs.keys():
- t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
- t2 = re.sub("FILENAME", i, t1)
- fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2))
-
- fclist.sort()
- newfc="\n".join(fclist)
- return newfc
-
- def generate_user_sh(self):
- newsh = ""
- if self.type not in ( TUSER, XUSER, AUSER, LUSER, EUSER):
- return newsh
-
- roles = ""
- for role in self.roles:
- roles += " %s_r" % role
- if roles != "":
- roles += " system_r"
- if self.type == EUSER:
- tmp = re.sub("TEMPLATETYPE", self.name, script.eusers)
- else:
- tmp = re.sub("TEMPLATETYPE", self.name, script.users)
- newsh += re.sub("ROLES", roles, tmp)
-
- if self.type == RUSER:
- for u in self.transition_users:
- tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
- newsh += re.sub("USER", u, tmp)
-
- if self.type == LUSER:
- newsh += re.sub("TEMPLATETYPE", self.name, script.min_login_user_default_context)
- else:
- newsh += re.sub("TEMPLATETYPE", self.name, script.x_login_user_default_context)
-
-
- return newsh
-
- def generate_sh(self):
- temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
- if self.type == EUSER:
- newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
- else:
- newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
- if self.program != "":
- newsh += re.sub("FILENAME", self.program, script.restorecon)
- if self.initscript != "":
- newsh += re.sub("FILENAME", self.initscript, script.restorecon)
-
- for i in self.files.keys():
- newsh += re.sub("FILENAME", i, script.restorecon)
-
- for i in self.dirs.keys():
- newsh += re.sub("FILENAME", i, script.restorecon)
-
- for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
- if self.find_port(i,"tcp") == None:
- t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
- newsh += re.sub("TEMPLATETYPE", self.name, t1)
-
- for i in self.in_udp[PORTS]:
- if self.find_port(i,"udp") == None:
- t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
- newsh += re.sub("TEMPLATETYPE", self.name, t1)
-
- newsh += self.generate_user_sh()
-
- return newsh
-
- def write_te(self, out_dir):
- if self.type == EUSER:
- tefile = "%s/my%s.te" % (out_dir, self.file_name)
- else:
- tefile = "%s/%s.te" % (out_dir, self.file_name)
- fd = open(tefile, "w")
- fd.write(self.generate_te())
- fd.close()
- return tefile
-
- def write_sh(self, out_dir):
- if self.type == EUSER:
- shfile = "%s/my%s.sh" % (out_dir, self.file_name)
- else:
- shfile = "%s/%s.sh" % (out_dir, self.file_name)
- fd = open(shfile, "w")
- fd.write(self.generate_sh())
- fd.close()
- os.chmod(shfile, 0750)
- return shfile
-
- def write_if(self, out_dir):
- if self.type == EUSER:
- iffile = "%s/my%s.if" % (out_dir, self.file_name)
- else:
- iffile = "%s/%s.if" % (out_dir, self.file_name)
- fd = open(iffile, "w")
- fd.write(self.generate_if())
- fd.close()
- return iffile
-
- def write_fc(self,out_dir):
- if self.type == EUSER:
- fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
- else:
- fcfile = "%s/%s.fc" % (out_dir, self.file_name)
- fd = open(fcfile, "w")
- fd.write(self.generate_fc())
- fd.close()
- return fcfile
-
- def gen_writeable(self):
- fd = os.popen("rpm -qlf %s" % self.program)
- for f in fd.read().split():
- for b in self.DEFAULT_DIRS:
- if b == "/etc":
- continue
- if f.startswith(b):
- if os.path.isfile(f):
- self.add_file(f)
- else:
- self.add_dir(f)
- fd.close()
-
- # some packages have own systemd subpackage
- # tor-systemd for example
- binary_name = self.program.split("/")[-1]
- rc, output = commands.getstatusoutput("rpm -q %s-systemd" % binary_name)
- if rc == 0:
- fd = os.popen("rpm -ql %s-systemd" % binary_name)
- for f in fd.read().split():
- for b in self.DEFAULT_DIRS:
- if f.startswith(b):
- if os.path.isfile(f):
- self.add_file(f)
- else:
- self.add_dir(f)
- fd.close()
-
- if os.path.isfile("/var/run/%s.pid" % self.name):
- self.add_file("/var/run/%s.pid" % self.name)
-
- if os.path.isfile("/etc/rc.d/init.d/%s" % self.name):
- self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name)
-
- def gen_symbols(self):
- if self.type not in APPLICATIONS:
- return
-
- fd = os.popen("nm -D %s | grep U" % self.program)
- for s in fd.read().split():
- for b in self.symbols:
- if s.startswith(b):
- exec "self.%s" % self.symbols[b]
- fd.close()
-
- def generate(self, out_dir = "."):
- self.write_te(out_dir)
- self.write_if(out_dir)
- self.write_fc(out_dir)
- self.write_sh(out_dir)
- out = "Created the following files in:\n%s/\n" % out_dir
- out += "%s.te # %s\n" % (self.file_name, _("Type Enforcement file"))
- out += "%s.if # %s\n" % (self.file_name, _("Interface file"))
- out += "%s.fc # %s\n" % (self.file_name, _("File Contexts file"))
- out += "%s.sh # %s\n" % (self.file_name, _("Setup Script"))
- return out
-
-def errorExit(error):
- sys.stderr.write("%s: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
- sys.stderr.flush()
- sys.exit(1)
-
-def test():
- import tempfile
-
- tmpdir = tempfile.mkdtemp(prefix="polgen_")
-
- mypolicy = policy("myrwho", DAEMON)
- mypolicy.set_program("/usr/sbin/myrwhod")
- mypolicy.set_init_script("/etc/init.d/myrwhod")
- mypolicy.add_dir("/etc/nasd")
- mypolicy.set_in_tcp(1, 0, 0, "513")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_tmp(True)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- mypolicy.add_dir("/var/run/myrwho")
- mypolicy.add_dir("/var/lib/myrwho")
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("mywhois", USER)
- mypolicy.set_program("/usr/bin/jwhois")
- mypolicy.set_out_tcp(0, "43,63,4321")
- mypolicy.set_out_udp(0, "43,63,4321")
- mypolicy.add_dir("/var/cache/jwhois")
- mypolicy.set_transition_users(["staff_u"])
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("mytuser", TUSER)
- mypolicy.set_admin_roles(["mydbadm"])
- mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("mycgi", CGI)
- mypolicy.set_program("/var/www/cgi-bin/cgi")
- mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
- mypolicy.set_in_udp(1, 0, 0, "1513")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_tmp(False)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- mypolicy.set_out_tcp(0,"8000")
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("myinetd", INETD)
- mypolicy.set_program("/usr/bin/mytest")
- mypolicy.set_in_tcp(1, 0, 0, "513")
- mypolicy.set_in_udp(1, 0, 0, "1513")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_tmp(True)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- mypolicy.add_file("/var/lib/mysql/mysql.sock")
- mypolicy.add_file("/var/run/rpcbind.sock")
- mypolicy.add_file("/var/run/daemon.pub")
- mypolicy.add_file("/var/log/daemon.log")
- mypolicy.add_dir("/var/lib/daemon")
- mypolicy.add_dir("/etc/daemon")
- mypolicy.add_dir("/etc/daemon/special")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- mypolicy.set_use_audit(True)
- mypolicy.set_use_dbus(True)
- mypolicy.set_use_terminal(True)
- mypolicy.set_use_mail(True)
- mypolicy.set_out_tcp(0,"8000")
- print mypolicy.generate(tmpdir)
-
-
- mypolicy = policy("mydbus", DBUS)
- mypolicy.set_program("/usr/libexec/mydbus")
- mypolicy.set_in_tcp(1, 0, 0, "513")
- mypolicy.set_in_udp(1, 0, 0, "1513")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_tmp(True)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("myxuser", XUSER)
- mypolicy.set_in_tcp(1, 1, 1, "28920")
- mypolicy.set_in_udp(0, 0, 1, "1513")
- mypolicy.set_transition_domains(["mozilla"])
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("myuser", USER)
- mypolicy.set_program("/usr/bin/myuser")
- mypolicy.set_in_tcp(1, 0, 0, "513")
- mypolicy.set_in_udp(1, 0, 0, "1513")
- mypolicy.set_use_uid(True)
- mypolicy.set_use_tmp(True)
- mypolicy.set_use_syslog(True)
- mypolicy.set_use_pam(True)
- mypolicy.add_file("/var/lib/myuser/myuser.sock")
- mypolicy.set_out_tcp(0,"8000")
- mypolicy.set_transition_users(["unconfined_u", "staff_u"])
- print mypolicy.generate(tmpdir)
-
- mypolicy = policy("mysandbox", SANDBOX)
- mypolicy.set_out_udp(0, "993")
- print mypolicy.generate("/tmp")
-
- mypolicy = policy("mydbadm", RUSER)
- mypolicy.set_admin_domains(["postgresql", "mysql"])
- print mypolicy.generate(tmpdir)
- os.chdir(tmpdir)
- rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile")
- print output
- sys.exit(os.WEXITSTATUS(rc))
-
-import os, sys, getopt, socket, random, fcntl
-
-def usage(msg):
- print _("""
-%s
-
-sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
-valid Types:
-""") % msg
- keys=poltype.keys()
- for i in keys:
- print "\t%s\t%s" % (i, poltype[i])
- sys.exit(-1)
-
-if __name__ == '__main__':
- setype = DAEMON
- name = None
- try:
- gopts, cmds = getopt.getopt(sys.argv[1:], "ht:mn:",
- ["type=",
- "mount",
- "test",
- "name=",
- "help"])
- for o, a in gopts:
- if o == "-t" or o == "--type":
- try:
- if int(a) not in poltype:
- usage ("invalid type %s" % a )
- except:
- usage ("invalid type %s" % a )
-
- setype = int(a)
-
- if o == "-m" or o == "--mount":
- mount_ind = True
-
- if o == "-n" or o == "--name":
- name = a
-
- if o == "-h" or o == "--help":
- usage("")
-
- if o == "--test":
- test()
- sys.exit(0)
-
- except getopt.error, error:
- usage(_("Options Error %s ") % error.msg)
-
- if len(cmds) == 0:
- usage(_("Executable or Name required"))
-
- try:
- cmd = os.path.realpath(cmds[0])
- if not name:
- name = os.path.basename(cmd).replace("-","_")
-
- print("Generating Policy for %s named %s" % (cmd, name))
- mypolicy = policy(name, setype)
- if setype not in USERS + [ SANDBOX ]:
- mypolicy.set_program(cmd)
-
- if setype in APPLICATIONS:
- mypolicy.gen_writeable()
- mypolicy.gen_symbols()
- print mypolicy.generate()
- sys.exit(0)
- except ValueError, e:
- usage(e)
diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py
index 0460a33..1c16f7b 100644
--- a/policycoreutils/gui/polgengui.py
+++ b/policycoreutils/gui/polgengui.py
@@ -4,7 +4,7 @@
#
# Dan Walsh <dwalsh@xxxxxxxxxx>
#
-# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,9 +28,25 @@ import os
import gobject
import gnome
import sys
-import polgen
+from sepolicy import generate
+import sepolicy.interface
+import commands
+
import re
+def get_all_modules():
+ try:
+ all_modules = []
+ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null")
+ if rc == 0:
+ l = output.split("\n")
+ for i in l:
+ all_modules.append(i.split()[0])
+ except:
+ pass
+
+ return all_modules
+
##
## I18N
@@ -169,10 +185,10 @@ class childWindow:
self.tooltip_dict[label] = label.get_tooltip_text()
try:
- self.all_types = polgen.get_all_types()
- self.all_modules = polgen.get_all_modules()
- self.all_roles = polgen.get_all_roles()
- self.all_users = polgen.get_all_users()
+ self.all_types = generate.get_all_types()
+ self.all_modules = get_all_modules()
+ self.all_roles = generate.get_all_roles()
+ self.all_users = generate.get_all_users()
except RuntimeError, e:
self.all_types = []
self.all_modules = []
@@ -200,16 +216,16 @@ class childWindow:
self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
self.pages={}
- for i in polgen.USERS:
+ for i in generate.USERS:
self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
- self.pages[polgen.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
- self.pages[polgen.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
- self.pages[polgen.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
- self.pages[polgen.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
+ self.pages[generate.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
+ self.pages[generate.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
+ self.pages[generate.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
+ self.pages[generate.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
- for i in polgen.APPLICATIONS:
+ for i in generate.APPLICATIONS:
self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
- self.pages[polgen.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
+ self.pages[generate.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ]
self.current_page = 0
self.back_button.set_sensitive(0)
@@ -304,22 +320,17 @@ class childWindow:
col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
self.admin_treeview.append_column(col)
- for i in polgen.methods:
- m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
- if len(m) > 0:
- if "%s_exec_t" % m[0] in self.all_types:
- iter = self.transition_store.append()
- self.transition_store.set_value(iter, 0, m[0])
- continue
- m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
- if len(m) > 0:
- iter = self.admin_store.append()
- self.admin_store.set_value(iter, 0, m[0])
- continue
+ for u in sepolicy.interface.get_user():
+ iter = self.transition_store.append()
+ self.transition_store.set_value(iter, 0, u)
+
+ for a in sepolicy.interface.get_admin():
+ iter = self.admin_store.append()
+ self.admin_store.set_value(iter, 0, a)
def confine_application(self):
- return self.get_type() in polgen.APPLICATIONS
+ return self.get_type() in generate.APPLICATIONS
def forward(self, arg):
type = self.get_type()
@@ -416,41 +427,41 @@ class childWindow:
def get_type(self):
if self.sandbox_radiobutton.get_active():
- return polgen.SANDBOX
+ return generate.SANDBOX
if self.cgi_radiobutton.get_active():
- return polgen.CGI
+ return generate.CGI
if self.user_radiobutton.get_active():
- return polgen.USER
+ return generate.USER
if self.init_radiobutton.get_active():
- return polgen.DAEMON
+ return generate.DAEMON
if self.dbus_radiobutton.get_active():
- return polgen.DBUS
+ return generate.DBUS
if self.inetd_radiobutton.get_active():
- return polgen.INETD
+ return generate.INETD
if self.login_user_radiobutton.get_active():
- return polgen.LUSER
+ return generate.LUSER
if self.admin_user_radiobutton.get_active():
- return polgen.AUSER
+ return generate.AUSER
if self.xwindows_user_radiobutton.get_active():
- return polgen.XUSER
+ return generate.XUSER
if self.terminal_user_radiobutton.get_active():
- return polgen.TUSER
+ return generate.TUSER
if self.root_user_radiobutton.get_active():
- return polgen.RUSER
+ return generate.RUSER
if self.existing_user_radiobutton.get_active():
- return polgen.EUSER
+ return generate.EUSER
def generate_policy(self, *args):
outputdir = self.output_entry.get_text()
try:
- my_policy=polgen.policy(self.get_name(), self.get_type())
+ my_policy=generate.policy(self.get_name(), self.get_type())
iter= self.boolean_store.get_iter_first()
while(iter):
my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
iter= self.boolean_store.iter_next(iter)
- if self.get_type() in polgen.APPLICATIONS:
+ if self.get_type() in generate.APPLICATIONS:
my_policy.set_program(self.exec_entry.get_text())
my_policy.gen_symbols()
@@ -463,14 +474,14 @@ class childWindow:
my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
- if self.get_type() is polgen.DAEMON:
+ if self.get_type() is generate.DAEMON:
my_policy.set_init_script(self.init_script_entry.get_text())
- if self.get_type() == polgen.USER:
+ if self.get_type() == generate.USER:
selected = []
self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
my_policy.set_transition_users(selected)
else:
- if self.get_type() == polgen.RUSER:
+ if self.get_type() == generate.RUSER:
selected = []
self.admin_treeview.get_selection().selected_foreach(foreach, selected)
my_policy.set_admin_domains(selected)
@@ -667,16 +678,16 @@ class childWindow:
def on_in_net_page_next(self, *args):
try:
- polgen.verify_ports(self.in_tcp_entry.get_text())
- polgen.verify_ports(self.in_udp_entry.get_text())
+ generate.verify_ports(self.in_tcp_entry.get_text())
+ generate.verify_ports(self.in_udp_entry.get_text())
except ValueError, e:
self.error(e.message)
return True
def on_out_net_page_next(self, *args):
try:
- polgen.verify_ports(self.out_tcp_entry.get_text())
- polgen.verify_ports(self.out_udp_entry.get_text())
+ generate.verify_ports(self.out_tcp_entry.get_text())
+ generate.verify_ports(self.out_udp_entry.get_text())
except ValueError, e:
self.error(e.message)
return True
@@ -712,7 +723,7 @@ class childWindow:
if exe == "":
self.error(_("You must enter a executable"))
return True
- policy=polgen.policy(name, self.get_type())
+ policy=generate.policy(name, self.get_type())
policy.set_program(exe)
policy.gen_writeable()
policy.gen_symbols()
diff --git a/policycoreutils/gui/templates/__init__.py b/policycoreutils/gui/templates/__init__.py
deleted file mode 100644
index 156a0bd..0000000
--- a/policycoreutils/gui/templates/__init__.py
+++ /dev/null
@@ -1,17 +0,0 @@
-#
-# Copyright (C) 2007-2012 Red Hat
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
diff --git a/policycoreutils/gui/templates/boolean.py b/policycoreutils/gui/templates/boolean.py
deleted file mode 100644
index f57d927..0000000
--- a/policycoreutils/gui/templates/boolean.py
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### boolean Template File ###########################
-
-te_boolean="""
-## <desc>
-## <p>
-## DESCRIPTION
-## </p>
-## </desc>
-gen_tunable(BOOLEAN, false)
-"""
-
-te_rules="""
-tunable_policy(`BOOLEAN',`
-#TRUE
-',`
-#FALSE
-')
-"""
diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
deleted file mode 100644
index dcf445e..0000000
--- a/policycoreutils/gui/templates/etc_rw.py
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### etc_rw Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_etc_rw_t;
-files_type(TEMPLATETYPE_etc_rw_t)
-"""
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
-"""
-
-########################### Interface File #############################
-if_rules="""
-########################################
-## <summary>
-## Search TEMPLATETYPE conf directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_search_conf',`
- gen_require(`
- type TEMPLATETYPE_etc_rw_t;
- ')
-
- allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms;
- files_search_etc($1)
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE conf files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_conf_files',`
- gen_require(`
- type TEMPLATETYPE_etc_rw_t;
- ')
-
- allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms;
- read_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
- files_search_etc($1)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE conf files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_conf_files',`
- gen_require(`
- type TEMPLATETYPE_etc_rw_t;
- ')
-
- manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
- files_search_etc($1)
-')
-
-"""
-
-if_stream_rules="""\
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
- ')
-
- files_search_etc($1)
- stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_etc_rw_t;"""
-
-if_admin_rules="""
- files_search_etc($1)
- admin_pattern($1, TEMPLATETYPE_etc_rw_t)
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/executable.py b/policycoreutils/gui/templates/executable.py
deleted file mode 100644
index 824fddd..0000000
--- a/policycoreutils/gui/templates/executable.py
+++ /dev/null
@@ -1,450 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### Type Enforcement File #############################
-te_daemon_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type TEMPLATETYPE_t;
-type TEMPLATETYPE_exec_t;
-init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-
-permissive TEMPLATETYPE_t;
-"""
-
-te_initscript_types="""
-type TEMPLATETYPE_initrc_exec_t;
-init_script_file(TEMPLATETYPE_initrc_exec_t)
-"""
-
-te_dbusd_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type TEMPLATETYPE_t;
-type TEMPLATETYPE_exec_t;
-domain_type(TEMPLATETYPE_t)
-domain_entry_file(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-role system_r types TEMPLATETYPE_t;
-
-permissive TEMPLATETYPE_t;
-"""
-
-te_inetd_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type TEMPLATETYPE_t;
-type TEMPLATETYPE_exec_t;
-inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-
-permissive TEMPLATETYPE_t;
-"""
-
-te_userapp_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type TEMPLATETYPE_t;
-type TEMPLATETYPE_exec_t;
-application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-role system_r types TEMPLATETYPE_t;
-
-permissive TEMPLATETYPE_t;
-"""
-
-te_sandbox_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-sandbox_x_domain_template(TEMPLATETYPE)
-
-permissive TEMPLATETYPE_t;
-permissive TEMPLATETYPE_client_t;
-
-"""
-
-te_cgi_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-apache_content_template(TEMPLATETYPE)
-
-permissive httpd_TEMPLATETYPE_script_t;
-"""
-
-te_daemon_rules="""\
-allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
-allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
-"""
-
-te_inetd_rules="""
-"""
-
-te_dbusd_rules="""
-optional_policy(`
- dbus_system_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-')
-"""
-
-te_userapp_rules="""
-allow TEMPLATETYPE_t self:fifo_file manage_fifo_file_perms;
-allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
-"""
-
-te_cgi_rules="""
-"""
-
-te_sandbox_rules="""
-"""
-
-te_uid_rules="""
-auth_use_nsswitch(TEMPLATETYPE_t)
-"""
-
-te_syslog_rules="""
-logging_send_syslog_msg(TEMPLATETYPE_t)
-"""
-
-te_resolve_rules="""
-sysnet_dns_name_resolve(TEMPLATETYPE_t)
-"""
-
-te_pam_rules="""
-auth_domtrans_chk_passwd(TEMPLATETYPE_t)
-"""
-
-te_mail_rules="""
-mta_send_mail(TEMPLATETYPE_t)
-"""
-
-te_dbus_rules="""
-optional_policy(`
- dbus_system_bus_client(TEMPLATETYPE_t)
- dbus_connect_system_bus(TEMPLATETYPE_t)
-')
-"""
-
-te_kerberos_rules="""
-optional_policy(`
- kerberos_use(TEMPLATETYPE_t)
-')
-"""
-
-te_manage_krb5_rcache_rules="""
-optional_policy(`
- kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
- kerberos_manage_host_rcache(TEMPLATETYPE_t)
-')
-"""
-
-te_audit_rules="""
-logging_send_audit_msgs(TEMPLATETYPE_t)
-"""
-
-te_run_rules="""
-optional_policy(`
- gen_require(`
- type USER_t;
- role USER_r;
- ')
-
- TEMPLATETYPE_run(USER_t, USER_r)
-')
-"""
-
-te_fd_rules="""
-domain_use_interactive_fds(TEMPLATETYPE_t)
-"""
-
-te_etc_rules="""
-files_read_etc_files(TEMPLATETYPE_t)
-"""
-
-te_localization_rules="""
-miscfiles_read_localization(TEMPLATETYPE_t)
-"""
-
-########################### Interface File #############################
-
-if_heading_rules="""
-## <summary>policy for TEMPLATETYPE</summary>"""
-
-if_program_rules="""
-
-########################################
-## <summary>
-## Transition to TEMPLATETYPE.
-## </summary>
-## <param name=\"domain\">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_domtrans',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
-')
-"""
-
-if_user_program_rules="""
-########################################
-## <summary>
-## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
-## allow the specified role the TEMPLATETYPE domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## The role to be allowed the TEMPLATETYPE domain.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_run',`
- gen_require(`
- type TEMPLATETYPE_t;
- ')
-
- TEMPLATETYPE_domtrans($1)
- role $2 types TEMPLATETYPE_t;
-')
-
-########################################
-## <summary>
-## Role access for TEMPLATETYPE
-## </summary>
-## <param name="role">
-## <summary>
-## Role allowed access
-## </summary>
-## </param>
-## <param name="domain">
-## <summary>
-## User domain for the role
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_role',`
- gen_require(`
- type TEMPLATETYPE_t;
- ')
-
- role $1 types TEMPLATETYPE_t;
-
- TEMPLATETYPE_domtrans($2)
-
- ps_process_pattern($2, TEMPLATETYPE_t)
- allow $2 TEMPLATETYPE_t:process { signull signal sigkill };
-')
-"""
-
-if_sandbox_rules="""
-########################################
-## <summary>
-## Execute sandbox in the TEMPLATETYPE_t domain, and
-## allow the specified role the TEMPLATETYPE_t domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## The role to be allowed the TEMPLATETYPE_t domain.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_transition',`
- gen_require(`
- type TEMPLATETYPE_t;
- type TEMPLATETYPE_client_t;
- ')
-
- allow $1 TEMPLATETYPE_t:process { signal_perms transition };
- dontaudit $1 TEMPLATETYPE_t:process { noatsecure siginh rlimitinh };
- role $2 types TEMPLATETYPE_t;
- role $2 types TEMPLATETYPE_client_t;
-
- allow TEMPLATETYPE_t $1:process { sigchld signull };
- allow TEMPLATETYPE_t $1:fifo_file rw_inherited_fifo_file_perms;
- allow TEMPLATETYPE_client_t $1:process { sigchld signull };
- allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms;
-')
-"""
-
-if_role_change_rules="""
-########################################
-## <summary>
-## Change to the TEMPLATETYPE role.
-## </summary>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`TEMPLATETYPE_role_change',`
- gen_require(`
- role TEMPLATETYPE_r;
- ')
-
- allow $1 TEMPLATETYPE_r;
-')
-"""
-
-if_initscript_rules="""
-########################################
-## <summary>
-## Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_initrc_domtrans',`
- gen_require(`
- type TEMPLATETYPE_initrc_exec_t;
- ')
-
- init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t)
-')
-"""
-
-if_dbus_rules="""
-########################################
-## <summary>
-## Send and receive messages from
-## TEMPLATETYPE over dbus.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_dbus_chat',`
- gen_require(`
- type TEMPLATETYPE_t;
- class dbus send_msg;
- ')
-
- allow $1 TEMPLATETYPE_t:dbus send_msg;
- allow TEMPLATETYPE_t $1:dbus send_msg;
-')
-"""
-
-if_begin_admin="""
-########################################
-## <summary>
-## All of the rules required to administrate
-## an TEMPLATETYPE environment
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`TEMPLATETYPE_admin',`
- gen_require(`
- type TEMPLATETYPE_t;"""
-
-if_middle_admin="""
- ')
-
- allow $1 TEMPLATETYPE_t:process { ptrace signal_perms };
- ps_process_pattern($1, TEMPLATETYPE_t)
-"""
-
-if_initscript_admin_types="""
- type TEMPLATETYPE_initrc_exec_t;"""
-
-if_initscript_admin="""
- TEMPLATETYPE_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 TEMPLATETYPE_initrc_exec_t system_r;
- allow $2 system_r;
-"""
-
-if_end_admin="""\
- optional_policy(`
- systemd_passwd_agent_exec($1)
- systemd_read_fifo_file_passwd_run($1)
- ')
-')
-"""
-
-########################### File Context ##################################
-fc_program="""\
-EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
-"""
-
-fc_user="""\
-# Users do not have file context, leave blank
-"""
-
-fc_initscript="""\
-EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/network.py b/policycoreutils/gui/templates/network.py
deleted file mode 100644
index 679d0a5..0000000
--- a/policycoreutils/gui/templates/network.py
+++ /dev/null
@@ -1,101 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### Type Enforcement File #############################
-te_port_types="""
-type TEMPLATETYPE_port_t;
-corenet_port(TEMPLATETYPE_port_t)
-"""
-
-te_network="""\
-sysnet_dns_name_resolve(TEMPLATETYPE_t)
-corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t)
-"""
-
-te_tcp="""\
-allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms;
-corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t)
-corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t)
-corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
-"""
-
-te_in_tcp="""\
-corenet_tcp_bind_generic_node(TEMPLATETYPE_t)
-"""
-
-te_in_need_port_tcp="""\
-allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind;
-"""
-
-te_out_need_port_tcp="""\
-allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect;
-"""
-
-te_udp="""\
-allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen };
-corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t)
-corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t)
-corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t)
-"""
-
-te_in_udp="""\
-corenet_udp_bind_generic_node(TEMPLATETYPE_t)
-"""
-
-te_in_need_port_udp="""\
-allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind;
-"""
-
-te_out_all_ports_tcp="""\
-corenet_tcp_connect_all_ports(TEMPLATETYPE_t)
-"""
-
-te_out_reserved_ports_tcp="""\
-corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t)
-"""
-
-te_out_unreserved_ports_tcp="""\
-corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t)
-"""
-
-te_in_all_ports_tcp="""\
-corenet_tcp_bind_all_ports(TEMPLATETYPE_t)
-"""
-
-te_in_reserved_ports_tcp="""\
-corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t)
-"""
-
-te_in_unreserved_ports_tcp="""\
-corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t)
-"""
-
-te_in_all_ports_udp="""\
-corenet_udp_bind_all_ports(TEMPLATETYPE_t)
-"""
-
-te_in_reserved_ports_udp="""\
-corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t)
-"""
-
-te_in_unreserved_ports_udp="""\
-corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
-"""
diff --git a/policycoreutils/gui/templates/rw.py b/policycoreutils/gui/templates/rw.py
deleted file mode 100644
index 143f56a..0000000
--- a/policycoreutils/gui/templates/rw.py
+++ /dev/null
@@ -1,154 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-
-########################### tmp Template File #############################
-te_types="""
-type TEMPLATETYPE_rw_t;
-files_type(TEMPLATETYPE_rw_t)
-"""
-
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-"""
-
-########################### Interface File #############################
-if_rules="""
-########################################
-## <summary>
-## Search TEMPLATETYPE rw directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_search_rw_dir',`
- gen_require(`
- type TEMPLATETYPE_rw_t;
- ')
-
- allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms;
- files_search_rw($1)
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE rw files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_rw_files',`
- gen_require(`
- type TEMPLATETYPE_rw_t;
- ')
-
- read_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
- allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms;
- files_search_rw($1)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE rw files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_rw_files',`
- gen_require(`
- type TEMPLATETYPE_rw_t;
- ')
-
- manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## TEMPLATETYPE rw dirs.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_rw_dirs',`
- gen_require(`
- type TEMPLATETYPE_rw_t;
- ')
-
- manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-')
-
-"""
-
-te_stream_rules="""
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-"""
-
-if_stream_rules="""\
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_rw_t;
- ')
-
- stream_connect_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_rw_t;"""
-
-if_admin_rules="""
- files_search_etc($1)
- admin_pattern($1, TEMPLATETYPE_rw_t)
-"""
-
-########################### File Context ##################################
-fc_file="""
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
-"""
-
-fc_dir="""
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/script.py b/policycoreutils/gui/templates/script.py
deleted file mode 100644
index 79240ec..0000000
--- a/policycoreutils/gui/templates/script.py
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-
-########################### tmp Template File #############################
-compile="""\
-#!/bin/sh -e
-
-DIRNAME=`dirname $0`
-cd $DIRNAME
-USAGE="$0 [ --update ]"
-if [ `id -u` != 0 ]; then
-echo 'You must be root to run this script'
-exit 1
-fi
-
-if [ $# -eq 1 ]; then
- if [ "$1" = "--update" ] ; then
- time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'`
- rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE`
- if [ x"$rules" != "x" ] ; then
- echo "Found avc's to update policy with"
- echo -e "$rules" | audit2allow -R
- echo "Do you want these changes added to policy [y/n]?"
- read ANS
- if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then
- echo "Updating policy"
- echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te
- # Fall though and rebuild policy
- else
- exit 0
- fi
- else
- echo "No new avcs found"
- exit 0
- fi
- else
- echo -e $USAGE
- exit 1
- fi
-elif [ $# -ge 2 ] ; then
- echo -e $USAGE
- exit 1
-fi
-
-echo "Building and Loading Policy"
-set -x
-make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit
-/usr/sbin/semodule -i TEMPLATEFILE.pp
-
-"""
-
-restorecon="""\
-# Fixing the file context on FILENAME
-/sbin/restorecon -F -R -v FILENAME
-"""
-
-tcp_ports="""\
-# Adding SELinux tcp port to port PORTNUM
-/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
-"""
-
-udp_ports="""\
-# Adding SELinux udp port to port PORTNUM
-/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
-"""
-
-users="""\
-# Adding SELinux user TEMPLATETYPE_u
-/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
-"""
-
-eusers="""\
-# Adding roles to SELinux user TEMPLATETYPE_u
-/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
-"""
-
-admin_trans="""\
-# Adding roles to SELinux user USER
-/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
-"""
-
-min_login_user_default_context="""\
-if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then
-cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF
-TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
-_EOF
-fi
-"""
-
-x_login_user_default_context="""\
-if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then
-cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF
-TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
-system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t
-_EOF
-fi
-"""
diff --git a/policycoreutils/gui/templates/semodule.py b/policycoreutils/gui/templates/semodule.py
deleted file mode 100644
index f77e50e..0000000
--- a/policycoreutils/gui/templates/semodule.py
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-
-########################### tmp Template File #############################
-compile="""
-#!/bin/sh
-make -f /usr/share/selinux/devel/Makefile
-semodule -i TEMPLATETYPE.pp
-"""
-
-restorecon="""
-restorecon -R -v FILENAME
-"""
-
-tcp_ports="""
-semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
-"""
-
-udp_ports="""
-semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
-"""
diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
deleted file mode 100644
index c000a75..0000000
--- a/policycoreutils/gui/templates/tmp.py
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### tmp Template File #############################
-
-te_types="""
-type TEMPLATETYPE_tmp_t;
-files_tmp_file(TEMPLATETYPE_tmp_t)
-"""
-
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
-"""
-
-if_rules="""
-########################################
-## <summary>
-## Do not audit attempts to read,
-## TEMPLATETYPE tmp files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_dontaudit_read_tmp_files',`
- gen_require(`
- type TEMPLATETYPE_tmp_t;
- ')
-
- dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE tmp files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_tmp_files',`
- gen_require(`
- type TEMPLATETYPE_tmp_t;
- ')
-
- files_search_tmp($1)
- read_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE tmp files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_tmp',`
- gen_require(`
- type TEMPLATETYPE_tmp_t;
- ')
-
- files_search_tmp($1)
- manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
- manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
- manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-')
-"""
-
-if_stream_rules="""\
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t;
- ')
-
- files_search_pids($1)
- stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_tmp_t;"""
-
-if_admin_rules="""
- files_search_tmp($1)
- admin_pattern($1, TEMPLATETYPE_tmp_t)
-"""
diff --git a/policycoreutils/gui/templates/unit_file.py b/policycoreutils/gui/templates/unit_file.py
deleted file mode 100644
index 60e5844..0000000
--- a/policycoreutils/gui/templates/unit_file.py
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright (C) 2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### unit Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_unit_file_t;
-systemd_unit_file(TEMPLATETYPE_unit_file_t)
-"""
-
-te_rules=""
-
-########################### Interface File #############################
-if_rules="""\
-########################################
-## <summary>
-## Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_systemctl',`
- gen_require(`
- type TEMPLATETYPE_t;
- type TEMPLATETYPE_unit_file_t;
- ')
-
- systemd_exec_systemctl($1)
- systemd_read_fifo_file_password_run($1)
- allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms;
- allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms;
-
- ps_process_pattern($1, TEMPLATETYPE_t)
-')
-
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_unit_file_t;"""
-
-if_admin_rules="""
- TEMPLATETYPE_systemctl($1)
- admin_pattern($1, TEMPLATETYPE_unit_file_t)
- allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms;
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/user.py b/policycoreutils/gui/templates/user.py
deleted file mode 100644
index 398c6f2..0000000
--- a/policycoreutils/gui/templates/user.py
+++ /dev/null
@@ -1,204 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### Type Enforcement File #############################
-
-te_login_user_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-userdom_unpriv_user_template(TEMPLATETYPE)
-"""
-
-te_admin_user_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-userdom_admin_user_template(TEMPLATETYPE)
-"""
-
-te_min_login_user_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-userdom_restricted_user_template(TEMPLATETYPE)
-"""
-
-te_x_login_user_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-userdom_restricted_xwindows_user_template(TEMPLATETYPE)
-"""
-
-te_existing_user_types="""\
-policy_module(myTEMPLATETYPE, 1.0.0)
-
-gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t;
- role TEMPLATETYPE_r;
-')
-
-"""
-
-te_root_user_types="""\
-policy_module(TEMPLATETYPE, 1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-userdom_base_user_template(TEMPLATETYPE)
-"""
-
-te_login_user_rules="""\
-
-########################################
-#
-# TEMPLATETYPE local policy
-#
-
-"""
-
-te_existing_user_rules="""\
-
-########################################
-#
-# TEMPLATETYPE customized policy
-#
-
-"""
-
-te_x_login_user_rules="""\
-
-########################################
-#
-# TEMPLATETYPE local policy
-#
-"""
-
-te_root_user_rules="""\
-
-########################################
-#
-# TEMPLATETYPE local policy
-#
-"""
-
-te_transition_rules="""
-optional_policy(`
- APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t)
-')
-"""
-
-te_user_trans_rules="""
-optional_policy(`
- gen_require(`
- role USER_r;
- ')
-
- TEMPLATETYPE_role_change(USER_r)
-')
-"""
-
-te_admin_rules="""
-allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
-files_dontaudit_search_all_dirs(TEMPLATETYPE_t)
-
-selinux_get_enforce_mode(TEMPLATETYPE_t)
-seutil_domtrans_setfiles(TEMPLATETYPE_t)
-seutil_search_default_contexts(TEMPLATETYPE_t)
-
-logging_send_syslog_msg(TEMPLATETYPE_t)
-
-kernel_read_system_state(TEMPLATETYPE_t)
-
-domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t)
-domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t)
-
-userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t)
-userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t)
-
-bool TEMPLATETYPE_read_user_files false;
-bool TEMPLATETYPE_manage_user_files false;
-
-if (TEMPLATETYPE_read_user_files) {
- userdom_read_user_home_content_files(TEMPLATETYPE_t)
- userdom_read_user_tmp_files(TEMPLATETYPE_t)
-}
-
-if (TEMPLATETYPE_manage_user_files) {
- userdom_manage_user_home_content(TEMPLATETYPE_t)
- userdom_manage_user_tmp_files(TEMPLATETYPE_t)
-}
-
-"""
-
-te_admin_trans_rules="""
-gen_require(`
- role USER_r;
-')
-
-allow USER_r TEMPLATETYPE_r;
-"""
-
-te_admin_domain_rules="""
-optional_policy(`
- APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r)
-')
-"""
-
-te_roles_rules="""
-optional_policy(`
- gen_require(`
- role ROLE_r;
- ')
-
- allow TEMPLATETYPE_r ROLE_r;
-')
-"""
-
-te_sudo_rules="""
-optional_policy(`
- sudo_role_template(TEMPLATETYPE, TEMPLATETYPE_r, TEMPLATETYPE_t)
-')
-"""
-
-te_newrole_rules="""
-seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
-"""
diff --git a/policycoreutils/gui/templates/var_cache.py b/policycoreutils/gui/templates/var_cache.py
deleted file mode 100644
index 3789723..0000000
--- a/policycoreutils/gui/templates/var_cache.py
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### cache Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_cache_t;
-files_type(TEMPLATETYPE_cache_t)
-"""
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""\
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, sock_file)
-"""
-
-########################### Interface File #############################
-if_rules="""
-########################################
-## <summary>
-## Search TEMPLATETYPE cache directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_search_cache',`
- gen_require(`
- type TEMPLATETYPE_cache_t;
- ')
-
- allow $1 TEMPLATETYPE_cache_t:dir search_dir_perms;
- files_search_var($1)
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE cache files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_cache_files',`
- gen_require(`
- type TEMPLATETYPE_cache_t;
- ')
-
- files_search_var($1)
- read_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## TEMPLATETYPE cache files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_cache_files',`
- gen_require(`
- type TEMPLATETYPE_cache_t;
- ')
-
- files_search_var($1)
- manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE cache dirs.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_cache_dirs',`
- gen_require(`
- type TEMPLATETYPE_cache_t;
- ')
-
- files_search_var($1)
- manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-')
-
-"""
-
-if_stream_rules="""
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_cache_t;
- ')
-
- stream_connect_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_cache_t;"""
-
-if_admin_rules="""
- files_search_var($1)
- admin_pattern($1, TEMPLATETYPE_cache_t)
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/var_lib.py b/policycoreutils/gui/templates/var_lib.py
deleted file mode 100644
index 148c13e..0000000
--- a/policycoreutils/gui/templates/var_lib.py
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### var_lib Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_var_lib_t;
-files_type(TEMPLATETYPE_var_lib_t)
-"""
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""\
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file)
-"""
-
-
-########################### Interface File #############################
-if_rules="""
-########################################
-## <summary>
-## Search TEMPLATETYPE lib directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_search_lib',`
- gen_require(`
- type TEMPLATETYPE_var_lib_t;
- ')
-
- allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms;
- files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_lib_files',`
- gen_require(`
- type TEMPLATETYPE_var_lib_t;
- ')
-
- files_search_var_lib($1)
- read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_lib_files',`
- gen_require(`
- type TEMPLATETYPE_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE lib directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_lib_dirs',`
- gen_require(`
- type TEMPLATETYPE_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-')
-
-"""
-
-if_stream_rules="""
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t;
- ')
-
- stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_var_lib_t;"""
-
-if_admin_rules="""
- files_search_var_lib($1)
- admin_pattern($1, TEMPLATETYPE_var_lib_t)
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
-"""
-
-fc_sock_file="""\
-FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/var_log.py b/policycoreutils/gui/templates/var_log.py
deleted file mode 100644
index 371dd7e..0000000
--- a/policycoreutils/gui/templates/var_log.py
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### var_log Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_log_t;
-logging_log_file(TEMPLATETYPE_log_t)
-"""
-
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file lnk_file })
-"""
-
-########################### Interface File #############################
-if_rules="""\
-########################################
-## <summary>
-## Read TEMPLATETYPE's log files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`TEMPLATETYPE_read_log',`
- gen_require(`
- type TEMPLATETYPE_log_t;
- ')
-
- logging_search_logs($1)
- read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-')
-
-########################################
-## <summary>
-## Append to TEMPLATETYPE log files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_append_log',`
- gen_require(`
- type TEMPLATETYPE_log_t;
- ')
-
- logging_search_logs($1)
- append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE log files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_log',`
- gen_require(`
- type TEMPLATETYPE_log_t;
- ')
-
- logging_search_logs($1)
- manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
- manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
- manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_log_t;"""
-
-if_admin_rules="""
- logging_search_logs($1)
- admin_pattern($1, TEMPLATETYPE_log_t)
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/var_run.py b/policycoreutils/gui/templates/var_run.py
deleted file mode 100644
index 563eebb..0000000
--- a/policycoreutils/gui/templates/var_run.py
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### var_run Template File #############################
-
-te_types="""
-type TEMPLATETYPE_var_run_t;
-files_pid_file(TEMPLATETYPE_var_run_t)
-"""
-
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file)
-"""
-
-if_rules="""\
-########################################
-## <summary>
-## Read TEMPLATETYPE PID files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_pid_files',`
- gen_require(`
- type TEMPLATETYPE_var_run_t;
- ')
-
- files_search_pids($1)
- read_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-')
-
-"""
-
-if_stream_rules="""\
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t;
- ')
-
- files_search_pids($1)
- stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_var_run_t;"""
-
-if_admin_rules="""
- files_search_pids($1)
- admin_pattern($1, TEMPLATETYPE_var_run_t)
-"""
-
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
-"""
-
-fc_sock_file="""\
-FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
-"""
diff --git a/policycoreutils/gui/templates/var_spool.py b/policycoreutils/gui/templates/var_spool.py
deleted file mode 100644
index dccb5f1..0000000
--- a/policycoreutils/gui/templates/var_spool.py
+++ /dev/null
@@ -1,156 +0,0 @@
-# Copyright (C) 2007-2012 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-########################### var_spool Template File #############################
-
-########################### Type Enforcement File #############################
-te_types="""
-type TEMPLATETYPE_spool_t;
-files_type(TEMPLATETYPE_spool_t)
-"""
-te_rules="""
-manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file lnk_file })
-"""
-
-te_stream_rules="""\
-manage_sock_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, sock_file)
-"""
-
-########################### Interface File #############################
-if_rules="""
-########################################
-## <summary>
-## Search TEMPLATETYPE spool directories.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_search_spool',`
- gen_require(`
- type TEMPLATETYPE_spool_t;
- ')
-
- allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms;
- files_search_spool($1)
-')
-
-########################################
-## <summary>
-## Read TEMPLATETYPE spool files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_read_spool_files',`
- gen_require(`
- type TEMPLATETYPE_spool_t;
- ')
-
- files_search_spool($1)
- read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE spool files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_spool_files',`
- gen_require(`
- type TEMPLATETYPE_spool_t;
- ')
-
- files_search_spool($1)
- manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-')
-
-########################################
-## <summary>
-## Manage TEMPLATETYPE spool dirs.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_manage_spool_dirs',`
- gen_require(`
- type TEMPLATETYPE_spool_t;
- ')
-
- files_search_spool($1)
- manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-')
-
-"""
-
-if_stream_rules="""
-########################################
-## <summary>
-## Connect to TEMPLATETYPE over a unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_stream_connect',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_spool_t;
- ')
-
- stream_connect_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-')
-"""
-
-if_admin_types="""
- type TEMPLATETYPE_spool_t;"""
-
-if_admin_rules="""
- files_search_spool($1)
- admin_pattern($1, TEMPLATETYPE_spool_t)
-"""
-
-########################### File Context ##################################
-fc_file="""\
-FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
-"""
-
-fc_dir="""\
-FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
-"""
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
index dbe793b..cb1f0c7 100644
--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
@@ -53,25 +53,12 @@ POTFILES = \
../gui/modulesPage.py \
../gui/polgen.glade \
../gui/polgengui.py \
- ../gui/polgen.py \
../gui/portsPage.py \
../gui/semanagePage.py \
../gui/statusPage.py \
../gui/system-config-selinux.glade \
../gui/system-config-selinux.py \
../gui/usersPage.py \
- ../gui/templates/executable.py \
- ../gui/templates/__init__.py \
- ../gui/templates/network.py \
- ../gui/templates/rw.py \
- ../gui/templates/script.py \
- ../gui/templates/semodule.py \
- ../gui/templates/tmp.py \
- ../gui/templates/user.py \
- ../gui/templates/var_lib.py \
- ../gui/templates/var_log.py \
- ../gui/templates/var_run.py \
- ../gui/templates/var_spool.py \
../secon/secon.c \
../sepolicy/info.c \
../sepolicy/search.c \
diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in
index f633948..75117f4 100644
--- a/policycoreutils/po/POTFILES.in
+++ b/policycoreutils/po/POTFILES.in
@@ -27,7 +27,6 @@ gui/mappingsPage.py
gui/modulesPage.py
gui/polgen.glade
gui/polgengui.py
-gui/polgen.py
gui/portsPage.py
gui/selinux.tbl
gui/semanagePage.py
@@ -35,18 +34,6 @@ gui/statusPage.py
gui/system-config-selinux.glade
gui/system-config-selinux.py
gui/usersPage.py
-gui/templates/executable.py
-gui/templates/__init__.py
-gui/templates/network.py
-gui/templates/rw.py
-gui/templates/script.py
-gui/templates/semodule.py
-gui/templates/tmp.py
-gui/templates/user.py
-gui/templates/var_lib.py
-gui/templates/var_log.py
-gui/templates/var_run.py
-gui/templates/var_spool.py
secon/secon.c
sepolicy/info.c
sepolicy/search.c
--
1.8.1
