load_store_policy() allows to (re)load SELinux policy based on a store name. It is useful when SELinux is disabled and default policy is not installed; or when a user wants to query or manipulate another policy. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861 Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- python/sepolicy/sepolicy/__init__.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index fbeb731d..b69a6b94 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -129,6 +129,13 @@ def get_installed_policy(root="/"): pass raise ValueError(_("No SELinux Policy installed")) +def get_store_policy(store, root="/"): + try: + policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store)) + policies.sort() + return policies[-1] + except: + return None def policy(policy_file): global all_domains @@ -156,6 +163,11 @@ def policy(policy_file): except: raise ValueError(_("Failed to read %s policy file") % policy_file) +def load_store_policy(store): + policy_file = get_store_policy(store) + if not policy_file: + return None + policy(policy_file) try: policy_file = get_installed_policy() -- 2.20.1