^c@sdZddlZddlZyddlmZWn!ek rUddlmZnXddlZddlZddl Z ddl Z ddl m Z dZ dd dYZd Zd d d YZdS(sU Utilities for dealing with the compilation of modules and creation of module tress. iN(tgetstatusoutputi(tdefaultscCs@tjd|}t|dkr8|djr8tStSdS(s'Check that a module name is valid. s[^a-zA-Z0-9_\-\.]iN(tretfindalltlentisalphatTruetFalse(tmodnametm((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyt is_valid_name(s"t ModuleTreecBsSeZdZdZdZdZdZdZdZddZ RS( cCs||_d|_dS(N(RtNonetdirname(tselfR((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyt__init__2s cCs|jS(N(R (R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytdir_name6scCs|jd|jdS(Nt/s.te(R R(R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytte_name9scCs|jd|jdS(NRs.fc(R R(R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytfc_name<scCs|jd|jdS(NRs.if(R R(R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytif_name?scCs|jd|jdS(NRs.pp(R R(R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyt package_nameBscCs |jdS(Ns /Makefile(R (R((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyt makefile_nameEscCs|d|j|_tj|jt|jd}|rS|jd|n|jdtj|j t|j dj t|j dj t|j dj dS(NRtwsinclude ( RR tostmkdirtopenRtwriteRtrefpolicy_makefiletcloseRRR(Rtparent_dirnametmakefile_includetfd((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytcreateHs N( t__name__t __module__RRRRRRRR R!(((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyR 1s       cCs$tjjtjj|ddS(Nii(Rtpathtsplitexttsplit(t sourcename((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytmodname_from_sourcenameXstModuleCompilercBs\eZdZd dZdZdZdZedZ dZ dZ dZ RS( stModuleCompiler eases running of the module compiler. The ModuleCompiler class encapsulates running the commandline module compiler (checkmodule) and module packager (semodule_package). You are likely interested in the create_module_package method. Several options are controlled via paramaters (only effects the non-refpol builds): .mls [boolean] Generate an MLS module (by passed -M to checkmodule). True to generate an MLS module, false otherwise. .module [boolean] Generate a module instead of a base module. True to generate a module, false to generate a base. .checkmodule [string] Fully qualified path to the module compiler. Default is /usr/bin/checkmodule. .semodule_package [string] Fully qualified path to the module packager. Defaults to /usr/bin/semodule_package. .output [file object] File object used to write verbose output of the compililation and packaging process. cCsXtj|_t|_d|_d|_||_d|_t j |_ d|_ dS(sCreate a ModuleCompiler instance, optionally with an output file object for verbose output of the compilation process. s/usr/bin/checkmodules/usr/bin/semodule_packagets /usr/bin/makeN( tselinuxtis_selinux_mls_enabledtmlsRtmodulet checkmoduletsemodule_packagetoutputt last_outputRRtrefpol_makefiletmake(RR1((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyRts     cCs-|jr |jj|dn||_dS(Ns (R1RR2(Rtstr((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytos cCs0|j|t|\}}|j||S(N(R6R(RtcommandtrcR1((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytruns  cCsg|jd}t|dkr3td|ndj|dd!}|d}|d}||fS(sGenerate the module and policy package filenames from a source file name. The source file must be in the form of "foo.te". This will generate "foo.mod" and "foo.pp". Returns a tuple with (modname, policypackage). t.is,invalid sourcefile name %s (must end in .te)iis.mods.pp(R&Rt RuntimeErrortjoin(RR't splitnametbasenameRt packagename((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyt gen_filenamess  cCs\|r|j|nB|j|\}}|j|||j||tj|dS(sCreate a module package saved in a packagename from a sourcename. The create_module_package creates a module package saved in a file named sourcename (.pp is the standard extension) from a source file (.te is the standard extension). The source file should contain SELinux policy statements appropriate for a base or non-base module (depending on the setting of .module). Only file names are accepted, not open file objects or descriptors because the command line SELinux tools are used. On error a RuntimeError will be raised with a descriptive error message. N(t refpol_buildR@tcompiletpackageRtunlink(RR't refpolicyRR?((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pytcreate_module_packages cCsI|jd|j}|j|}|dkrEtd|jndS(Ns -f iscompilation failed: %s(R4R3R9R;R2(RR'R7R8((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyRAs cCs|jg}|jr%|jdn|jr>|jdn|jd|j||j||jdj|}|dkrtd|jndS(Ns-Ms-ms-ot iscompilation failed: %s(R/R-tappendR.R9R<R;R2(RR'RtsR8((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyRBs       cCs~|jg}|jd|j||jd|j||jdj|}|dkrztd|jndS(Ns-os-mRGispackaging failed [%s](R0RHR9R<R;R2(RRR?RIR8((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyRCs      N( R"R#t__doc__R RR6R9R@RRFRARBRC(((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyR)[s     (((RJRttempfilet subprocessRt ImportErrortcommandsRtos.pathtshutilR+R*RR R R(R)(((s5/usr/lib64/python2.7/site-packages/sepolgen/module.pyts        '