普通文本  |  780行  |  32.84 KB

#!/usr/bin/python -Es
#
# polgengui.py - GUI for SELinux Config tool in system-config-selinux
#
# Dan Walsh <dwalsh@redhat.com>
#
# Copyright (C) 2007-2013 Red Hat
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import signal
import string
import gtk
import gtk.glade
import os
import gobject
import gnome
import sys
try:
    import sepolicy
except ValueError as e:
    sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
    sys.exit(1)

import sepolicy.interface
try:
    from subprocess import getstatusoutput
except ImportError:
    from commands import getstatusoutput


import re


def get_all_modules():
    try:
        all_modules = []
        rc, output = getstatusoutput("semodule -l 2>/dev/null")
        if rc == 0:
            l = output.split("\n")
            for i in l:
                all_modules.append(i.split()[0])
    except:
        pass

    return all_modules


##
## I18N
##
PROGNAME = "policycoreutils"
try:
    import gettext
    kwargs = {}
    if sys.version_info < (3,):
        kwargs['unicode'] = True
    gettext.install(PROGNAME,
                    localedir="/usr/share/locale",
                    codeset='utf-8',
                    **kwargs)
except:
    try:
        import builtins
        builtins.__dict__['_'] = str
    except ImportError:
        import __builtin__
        __builtin__.__dict__['_'] = unicode

gnome.program_init("SELinux Policy Generation Tool", "5")

version = "1.0"

sys.path.append('/usr/share/system-config-selinux')
sys.path.append('.')

# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html


def foreach(model, path, iter, selected):
    selected.append(model.get_value(iter, 0))

##
## Pull in the Glade file
##
if os.access("polgen.glade", os.F_OK):
    xml = gtk.glade.XML("polgen.glade", domain=PROGNAME)
else:
    xml = gtk.glade.XML("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)

FILE = 1
DIR = 2


class childWindow:
    START_PAGE = 0
    SELECT_TYPE_PAGE = 0
    APP_PAGE = 1
    EXISTING_USER_PAGE = 2
    TRANSITION_PAGE = 3
    USER_TRANSITION_PAGE = 4
    ADMIN_PAGE = 5
    ROLE_PAGE = 6
    IN_NET_PAGE = 7
    OUT_NET_PAGE = 8
    COMMON_APPS_PAGE = 9
    FILES_PAGE = 10
    BOOLEAN_PAGE = 11
    SELECT_DIR_PAGE = 12
    FINISH_PAGE = 12

    def __init__(self):
        self.xml = xml
        self.notebook = xml.get_widget("notebook")
        self.label_dict = {}
        self.tooltip_dict = {}
        label = xml.get_widget("select_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_user_roles_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_dir_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_domain_admin_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_in_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_out_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_common_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_manages_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("select_booleans_label")
        self.label_dict[label] = label.get_text()

        label = xml.get_widget("existing_user_treeview")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("transition_treeview")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_tcp_all_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_tcp_reserved_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_tcp_unreserved_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_tcp_entry")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_udp_all_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_udp_reserved_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_udp_unreserved_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("in_udp_entry")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("out_tcp_entry")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("out_udp_entry")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("out_tcp_all_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("out_udp_all_checkbutton")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("boolean_treeview")
        self.tooltip_dict[label] = label.get_tooltip_text()

        label = xml.get_widget("write_treeview")
        self.tooltip_dict[label] = label.get_tooltip_text()

        try:
            self.all_types = sepolicy.generate.get_all_types()
            self.all_modules = get_all_modules()
            self.all_roles = sepolicy.generate.get_all_roles()
            self.all_users = sepolicy.generate.get_all_users()
        except RuntimeError as e:
            self.all_types = []
            self.all_modules = []
            self.all_roles = []
            self.all_users = []
            self.error(str(e))

        self.name = ""
        xml.signal_connect("on_delete_clicked", self.delete)
        xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
        xml.signal_connect("on_exec_select_clicked", self.exec_select)
        xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
        xml.signal_connect("on_add_clicked", self.add)
        xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
        xml.signal_connect("on_add_dir_clicked", self.add_dir)
        xml.signal_connect("on_about_clicked", self.on_about_clicked)
        xml.get_widget("cancel_button").connect("clicked", self.quit)
        self.forward_button = xml.get_widget("forward_button")
        self.forward_button.connect("clicked", self.forward)
        self.back_button = xml.get_widget("back_button")
        self.back_button.connect("clicked", self.back)

        self.boolean_dialog = xml.get_widget("boolean_dialog")
        self.boolean_name_entry = xml.get_widget("boolean_name_entry")
        self.boolean_description_entry = xml.get_widget("boolean_description_entry")

        self.pages = {}
        for i in sepolicy.generate.USERS:
            self.pages[i] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
        self.pages[sepolicy.generate.RUSER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
        self.pages[sepolicy.generate.LUSER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
        self.pages[sepolicy.generate.SANDBOX] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
        self.pages[sepolicy.generate.EUSER] = [self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]

        for i in sepolicy.generate.APPLICATIONS:
            self.pages[i] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]
        self.pages[sepolicy.generate.USER] = [self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE]

        self.current_page = 0
        self.back_button.set_sensitive(0)

        self.network_buttons = {}

        self.in_tcp_all_checkbutton = xml.get_widget("in_tcp_all_checkbutton")
        self.in_tcp_reserved_checkbutton = xml.get_widget("in_tcp_reserved_checkbutton")
        self.in_tcp_unreserved_checkbutton = xml.get_widget("in_tcp_unreserved_checkbutton")
        self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
        self.network_buttons[self.in_tcp_all_checkbutton] = [self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry]

        self.out_tcp_all_checkbutton = xml.get_widget("out_tcp_all_checkbutton")
        self.out_tcp_reserved_checkbutton = xml.get_widget("out_tcp_reserved_checkbutton")
        self.out_tcp_unreserved_checkbutton = xml.get_widget("out_tcp_unreserved_checkbutton")
        self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")

        self.network_buttons[self.out_tcp_all_checkbutton] = [self.out_tcp_entry]

        self.in_udp_all_checkbutton = xml.get_widget("in_udp_all_checkbutton")
        self.in_udp_reserved_checkbutton = xml.get_widget("in_udp_reserved_checkbutton")
        self.in_udp_unreserved_checkbutton = xml.get_widget("in_udp_unreserved_checkbutton")
        self.in_udp_entry = self.xml.get_widget("in_udp_entry")

        self.network_buttons[self.in_udp_all_checkbutton] = [self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry]

        self.out_udp_all_checkbutton = xml.get_widget("out_udp_all_checkbutton")
        self.out_udp_entry = self.xml.get_widget("out_udp_entry")
        self.network_buttons[self.out_udp_all_checkbutton] = [self.out_udp_entry]

        for b in self.network_buttons.keys():
            b.connect("clicked", self.network_all_clicked)

        self.boolean_treeview = self.xml.get_widget("boolean_treeview")
        self.boolean_store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING)
        self.boolean_treeview.set_model(self.boolean_store)
        self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text=0)
        self.boolean_treeview.append_column(col)
        col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text=1)
        self.boolean_treeview.append_column(col)

        self.role_treeview = self.xml.get_widget("role_treeview")
        self.role_store = gtk.ListStore(gobject.TYPE_STRING)
        self.role_treeview.set_model(self.role_store)
        self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
        self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text=0)
        self.role_treeview.append_column(col)

        self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
        self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
        self.existing_user_treeview.set_model(self.existing_user_store)
        self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text=0)
        self.existing_user_treeview.append_column(col)

        for i in self.all_roles:
            iter = self.role_store.append()
            self.role_store.set_value(iter, 0, i[:-2])

        self.in_tcp_reserved_checkbutton = xml.get_widget("in_tcp_reserved_checkbutton")

        self.transition_treeview = self.xml.get_widget("transition_treeview")
        self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
        self.transition_treeview.set_model(self.transition_store)
        self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
        self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text=0)
        self.transition_treeview.append_column(col)

        self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
        self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
        self.user_transition_treeview.set_model(self.user_transition_store)
        self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
        self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text=0)
        self.user_transition_treeview.append_column(col)

        for i in self.all_users:
            iter = self.user_transition_store.append()
            self.user_transition_store.set_value(iter, 0, i[:-2])
            iter = self.existing_user_store.append()
            self.existing_user_store.set_value(iter, 0, i[:-2])

        self.admin_treeview = self.xml.get_widget("admin_treeview")
        self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
        self.admin_treeview.set_model(self.admin_store)
        self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
        self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
        col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text=0)
        self.admin_treeview.append_column(col)

        try:
            for u in sepolicy.interface.get_user():
                iter = self.transition_store.append()
                self.transition_store.set_value(iter, 0, u)

            for a in sepolicy.interface.get_admin():
                iter = self.admin_store.append()
                self.admin_store.set_value(iter, 0, a)
        except ValueError as e:
            self.error(e.message)

    def confine_application(self):
        return self.get_type() in sepolicy.generate.APPLICATIONS

    def forward(self, arg):
        type = self.get_type()
        if self.current_page == self.START_PAGE:
            self.back_button.set_sensitive(1)

        if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
            if self.on_select_type_page_next():
                return

        if self.pages[type][self.current_page] == self.IN_NET_PAGE:
            if self.on_in_net_page_next():
                return

        if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
            if self.on_out_net_page_next():
                return

        if self.pages[type][self.current_page] == self.APP_PAGE:
            if self.on_name_page_next():
                return

        if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
            if self.on_existing_user_page_next():
                return

        if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
            outputdir = self.output_entry.get_text()
            if not os.path.isdir(outputdir):
                self.error(_("%s must be a directory") % outputdir)
                return False

        if self.pages[type][self.current_page] == self.FINISH_PAGE:
            self.generate_policy()
            self.xml.get_widget("cancel_button").set_label(gtk.STOCK_CLOSE)
        else:
            self.current_page = self.current_page + 1
            self.notebook.set_current_page(self.pages[type][self.current_page])
            if self.pages[type][self.current_page] == self.FINISH_PAGE:
                self.forward_button.set_label(gtk.STOCK_APPLY)

    def back(self, arg):
        type = self.get_type()
        if self.pages[type][self.current_page] == self.FINISH_PAGE:
            self.forward_button.set_label(gtk.STOCK_GO_FORWARD)

        self.current_page = self.current_page - 1
        self.notebook.set_current_page(self.pages[type][self.current_page])
        if self.pages[type][self.current_page] == self.START_PAGE:
            self.back_button.set_sensitive(0)

    def network_all_clicked(self, button):
        active = button.get_active()
        for b in self.network_buttons[button]:
            b.set_sensitive(not active)

    def verify(self, message, title=""):
        dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
                                gtk.BUTTONS_YES_NO,
                                message)
        dlg.set_title(title)
        dlg.set_position(gtk.WIN_POS_MOUSE)
        dlg.show_all()
        rc = dlg.run()
        dlg.destroy()
        return rc

    def info(self, message):
        dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
                                gtk.BUTTONS_OK,
                                message)
        dlg.set_position(gtk.WIN_POS_MOUSE)
        dlg.show_all()
        dlg.run()
        dlg.destroy()

    def error(self, message):
        dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
                                gtk.BUTTONS_CLOSE,
                                message)
        dlg.set_position(gtk.WIN_POS_MOUSE)
        dlg.show_all()
        dlg.run()
        dlg.destroy()

    def get_name(self):
        if self.existing_user_radiobutton.get_active():
            store, iter = self.existing_user_treeview.get_selection().get_selected()
            if iter == None:
                raise ValueError(_("You must select a user"))
            return store.get_value(iter, 0)
        else:
            return self.name_entry.get_text()

    def get_type(self):
        if self.sandbox_radiobutton.get_active():
            return sepolicy.generate.SANDBOX
        if self.cgi_radiobutton.get_active():
            return sepolicy.generate.CGI
        if self.user_radiobutton.get_active():
            return sepolicy.generate.USER
        if self.init_radiobutton.get_active():
            return sepolicy.generate.DAEMON
        if self.dbus_radiobutton.get_active():
            return sepolicy.generate.DBUS
        if self.inetd_radiobutton.get_active():
            return sepolicy.generate.INETD
        if self.login_user_radiobutton.get_active():
            return sepolicy.generate.LUSER
        if self.admin_user_radiobutton.get_active():
            return sepolicy.generate.AUSER
        if self.xwindows_user_radiobutton.get_active():
            return sepolicy.generate.XUSER
        if self.terminal_user_radiobutton.get_active():
            return sepolicy.generate.TUSER
        if self.root_user_radiobutton.get_active():
            return sepolicy.generate.RUSER
        if self.existing_user_radiobutton.get_active():
            return sepolicy.generate.EUSER

    def generate_policy(self, *args):
        outputdir = self.output_entry.get_text()
        try:
            my_policy = sepolicy.generate.policy(self.get_name(), self.get_type())

            iter = self.boolean_store.get_iter_first()
            while(iter):
                my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
                iter = self.boolean_store.iter_next(iter)

            if self.get_type() in sepolicy.generate.APPLICATIONS:
                my_policy.set_program(self.exec_entry.get_text())
                my_policy.gen_symbols()

                my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
                my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
                my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
                my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)

                my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1)
                my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1)
                my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1)
                my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1)
                if self.get_type() is sepolicy.generate.DAEMON:
                    my_policy.set_init_script(self.init_script_entry.get_text())
                if self.get_type() == sepolicy.generate.USER:
                    selected = []
                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_users(selected)
            else:
                if self.get_type() == sepolicy.generate.RUSER:
                    selected = []
                    self.admin_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_admin_domains(selected)
                    selected = []
                    self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_users(selected)
                else:
                    selected = []
                    self.transition_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_transition_domains(selected)

                    selected = []
                    self.role_treeview.get_selection().selected_foreach(foreach, selected)
                    my_policy.set_admin_roles(selected)

            my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
            my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
            my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
            my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())

            iter = self.store.get_iter_first()
            while(iter):
                if self.store.get_value(iter, 1) == FILE:
                    my_policy.add_file(self.store.get_value(iter, 0))
                else:
                    my_policy.add_dir(self.store.get_value(iter, 0))
                iter = self.store.iter_next(iter)

            self.info(my_policy.generate(outputdir))
            return False
        except ValueError as e:
            self.error(e.message)

    def delete(self, args):
        store, iter = self.view.get_selection().get_selected()
        if iter != None:
            store.remove(iter)
            self.view.get_selection().select_path((0,))

    def delete_boolean(self, args):
        store, iter = self.boolean_treeview.get_selection().get_selected()
        if iter != None:
            store.remove(iter)
            self.boolean_treeview.get_selection().select_path((0,))

    def add_boolean(self, type):
        self.boolean_name_entry.set_text("")
        self.boolean_description_entry.set_text("")
        rc = self.boolean_dialog.run()
        self.boolean_dialog.hide()
        if rc == gtk.RESPONSE_CANCEL:
            return
        iter = self.boolean_store.append()
        self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
        self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())

    def __add(self, type):
        rc = self.file_dialog.run()
        self.file_dialog.hide()
        if rc == gtk.RESPONSE_CANCEL:
            return
        for i in self.file_dialog.get_filenames():
            iter = self.store.append()
            self.store.set_value(iter, 0, i)
            self.store.set_value(iter, 1, type)

    def exec_select(self, args):
        self.file_dialog.set_select_multiple(0)
        self.file_dialog.set_title(_("Select executable file to be confined."))
        self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
        self.file_dialog.set_current_folder("/usr/sbin")
        rc = self.file_dialog.run()
        self.file_dialog.hide()
        if rc == gtk.RESPONSE_CANCEL:
            return
        self.exec_entry.set_text(self.file_dialog.get_filename())

    def init_script_select(self, args):
        self.file_dialog.set_select_multiple(0)
        self.file_dialog.set_title(_("Select init script file to be confined."))
        self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
        self.file_dialog.set_current_folder("/etc/rc.d/init.d")
        rc = self.file_dialog.run()
        self.file_dialog.hide()
        if rc == gtk.RESPONSE_CANCEL:
            return
        self.init_script_entry.set_text(self.file_dialog.get_filename())

    def add(self, args):
        self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
        self.file_dialog.set_current_folder("/")
        self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
        self.file_dialog.set_select_multiple(1)
        self.__add(FILE)

    def add_dir(self, args):
        self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
        self.file_dialog.set_current_folder("/")
        self.file_dialog.set_select_multiple(1)
        self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
        self.__add(DIR)

    def on_about_clicked(self, args):
        dlg = xml.get_widget("about_dialog")
        dlg.run()
        dlg.hide()

    def quit(self, args):
        gtk.main_quit()

    def setupScreen(self):
        # Bring in widgets from glade file.
        self.mainWindow = self.xml.get_widget("main_window")
        self.druid = self.xml.get_widget("druid")
        self.type = 0
        self.name_entry = self.xml.get_widget("name_entry")
        self.name_entry.connect("insert_text", self.on_name_entry_changed)
        self.name_entry.connect("focus_out_event", self.on_focus_out_event)
        self.exec_entry = self.xml.get_widget("exec_entry")
        self.exec_button = self.xml.get_widget("exec_button")
        self.init_script_entry = self.xml.get_widget("init_script_entry")
        self.init_script_button = self.xml.get_widget("init_script_button")
        self.output_entry = self.xml.get_widget("output_entry")
        self.output_entry.set_text(os.getcwd())
        self.xml.get_widget("output_button").connect("clicked", self.output_button_clicked)

        self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
        self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
        self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
        self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
        self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
        self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")

        self.user_radiobutton = self.xml.get_widget("user_radiobutton")
        self.init_radiobutton = self.xml.get_widget("init_radiobutton")
        self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
        self.dbus_radiobutton = self.xml.get_widget("dbus_radiobutton")
        self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
        self.sandbox_radiobutton = self.xml.get_widget("sandbox_radiobutton")
        self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
        self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
        self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
        self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
        self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
        self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
        self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
        self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
        self.view = self.xml.get_widget("write_treeview")
        self.file_dialog = self.xml.get_widget("filechooserdialog")

        self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
        self.view.set_model(self.store)
        col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=0)
        col.set_resizable(True)
        self.view.append_column(col)
        self.view.get_selection().select_path((0,))

    def output_button_clicked(self, *args):
        self.file_dialog.set_title(_("Select directory to generate policy files in"))
        self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
        self.file_dialog.set_select_multiple(0)
        rc = self.file_dialog.run()
        self.file_dialog.hide()
        if rc == gtk.RESPONSE_CANCEL:
            return
        self.output_entry.set_text(self.file_dialog.get_filename())

    def on_name_entry_changed(self, entry, text, size, position):
        if text.find(" ") >= 0:
            entry.emit_stop_by_name("insert_text")

    def on_focus_out_event(self, entry, third):
        name = entry.get_text()
        if self.name != name:
            if name in self.all_types:
                if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
                    entry.set_text("")
                    return False
            if name in self.all_modules:
                if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
                    entry.set_text("")
                    return False

            file = "/etc/rc.d/init.d/" + name
            if os.path.isfile(file) and self.init_script_entry.get_text() == "":
                self.init_script_entry.set_text(file)

            file = "/usr/sbin/" + name
            if os.path.isfile(file) and self.exec_entry.get_text() == "":
                self.exec_entry.set_text(file)

        self.name = name
        return False

    def on_in_net_page_next(self, *args):
        try:
            generate.verify_ports(self.in_tcp_entry.get_text())
            generate.verify_ports(self.in_udp_entry.get_text())
        except ValueError as e:
            self.error(e.message)
            return True

    def on_out_net_page_next(self, *args):
        try:
            generate.verify_ports(self.out_tcp_entry.get_text())
            generate.verify_ports(self.out_udp_entry.get_text())
        except ValueError as e:
            self.error(e.message)
            return True

    def on_select_type_page_next(self, *args):
        self.exec_entry.set_sensitive(self.confine_application())
        self.exec_button.set_sensitive(self.confine_application())
        self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
        self.init_script_button.set_sensitive(self.init_radiobutton.get_active())

    def on_existing_user_page_next(self, *args):
        store, iter = self.view.get_selection().get_selected()
        if iter != None:
            self.error(_("You must select a user"))
            return True

    def on_name_page_next(self, *args):
        name = self.name_entry.get_text()
        if not name.isalnum():
            self.error(_("You must add a name made up of letters and numbers and containing no spaces."))
            return True

        for i in self.label_dict:
            text = '<b>%s</b>' % (self.label_dict[i] % ("'" + name + "'"))
            i.set_markup(text)

        for i in self.tooltip_dict:
            text = self.tooltip_dict[i] % ("'" + name + "'")
            i.set_tooltip_text(text)

        if self.confine_application():
            exe = self.exec_entry.get_text()
            if exe == "":
                self.error(_("You must enter a executable"))
                return True
            policy = generate.policy(name, self.get_type())
            policy.set_program(exe)
            policy.gen_writeable()
            policy.gen_symbols()
            for f in policy.files.keys():
                iter = self.store.append()
                self.store.set_value(iter, 0, f)
                self.store.set_value(iter, 1, FILE)

            for f in policy.dirs.keys():
                iter = self.store.append()
                self.store.set_value(iter, 0, f)
                self.store.set_value(iter, 1, DIR)
            self.tmp_checkbutton.set_active(policy.use_tmp)
            self.uid_checkbutton.set_active(policy.use_uid)
            self.pam_checkbutton.set_active(policy.use_pam)
            self.dbus_checkbutton.set_active(policy.use_dbus)
            self.audit_checkbutton.set_active(policy.use_audit)
            self.terminal_checkbutton.set_active(policy.use_terminal)
            self.mail_checkbutton.set_active(policy.use_mail)
            self.syslog_checkbutton.set_active(policy.use_syslog)

    def stand_alone(self):
        desktopName = _("Configue SELinux")

        self.setupScreen()
        self.mainWindow.connect("destroy", self.quit)

        self.mainWindow.show_all()
        gtk.main()

if __name__ == "__main__":
    signal.signal(signal.SIGINT, signal.SIG_DFL)

    app = childWindow()
    app.stand_alone()