diff options
-rw-r--r-- | Makefile | 14 | ||||
-rw-r--r-- | support/genclassperms.py | 6 | ||||
-rw-r--r-- | support/genhomedircon.py (renamed from support/genhomedircon) | 126 | ||||
-rw-r--r-- | support/gennetfilter.py | 68 | ||||
-rw-r--r-- | support/policyvers.py | 5 | ||||
-rw-r--r-- | support/pyplate.py | 8 | ||||
-rw-r--r-- | support/sedoctool.py | 14 | ||||
-rw-r--r-- | support/segenxml.py | 68 |
8 files changed, 121 insertions, 188 deletions
@@ -71,7 +71,7 @@ AWK ?= gawk GREP ?= egrep INSTALL ?= install M4 ?= m4 -E -E -PYTHON ?= python -t -t +PYTHON ?= python -t -t -E -W error SED ?= sed SORT ?= LC_ALL=C sort UMASK ?= umask @@ -94,22 +94,22 @@ endif # policy building support tools support := support -genxml := $(PYTHON) -E $(support)/segenxml.py -gendoc := $(PYTHON) -E $(support)/sedoctool.py -genperm := $(PYTHON) -E $(support)/genclassperms.py -policyvers := $(PYTHON) -E $(support)/policyvers.py +genxml := $(PYTHON) $(support)/segenxml.py +gendoc := $(PYTHON) $(support)/sedoctool.py +genperm := $(PYTHON) $(support)/genclassperms.py +policyvers := $(PYTHON) $(support)/policyvers.py fcsort := $(tmpdir)/fc_sort setbools := $(AWK) -f $(support)/set_bools_tuns.awk get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed comment_move_decl := $(SED) -r -f $(support)/comment_move_decl.sed -gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py +gennetfilter := $(PYTHON) $(support)/gennetfilter.py m4iferror := $(support)/iferror.m4 m4divert := $(support)/divert.m4 m4undivert := $(support)/undivert.m4 m4terminate := $(support)/fatal_error.m4 # use our own genhomedircon to make sure we have a known usable one, # so policycoreutils updates are not required (RHEL4) -genhomedircon := $(PYTHON) -E $(support)/genhomedircon +genhomedircon := $(PYTHON) $(support)/genhomedircon.py # documentation paths docs := doc diff --git a/support/genclassperms.py b/support/genclassperms.py index 03f31ad0a..a9c634c43 100644 --- a/support/genclassperms.py +++ b/support/genclassperms.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # Author: Donald Miner <dminer@tresys.com> # @@ -120,8 +120,10 @@ def get_av_db(file_name): # Figure out whether the next class will be a common or a class. if av_data[0] == "class": common = False + keyword = "class" elif av_data[0] == "common": common = True + keyword = "common" else: error("Unexpected token in file " + file_name + ": "\ + av_data[0] + ".") @@ -249,7 +251,7 @@ def gen_class_perms(av_db, sc_db): class_perms = "" for obj in av_db: # Don't output commons - if obj.common == True: + if obj.common: continue # Get the list of permissions from the specified class. diff --git a/support/genhomedircon b/support/genhomedircon.py index 355ecb7b1..e14f9fbf3 100644 --- a/support/genhomedircon +++ b/support/genhomedircon.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#!/usr/bin/env python3 # Copyright (C) 2004 Tresys Technology, LLC # see file 'COPYING' for use and warranty information # @@ -40,13 +40,13 @@ # are always "real" (including root, in the default configuration). # -import commands, sys, os, pwd, string, getopt, re +import subprocess, sys, os, pwd, getopt, re EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"] def getStartingUID(): - starting_uid = sys.maxint - rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs") + starting_uid = 99999 + rc=subprocess.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs") if rc[0] == 0: uid_min = re.sub("^UID_MIN[^0-9]*", "", rc[1]) #stip any comment from the end of the line @@ -54,7 +54,7 @@ def getStartingUID(): uid_min = uid_min.strip() if int(uid_min) < starting_uid: starting_uid = int(uid_min) - rc=commands.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf") + rc=subprocess.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf") if rc[0] == 0: lu_uidnumber = re.sub("^LU_UIDNUMBER[^0-9]*", "", rc[1]) #stip any comment from the end of the line @@ -63,7 +63,7 @@ def getStartingUID(): lu_uidnumber = lu_uidnumber.strip() if int(lu_uidnumber) < starting_uid: starting_uid = int(lu_uidnumber) - if starting_uid == sys.maxint: + if starting_uid == 99999: starting_uid = 500 return starting_uid @@ -80,14 +80,14 @@ def getPrefixes(): if u[2] >= STARTING_UID and \ not u[6] in EXCLUDE_LOGINS and \ u[5] != "/" and \ - string.count(u[5], "/") > 1: - prefix = u[5][:string.rfind(u[5], "/")] + u[5].count("/") > 1: + prefix = u[5][:u[5].rfind("/")] if not prefix in prefixes: prefixes[prefix] = "" return prefixes def getUsers(filecontextdir): - rc = commands.getstatusoutput("grep ^user %s/users" % filecontextdir) + rc = subprocess.getstatusoutput("grep ^user %s/users" % filecontextdir) udict = {} if rc[0] == 0: ulist = rc[1].strip().split("\n") @@ -113,22 +113,22 @@ def getUsers(filecontextdir): return udict def update(filecontext, user, prefs): - rc=commands.getstatusoutput("grep -h '^HOME_DIR' %s | grep -v vmware | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (filecontext, prefs["home"], prefs["role"], user)) + rc=subprocess.getstatusoutput("grep -h '^HOME_DIR' %s | grep -v vmware | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (filecontext, prefs["home"], prefs["role"], user)) if rc[0] == 0: - print rc[1] + print(rc[1]) else: - errorExit(string.join("grep/sed error ", rc[1])) + errorExit("grep/sed error " + rc[1]) return rc def oldgenhomedircon(filecontextdir, filecontext): - sys.stderr.flush() + sys.stderr.flush() - if os.path.isdir(filecontextdir) == 0: - sys.stderr.write("New usage is the following\n") - usage() + if os.path.isdir(filecontextdir) == 0: + sys.stderr.write("New usage is the following\n") + usage() #We are going to define home directory used by libuser and show-utils as a home directory root prefixes = {} - rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd") + rc=subprocess.getstatusoutput("grep -h '^HOME' /etc/default/useradd") if rc[0] == 0: homedir = rc[1].split("=")[1] homedir = homedir.split("#")[0] @@ -143,7 +143,7 @@ def oldgenhomedircon(filecontextdir, filecontext): sys.stderr.flush() - rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") + rc=subprocess.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") if rc[0] == 0: homedir = rc[1].split("=")[1] homedir = homedir.split("#")[0] @@ -165,7 +165,7 @@ def oldgenhomedircon(filecontextdir, filecontext): #this works by grepping the file_contexts for # 1. ^/ makes sure this is not a comment # 2. prints only the regex in the first column first cut on \t then on space - rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % (sys.argv[2]) ) + rc=subprocess.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % (sys.argv[2]) ) if rc[0] == 0: prefix_regex = rc[1].split("\n") else: @@ -199,23 +199,23 @@ def oldgenhomedircon(filecontextdir, filecontext): sys.stderr.flush() prefixes["/home"] = "" - # There may be a more elegant sed script to expand a macro to multiple lines, but this works - sed_root = "h; s|^HOME_ROOT|%s|" % (string.join(prefixes.keys(), "|; p; g; s|^HOME_ROOT|"),) - sed_dir = "h; s|^HOME_DIR|%s/[^/]+|; s|ROLE_|user_|" % (string.join(prefixes.keys(), "/[^/]+|; s|ROLE_|user_|; p; g; s|^HOME_DIR|"),) + # There may be a more elegant sed script to expand a macro to multiple lines, but this works + sed_root = "h; s|^HOME_ROOT|%s|" % (prefixes.keys() + "|; p; g; s|^HOME_ROOT|") + sed_dir = "h; s|^HOME_DIR|%s/[^/]+|; s|ROLE_|user_|" % (prefixes.keys() + "/[^/]+|; s|ROLE_|user_|; p; g; s|^HOME_DIR|") - # Fill in HOME_ROOT, HOME_DIR, and ROLE for users not explicitly defined in /etc/security/selinux/src/policy/users - rc=commands.getstatusoutput("sed -e \"/^HOME_ROOT/{%s}\" -e \"/^HOME_DIR/{%s}\" %s" % (sed_root, sed_dir, filecontext)) - if rc[0] == 0: - print rc[1] - else: - errorExit(string.join("sed error ", rc[1])) + # Fill in HOME_ROOT, HOME_DIR, and ROLE for users not explicitly defined in /etc/security/selinux/src/policy/users + rc=subprocess.getstatusoutput("sed -e \"/^HOME_ROOT/{%s}\" -e \"/^HOME_DIR/{%s}\" %s" % (sed_root, sed_dir, filecontext)) + if rc[0] == 0: + print(rc[1]) + else: + errorExit("sed error " + rc[1]) - users = getUsers(filecontextdir) - print "\n#\n# User-specific file contexts\n#\n" + users = getUsers(filecontextdir) + print("\n#\n# User-specific file contexts\n#\n") - # Fill in HOME and ROLE for users that are defined - for u in users.keys(): - update(filecontext, u, users[u]) + # Fill in HOME and ROLE for users that are defined + for u in users.keys(): + update(filecontext, u, users[u]) ############################################################################# # @@ -225,7 +225,7 @@ def oldgenhomedircon(filecontextdir, filecontext): def getDefaultHomeDir(): ret = [] - rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd") + rc=subprocess.getstatusoutput("grep -h '^HOME' /etc/default/useradd") if rc[0] == 0: homedir = rc[1].split("=")[1] homedir = homedir.split("#")[0] @@ -238,7 +238,7 @@ def getDefaultHomeDir(): sys.stderr.write("%s\n" % rc[1]) sys.stderr.write("You do not have access to /etc/default/useradd HOME=\n") sys.stderr.flush() - rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") + rc=subprocess.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") if rc[0] == 0: homedir = rc[1].split("=")[1] homedir = homedir.split("#")[0] @@ -256,7 +256,7 @@ def getDefaultHomeDir(): return ret def getSELinuxType(directory): - rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory) + rc=subprocess.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory) if rc[0]==0: return rc[1].split("=")[-1].strip() return "targeted" @@ -279,37 +279,37 @@ def errorExit(error): sys.exit(1) class selinuxConfig: - def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1): - self.type=type + def __init__(self, selinuxdir="/etc/selinux", setype="targeted", usepwd=1): + self.setype=setype self.selinuxdir=selinuxdir +"/" self.contextdir="/contexts" self.filecontextdir=self.contextdir+"/files" self.usepwd=usepwd def getFileContextDir(self): - return self.selinuxdir+self.type+self.filecontextdir + return self.selinuxdir+self.setype+self.filecontextdir def getFileContextFile(self): return self.getFileContextDir()+"/file_contexts" def getContextDir(self): - return self.selinuxdir+self.type+self.contextdir + return self.selinuxdir+self.setype+self.contextdir def getHomeDirTemplate(self): return self.getFileContextDir()+"/homedir_template" def getHomeRootContext(self, homedir): - rc=commands.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir)) + rc=subprocess.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir)) if rc[0] == 0: return rc[1]+"\n" else: - errorExit(string.join("sed error ", rc[1])) + errorExit("sed error " + rc[1]) def getUsersFile(self): - return self.selinuxdir+self.type+"/users/local.users" + return self.selinuxdir+self.setype+"/users/local.users" def getSystemUsersFile(self): - return self.selinuxdir+self.type+"/users/system.users" + return self.selinuxdir+self.setype+"/users/system.users" def heading(self): ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] @@ -318,10 +318,10 @@ class selinuxConfig: def getUsers(self): users="" - rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile()) + rc = subprocess.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile()) if rc[0] == 0: users+=rc[1]+"\n" - rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile()) + rc = subprocess.getstatusoutput("grep ^user %s" % self.getUsersFile()) if rc[0] == 0: users+=rc[1] udict = {} @@ -351,7 +351,7 @@ class selinuxConfig: def getHomeDirContext(self, user, home, role): ret="\n\n#\n# Context for user %s\n#\n\n" % user - rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user)) + rc=subprocess.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user)) return ret + rc[1] + "\n" def genHomeDirContext(self): @@ -363,12 +363,12 @@ class selinuxConfig: return ret+"\n" def checkExists(self, home): - if commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0: + if subprocess.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0: return 0 #this works by grepping the file_contexts for # 1. ^/ makes sure this is not a comment # 2. prints only the regex in the first column first cut on \t then on space - rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % self.getFileContextFile() ) + rc=subprocess.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % self.getFileContextFile() ) if rc[0] == 0: prefix_regex = rc[1].split("\n") else: @@ -406,8 +406,8 @@ class selinuxConfig: if u[2] >= starting_uid and \ not u[6] in EXCLUDE_LOGINS and \ u[5] != "/" and \ - string.count(u[5], "/") > 1: - homedir = u[5][:string.rfind(u[5], "/")] + u[5].count("/") > 1: + homedir = u[5][:u[5].rfind("/")] if not homedir in homedirs: if self.checkExists(homedir)==0: warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0])) @@ -426,14 +426,14 @@ class selinuxConfig: return ret def printout(self): - print self.genoutput() + print(self.genoutput()) def write(self): try: fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w") fd.write(self.genoutput()) fd.close() - except IOError, error: + except IOError as error: sys.stderr.write("%s: %s\n" % ( sys.argv[0], error )) @@ -445,14 +445,14 @@ class selinuxConfig: try: usepwd=1 directory="/etc/selinux" - type=None + setype=None gopts, cmds = getopt.getopt(sys.argv[1:], 'nd:t:', ['help', 'type=', 'nopasswd', 'dir=']) for o,a in gopts: if o == '--type' or o == "-t": - type=a + setype=a if o == '--nopasswd' or o == "-n": usepwd=0 if o == '--dir' or o == "-d": @@ -461,8 +461,8 @@ try: usage() - if type==None: - type=getSELinuxType(directory) + if setype is None: + setype=getSELinuxType(directory) if len(cmds) == 2: oldgenhomedircon(cmds[0], cmds[1]) @@ -470,12 +470,12 @@ try: if len(cmds) != 0: usage() - selconf=selinuxConfig(directory, type, usepwd) + selconf=selinuxConfig(directory, setype, usepwd) selconf.write() -except getopt.error, error: - errorExit(string.join("Options Error ", error)) -except ValueError, error: - errorExit(string.join("ValueError ", error)) -except IndexError, error: +except getopt.error as error: + errorExit("Options Error " + error) +except ValueError as error: + errorExit("ValueError " + error) +except IndexError: errorExit("IndexError") diff --git a/support/gennetfilter.py b/support/gennetfilter.py index a7c9036e5..7c9a85c7d 100644 --- a/support/gennetfilter.py +++ b/support/gennetfilter.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # Author: Chris PeBenito <cpebenito@tresys.com> # @@ -7,7 +7,7 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2. -import sys,string,getopt,re +import sys,getopt,re NETPORT = re.compile("^network_port\(\s*\w+\s*(\s*,\s*\w+\s*,\s*\w+\s*,\s*\w+\s*)+\s*\)\s*(#|$)") @@ -20,7 +20,7 @@ PACKET_INPUT = "_server_packet_t" PACKET_OUTPUT = "_client_packet_t" class Port: - def __init__(self, proto, num, mls_sens, mcs_cats=""): + def __init__(self, proto, num, mls_sens): # protocol of the port self.proto = proto @@ -49,7 +49,7 @@ def print_input_rules(packets,mls,mcs): elif mcs: line += ":"+DEFAULT_MCS - print line + print(line) for i in packets: for j in i.ports: @@ -58,10 +58,10 @@ def print_input_rules(packets,mls,mcs): line += ":"+j.mls_sens elif mcs: line += ":"+j.mcs_cats - print line + print(line) - print "post -A selinux_new_input -j CONNSECMARK --save" - print "post -A selinux_new_input -j RETURN" + print("post -A selinux_new_input -j CONNSECMARK --save") + print("post -A selinux_new_input -j RETURN") def print_output_rules(packets,mls,mcs): line = "base -A selinux_new_output -j SECMARK --selctx system_u:object_r:"+DEFAULT_OUTPUT_PACKET @@ -69,7 +69,7 @@ def print_output_rules(packets,mls,mcs): line += ":"+DEFAULT_MLS elif mcs: line += ":"+DEFAULT_MCS - print line + print(line) for i in packets: for j in i.ports: @@ -78,10 +78,10 @@ def print_output_rules(packets,mls,mcs): line += ":"+j.mls_sens elif mcs: line += ":"+j.mcs_cats - print line + print(line) - print "post -A selinux_new_output -j CONNSECMARK --save" - print "post -A selinux_new_output -j RETURN" + print("post -A selinux_new_output -j CONNSECMARK --save") + print("post -A selinux_new_output -j RETURN") def parse_corenet(file_name): packets = [] @@ -96,14 +96,14 @@ def parse_corenet(file_name): break if NETPORT.match(corenet_line): - corenet_line = corenet_line.strip(); + corenet_line = corenet_line.strip() # parse out the parameters - openparen = string.find(corenet_line,'(')+1 - closeparen = string.find(corenet_line,')',openparen) + openparen = corenet_line.find('(')+1 + closeparen = corenet_line.find(')',openparen) parms = re.split('\W+',corenet_line[openparen:closeparen]) name = parms[0] - del parms[0]; + del parms[0] ports = [] while len(parms) > 0: @@ -118,33 +118,33 @@ def parse_corenet(file_name): return packets def print_netfilter_config(packets,mls,mcs): - print "pre *mangle" - print "pre :PREROUTING ACCEPT [0:0]" - print "pre :INPUT ACCEPT [0:0]" - print "pre :FORWARD ACCEPT [0:0]" - print "pre :OUTPUT ACCEPT [0:0]" - print "pre :POSTROUTING ACCEPT [0:0]" - print "pre :selinux_input - [0:0]" - print "pre :selinux_output - [0:0]" - print "pre :selinux_new_input - [0:0]" - print "pre :selinux_new_output - [0:0]" - print "pre -A INPUT -j selinux_input" - print "pre -A OUTPUT -j selinux_output" - print "pre -A selinux_input -m state --state NEW -j selinux_new_input" - print "pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore" - print "pre -A selinux_output -m state --state NEW -j selinux_new_output" - print "pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore" + print("pre *mangle") + print("pre :PREROUTING ACCEPT [0:0]") + print("pre :INPUT ACCEPT [0:0]") + print("pre :FORWARD ACCEPT [0:0]") + print("pre :OUTPUT ACCEPT [0:0]") + print("pre :POSTROUTING ACCEPT [0:0]") + print("pre :selinux_input - [0:0]") + print("pre :selinux_output - [0:0]") + print("pre :selinux_new_input - [0:0]") + print("pre :selinux_new_output - [0:0]") + print("pre -A INPUT -j selinux_input") + print("pre -A OUTPUT -j selinux_output") + print("pre -A selinux_input -m state --state NEW -j selinux_new_input") + print("pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore") + print("pre -A selinux_output -m state --state NEW -j selinux_new_output") + print("pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore") print_input_rules(packets,mls,mcs) print_output_rules(packets,mls,mcs) - print "post COMMIT" + print("post COMMIT") mls = False mcs = False try: opts, paths = getopt.getopt(sys.argv[1:],'mc',['mls','mcs']) -except getopt.GetoptError, error: - print "Invalid options." +except getopt.GetoptError: + print("Invalid options.") sys.exit(1) for o, a in opts: diff --git a/support/policyvers.py b/support/policyvers.py index 834ff3db8..26e6f15c4 100644 --- a/support/policyvers.py +++ b/support/policyvers.py @@ -1,5 +1,6 @@ -#!/usr/bin/python -from __future__ import print_function +#!/usr/bin/env python3 + import selinux + if selinux.is_selinux_enabled(): print(selinux.security_policyvers()) diff --git a/support/pyplate.py b/support/pyplate.py index bc0b6df8a..28c61088f 100644 --- a/support/pyplate.py +++ b/support/pyplate.py @@ -1,3 +1,5 @@ +#!/usr/bin/env python3 + """PyPlate : a simple Python-based templating program PyPlate parses a file and replaces directives (in double square brackets [[ ... ]]) @@ -50,8 +52,7 @@ PyPlate defines the following directives: # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # -from __future__ import nested_scopes -import sys, string, re, io +import sys, re, io re_directive = re.compile("\[\[(.*)\]\]") re_for_loop = re.compile("for (.*) in (.*)") @@ -307,7 +308,6 @@ class ExecTemplateNode(LeafTemplateNode): def execute(self, stream, data): exec(self.s, globals(), data) - pass class CallTemplateNode(LeafTemplateNode): def __init__(self, parent, s): @@ -363,7 +363,7 @@ def TemplateNodeFactory(parent): def is_sequence(object): try: - test = object[0:0] + object[0:0] except: return False else: diff --git a/support/sedoctool.py b/support/sedoctool.py index c98a7f34b..de8486316 100644 --- a/support/sedoctool.py +++ b/support/sedoctool.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # Author: Joshua Brindle <jbrindle@tresys.com> # Caleb Case <ccase@tresys.com> @@ -17,8 +17,7 @@ import sys import getopt import pyplate import os -import string -from xml.dom.minidom import parse, parseString +from xml.dom.minidom import parseString #modules enabled and disabled values MOD_BASE = "base" @@ -29,11 +28,6 @@ MOD_DISABLED = "off" BOOL_ENABLED = "true" BOOL_DISABLED = "false" -#tunables enabled and disabled values -TUN_ENABLED = "true" -TUN_DISABLED = "false" - - def read_policy_xml(filename): """ Takes in XML from a file and returns a parsed file. @@ -451,7 +445,6 @@ def gen_docs(doc, working_dir, templatedir): interface_parameters = [] interface_desc = interface_summary = None interface_name = interface.getAttribute("name") - interface_line = interface.getAttribute("lineno") for desc in interface.childNodes: if desc.nodeName == "desc": interface_desc = format_html_desc(desc) @@ -497,7 +490,6 @@ def gen_docs(doc, working_dir, templatedir): template_parameters = [] template_desc = template_summary = None template_name = template.getAttribute("name") - template_line = template.getAttribute("lineno") for desc in template.childNodes: if desc.nodeName == "desc": template_desc = format_html_desc(desc) @@ -540,7 +532,6 @@ def gen_docs(doc, working_dir, templatedir): #generate 'boolean' pages booleans = [] for boolean in node.getElementsByTagName("bool"): - boolean_parameters = [] boolean_desc = None boolean_name = boolean.getAttribute("name") boolean_dftval = boolean.getAttribute("dftval") @@ -564,7 +555,6 @@ def gen_docs(doc, working_dir, templatedir): #generate 'tunable' pages tunables = [] for tunable in node.getElementsByTagName("tunable"): - tunable_parameters = [] tunable_desc = None tunable_name = tunable.getAttribute("name") tunable_dftval = tunable.getAttribute("dftval") diff --git a/support/segenxml.py b/support/segenxml.py index ab8ee5200..383428df2 100644 --- a/support/segenxml.py +++ b/support/segenxml.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python3 # Author(s): Donald Miner <dminer@tresys.com> # Dave Sugar <dsugar@tresys.com> @@ -17,21 +17,12 @@ import sys import os -import glob import re import getopt # GLOBALS # Default values of command line arguments: -warn = False -meta = "metadata" -third_party = "third-party" -layers = {} -tunable_files = [] -bool_files = [] -xml_tunable_files = [] -xml_bool_files = [] output_dir = "" # Pre compiled regular expressions: @@ -83,7 +74,7 @@ def getModuleXML(file_name): module_file = open(module_if, "r") module_code = module_file.readlines() module_file.close() - except: + except OSError: warning("cannot open file %s for read, skipping" % file_name) return [] @@ -200,7 +191,7 @@ def getTunableXML(file_name, kind): tunable_file = open(file_name, "r") tunable_code = tunable_file.readlines() tunable_file.close() - except: + except OSError: warning("cannot open file %s for read, skipping" % file_name) return [] @@ -250,61 +241,11 @@ def getTunableXML(file_name, kind): for tunable_line in tunable_buf: xml_outfile.write (tunable_line) xml_outfile.close() - except: + except OSError: warning ("cannot write to file %s, skipping creation" % xmlfile) return tunable_buf -def getXMLFileContents (file_name): - ''' - Return all the XML in the file specified. - ''' - - tunable_buf = [] - # Try to open the xml file for this type of file - # append the contents to the buffer. - try: - tunable_xml = open(file_name, "r") - tunable_buf += tunable_xml.readlines() - tunable_xml.close() - except: - warning("cannot open file %s for read, assuming no data" % file_name) - - return tunable_buf - -def getPolicyXML(): - ''' - Return the compelete reference policy XML documentation through a list, - one line per item. - ''' - - policy_buf = [] - policy_buf.append("<policy>\n") - - # Add to the XML each layer specified by the user. - for layer in layers.keys (): - policy_buf += getLayerXML(layer, layers[layer]) - - # Add to the XML each tunable file specified by the user. - for tunable_file in tunable_files: - policy_buf += getTunableXML(tunable_file, "tunable") - - # Add to the XML each XML tunable file specified by the user. - for tunable_file in xml_tunable_files: - policy_buf += getXMLFileContents (tunable_file) - - # Add to the XML each bool file specified by the user. - for bool_file in bool_files: - policy_buf += getTunableXML(bool_file, "bool") - - # Add to the XML each XML bool file specified by the user. - for bool_file in xml_bool_files: - policy_buf += getXMLFileContents (bool_file) - - policy_buf.append("</policy>\n") - - return policy_buf - def usage(): """ Displays a message describing the proper usage of this script. @@ -388,4 +329,3 @@ elif boolean: else: usage() sys.exit(2) - |