aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile14
-rw-r--r--support/genclassperms.py6
-rw-r--r--support/genhomedircon.py (renamed from support/genhomedircon)126
-rw-r--r--support/gennetfilter.py68
-rw-r--r--support/policyvers.py5
-rw-r--r--support/pyplate.py8
-rw-r--r--support/sedoctool.py14
-rw-r--r--support/segenxml.py68
8 files changed, 121 insertions, 188 deletions
diff --git a/Makefile b/Makefile
index 13fb9f8ed..9c580a0b0 100644
--- a/Makefile
+++ b/Makefile
@@ -71,7 +71,7 @@ AWK ?= gawk
GREP ?= egrep
INSTALL ?= install
M4 ?= m4 -E -E
-PYTHON ?= python -t -t
+PYTHON ?= python -t -t -E -W error
SED ?= sed
SORT ?= LC_ALL=C sort
UMASK ?= umask
@@ -94,22 +94,22 @@ endif
# policy building support tools
support := support
-genxml := $(PYTHON) -E $(support)/segenxml.py
-gendoc := $(PYTHON) -E $(support)/sedoctool.py
-genperm := $(PYTHON) -E $(support)/genclassperms.py
-policyvers := $(PYTHON) -E $(support)/policyvers.py
+genxml := $(PYTHON) $(support)/segenxml.py
+gendoc := $(PYTHON) $(support)/sedoctool.py
+genperm := $(PYTHON) $(support)/genclassperms.py
+policyvers := $(PYTHON) $(support)/policyvers.py
fcsort := $(tmpdir)/fc_sort
setbools := $(AWK) -f $(support)/set_bools_tuns.awk
get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed
comment_move_decl := $(SED) -r -f $(support)/comment_move_decl.sed
-gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
+gennetfilter := $(PYTHON) $(support)/gennetfilter.py
m4iferror := $(support)/iferror.m4
m4divert := $(support)/divert.m4
m4undivert := $(support)/undivert.m4
m4terminate := $(support)/fatal_error.m4
# use our own genhomedircon to make sure we have a known usable one,
# so policycoreutils updates are not required (RHEL4)
-genhomedircon := $(PYTHON) -E $(support)/genhomedircon
+genhomedircon := $(PYTHON) $(support)/genhomedircon.py
# documentation paths
docs := doc
diff --git a/support/genclassperms.py b/support/genclassperms.py
index 03f31ad0a..a9c634c43 100644
--- a/support/genclassperms.py
+++ b/support/genclassperms.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
# Author: Donald Miner <dminer@tresys.com>
#
@@ -120,8 +120,10 @@ def get_av_db(file_name):
# Figure out whether the next class will be a common or a class.
if av_data[0] == "class":
common = False
+ keyword = "class"
elif av_data[0] == "common":
common = True
+ keyword = "common"
else:
error("Unexpected token in file " + file_name + ": "\
+ av_data[0] + ".")
@@ -249,7 +251,7 @@ def gen_class_perms(av_db, sc_db):
class_perms = ""
for obj in av_db:
# Don't output commons
- if obj.common == True:
+ if obj.common:
continue
# Get the list of permissions from the specified class.
diff --git a/support/genhomedircon b/support/genhomedircon.py
index 355ecb7b1..e14f9fbf3 100644
--- a/support/genhomedircon
+++ b/support/genhomedircon.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#!/usr/bin/env python3
# Copyright (C) 2004 Tresys Technology, LLC
# see file 'COPYING' for use and warranty information
#
@@ -40,13 +40,13 @@
# are always "real" (including root, in the default configuration).
#
-import commands, sys, os, pwd, string, getopt, re
+import subprocess, sys, os, pwd, getopt, re
EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"]
def getStartingUID():
- starting_uid = sys.maxint
- rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs")
+ starting_uid = 99999
+ rc=subprocess.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs")
if rc[0] == 0:
uid_min = re.sub("^UID_MIN[^0-9]*", "", rc[1])
#stip any comment from the end of the line
@@ -54,7 +54,7 @@ def getStartingUID():
uid_min = uid_min.strip()
if int(uid_min) < starting_uid:
starting_uid = int(uid_min)
- rc=commands.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf")
+ rc=subprocess.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf")
if rc[0] == 0:
lu_uidnumber = re.sub("^LU_UIDNUMBER[^0-9]*", "", rc[1])
#stip any comment from the end of the line
@@ -63,7 +63,7 @@ def getStartingUID():
lu_uidnumber = lu_uidnumber.strip()
if int(lu_uidnumber) < starting_uid:
starting_uid = int(lu_uidnumber)
- if starting_uid == sys.maxint:
+ if starting_uid == 99999:
starting_uid = 500
return starting_uid
@@ -80,14 +80,14 @@ def getPrefixes():
if u[2] >= STARTING_UID and \
not u[6] in EXCLUDE_LOGINS and \
u[5] != "/" and \
- string.count(u[5], "/") > 1:
- prefix = u[5][:string.rfind(u[5], "/")]
+ u[5].count("/") > 1:
+ prefix = u[5][:u[5].rfind("/")]
if not prefix in prefixes:
prefixes[prefix] = ""
return prefixes
def getUsers(filecontextdir):
- rc = commands.getstatusoutput("grep ^user %s/users" % filecontextdir)
+ rc = subprocess.getstatusoutput("grep ^user %s/users" % filecontextdir)
udict = {}
if rc[0] == 0:
ulist = rc[1].strip().split("\n")
@@ -113,22 +113,22 @@ def getUsers(filecontextdir):
return udict
def update(filecontext, user, prefs):
- rc=commands.getstatusoutput("grep -h '^HOME_DIR' %s | grep -v vmware | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (filecontext, prefs["home"], prefs["role"], user))
+ rc=subprocess.getstatusoutput("grep -h '^HOME_DIR' %s | grep -v vmware | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (filecontext, prefs["home"], prefs["role"], user))
if rc[0] == 0:
- print rc[1]
+ print(rc[1])
else:
- errorExit(string.join("grep/sed error ", rc[1]))
+ errorExit("grep/sed error " + rc[1])
return rc
def oldgenhomedircon(filecontextdir, filecontext):
- sys.stderr.flush()
+ sys.stderr.flush()
- if os.path.isdir(filecontextdir) == 0:
- sys.stderr.write("New usage is the following\n")
- usage()
+ if os.path.isdir(filecontextdir) == 0:
+ sys.stderr.write("New usage is the following\n")
+ usage()
#We are going to define home directory used by libuser and show-utils as a home directory root
prefixes = {}
- rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
+ rc=subprocess.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
if rc[0] == 0:
homedir = rc[1].split("=")[1]
homedir = homedir.split("#")[0]
@@ -143,7 +143,7 @@ def oldgenhomedircon(filecontextdir, filecontext):
sys.stderr.flush()
- rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
+ rc=subprocess.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
if rc[0] == 0:
homedir = rc[1].split("=")[1]
homedir = homedir.split("#")[0]
@@ -165,7 +165,7 @@ def oldgenhomedircon(filecontextdir, filecontext):
#this works by grepping the file_contexts for
# 1. ^/ makes sure this is not a comment
# 2. prints only the regex in the first column first cut on \t then on space
- rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % (sys.argv[2]) )
+ rc=subprocess.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % (sys.argv[2]) )
if rc[0] == 0:
prefix_regex = rc[1].split("\n")
else:
@@ -199,23 +199,23 @@ def oldgenhomedircon(filecontextdir, filecontext):
sys.stderr.flush()
prefixes["/home"] = ""
- # There may be a more elegant sed script to expand a macro to multiple lines, but this works
- sed_root = "h; s|^HOME_ROOT|%s|" % (string.join(prefixes.keys(), "|; p; g; s|^HOME_ROOT|"),)
- sed_dir = "h; s|^HOME_DIR|%s/[^/]+|; s|ROLE_|user_|" % (string.join(prefixes.keys(), "/[^/]+|; s|ROLE_|user_|; p; g; s|^HOME_DIR|"),)
+ # There may be a more elegant sed script to expand a macro to multiple lines, but this works
+ sed_root = "h; s|^HOME_ROOT|%s|" % (prefixes.keys() + "|; p; g; s|^HOME_ROOT|")
+ sed_dir = "h; s|^HOME_DIR|%s/[^/]+|; s|ROLE_|user_|" % (prefixes.keys() + "/[^/]+|; s|ROLE_|user_|; p; g; s|^HOME_DIR|")
- # Fill in HOME_ROOT, HOME_DIR, and ROLE for users not explicitly defined in /etc/security/selinux/src/policy/users
- rc=commands.getstatusoutput("sed -e \"/^HOME_ROOT/{%s}\" -e \"/^HOME_DIR/{%s}\" %s" % (sed_root, sed_dir, filecontext))
- if rc[0] == 0:
- print rc[1]
- else:
- errorExit(string.join("sed error ", rc[1]))
+ # Fill in HOME_ROOT, HOME_DIR, and ROLE for users not explicitly defined in /etc/security/selinux/src/policy/users
+ rc=subprocess.getstatusoutput("sed -e \"/^HOME_ROOT/{%s}\" -e \"/^HOME_DIR/{%s}\" %s" % (sed_root, sed_dir, filecontext))
+ if rc[0] == 0:
+ print(rc[1])
+ else:
+ errorExit("sed error " + rc[1])
- users = getUsers(filecontextdir)
- print "\n#\n# User-specific file contexts\n#\n"
+ users = getUsers(filecontextdir)
+ print("\n#\n# User-specific file contexts\n#\n")
- # Fill in HOME and ROLE for users that are defined
- for u in users.keys():
- update(filecontext, u, users[u])
+ # Fill in HOME and ROLE for users that are defined
+ for u in users.keys():
+ update(filecontext, u, users[u])
#############################################################################
#
@@ -225,7 +225,7 @@ def oldgenhomedircon(filecontextdir, filecontext):
def getDefaultHomeDir():
ret = []
- rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
+ rc=subprocess.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
if rc[0] == 0:
homedir = rc[1].split("=")[1]
homedir = homedir.split("#")[0]
@@ -238,7 +238,7 @@ def getDefaultHomeDir():
sys.stderr.write("%s\n" % rc[1])
sys.stderr.write("You do not have access to /etc/default/useradd HOME=\n")
sys.stderr.flush()
- rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
+ rc=subprocess.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
if rc[0] == 0:
homedir = rc[1].split("=")[1]
homedir = homedir.split("#")[0]
@@ -256,7 +256,7 @@ def getDefaultHomeDir():
return ret
def getSELinuxType(directory):
- rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory)
+ rc=subprocess.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory)
if rc[0]==0:
return rc[1].split("=")[-1].strip()
return "targeted"
@@ -279,37 +279,37 @@ def errorExit(error):
sys.exit(1)
class selinuxConfig:
- def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1):
- self.type=type
+ def __init__(self, selinuxdir="/etc/selinux", setype="targeted", usepwd=1):
+ self.setype=setype
self.selinuxdir=selinuxdir +"/"
self.contextdir="/contexts"
self.filecontextdir=self.contextdir+"/files"
self.usepwd=usepwd
def getFileContextDir(self):
- return self.selinuxdir+self.type+self.filecontextdir
+ return self.selinuxdir+self.setype+self.filecontextdir
def getFileContextFile(self):
return self.getFileContextDir()+"/file_contexts"
def getContextDir(self):
- return self.selinuxdir+self.type+self.contextdir
+ return self.selinuxdir+self.setype+self.contextdir
def getHomeDirTemplate(self):
return self.getFileContextDir()+"/homedir_template"
def getHomeRootContext(self, homedir):
- rc=commands.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))
+ rc=subprocess.getstatusoutput("grep HOME_ROOT %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))
if rc[0] == 0:
return rc[1]+"\n"
else:
- errorExit(string.join("sed error ", rc[1]))
+ errorExit("sed error " + rc[1])
def getUsersFile(self):
- return self.selinuxdir+self.type+"/users/local.users"
+ return self.selinuxdir+self.setype+"/users/local.users"
def getSystemUsersFile(self):
- return self.selinuxdir+self.type+"/users/system.users"
+ return self.selinuxdir+self.setype+"/users/system.users"
def heading(self):
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
@@ -318,10 +318,10 @@ class selinuxConfig:
def getUsers(self):
users=""
- rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
+ rc = subprocess.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
if rc[0] == 0:
users+=rc[1]+"\n"
- rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile())
+ rc = subprocess.getstatusoutput("grep ^user %s" % self.getUsersFile())
if rc[0] == 0:
users+=rc[1]
udict = {}
@@ -351,7 +351,7 @@ class selinuxConfig:
def getHomeDirContext(self, user, home, role):
ret="\n\n#\n# Context for user %s\n#\n\n" % user
- rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
+ rc=subprocess.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
return ret + rc[1] + "\n"
def genHomeDirContext(self):
@@ -363,12 +363,12 @@ class selinuxConfig:
return ret+"\n"
def checkExists(self, home):
- if commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0:
+ if subprocess.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0:
return 0
#this works by grepping the file_contexts for
# 1. ^/ makes sure this is not a comment
# 2. prints only the regex in the first column first cut on \t then on space
- rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % self.getFileContextFile() )
+ rc=subprocess.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " % self.getFileContextFile() )
if rc[0] == 0:
prefix_regex = rc[1].split("\n")
else:
@@ -406,8 +406,8 @@ class selinuxConfig:
if u[2] >= starting_uid and \
not u[6] in EXCLUDE_LOGINS and \
u[5] != "/" and \
- string.count(u[5], "/") > 1:
- homedir = u[5][:string.rfind(u[5], "/")]
+ u[5].count("/") > 1:
+ homedir = u[5][:u[5].rfind("/")]
if not homedir in homedirs:
if self.checkExists(homedir)==0:
warning("%s is already defined in %s,\n%s will not create a new context." % (homedir, self.getFileContextFile(), sys.argv[0]))
@@ -426,14 +426,14 @@ class selinuxConfig:
return ret
def printout(self):
- print self.genoutput()
+ print(self.genoutput())
def write(self):
try:
fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")
fd.write(self.genoutput())
fd.close()
- except IOError, error:
+ except IOError as error:
sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
@@ -445,14 +445,14 @@ class selinuxConfig:
try:
usepwd=1
directory="/etc/selinux"
- type=None
+ setype=None
gopts, cmds = getopt.getopt(sys.argv[1:], 'nd:t:', ['help',
'type=',
'nopasswd',
'dir='])
for o,a in gopts:
if o == '--type' or o == "-t":
- type=a
+ setype=a
if o == '--nopasswd' or o == "-n":
usepwd=0
if o == '--dir' or o == "-d":
@@ -461,8 +461,8 @@ try:
usage()
- if type==None:
- type=getSELinuxType(directory)
+ if setype is None:
+ setype=getSELinuxType(directory)
if len(cmds) == 2:
oldgenhomedircon(cmds[0], cmds[1])
@@ -470,12 +470,12 @@ try:
if len(cmds) != 0:
usage()
- selconf=selinuxConfig(directory, type, usepwd)
+ selconf=selinuxConfig(directory, setype, usepwd)
selconf.write()
-except getopt.error, error:
- errorExit(string.join("Options Error ", error))
-except ValueError, error:
- errorExit(string.join("ValueError ", error))
-except IndexError, error:
+except getopt.error as error:
+ errorExit("Options Error " + error)
+except ValueError as error:
+ errorExit("ValueError " + error)
+except IndexError:
errorExit("IndexError")
diff --git a/support/gennetfilter.py b/support/gennetfilter.py
index a7c9036e5..7c9a85c7d 100644
--- a/support/gennetfilter.py
+++ b/support/gennetfilter.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
# Author: Chris PeBenito <cpebenito@tresys.com>
#
@@ -7,7 +7,7 @@
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 2.
-import sys,string,getopt,re
+import sys,getopt,re
NETPORT = re.compile("^network_port\(\s*\w+\s*(\s*,\s*\w+\s*,\s*\w+\s*,\s*\w+\s*)+\s*\)\s*(#|$)")
@@ -20,7 +20,7 @@ PACKET_INPUT = "_server_packet_t"
PACKET_OUTPUT = "_client_packet_t"
class Port:
- def __init__(self, proto, num, mls_sens, mcs_cats=""):
+ def __init__(self, proto, num, mls_sens):
# protocol of the port
self.proto = proto
@@ -49,7 +49,7 @@ def print_input_rules(packets,mls,mcs):
elif mcs:
line += ":"+DEFAULT_MCS
- print line
+ print(line)
for i in packets:
for j in i.ports:
@@ -58,10 +58,10 @@ def print_input_rules(packets,mls,mcs):
line += ":"+j.mls_sens
elif mcs:
line += ":"+j.mcs_cats
- print line
+ print(line)
- print "post -A selinux_new_input -j CONNSECMARK --save"
- print "post -A selinux_new_input -j RETURN"
+ print("post -A selinux_new_input -j CONNSECMARK --save")
+ print("post -A selinux_new_input -j RETURN")
def print_output_rules(packets,mls,mcs):
line = "base -A selinux_new_output -j SECMARK --selctx system_u:object_r:"+DEFAULT_OUTPUT_PACKET
@@ -69,7 +69,7 @@ def print_output_rules(packets,mls,mcs):
line += ":"+DEFAULT_MLS
elif mcs:
line += ":"+DEFAULT_MCS
- print line
+ print(line)
for i in packets:
for j in i.ports:
@@ -78,10 +78,10 @@ def print_output_rules(packets,mls,mcs):
line += ":"+j.mls_sens
elif mcs:
line += ":"+j.mcs_cats
- print line
+ print(line)
- print "post -A selinux_new_output -j CONNSECMARK --save"
- print "post -A selinux_new_output -j RETURN"
+ print("post -A selinux_new_output -j CONNSECMARK --save")
+ print("post -A selinux_new_output -j RETURN")
def parse_corenet(file_name):
packets = []
@@ -96,14 +96,14 @@ def parse_corenet(file_name):
break
if NETPORT.match(corenet_line):
- corenet_line = corenet_line.strip();
+ corenet_line = corenet_line.strip()
# parse out the parameters
- openparen = string.find(corenet_line,'(')+1
- closeparen = string.find(corenet_line,')',openparen)
+ openparen = corenet_line.find('(')+1
+ closeparen = corenet_line.find(')',openparen)
parms = re.split('\W+',corenet_line[openparen:closeparen])
name = parms[0]
- del parms[0];
+ del parms[0]
ports = []
while len(parms) > 0:
@@ -118,33 +118,33 @@ def parse_corenet(file_name):
return packets
def print_netfilter_config(packets,mls,mcs):
- print "pre *mangle"
- print "pre :PREROUTING ACCEPT [0:0]"
- print "pre :INPUT ACCEPT [0:0]"
- print "pre :FORWARD ACCEPT [0:0]"
- print "pre :OUTPUT ACCEPT [0:0]"
- print "pre :POSTROUTING ACCEPT [0:0]"
- print "pre :selinux_input - [0:0]"
- print "pre :selinux_output - [0:0]"
- print "pre :selinux_new_input - [0:0]"
- print "pre :selinux_new_output - [0:0]"
- print "pre -A INPUT -j selinux_input"
- print "pre -A OUTPUT -j selinux_output"
- print "pre -A selinux_input -m state --state NEW -j selinux_new_input"
- print "pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore"
- print "pre -A selinux_output -m state --state NEW -j selinux_new_output"
- print "pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore"
+ print("pre *mangle")
+ print("pre :PREROUTING ACCEPT [0:0]")
+ print("pre :INPUT ACCEPT [0:0]")
+ print("pre :FORWARD ACCEPT [0:0]")
+ print("pre :OUTPUT ACCEPT [0:0]")
+ print("pre :POSTROUTING ACCEPT [0:0]")
+ print("pre :selinux_input - [0:0]")
+ print("pre :selinux_output - [0:0]")
+ print("pre :selinux_new_input - [0:0]")
+ print("pre :selinux_new_output - [0:0]")
+ print("pre -A INPUT -j selinux_input")
+ print("pre -A OUTPUT -j selinux_output")
+ print("pre -A selinux_input -m state --state NEW -j selinux_new_input")
+ print("pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore")
+ print("pre -A selinux_output -m state --state NEW -j selinux_new_output")
+ print("pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore")
print_input_rules(packets,mls,mcs)
print_output_rules(packets,mls,mcs)
- print "post COMMIT"
+ print("post COMMIT")
mls = False
mcs = False
try:
opts, paths = getopt.getopt(sys.argv[1:],'mc',['mls','mcs'])
-except getopt.GetoptError, error:
- print "Invalid options."
+except getopt.GetoptError:
+ print("Invalid options.")
sys.exit(1)
for o, a in opts:
diff --git a/support/policyvers.py b/support/policyvers.py
index 834ff3db8..26e6f15c4 100644
--- a/support/policyvers.py
+++ b/support/policyvers.py
@@ -1,5 +1,6 @@
-#!/usr/bin/python
-from __future__ import print_function
+#!/usr/bin/env python3
+
import selinux
+
if selinux.is_selinux_enabled():
print(selinux.security_policyvers())
diff --git a/support/pyplate.py b/support/pyplate.py
index bc0b6df8a..28c61088f 100644
--- a/support/pyplate.py
+++ b/support/pyplate.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
"""PyPlate : a simple Python-based templating program
PyPlate parses a file and replaces directives (in double square brackets [[ ... ]])
@@ -50,8 +52,7 @@ PyPlate defines the following directives:
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-from __future__ import nested_scopes
-import sys, string, re, io
+import sys, re, io
re_directive = re.compile("\[\[(.*)\]\]")
re_for_loop = re.compile("for (.*) in (.*)")
@@ -307,7 +308,6 @@ class ExecTemplateNode(LeafTemplateNode):
def execute(self, stream, data):
exec(self.s, globals(), data)
- pass
class CallTemplateNode(LeafTemplateNode):
def __init__(self, parent, s):
@@ -363,7 +363,7 @@ def TemplateNodeFactory(parent):
def is_sequence(object):
try:
- test = object[0:0]
+ object[0:0]
except:
return False
else:
diff --git a/support/sedoctool.py b/support/sedoctool.py
index c98a7f34b..de8486316 100644
--- a/support/sedoctool.py
+++ b/support/sedoctool.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
# Author: Joshua Brindle <jbrindle@tresys.com>
# Caleb Case <ccase@tresys.com>
@@ -17,8 +17,7 @@ import sys
import getopt
import pyplate
import os
-import string
-from xml.dom.minidom import parse, parseString
+from xml.dom.minidom import parseString
#modules enabled and disabled values
MOD_BASE = "base"
@@ -29,11 +28,6 @@ MOD_DISABLED = "off"
BOOL_ENABLED = "true"
BOOL_DISABLED = "false"
-#tunables enabled and disabled values
-TUN_ENABLED = "true"
-TUN_DISABLED = "false"
-
-
def read_policy_xml(filename):
"""
Takes in XML from a file and returns a parsed file.
@@ -451,7 +445,6 @@ def gen_docs(doc, working_dir, templatedir):
interface_parameters = []
interface_desc = interface_summary = None
interface_name = interface.getAttribute("name")
- interface_line = interface.getAttribute("lineno")
for desc in interface.childNodes:
if desc.nodeName == "desc":
interface_desc = format_html_desc(desc)
@@ -497,7 +490,6 @@ def gen_docs(doc, working_dir, templatedir):
template_parameters = []
template_desc = template_summary = None
template_name = template.getAttribute("name")
- template_line = template.getAttribute("lineno")
for desc in template.childNodes:
if desc.nodeName == "desc":
template_desc = format_html_desc(desc)
@@ -540,7 +532,6 @@ def gen_docs(doc, working_dir, templatedir):
#generate 'boolean' pages
booleans = []
for boolean in node.getElementsByTagName("bool"):
- boolean_parameters = []
boolean_desc = None
boolean_name = boolean.getAttribute("name")
boolean_dftval = boolean.getAttribute("dftval")
@@ -564,7 +555,6 @@ def gen_docs(doc, working_dir, templatedir):
#generate 'tunable' pages
tunables = []
for tunable in node.getElementsByTagName("tunable"):
- tunable_parameters = []
tunable_desc = None
tunable_name = tunable.getAttribute("name")
tunable_dftval = tunable.getAttribute("dftval")
diff --git a/support/segenxml.py b/support/segenxml.py
index ab8ee5200..383428df2 100644
--- a/support/segenxml.py
+++ b/support/segenxml.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
# Author(s): Donald Miner <dminer@tresys.com>
# Dave Sugar <dsugar@tresys.com>
@@ -17,21 +17,12 @@
import sys
import os
-import glob
import re
import getopt
# GLOBALS
# Default values of command line arguments:
-warn = False
-meta = "metadata"
-third_party = "third-party"
-layers = {}
-tunable_files = []
-bool_files = []
-xml_tunable_files = []
-xml_bool_files = []
output_dir = ""
# Pre compiled regular expressions:
@@ -83,7 +74,7 @@ def getModuleXML(file_name):
module_file = open(module_if, "r")
module_code = module_file.readlines()
module_file.close()
- except:
+ except OSError:
warning("cannot open file %s for read, skipping" % file_name)
return []
@@ -200,7 +191,7 @@ def getTunableXML(file_name, kind):
tunable_file = open(file_name, "r")
tunable_code = tunable_file.readlines()
tunable_file.close()
- except:
+ except OSError:
warning("cannot open file %s for read, skipping" % file_name)
return []
@@ -250,61 +241,11 @@ def getTunableXML(file_name, kind):
for tunable_line in tunable_buf:
xml_outfile.write (tunable_line)
xml_outfile.close()
- except:
+ except OSError:
warning ("cannot write to file %s, skipping creation" % xmlfile)
return tunable_buf
-def getXMLFileContents (file_name):
- '''
- Return all the XML in the file specified.
- '''
-
- tunable_buf = []
- # Try to open the xml file for this type of file
- # append the contents to the buffer.
- try:
- tunable_xml = open(file_name, "r")
- tunable_buf += tunable_xml.readlines()
- tunable_xml.close()
- except:
- warning("cannot open file %s for read, assuming no data" % file_name)
-
- return tunable_buf
-
-def getPolicyXML():
- '''
- Return the compelete reference policy XML documentation through a list,
- one line per item.
- '''
-
- policy_buf = []
- policy_buf.append("<policy>\n")
-
- # Add to the XML each layer specified by the user.
- for layer in layers.keys ():
- policy_buf += getLayerXML(layer, layers[layer])
-
- # Add to the XML each tunable file specified by the user.
- for tunable_file in tunable_files:
- policy_buf += getTunableXML(tunable_file, "tunable")
-
- # Add to the XML each XML tunable file specified by the user.
- for tunable_file in xml_tunable_files:
- policy_buf += getXMLFileContents (tunable_file)
-
- # Add to the XML each bool file specified by the user.
- for bool_file in bool_files:
- policy_buf += getTunableXML(bool_file, "bool")
-
- # Add to the XML each XML bool file specified by the user.
- for bool_file in xml_bool_files:
- policy_buf += getXMLFileContents (bool_file)
-
- policy_buf.append("</policy>\n")
-
- return policy_buf
-
def usage():
"""
Displays a message describing the proper usage of this script.
@@ -388,4 +329,3 @@ elif boolean:
else:
usage()
sys.exit(2)
-