File policygentool of Package selinux-policy

#! /usr/bin/env python
# Copyright (C) 2006 Red Hat 
# see file 'COPYING' for use and warranty information
#
# policygentool is a tool for the initial generation of SELinux policy
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of the GNU General Public License as
#    published by the Free Software Foundation; either version 2 of
#    the License, or (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     
#                                        02111-1307  USA
#
#  
import os, sys, getopt
import re
def errorExit(error):
	sys.stderr.write("%s: " % sys.argv[0])
	sys.stderr.write("%s\n" % error)
	sys.stderr.flush()
	sys.exit(1)


if __name__ == '__main__':
	def usage(message = ""):
		print '%s ModuleName Executable' % sys.argv[0]
		sys.exit(1)
		
	if len(sys.argv) != 3:
		usage()

	print """\n
This tool generate three files for policy development, A Type Enforcement (te)
file, a File Context (fc), and a Interface File(if).  Most of the policy rules
will be written in the te file.  Use the File Context file to associate file
paths with security context.  Use the interface rules to allow other protected
domains to interact with the newly defined domains.

After generating these files use the /usr/share/selinux/devel/Makefile to
compile your policy package.  Then use the semodule tool to load it.

# /usr/share/selinux/devel/policygentool myapp /usr/bin/myapp
# make -f /usr/share/selinux/devel/Makefile
# semodule -i myapp.pp
# restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"

Now you can turn on permissive mode, start your application and avc messages
will be generated.  You can use audit2allow to help translate the avc messages
into policy.

# setenforce 0
# service myapp start
# audit2allow -R -i /var/log/audit/audit.log

Return to continue:"""
        sys.stdin.readline().rstrip()

	while True:
		print """
		What type of application are you trying to confine?
		1. Standard Init Daemon
		2. Internet Services Daemon (inetd)
		3  Web Application/Script (cgi)
		4  User Application
		"""
		input = sys.stdin.readline().rstrip()
		if input > "0" and input < 5:
			type = int(type)
			break
		
	print 'If the module uses pidfiles, what is the pidfile called?'
	pidfile = sys.stdin.readline().rstrip()
	if pidfile == "":
		pidfile = None
	print 'If the module uses logfiles, where are they stored?'
	logfile = sys.stdin.readline().rstrip()
	if logfile == "":
		logfile = None
	print 'If the module has var/lib files, where are they stored?'
	libfile = sys.stdin.readline().rstrip()
	if libfile == "":
		libfile = None
	print 'Does the module have a init script? [yN]'
	initsc = sys.stdin.readline().rstrip()
	if initsc == "" or initsc == "n" or initsc == "N":
		initsc = False
	elif initsc == "y" or initsc == "Y":
		initsc = True
	else:
		raise "Please answer with 'y' or 'n'!"
	print 'Does the module use the network? [yN]'
	network = sys.stdin.readline().rstrip()
	if network == "" or network == "n" or network == "N":
		network = False
	elif network == "y" or network == "Y":
		network = True
	else:
		raise "Please answer with 'y' or 'n'!"

	gen_policy(
		module=sys.argv[1],
		executable=sys.argv[2],
		pidfile=pidfile,
		logfile=logfile,
		libfile=libfile,
		initsc=initsc,
		network=network
	)