[policycoreutils] Improvements to sepolicy gui
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Sep 28 11:07:09 UTC 2013
commit 2683a97019151643d79517b6f445d62c64da9086
Author: Dan Walsh <dwalsh at redhat.com>
Date: Sat Sep 28 07:06:41 2013 -0400
Improvements to sepolicy gui
- Add more help information
- Cleanup code
- Add deny_ptrace on lockdown screen
- Make unconfined/permissivedomains lockdown work
- Add more support for file equivalency
policycoreutils-rhat.patch | 3768 ++++++++++++++++++++++++--------------------
policycoreutils.spec | 12 +-
sepolicy-help.tgz | Bin 950728 -> 1525795 bytes
3 files changed, 2053 insertions(+), 1727 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 1d377de..f1a441e 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -513527,10 +513527,10 @@ index 0000000..a350978
+</busconfig>
diff --git a/policycoreutils/sepolicy/org.selinux.policy b/policycoreutils/sepolicy/org.selinux.policy
new file mode 100644
-index 0000000..2943aa2
+index 0000000..c0a730c
--- /dev/null
+++ b/policycoreutils/sepolicy/org.selinux.policy
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
@@ -513576,6 +513576,15 @@ index 0000000..2943aa2
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
++ <action id="org.selinux.semodule_list">
++ <description>SELinux list modules access</description>
++ <message>System policy prevents read access to SELinux modules</message>
++ <defaults>
++ <allow_any>yes</allow_any>
++ <allow_inactive>yes</allow_inactive>
++ <allow_active>yes</allow_active>
++ </defaults>
++ </action>
+ <action id="org.selinux.relabel_on_boot">
+ <description>SELinux write access</description>
+ <message>System policy prevents relabel_on_boot access to SELinux</message>
@@ -513635,7 +513644,7 @@ index 4eca22d..2a9e1c7 100644
init_info(m);
diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py
new file mode 100644
-index 0000000..afd3f31
+index 0000000..aaa5d5b
--- /dev/null
+++ b/policycoreutils/sepolicy/selinux_client.py
@@ -0,0 +1,10 @@
@@ -513645,16 +513654,16 @@ index 0000000..afd3f31
+if __name__ == "__main__":
+ try:
+ dbus_proxy = SELinuxDBus()
-+ resp = dbus_proxy.customized()
++ resp = dbus_proxy.semodule_list()
+ print (resp)
+ except dbus.DBusException, e:
+ print e
diff --git a/policycoreutils/sepolicy/selinux_server.py b/policycoreutils/sepolicy/selinux_server.py
new file mode 100644
-index 0000000..cacb9a2
+index 0000000..e5d3103
--- /dev/null
+++ b/policycoreutils/sepolicy/selinux_server.py
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,131 @@
+#!/usr/bin/python
+
+import dbus
@@ -513683,7 +513692,7 @@ index 0000000..cacb9a2
+ p.stdin.write(buf)
+ output = p.communicate()
+ if p.returncode and p.returncode != 0:
-+ raise OSError("Failed update SELinux configuration: %s", output)
++ raise dbus.exceptions.DBusException(output[1])
+
+ #
+ # The customized method will return all of the custommizations for policy
@@ -513697,7 +513706,21 @@ index 0000000..cacb9a2
+ buf = p.stdout.read()
+ output = p.communicate()
+ if p.returncode and p.returncode != 0:
-+ raise OSError("Failed update SELinux configuration: %s", output)
++ raise OSError("Failed to read SELinux configuration: %s", output)
++ return buf
++
++ #
++ # The semodule_list method will return the output of semodule -l, using the customized polkit,
++ # since this is a readonly behaviour
++ #
++ @slip.dbus.polkit.require_auth("org.selinux.customized")
++ @dbus.service.method("org.selinux", in_signature='', out_signature='s')
++ def semodule_list(self):
++ p = Popen(["/usr/sbin/semodule", "-l"],stdout=PIPE, stderr=PIPE)
++ buf = p.stdout.read()
++ output = p.communicate()
++ if p.returncode and p.returncode != 0:
++ raise OSError("Failed to list SELinux modules: %s", output)
+ return buf
+
+ #
@@ -514197,7 +514220,7 @@ index 0000000..f9d0cec
+X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
-index b25d3b2..50279e1 100755
+index b25d3b2..8064ae4 100755
--- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py
@@ -22,7 +22,9 @@
@@ -514783,7 +514806,7 @@ index b25d3b2..50279e1 100755
pol.set_defaults(func=generate)
if __name__ == '__main__':
-@@ -455,17 +625,25 @@ if __name__ == '__main__':
+@@ -455,17 +625,26 @@ if __name__ == '__main__':
gen_booleans_args(subparsers)
gen_communicate_args(subparsers)
gen_generate_args(subparsers)
@@ -514808,6 +514831,7 @@ index b25d3b2..50279e1 100755
+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+ sys.exit(1)
except KeyboardInterrupt:
++ print "Out"
sys.exit(0)
+
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -516050,10 +516074,10 @@ index 26f8390..ba959ae 100644
return out
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
new file mode 100644
-index 0000000..664b5bb
+index 0000000..efe7de0
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
-@@ -0,0 +1,2990 @@
+@@ -0,0 +1,2805 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2013 Red Hat
@@ -516120,8 +516144,17 @@ index 0000000..664b5bb
+
+import distutils.sysconfig
+ADVANCED_LABEL = ( _("Advanced >>"), _("Advanced <<") )
-+OUTBOUND = 0
-+INBOUND = 1
++ADVANCED_SEARCH_LABEL = ( _("Advanced Search >>"), _("Advanced Search <<") )
++OUTBOUND_PAGE = 0
++INBOUND_PAGE = 1
++
++TRANSITIONS_FROM_PAGE=0
++TRANSITIONS_TO_PAGE=1
++TRANSITIONS_FILE_PAGE=2
++
++EXE_PAGE = 0
++WRITABLE_PAGE = 1
++APP_PAGE = 2
+
+BOOLEANS_PAGE=0
+FILES_PAGE=1
@@ -516143,12 +516176,10 @@ index 0000000..664b5bb
+""")
+
+class SELinuxGui():
-+ EXE_PAGE = 0
-+ WRITABLE_PAGE = 1
-+ APP_PAGE = 2
+
+ def __init__( self , app = None, test = False):
+ self.finish_init = False
++ self.opage = START_PAGE
+ self.dbus = SELinuxDBus()
+ try:
+ customized = self.dbus.customized()
@@ -516185,6 +516216,7 @@ index 0000000..664b5bb
+ self.network_add = False
+
+ # Data store dictionaries
++ self.update_dict = {}
+ self.booldict = {}
+ self.portdict = {}
+ self.filedict = {}
@@ -516201,8 +516233,9 @@ index 0000000..664b5bb
+ # Advanced search window ****************************
+ self.advanced_search_window = builder.get_object("advanced_search_window")
+ self.advanced_search_liststore = builder.get_object("Advanced_search_liststore")
-+ self.advanced_search_treemodel_filter = builder.get_object("advanced_treemodel_filter")
-+ self.advanced_search_treemodel_sort = builder.get_object("advanced_treemodel_sort")
++ self.advanced_search_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.advanced_search_filter = builder.get_object("advanced_filter")
++ self.advanced_search_filter.set_visible_func(self.filter_the_data)
+ self.advanced_filter_entry = builder.get_object("advanced_filter_entry")
+ self.advanced_search_treeview = builder.get_object("advanced_search_treeview")
+ self.advanced_search = False
@@ -516217,12 +516250,18 @@ index 0000000..664b5bb
+ self.login_radio_button = builder.get_object("Login_button")
+ self.login_treeview = builder.get_object("login_treeview")
+ self.login_liststore = builder.get_object("login_liststore")
-+ self.login_popup_window = builder.get_object("popup_window_login")
++ self.login_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.login_filter = builder.get_object("login_filter")
++ self.login_filter.set_visible_func(self.filter_the_data)
++ self.login_popup_window = builder.get_object("login_popup_window")
+
+ # Users Items **************************************
-+ self.user_popup_window = builder.get_object("popup_window_user")
++ self.user_popup_window = builder.get_object("user_popup_window")
+ self.user_radio_button = builder.get_object("User_button")
+ self.user_liststore = builder.get_object("user_liststore")
++ self.user_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.user_filter = builder.get_object("user_filter")
++ self.user_filter.set_visible_func(self.filter_the_data)
+ self.user_treeview = builder.get_object("user_treeview")
+ self.user_roles_liststore = builder.get_object("user_roles_liststore")
+ self.user_label = builder.get_object("User_label")
@@ -516231,9 +516270,18 @@ index 0000000..664b5bb
+ self.user_mls_entry = builder.get_object("user_mls_entry")
+ self.selinux_user_combobox = builder.get_object("selinux_user_combobox")
+
++ # File Equiv Items **************************************
++ self.file_equiv_label = builder.get_object("file_equiv_label")
++ self.file_equiv_source_entry = builder.get_object("file_equiv_source_entry")
++ self.file_equiv_dest_entry = builder.get_object("file_equiv_dest_entry")
+ self.file_equiv_radio_button = builder.get_object("file_equiv_button")
+ self.file_equiv_treeview = builder.get_object("file_equiv_treeview")
+ self.file_equiv_liststore = builder.get_object("file_equiv_liststore")
++ self.file_equiv_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.file_equiv_popup_window = builder.get_object("file_equiv_popup_window")
++ self.file_equiv_treefilter = builder.get_object("file_equiv_filter")
++ self.file_equiv_treefilter.set_visible_func(self.filter_the_data)
++
+ # System Items **************************************
+ self.app_system_button = builder.get_object("app_system_button")
+ self.system_radio_button = builder.get_object("System_button")
@@ -516261,13 +516309,16 @@ index 0000000..664b5bb
+ self.disabled_button_default = builder.get_object("Disabled_button_default")
+ self.initialize_system_default_mode()
+
++ # Lockdown Window *********************************
+ self.enable_unconfined_button = builder.get_object("enable_unconfined")
+ self.disable_unconfined_button = builder.get_object("disable_unconfined")
+ self.enable_permissive_button = builder.get_object("enable_permissive")
+ self.disable_permissive_button = builder.get_object("disable_permissive")
++ self.deny_ptrace_button = builder.get_object("deny_ptrace_button")
++
+ # Help Window *********************************
+ self.help_window = builder.get_object("help_window")
-+ self.help_text = builder.get_object("help_text")
++ self.help_text = builder.get_object("help_textv")
+ self.info_text = builder.get_object("info_text")
+ self.help_image = builder.get_object("help_image")
+ self.forward_button = builder.get_object("forward_button")
@@ -516275,7 +516326,7 @@ index 0000000..664b5bb
+ # Update menu items *********************************
+ self.update_window = builder.get_object("update_window")
+ self.update_treeview = builder.get_object("update_treeview")
-+ self.update_treestore = builder.get_object("Update_treestore")
++ self.update_liststore = builder.get_object("Update_treestore")
+ self.apply_button = builder.get_object("apply_button")
+ self.update_button = builder.get_object("Update_button")
+ # Add button objects ********************************
@@ -516284,20 +516335,19 @@ index 0000000..664b5bb
+
+ self.files_path_entry = builder.get_object("files_path_entry")
+ self.network_ports_entry = builder.get_object("network_ports_entry")
-+ self.popup_window_files = builder.get_object("popup_window_files")
-+ self.popup_window_network = builder.get_object("popup_window_network")
++ self.files_popup_window = builder.get_object("files_popup_window")
++ self.network_popup_window = builder.get_object("network_popup_window")
+
+ self.popup_network_label = builder.get_object("Network_label")
-+ self.popup_files_label = builder.get_object("Files_label")
++ self.popup_files_label = builder.get_object("files_label")
+
+ self.recursive_path_toggle = builder.get_object("make_path_recursive")
+ self.files_type_combolist = builder.get_object("files_type_combo_store")
+ self.files_class_combolist = builder.get_object("files_class_combo_store")
-+ self.files_mls_combolist = builder.get_object("files_mls_combo_store")
+ self.files_type_combobox = builder.get_object("files_type_combobox")
+ self.files_class_combobox = builder.get_object("files_class_combobox")
-+ self.mls_label_files = builder.get_object("mls_label_files")
-+ self.files_mls_combobox = builder.get_object("files_mls_combobox")
++ self.files_mls_label = builder.get_object("files_mls_label")
++ self.files_mls_entry = builder.get_object("files_mls_entry")
+ self.advanced_text_files = builder.get_object("Advanced_text_files")
+ self.files_cancel_button = builder.get_object("cancel_delete_files")
+
@@ -516306,17 +516356,11 @@ index 0000000..664b5bb
+ self.network_udp_button = builder.get_object("udp_button")
+ self.network_port_type_combolist = builder.get_object("network_type_combo_store")
+ self.network_port_type_combobox = builder.get_object("network_type_combobox")
-+ self.network_mls_combolist = builder.get_object("network_mls_combo_store")
-+ self.network_mls_combobox = builder.get_object("network_mls_combobox")
-+ self.mls_label_network = builder.get_object("mls_label_network")
++ self.network_mls_label = builder.get_object("network_mls_label")
++ self.network_mls_entry = builder.get_object("network_mls_entry")
+ self.advanced_text_network = builder.get_object("Advanced_text_network")
+ self.network_cancel_button = builder.get_object("cancel_delete_network")
+
-+ for mls in range(1,11):
-+ iter = self.files_mls_combolist.append()
-+ self.files_mls_combolist.set_value(iter, 0, str(mls))
-+ iter = self.network_mls_combolist.append()
-+ self.network_mls_combolist.set_value(iter, 0, str(mls))
+ # Add button objects ********************************
+
+ # Modify items **************************************
@@ -516329,9 +516373,9 @@ index 0000000..664b5bb
+ # Modify items **************************************
+
+ # Fix label *****************************************
-+ self.fix_label_window = builder.get_object("Fix_label_window")
-+ self.fixlabel_label = builder.get_object("Fixlabel_label")
-+ self.fix_label_cancel = builder.get_object("Fix_label_cancel")
++ self.fix_label_window = builder.get_object("fix_label_window")
++ self.fixlabel_label = builder.get_object("fixlabel_label")
++ self.fix_label_cancel = builder.get_object("fix_label_cancel")
+ # Fix label *****************************************
+
+ # Delete items **************************************
@@ -516349,102 +516393,102 @@ index 0000000..664b5bb
+
+ # executable_files items ****************************
+ self.executable_files_treeview = builder.get_object("Executable_files_treeview") # Get the executable files tree view
-+ self.executable_files_filter_model = builder.get_object("executable_files_treemodelfilter") # Contains the tree with File Path, SELinux File Label, Class
++ self.executable_files_filter= builder.get_object("executable_files_filter")
++ self.executable_files_filter.set_visible_func(self.filter_the_data)
+ self.executable_files_tab = builder.get_object("Executable_files_tab")
+ self.executable_files_tab_tooltip_txt = self.executable_files_tab.get_tooltip_text()
-+ self.executable_files_treestore = builder.get_object("executable_files_treestore")
-+ self.files_radio_button = builder.get_object("Files_button")
++ self.executable_files_liststore = builder.get_object("executable_files_treestore")
++ self.executable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++
++ self.files_radio_button = builder.get_object("files_button")
+ self.files_button_tooltip_txt = self.files_radio_button.get_tooltip_text()
-+ self.executable_files_treemodel_sort = builder.get_object("executable_files_treemodelsort")
-+ self.executable_files_treestore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
+ # executable_files items ****************************
+
+ # writable files items ******************************
+ self.writable_files_treeview = builder.get_object("Writable_files_treeview") # Get the Writable files tree view
-+ self.writable_files_treestore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class
-+ self.writable_files__filter_model = builder.get_object("writable_files_treemodelfilter")
++ self.writable_files_liststore = builder.get_object("writable_files_treestore") # Contains the tree with File Path, SELinux File Label, Class
++ self.writable_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.writable_files_filter = builder.get_object("writable_files_filter")
++ self.writable_files_filter.set_visible_func(self.filter_the_data)
+ self.writable_files_tab = builder.get_object("Writable_files_tab")
+ self.writable_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text()
-+ self.writable_files_treemodel_sort = builder.get_object("writable_files_treemodelsort")
-+ #self.writable_files_tree_data_set = builder.get_object("writable_files_liststore")
-+ #self.writable_files_tree_data_set.set_sort_column_id(0, Gtk.SortType.ASCENDING)
+ # writable files items ******************************
+
+ # Application File Types ****************************
+ self.application_files_treeview = builder.get_object("Application_file_types_treeview") # Get the Application files tree view
-+ self.application_files_filter_model = builder.get_object("application_filetypes_treemodelfilter") # Contains the tree with File Path, Description, Class
++ self.application_files_filter = builder.get_object("application_filetypes_filter") # Contains the tree with File Path, Description, Class
++ self.application_files_filter.set_visible_func(self.filter_the_data)
+ self.application_files_tab = builder.get_object("Application_file_types_tab")
+ self.application_files_tab_tooltip_txt = self.writable_files_tab.get_tooltip_text()
-+ self.application_files_treestore = builder.get_object("application_filetypes_treestore")
++ self.application_files_liststore = builder.get_object("application_filetypes_treestore")
++ self.application_files_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
+ self.application_files_tab = builder.get_object("Application_file_types_tab")
+ self.application_files_tab_tooltip_txt = self.application_files_tab.get_tooltip_text()
-+ self.application_files_treemodel_sort = builder.get_object("application_filetypes_treemodelsort")
-+ #self.application_files_tree_data_set = builder.get_object("application_filetypes_liststore")
-+ self.application_files_treestore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
+ # Application File Type *****************************
+
+ # network items *************************************
-+ self.out_network_treeview = builder.get_object("outbound_treeview")
-+ self.out_network_tree_data_set = builder.get_object("out_network_liststore") # Contains the tree with Ports, Protocol, Modified, SELinux Port Type
-+ self.out_network_filter_model = builder.get_object("out_network_treemodelfilter")
-+ self.out_network_tree_data_set.set_sort_column_id(0, Gtk.SortType.ASCENDING)
-+ self.out_network_tab = builder.get_object("Outbound_tab")
-+ self.out_network_tab_tooltip_txt = self.out_network_tab.get_tooltip_text()
-+ self.out_network_treemodel_sort = builder.get_object("out_network_treemodelsort")
-+
-+ self.network_radio_button = builder.get_object("Network_button")
++ self.network_radio_button = builder.get_object("network_button")
+ self.network_button_tooltip_txt = self.network_radio_button.get_tooltip_text()
+
-+ self.in_network_treemodel_sort = builder.get_object("in_network_treemodelsort")
-+ self.in_network_tab = builder.get_object("Inbound_tab")
-+ self.in_network_tab_tooltip_txt = self.in_network_tab.get_tooltip_text()
-+ self.in_network_treeview = builder.get_object("inbound_treeview")
-+ self.in_network_tree_data_set = builder.get_object("in_network_liststore") # Contains the tree with Ports, Protocol, Modified, SELinux Port Type
-+ self.in_network_filter_model = builder.get_object("in_network_treemodelfilter")
-+ self.in_network_tree_data_set.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.network_out_treeview = builder.get_object("outbound_treeview")
++ self.network_out_liststore = builder.get_object("network_out_liststore")
++ self.network_out_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.network_out_filter = builder.get_object("network_out_filter")
++ self.network_out_filter.set_visible_func(self.filter_the_data)
++ self.network_out_tab = builder.get_object("network_out_tab")
++ self.network_out_tab_tooltip_txt = self.network_out_tab.get_tooltip_text()
++
++ self.network_in_treeview = builder.get_object("inbound_treeview")
++ self.network_in_liststore = builder.get_object("network_in_liststore")
++ self.network_in_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.network_in_filter = builder.get_object("network_in_filter")
++ self.network_in_filter.set_visible_func(self.filter_the_data)
++ self.network_in_tab = builder.get_object("network_in_tab")
++ self.network_in_tab_tooltip_txt = self.network_in_tab.get_tooltip_text()
+ # network items *************************************
+
+ # boolean items ************************************
-+ self.booleans_tab = builder.get_object("Booleans_tab")
-+ self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list
-+ self.boolean_tree_data_set = builder.get_object("boolean_liststore") # Contains the tree with process type + desc (child of filter_data_set)
-+ self.boolean_model = builder.get_object("boolean_treemodelfilter") # Get_model() attaches the list to the boolean model
-+ self.boolean_tree_data_set.set_sort_column_id(2, Gtk.SortType.ASCENDING)
-+ self.booleans_more_detail_window = builder.get_object("booleans_more_detail_window")
-+ self.booleans_more_detail_treeview = builder.get_object("booleans_more_detail_treeview")
-+ self.booleans_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore")
-+ self.booleans_radio_button = builder.get_object("Booleans_button")
-+ self.active_button = self.booleans_radio_button
-+ self.booleans_button_tooltip_txt = self.booleans_radio_button.get_tooltip_text()
-+ self.booleans_treemodel_sort = builder.get_object("boolean_treemodelsort")
++ self.boolean_treeview = builder.get_object("Boolean_treeview") # Get the booleans tree list
++ self.boolean_liststore = builder.get_object("boolean_liststore")
++ self.boolean_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
++ self.boolean_filter = builder.get_object("boolean_filter")
++ self.boolean_filter.set_visible_func(self.filter_the_data)
++
++ self.boolean_more_detail_window = builder.get_object("booleans_more_detail_window")
++ self.boolean_more_detail_treeview = builder.get_object("booleans_more_detail_treeview")
++ self.boolean_more_detail_tree_data_set = builder.get_object("booleans_more_detail_liststore")
++ self.boolean_radio_button = builder.get_object("Booleans_button")
++ self.active_button = self.boolean_radio_button
++ self.boolean_button_tooltip_txt = self.boolean_radio_button.get_tooltip_text()
+ # boolean items ************************************
+
+ # transitions items ************************************
-+ self.transitions_into_x_treeview = builder.get_object("transitions_into_x_treeview") # Get the transitions tree list Enabled, source, Executable File
-+ self.transitions_into_x_tree_data_set = builder.get_object("transitions_into_x_liststore") # Contains the tree with
-+ self.transitions_into_x_filter_model = builder.get_object("transitions_into_x_treemodelfilter")
-+ self.transitions_into_x_tab = builder.get_object("Transitions_into_x_tab")
-+ self.transitions_into_x_tab_tooltip_txt = self.transitions_into_x_tab.get_tooltip_text()
-+ self.transitions_into_x_tree_data_set.set_sort_column_id(1, Gtk.SortType.ASCENDING)
++ self.transitions_into_treeview = builder.get_object("transitions_into_treeview") # Get the transitions tree list Enabled, source, Executable File
++ self.transitions_into_liststore = builder.get_object("transitions_into_liststore") # Contains the tree with
++ self.transitions_into_liststore.set_sort_column_id(1, Gtk.SortType.ASCENDING)
++ self.transitions_into_filter = builder.get_object("transitions_into_filter")
++ self.transitions_into_filter.set_visible_func(self.filter_the_data)
++ self.transitions_into_tab = builder.get_object("Transitions_into_tab")
++ self.transitions_into_tab_tooltip_txt = self.transitions_into_tab.get_tooltip_text()
+
+ self.transitions_radio_button = builder.get_object("Transitions_button")
+ self.transitions_button_tooltip_txt = self.transitions_radio_button.get_tooltip_text()
+
-+ self.transitions_from_x_treemodelsort = builder.get_object("transitions_from_x_treemodelsort")
-+ self.transitions_from_x_treeview = builder.get_object("transitions_from_x_treeview") # Get the transitions tree list
-+ self.transitions_from_x_treestore = builder.get_object("transitions_from_x_treestore") # Contains the tree with Enabled, Executable File Type, Transtype
-+ self.transitions_from_x_filter_model = builder.get_object("transitions_from_x_treemodelfilter")
-+ self.transitions_from_x_tab = builder.get_object("Transitions_from_x_tab")
-+ self.transitions_from_x_tab_tooltip_txt = self.transitions_from_x_tab.get_tooltip_text()
-+ self.transitions_from_x_treestore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
++ self.transitions_from_treeview = builder.get_object("transitions_from_treeview") # Get the transitions tree list
++ self.transitions_from_liststore = builder.get_object("transitions_from_treestore") # Contains the tree with Enabled, Executable File Type, Transtype
++ self.transitions_from_liststore.set_sort_column_id(2, Gtk.SortType.ASCENDING)
++ self.transitions_from_filter = builder.get_object("transitions_from_filter")
++ self.transitions_from_filter.set_visible_func(self.filter_the_data)
++ self.transitions_from_tab = builder.get_object("Transitions_from_tab")
++ self.transitions_from_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text()
+
-+ self.transitions_file_treemodelsort = builder.get_object("File_transitions_treemodel_sort")
+ self.transitions_file_treeview = builder.get_object("file_transitions_treeview") # Get the transitions tree list
-+ self.transitions_file_liststore = builder.get_object("File_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype
-+ self.transitions_file_filter_model = builder.get_object("File_transitions_treemodel_filter")
-+ self.transitions_file_tab = builder.get_object("file_transitions")
-+ self.transitions_file_tab_tooltip_txt = self.transitions_from_x_tab.get_tooltip_text()
++ self.transitions_file_liststore = builder.get_object("file_transitions_liststore") # Contains the tree with Enabled, Executable File Type, Transtype
+ self.transitions_file_liststore.set_sort_column_id(0, Gtk.SortType.ASCENDING)
++ self.transitions_file_filter = builder.get_object("file_transitions_filter")
++ self.transitions_file_filter.set_visible_func(self.filter_the_data)
++ self.transitions_file_tab = builder.get_object("file_transitions")
++ self.transitions_file_tab_tooltip_txt = self.transitions_from_tab.get_tooltip_text()
+ # transitions items ************************************
+
+ # Combobox and Entry items **************************
@@ -516474,32 +516518,10 @@ index 0000000..664b5bb
+ self.context_id = self.status_bar.get_context_id("SELinux status")
+
+ # filters *********************************************
-+ self.booleans_filter_data_set = self.boolean_model # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it)
-+ self.booleans_filter_data_set.set_visible_func(self.filter_the_data) # Set only some of the data to be visible based on what returns from the filter
+ self.filter_entry = builder.get_object("filter_entry")
+ self.filter_box = builder.get_object("filter_box")
+ self.add_modify_delete_box = builder.get_object("add_modify_delete_box")
+ # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it)
-+ self.exe_files_filter_data_set = self.executable_files_filter_model
-+ self.exe_files_filter_data_set.set_visible_func(self.filter_the_data) # Set only some of the data to be visible based on what returns from the filter
-+ self.writable_files_filter_data_set = self.writable_files__filter_model
-+ self.writable_files_filter_data_set.set_visible_func(self.filter_the_data) # Get_model() sets the tree model filter to be the parent of the tree model (tree model has all the data in it)
-+ self.application_files_filter_data_set = self.application_files_filter_model
-+ self.application_files_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.out_network_filter_data_set = self.out_network_filter_model
-+ self.out_network_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.in_network_filter_data_set = self.in_network_filter_model
-+ self.in_network_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.transitions_from_x_filter_data_set = self.transitions_from_x_filter_model
-+ self.transitions_from_x_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.transitions_into_x_filter_data_set = self.transitions_into_x_filter_model
-+ self.transitions_into_x_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.transitions_file_filter_data_set = self.transitions_file_filter_model
-+ self.transitions_file_filter_data_set.set_visible_func(self.filter_the_data)
-+ self.advanced_search_filter_data_set = self.advanced_search_treemodel_filter
-+ self.advanced_search_filter_data_set.set_visible_func(self.filter_the_data)
-+ #self.network_filter_data_set.set_visible_func(self.filter_the_data) # Set only some of the data to be visible based on what returns from the filter
-+ # filters **********************************************
+
+ # Toggle button ****************************************
+ self.cell = builder.get_object("activate")
@@ -516516,11 +516538,11 @@ index 0000000..664b5bb
+ # logind gui ***************************************
+ loading_gui = builder.get_object("loading_gui")
+
-+ self.update_cell.connect("toggled", self.on_toggle_update, self.update_treestore)
++ self.update_cell.connect("toggled", self.on_toggle_update, self.update_liststore)
+ self.all_entries = []
+
+ # Need to connect button on code because the tree view model is a treeviewsort
-+ self.cell.connect("toggled", self.on_toggle, self.boolean_tree_data_set)
++ self.cell.connect("toggled", self.on_toggle, self.boolean_liststore)
+
+ self.loading = 1
+ path = None
@@ -516557,9 +516579,11 @@ index 0000000..664b5bb
+
+ dic = {
+ "on_combo_button_clicked" : self.open_combo_menu,
++ "on_deny_ptrace" : self.on_deny_ptrace,
+ "on_SELinux_window_configure_event" : self.hide_combo_menu,
+ "on_entrycompletion_obj_match_selected" : self.set_application_label,
+ "on_filter_changed" : self.get_filter_data,
++ "on_save_changes_file_equiv_clicked" : self.update_to_file_equiv,
+ "on_save_changes_login_clicked" : self.update_to_login,
+ "on_save_changes_files_clicked" : self.update_to_files,
+ "on_save_changes_network_clicked" : self.update_to_network,
@@ -516588,24 +516612,14 @@ index 0000000..664b5bb
+
+ "on_Show_mislabeled_files_toggled" : self.show_mislabeled_files,
+ "on_Browse_button_files_clicked" : self.browse_for_files,
-+ "on_cancel_delete_network_clicked" : self.close_network_popup,
-+ "on_cancel_user_clicked" : self.user_close_popup,
-+ "on_cancel_login_clicked" : self.login_close_popup,
++ "on_cancel_popup_clicked" : self.close_popup,
+ "on_treeview_cursor_changed" : self.cursor_changed,
+ "on_login_seuser_combobox_changed" : self.login_seuser_combobox_change,
+
-+ "on_login_advanced_button_press_event" : self.login_advanced_button,
-+ "on_user_advanced_button_press_event" : self.user_advanced_button,
-+ "on_cancel_network_clicked" : self.close_add_network_popup,
-+ "on_cancel_files_clicked" : self.close_add_files_popup,
-+ "on_cancel_delete_files_clicked" : self.close_files_popup,
-+ "on_cancel_update_clicked" : self.close_update_popup,
-+ "on_Fix_label_cancel_clicked" : self.close_fix_label_popup,
+ "on_cancel_button_browse_clicked" : self.close_config_window,
+ "on_apply_button_clicked" : self.apply_changes_button_press,
+ "on_Revert_button_clicked" : self.update_or_revert_changes,
+ "on_Update_button_clicked" : self.update_or_revert_changes,
-+ "on_fix_label_ok_button_clicked" : self.restorecon,
+ "on_advanced_filter_entry_changed" : self.get_advanced_filter_data,
+ "on_advanced_search_treeview_row_activated" : self.advanced_item_selected,
+ "on_Select_advanced_search_clicked" : self.advanced_item_button_push,
@@ -516633,9 +516647,8 @@ index 0000000..664b5bb
+ "on_Relabel_button_toggled_cb": self.relabel_on_reboot,
+ "on_advanced_system_button_press_event" : self.reveal_advanced_system,
+ "on_files_type_combobox_changed" : self.show_more_types,
-+ "on_treemodelfilter_row_changed" : self.filter_the_data,
++ "on_filter_row_changed" : self.filter_the_data,
+ "on_button_toggled" : self.tab_change,
-+ "on_booleans_popup_window_delete_event" : self.closewindow,
+ "gtk_widget_hide": self.closewindow,
+ "gtk_main_quit": self.closewindow
+ }
@@ -516645,6 +516658,9 @@ index 0000000..664b5bb
+ self.window.show() # Show the gui to the screen
+ GLib.timeout_add_seconds(5,self.selinux_status)
+ self.selinux_status()
++ self.lockdown_inited = False
++ self.add_modify_delete_box.hide()
++ self.filter_box.hide()
+ if self.status == DISABLED:
+ self.show_system_page()
+ else:
@@ -516652,12 +516668,11 @@ index 0000000..664b5bb
+ self.applications_selection_button.set_label(self.application)
+ self.completion_entry.set_text(self.application)
+ self.show_applications_page()
++ self.tab_change()
+ else:
+ self.clearbuttons()
+ self.outer_notebook.set_current_page(START_PAGE)
+
-+ self.add_modify_delete_box.hide()
-+ self.filter_box.hide()
+ self.finish_init = True
+ Gtk.main()
+
@@ -516692,37 +516707,42 @@ index 0000000..664b5bb
+
+ return True
+
++ def lockdown_init(self):
++ if self.lockdown_inited:
++ return
++ self.wait_mouse()
++ self.lockdown_inited = True
++ self.deny_ptrace_button.set_active(selinux.security_get_boolean_active("deny_ptrace"))
++ self.module_dict = {}
++ for m in self.dbus.semodule_list().split("\n"):
++ mod = m.split()
++ if len(mod) < 2:
++ continue
++ self.module_dict[mod[0]] = { "version": mod[1], "Disabled" : (len(mod) > 2) }
++
++ self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
++ self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])
++ self.ready_mouse()
++
+ def column_clicked(self, treeview, treepath, treecol, *args):
-+ self.fuzzin_modify(treeview)
-+ if treeview.get_model() == self.booleans_treemodel_sort:
-+ if treecol.get_title() == '':
++ self.fuzzin_modify()
++ model = treeview.get_model()
++ print treeview, model, treepath, treecol
++ if self.liststore == self.boolean_liststore:
++ if treecol.get_name() == "more_detail_col":
+ self.display_more_detail(self.window, treepath)
+
-+ if treeview.get_model() == self.executable_files_treemodel_sort or treeview.get_model() == self.writable_files_treemodel_sort or treeview.get_model() == self.application_files_treemodel_sort:
-+ ipage = self.inner_notebook_files.get_current_page()
-+ if ipage == self.EXE_PAGE:
-+ p = self.executable_files_treemodel_sort.convert_path_to_child_path(treepath)
-+ iter = self.exe_files_filter_data_set.get_iter(p)
-+ iter = self.exe_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ visible = self.executable_files_treestore.get_value(iter, 3)
-+ elif ipage == self.WRITABLE_PAGE:
-+ p = self.writable_files_treemodel_sort.convert_path_to_child_path(treepath)
-+ iter = self.writable_files_filter_data_set.get_iter(p)
-+ iter = self.writable_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ visible = self.writable_files_treestore.get_value(iter, 3)
-+
-+ elif ipage == self.APP_PAGE:
-+ p = self.application_files_treemodel_sort.convert_path_to_child_path(treepath)
-+ iter = self.application_files_filter_data_set.get_iter(p)
-+ iter = self.application_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ visible = self.application_files_treestore.get_value(iter, 3)
-+
++ if self.opage == FILES_PAGE:
++ iter = self.filter.get_iter(treepath)
++ visible = model.get_value(iter, 3)
+ # If visible is true then fix mislabeled will be visible
-+ if treecol.get_title() == '' and visible:
-+ self.fix_mislabeled(None, treepath)
++ if treecol.get_name() == "restorecon_col" and visible:
++ self.fix_mislabeled(model.get_value(iter, 0))
+
-+ if treeview.get_model() == self.transitions_from_x_treemodelsort:
-+ self.return_to_booleans_clicked(treeview.get_model(), treepath)
++ if self.opage == TRANSITIONS_PAGE:
++ iter = model.get_iter(treepath)
++ self.boolean_radio_button.clicked()
++ self.filter_entry.set_text(model.get_value(iter, 1))
+
+ def idle_func(self):
+ while Gtk.events_pending():
@@ -516745,7 +516765,10 @@ index 0000000..664b5bb
+ fd.close()
+ except IOError:
+ buf = ""
-+ self.help_text.set_label(buf % { "APP": self.application } )
++ help_text = self.help_text.get_buffer()
++ help_text.set_text(buf % { "APP": self.application })
++ print buf
++ self.help_text.set_buffer(help_text)
+ self.help_image.set_from_file("%shelp/%s.png" % (self.code_path, self.help_list[self.help_page]))
+ self.help_window.show()
+
@@ -516760,66 +516783,66 @@ index 0000000..664b5bb
+ def on_help_button(self, *args):
+ self.help_page = 0
+ self.help_list = []
-+ opage = self.outer_notebook.get_current_page()
-+ if opage == BOOLEANS_PAGE:
++ if self.opage == START_PAGE:
++ self.help_window.set_title(_("Help: Start Page"))
++ self.help_list = [ "start"]
++
++ if self.opage == BOOLEANS_PAGE:
+ self.help_window.set_title(_("Help: Booleans Page"))
+ self.help_list = [ "booleans", "booleans_toggled", "booleans_more", "booleans_more_show"]
-+ return self.help_show_page()
+
-+ if opage == FILES_PAGE:
++ if self.opage == FILES_PAGE:
+ ipage = self.inner_notebook_files.get_current_page()
-+ if ipage == 0:
++ if ipage == EXE_PAGE:
+ self.help_window.set_title(_("Help: Executable Files Page"))
+ self.help_list = [ "files_exec" ]
-+ return self.help_show_page()
-+ if ipage == 1:
++ if ipage == WRITABLE_PAGE:
+ self.help_window.set_title(_("Help: Writable Files Page"))
+ self.help_list = [ "files_write" ]
-+ return self.help_show_page()
-+ if ipage == 2:
++ if ipage == APP_PAGE:
+ self.help_window.set_title(_("Help: Application Types Page"))
+ self.help_list = [ "files_app" ]
-+ return self.help_show_page()
-+ if opage == NETWORK_PAGE:
++ if self.opage == NETWORK_PAGE:
+ ipage = self.inner_notebook_network.get_current_page()
-+ if ipage == 0:
++ if ipage == OUTBOUND_PAGE:
+ self.help_window.set_title(_("Help: Outbound Network Connections Page"))
+ self.help_list = [ "ports_outbound" ]
-+ return self.help_show_page()
-+ if ipage == 1:
++ if ipage == INBOUND_PAGE:
+ self.help_window.set_title(_("Help: Inbound Network Connections Page"))
+ self.help_list = [ "ports_inbound" ]
-+ return self.help_show_page()
+
-+ if opage == TRANSITIONS_PAGE:
++ if self.opage == TRANSITIONS_PAGE:
+ ipage = self.inner_notebook_transitions.get_current_page()
-+ if ipage == 0:
++ if ipage == TRANSITIONS_FROM_PAGE:
+ self.help_window.set_title(_("Help: Transition from application Page"))
+ self.help_list = [ "transition_from", "transition_from_boolean", "transition_from_boolean_1", "transition_from_boolean_2"]
-+ return self.help_show_page()
-+ if ipage == 1:
++ if ipage == TRANSITIONS_TO_PAGE:
+ self.help_window.set_title(_("Help: Transition into application Page"))
+ self.help_list = [ "transition_to" ]
-+ return self.help_show_page()
-+ if ipage == 2:
++ if ipage == TRANSITIONS_FILE_PAGE:
+ self.help_window.set_title(_("Help: Transition application file Page"))
+ self.help_list = [ "transition_file" ]
-+ return self.help_show_page()
+
-+ if opage == SYSTEM_PAGE:
++ if self.opage == SYSTEM_PAGE:
+ self.help_window.set_title(_("Help: Systems Page"))
-+ self.help_list = [ "system"]
-+ return self.help_show_page()
++ self.help_list = [ "system", "system_boot_mode", "system_current_mode", "system_export", "system_policy_type", "system_relabel" ]
+
-+ if opage == LOCKDOWN_PAGE:
++ if self.opage == LOCKDOWN_PAGE:
+ self.help_window.set_title(_("Help: Lockdown Page"))
-+ self.help_list = [ "lockdown"]
-+ return self.help_show_page()
++ self.help_list = [ "lockdown", "lockdown_unconfined", "lockdown_permissive", "lockdown_ptrace" ]
+
-+ if opage == FILE_EQUIV_PAGE:
++ if self.opage == LOGIN_PAGE:
++ self.help_window.set_title(_("Help: Login Page"))
++ self.help_list = [ "login", "login_default" ]
++
++ if self.opage == USER_PAGE:
++ self.help_window.set_title(_("Help: SELinux User Page"))
++ self.help_list = [ "users" ]
++
++ if self.opage == FILE_EQUIV_PAGE:
+ self.help_window.set_title(_("Help: File Equivalence Page"))
+ self.help_list = [ "file_equiv"]
-+ return self.help_show_page()
++ return self.help_show_page()
+
+ def open_combo_menu(self, *args):
+ if self.popup == 0:
@@ -516866,21 +516889,14 @@ index 0000000..664b5bb
+ # When there is no txt in the box show all items in the tree
+ if self.filter_txt == "":
+ return True
-+ if isinstance(list, Gtk.TreeStore) and list.iter_depth(iter) > 0:
-+ return True
+ try:
-+ val = list.get_value(iter, 0)
-+ # In the boolean tab in col 0 the val will return as a bool which will break the search
-+ if val == True or val == False or val == None:
-+ pass
-+ # Returns true if filter_txt exists within the val
-+ elif(val.find(self.filter_txt) != -1 or val.find(self.filter_txt.upper()) != -1) :
-+ return True
-+ for x in range(1,10):
++ for x in range(0,list.get_n_columns()):
+ try:
+ val = list.get_value(iter, x)
++ if val == True or val == False or val == None:
++ continue
+ # Returns true if filter_txt exists within the val
-+ if(val.find(self.filter_txt) != -1 or val.find(self.filter_txt.upper()) != -1) :
++ if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1) :
+ return True
+ except AttributeError, TypeError:
+ pass
@@ -516888,22 +516904,22 @@ index 0000000..664b5bb
+ pass
+ return False
+
-+ def net_update(self, app, netd, protocol, direction):
++ def net_update(self, app, netd, protocol, direction, model):
+ for k in netd.keys():
+ for t,ports in netd[k]:
+ try:
+ if self.portdict[(app, direction, "Modify")][(", ".join(ports), protocol)]["type"] == t:
+ pass
+ else:
-+ self.network_initial_data_insert(direction, ", ".join(ports), t, protocol)
++ self.network_initial_data_insert(model, ", ".join(ports), t, protocol)
+ except KeyError:
-+ self.network_initial_data_insert(direction, ", ".join(ports), t, protocol)
++ self.network_initial_data_insert(model, ", ".join(ports), t, protocol)
+ try:
+ for action in ("Add", "Modify"):
+ for port, protocol in self.portdict[app, direction, action]:
+ type = self.portdict[app, direction, action][port, protocol]["type"]
+ if not self.portdict[app, direction, action][port, protocol]["old"]:
-+ self.network_initial_data_insert(direction, port, type, protocol)
++ self.network_initial_data_insert(model, port, type, protocol)
+ except KeyError:
+ pass
+
@@ -516911,23 +516927,27 @@ index 0000000..664b5bb
+ def file_equiv_initialize(self):
+ self.wait_mouse()
+ edict = sepolicy.get_file_equiv()
++ self.file_equiv_liststore.clear()
+ for f in edict:
+ iter = self.file_equiv_liststore.append()
+ self.file_equiv_liststore.set_value(iter, 0, f)
-+ self.file_equiv_liststore.set_value(iter, 0, edict[f])
++ self.file_equiv_liststore.set_value(iter, 1, edict[f])
+ self.ready_mouse()
+
+ def user_initialize(self):
+ self.wait_mouse()
++ self.user_liststore.clear()
+ for u in sepolicy.get_selinux_users():
+ iter = self.user_liststore.append()
+ self.user_liststore.set_value(iter, 0, str(u["name"]))
+ roles = u["roles"]
-+ roles.remove("object_r")
++ if "object_r" in roles:
++ roles.remove("object_r")
+ self.user_liststore.set_value(iter, 1, ", ".join(roles))
+ self.user_liststore.set_value(iter, 2, u["level"])
+ self.user_liststore.set_value(iter, 3, u["range"])
+
++ self.login_liststore.clear()
+ for u in sepolicy.get_login_mappings():
+ iter = self.login_liststore.append()
+ self.login_liststore.set_value(iter, 0, u["name"])
@@ -516938,18 +516958,13 @@ index 0000000..664b5bb
+ def network_initialize(self, app):
+ sepolicy.reinit()
+ netd = sepolicy.network.get_network_connect(app, "tcp", "name_connect")
-+ self.net_update(app, netd, "tcp", OUTBOUND)
++ self.net_update(app, netd, "tcp", OUTBOUND_PAGE, self.network_out_liststore)
+ netd = sepolicy.network.get_network_connect(app, "tcp", "name_bind")
-+ self.net_update(app, netd, "tcp", INBOUND)
++ self.net_update(app, netd, "tcp", INBOUND_PAGE, self.network_in_liststore)
+ netd = sepolicy.network.get_network_connect(app, "udp", "name_bind")
-+ self.net_update(app, netd, "udp", INBOUND)
-+
-+ def network_initial_data_insert(self, bound, ports, portType, protocol):
-+ if bound == OUTBOUND:
-+ model = self.out_network_tree_data_set
-+ else:
-+ model = self.in_network_tree_data_set
++ self.net_update(app, netd, "udp", INBOUND_PAGE, self.network_in_liststore)
+
++ def network_initial_data_insert(self, model, ports, portType, protocol):
+ iter = model.append()
+ model.set_value(iter, 0, ports)
+ model.set_value(iter, 1, protocol)
@@ -516998,8 +517013,7 @@ index 0000000..664b5bb
+ def advanced_item_button_push(self, *args):
+ app = self.advanced_search_treeview.get_selection()
+ model, iter = app.get_selected()
-+ iter = self.advanced_search_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.advanced_search_filter_data_set.convert_iter_to_child_iter(iter)
++ iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
+ app = self.advanced_search_liststore.get_value(iter, 1)
+ if app == None:
+ return
@@ -517010,9 +517024,8 @@ index 0000000..664b5bb
+ self.application_selected()
+
+ def advanced_item_selected(self, treeview, path, *args):
-+ path = self.advanced_search_treemodel_sort.convert_path_to_child_path(path)
-+ iter = self.advanced_search_filter_data_set.get_iter(path)
-+ iter = self.advanced_search_filter_data_set.convert_iter_to_child_iter(iter)
++ iter = self.advanced_search_filter.get_iter(path)
++ iter = self.advanced_search_filter.convert_iter_to_child_iter(iter)
+ app = self.advanced_search_liststore.get_value(iter, 1)
+ self.advanced_filter_entry.set_text('')
+ self.advanced_search_window.hide()
@@ -517040,15 +517053,15 @@ index 0000000..664b5bb
+ self.add_button.set_sensitive(True)
+ self.delete_button.set_sensitive(True)
+ # Clear the tree to prepare for a new selection otherwise
-+ self.executable_files_treestore.clear()
++ self.executable_files_liststore.clear()
+ # data will pile up everytime the user selects a new item from the drop down menu
-+ self.in_network_tree_data_set.clear()
-+ self.out_network_tree_data_set.clear()
-+ self.boolean_tree_data_set.clear()
-+ self.transitions_into_x_tree_data_set.clear()
-+ self.transitions_from_x_treestore.clear()
-+ self.application_files_treestore.clear()
-+ self.writable_files_treestore.clear()
++ self.network_in_liststore.clear()
++ self.network_out_liststore.clear()
++ self.boolean_liststore.clear()
++ self.transitions_into_liststore.clear()
++ self.transitions_from_liststore.clear()
++ self.application_files_liststore.clear()
++ self.writable_files_liststore.clear()
+ self.transitions_file_liststore.clear()
+
+ try:
@@ -517071,9 +517084,9 @@ index 0000000..664b5bb
+ self.idle_func()
+ self.writable_files_initialize(app)
+ self.idle_func()
-+ self.transitions_into_x_initialize(app)
++ self.transitions_into_initialize(app)
+ self.idle_func()
-+ self.transitions_from_x_initialize(app)
++ self.transitions_from_initialize(app)
+ self.idle_func()
+ self.application_file_types_initialize(app)
+ self.idle_func()
@@ -517086,17 +517099,17 @@ index 0000000..664b5bb
+
+ self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app))
+ self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app))
-+ self.out_network_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app))
-+ self.in_network_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app))
++ self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app))
++ self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app))
+ self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app))
-+ self.booleans_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app))
++ self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app))
+ self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app))
+ self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app))
-+ self.transitions_into_x_tab.set_label(_("Application Transitions Into '%s'" % app))
-+ self.transitions_from_x_tab.set_label(_("Application Transitions From '%s'" % app))
++ self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app))
++ self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app))
+ self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app))
-+ self.transitions_into_x_tab.set_tooltip_text(_("Executables which will transition to the '%s', when executing a selected domains entrypoint." % app))
-+ self.transitions_from_x_tab.set_tooltip_text(_("Executables which will transition to a different domain, when the '%s' executes them." % app))
++ self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to the '%s', when executing a selected domains entrypoint." % app))
++ self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when the '%s' executes them." % app))
+ self.transitions_file_tab.set_tooltip_text(_("Files by '%s' will transitions to a different label." % app))
+ self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app))
+
@@ -517117,17 +517130,17 @@ index 0000000..664b5bb
+ file_class = self.entrypoints[exe][1]
+ for path in self.entrypoints[exe][0]:
+ try:
-+ if self.filedict[(application, 0, "Modify")][(path, file_class)]["type"] == exe:
++ if self.filedict[(application, EXE_PAGE, "Modify")][(path, file_class)]["type"] == exe:
+ continue
+ except KeyError:
+ pass
-+ self.executable_files_initial_data_insert(path, exe, file_class)
++ self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class)
+ try:
+ for action, key in (("Add", "old"), ("Modify", "changed")):
+ for path, file_class in self.filedict[application, 0, action]:
-+ if not self.filedict[(application, 0, action)][(path, file_class)][key]:
-+ exe = self.filedict[application, 0, action][path, file_class]["type"]
-+ self.executable_files_initial_data_insert(path, exe, file_class)
++ if not self.filedict[(application, EXE_PAGE, action)][(path, file_class)][key]:
++ exe = self.filedict[application, EXE_PAGE, action][path, file_class]["type"]
++ self.files_initial_data_insert(self.executable_files_liststore, path, exe, file_class)
+ except KeyError:
+ pass
+
@@ -517155,55 +517168,45 @@ index 0000000..664b5bb
+ tree.set_value(iter, 5, con.split(":")[2])
+ tree.set_value(iter, 6, cur.split(":")[2])
+
-+ def executable_files_initial_data_insert(self, filepath, seLinux_label, file_class):
-+ iter = self.executable_files_treestore.append(None)
-+ self.executable_files_treestore.set_value(iter, 0, filepath)
-+ self.executable_files_treestore.set_value(iter, 1, seLinux_label)
-+ self.executable_files_treestore.set_value(iter, 2, file_class)
-+ for path in sepolicy.find_file(filepath):
-+ niter = self.executable_files_treestore.append(iter)
-+ self.executable_files_treestore.set_value(niter, 0, path)
-+ self.set_mislabeled(self.executable_files_treestore, path, iter, niter)
-+
+ def writable_files_initialize(self, application):
+ sepolicy.reinit()
+ # Traversing the dictionary data struct
+ self.writable_files = sepolicy.get_writable_files(application)
+ for write in self.writable_files.keys():
+ if len(self.writable_files[write]) < 2:
-+ self.writable_files_initial_data_insert(None, write, _("all files"))
++ self.files_initial_data_insert(self.writable_files_liststore, None, write, _("all files"))
+ continue
+ file_class = self.writable_files[write][1]
+ for path in self.writable_files[write][0]:
+ try:
-+ if self.filedict[(application, 1, "Modify")][(path, file_class)]["type"] == write:
++ if self.filedict[(application, WRITABLE_PAGE, "Modify")][(path, file_class)]["type"] == write:
+ continue
+ except KeyError:
+ pass
-+ self.writable_files_initial_data_insert(path, write, file_class)
++ self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class)
+
+ try:
+ for action, key in (("Add", "old"), ("Modify", "changed")):
-+ for path, file_class in self.filedict[application, 1, action]:
-+ if not self.filedict[(application, 1, action)][(path, file_class)]["old"]:
-+ write = self.filedict[application, 1, action][path, file_class][key]
-+ self.writable_files_initial_data_insert(path, write, file_class)
++ for path, file_class in self.filedict[application, WRITABLE_PAGE, action]:
++ if not self.filedict[(application, WRITABLE_PAGE, action)][(path, file_class)]["old"]:
++ write = self.filedict[application, WRITABLE_PAGE, action][path, file_class][key]
++ self.files_initial_data_insert(self.writable_files_liststore, path, write, file_class)
+ except KeyError:
+ pass
+
-+ def writable_files_initial_data_insert(self, filepath, seLinux_label, file_class):
-+ iter = self.writable_files_treestore.append(None)
++ def files_initial_data_insert(self, liststore, filepath, seLinux_label, file_class):
++ iter = liststore.append(None)
+ if filepath == None:
-+ self.writable_files_treestore.set_value(iter, 0, "MISSING FILE PATH")
++ liststore.set_value(iter, 0, "MISSING FILE PATH")
+ else:
-+ self.writable_files_treestore.set_value(iter, 0, filepath)
-+ self.writable_files_treestore.set_value(iter, 1, seLinux_label)
-+ self.writable_files_treestore.set_value(iter, 2, file_class)
++ liststore.set_value(iter, 0, filepath)
++ liststore.set_value(iter, 1, seLinux_label)
++ liststore.set_value(iter, 2, file_class)
+ if filepath:
+ for path in sepolicy.find_file(filepath):
-+ niter = self.writable_files_treestore.append(iter)
-+ self.writable_files_treestore.set_value(niter, 0, path)
-+ self.set_mislabeled(self.writable_files_treestore, path, iter, niter)
++ niter = liststore.append(iter)
++ liststore.set_value(niter, 0, path)
++ self.set_mislabeled(liststore, path, iter, niter)
+
+ def markup(self, f):
+ return "<b>%s</b>" % f
@@ -517218,30 +517221,20 @@ index 0000000..664b5bb
+ for path in self.file_types[app][0]:
+ desc = sepolicy.get_description(app, markup = self.markup)
+ try:
-+ if self.filedict[(application, 2, "Modify")][(path, file_class)]["type"] == app:
++ if self.filedict[(application, APP_PAGE, "Modify")][(path, file_class)]["type"] == app:
+ continue
+ except KeyError:
+ pass
-+ self.application_file_types_initial_data_insert(path, desc, file_class)
++ self.files_initial_data_insert(self.application_files_liststore, path, desc, file_class)
+ try:
+ for action, key in (("Add", "old"), ("Modify", "changed")):
-+ for path, file_class in self.filedict[application, 2, action]:
-+ if not self.filedict[(application, 2, action)][(path, file_class)][key]:
-+ ftype = self.filedict[application, 2, action][path, file_class]["type"]
++ for path, file_class in self.filedict[application, APP_PAGE, action]:
++ if not self.filedict[(application, APP_PAGE, action)][(path, file_class)][key]:
++ ftype = self.filedict[application, APP_PAGE, action][path, file_class]["type"]
+ self.application_file_types_initial_data_insert(path, ftype, file_class)
+ except KeyError:
+ pass
+
-+ def application_file_types_initial_data_insert(self, filepath, desc, file_class):
-+ iter = self.application_files_treestore.append(None)
-+ self.application_files_treestore.set_value(iter, 0, filepath)
-+ self.application_files_treestore.set_value(iter, 1, desc)
-+ self.application_files_treestore.set_value(iter, 2, file_class)
-+ for path in sepolicy.find_file(filepath):
-+ niter = self.application_files_treestore.append(iter)
-+ self.application_files_treestore.set_value(niter, 0, path)
-+ self.set_mislabeled(self.application_files_treestore, path, iter, niter)
-+
+ def bool_initialize(self, application):
+ for blist in sepolicy.get_bools(application):
+ for b, active in blist:
@@ -517253,13 +517246,13 @@ index 0000000..664b5bb
+
+ def boolean_initial_data_insert(self, val, desc, active):
+ # Insert data from data source into tree
-+ iter = self.boolean_tree_data_set.append()
-+ self.boolean_tree_data_set.set_value(iter, 0, active)
-+ self.boolean_tree_data_set.set_value(iter, 1, desc)
-+ self.boolean_tree_data_set.set_value(iter, 2, val)
-+ self.boolean_tree_data_set.set_value(iter, 3, _('More...'))
++ iter = self.boolean_liststore.append()
++ self.boolean_liststore.set_value(iter, 0, active)
++ self.boolean_liststore.set_value(iter, 1, desc)
++ self.boolean_liststore.set_value(iter, 2, val)
++ self.boolean_liststore.set_value(iter, 3, _('More...'))
+
-+ def transitions_into_x_initialize(self, application):
++ def transitions_into_initialize(self, application):
+ for x in sepolicy.get_transitions_into(application):
+ active = None
+ executable = None
@@ -517270,19 +517263,19 @@ index 0000000..664b5bb
+ executable = x["target"]
+ if "source" in x:
+ source = x["source"]
-+ self.transitions_into_x_initial_data_insert(active, executable, source)
++ self.transitions_into_initial_data_insert(active, executable, source)
+
-+ def transitions_into_x_initial_data_insert(self, active, executable, source):
-+ iter = self.transitions_into_x_tree_data_set.append()
++ def transitions_into_initial_data_insert(self, active, executable, source):
++ iter = self.transitions_into_liststore.append()
+ if active != None:
-+ self.transitions_into_x_tree_data_set.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top)
++ self.transitions_into_liststore.set_value(iter, 0, enabled[active[0][1]]) # active[0][1] is either T or F (enabled is all the way at the top)
+ else:
-+ self.transitions_into_x_tree_data_set.set_value(iter, 0, enabled[True])
++ self.transitions_into_liststore.set_value(iter, 0, enabled[True])
+
-+ self.transitions_into_x_tree_data_set.set_value(iter, 2, executable)
-+ self.transitions_into_x_tree_data_set.set_value(iter, 1, source)
++ self.transitions_into_liststore.set_value(iter, 2, executable)
++ self.transitions_into_liststore.set_value(iter, 1, source)
+
-+ def transitions_from_x_initialize(self, application):
++ def transitions_from_initialize(self, application):
+ fcdict = sepolicy.get_fcdict()
+ for x in sepolicy.get_transitions(application):
+ active = None
@@ -517296,31 +517289,31 @@ index 0000000..664b5bb
+ transtype = x["transtype"]
+ try:
+ for executable in fcdict[executable_type]["regex"]:
-+ self.transitions_from_x_initial_data_insert(active, executable, transtype)
++ self.transitions_from_initial_data_insert(active, executable, transtype)
+ except KeyError:
+ pass
+
-+ def transitions_from_x_initial_data_insert(self, active, executable, transtype):
-+ iter = self.transitions_from_x_treestore.append(None)
++ def transitions_from_initial_data_insert(self, active, executable, transtype):
++ iter = self.transitions_from_liststore.append(None)
+ if active == None:
-+ self.transitions_from_x_treestore.set_value(iter, 0, enabled[True])
-+ self.transitions_from_x_treestore.set_value(iter, 5, False)
++ self.transitions_from_liststore.set_value(iter, 0, enabled[True])
++ self.transitions_from_liststore.set_value(iter, 5, False)
+ else:
-+ niter = self.transitions_from_x_treestore.append(iter)
++ niter = self.transitions_from_liststore.append(iter)
+ # active[0][1] is either T or F (enabled is all the way at the top)
-+ self.transitions_from_x_treestore.set_value(iter, 0, enabled[active[0][1]])
++ self.transitions_from_liststore.set_value(iter, 0, enabled[active[0][1]])
+ markup = '<span foreground="blue"><u>%s</u></span>'
+ if active[0][1]:
-+ self.transitions_from_x_treestore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section."))))
++ self.transitions_from_liststore.set_value(niter, 2, (_("To disable this transition, go to the " + markup % _("Boolean section."))))
+ else:
-+ self.transitions_from_x_treestore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section."))))
++ self.transitions_from_liststore.set_value(niter, 2, (_("To enable this transition, go to the " + markup % _("Boolean section."))))
+
+ # active[0][0] is the Bool Name
-+ self.transitions_from_x_treestore.set_value(niter, 1, active[0][0])
-+ self.transitions_from_x_treestore.set_value(niter, 5, True)
++ self.transitions_from_liststore.set_value(niter, 1, active[0][0])
++ self.transitions_from_liststore.set_value(niter, 5, True)
+
-+ self.transitions_from_x_treestore.set_value(iter, 2, executable)
-+ self.transitions_from_x_treestore.set_value(iter, 3, transtype)
++ self.transitions_from_liststore.set_value(iter, 2, executable)
++ self.transitions_from_liststore.set_value(iter, 3, transtype)
+
+ def transitions_files_initialize(self, application):
+ for i in sepolicy.get_file_transitions(application):
@@ -517341,127 +517334,166 @@ index 0000000..664b5bb
+
+ def tab_change(self, *args):
+ self.clear_filters()
++ self.treeview = None
++ self.filter = None
++ self.liststore = None
+ self.modify_button.set_sensitive(False)
+ self.add_modify_delete_box.hide()
-+ if self.booleans_radio_button.get_active():
++
++ if self.boolean_radio_button.get_active():
+ self.outer_notebook.set_current_page(BOOLEANS_PAGE)
-+ self.fuzzin_modify(self.boolean_treeview)
-+ self.filter_box.show()
++ self.treeview = self.boolean_treeview
+
+ if self.files_radio_button.get_active():
+ self.add_modify_delete_box.show()
+ self.outer_notebook.set_current_page(FILES_PAGE)
-+ self.filter_box.show()
-+ ipage = self.inner_notebook_files.get_current_page()
-+ if ipage == 0:
-+ self.fuzzin_modify(self.executable_files_treeview)
-+ elif ipage == 1:
-+ self.fuzzin_modify(self.writable_files_treeview)
-+ elif ipage == 2:
-+ self.fuzzin_modify(self.application_files_treeview)
++ if args[0] == self.inner_notebook_files:
++ ipage = args[2]
++ else:
++ ipage = self.inner_notebook_files.get_current_page()
++ if ipage == EXE_PAGE:
++ self.treeview = self.executable_files_treeview
++ elif ipage == WRITABLE_PAGE:
++ self.treeview = self.writable_files_treeview
++ elif ipage == APP_PAGE:
++ self.treeview = self.application_files_treeview
+
+ if self.network_radio_button.get_active():
+ self.add_modify_delete_box.show()
-+ self.filter_box.show()
+ self.outer_notebook.set_current_page(NETWORK_PAGE)
-+ ipage = self.inner_notebook_network.get_current_page()
-+ if ipage == 0:
-+ self.fuzzin_modify(self.out_network_treeview)
-+ if ipage == 1:
-+ self.fuzzin_modify(self.in_network_treeview)
++ if args[0] == self.inner_notebook_network:
++ ipage = args[2]
++ else:
++ ipage = self.inner_notebook_network.get_current_page()
++ if ipage == OUTBOUND_PAGE:
++ self.treeview = self.network_out_treeview
++ if ipage == INBOUND_PAGE:
++ self.treeview = self.network_in_treeview
+
+ if self.transitions_radio_button.get_active():
+ self.outer_notebook.set_current_page(TRANSITIONS_PAGE)
-+ self.filter_box.show()
++ if args[0] == self.inner_notebook_transitions:
++ ipage = args[2]
++ else:
++ ipage = self.inner_notebook_transitions.get_current_page()
++ if ipage == TRANSITIONS_FROM_PAGE:
++ self.treeview = self.transitions_from_treeview
++ if ipage == TRANSITIONS_TO_PAGE:
++ self.treeview = self.transitions_into_treeview
++ if ipage == TRANSITIONS_FILE_PAGE:
++ self.treeview = self.transitions_file_treeview
+
+ if self.system_radio_button.get_active():
+ self.outer_notebook.set_current_page(SYSTEM_PAGE)
+ self.filter_box.hide()
+
+ if self.lockdown_radio_button.get_active():
++ self.lockdown_init()
+ self.outer_notebook.set_current_page(LOCKDOWN_PAGE)
+ self.filter_box.hide()
+
+ if self.user_radio_button.get_active():
+ self.outer_notebook.set_current_page(USER_PAGE)
+ self.add_modify_delete_box.show()
-+ self.fuzzin_modify(self.user_treeview)
-+ self.filter_box.show()
++ self.treeview = self.user_treeview
+
+ if self.login_radio_button.get_active():
+ self.outer_notebook.set_current_page(LOGIN_PAGE)
+ self.add_modify_delete_box.show()
-+ self.fuzzin_modify(self.login_treeview)
-+ self.filter_box.show()
++ self.treeview = self.login_treeview
+
+ if self.file_equiv_radio_button.get_active():
+ self.outer_notebook.set_current_page(FILE_EQUIV_PAGE)
++ self.add_modify_delete_box.show()
++ self.treeview = self.file_equiv_treeview
++
++ self.opage = self.outer_notebook.get_current_page()
++ if self.treeview:
+ self.filter_box.show()
++ self.filter = self.treeview.get_model()
++ self.liststore = self.filter.get_model()
++ self.fuzzin_modify()
++
++ def display_more_detail(self, windows, path):
++ it = self.boolean_filter.get_iter(path)
++ it = self.boolean_filter.convert_iter_to_child_iter(it)
+
-+ def return_to_booleans_clicked(self, model, path):
-+ self.booleans_radio_button.clicked()
-+ path = self.transitions_from_x_treemodelsort.convert_path_to_child_path(path)
-+ it = self.transitions_from_x_filter_data_set.get_iter(path)
-+ it = self.transitions_from_x_filter_data_set.convert_iter_to_child_iter(it)
-+ self.filter.set_text(self.transitions_from_x_treestore.get_value(it, 1))
-+
-+ def display_more_detail(self, windows, position):
-+ path = self.booleans_treemodel_sort.convert_path_to_child_path(position)
-+ it = self.booleans_filter_data_set.get_iter(path)
-+ it = self.booleans_filter_data_set.convert_iter_to_child_iter(it)
-+
-+ self.booleans_more_detail_tree_data_set.clear()
-+ self.booleans_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_tree_data_set.get_value(it, 2))
-+ blist = sepolicy.get_boolean_rules(self.application,self.boolean_tree_data_set.get_value(it, 2));
++ self.boolean_more_detail_tree_data_set.clear()
++ self.boolean_more_detail_window.set_title(_("Boolean %s Allow Rules") % self.boolean_liststore.get_value(it, 2))
++ blist = sepolicy.get_boolean_rules(self.application,self.boolean_liststore.get_value(it, 2));
+ for b in blist:
+ self.display_more_detail_init(b["source"], b["target"], b["class"], b["permlist"])
-+ self.booleans_more_detail_window.show()
++ self.boolean_more_detail_window.show()
+
+ def display_more_detail_init(self, source, target, class_type, permission):
-+ iter = self.booleans_more_detail_tree_data_set.append()
-+ self.booleans_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission)))
++ iter = self.boolean_more_detail_tree_data_set.append()
++ self.boolean_more_detail_tree_data_set.set_value(iter, 0, "allow %s %s:%s { %s };" % (source, target, class_type, " ".join(permission)))
+
+ def add_button_clicked(self, *args):
-+ opage = self.outer_notebook.get_current_page()
++ self.modify = False
+ self.modify_mode=False
-+ if opage == NETWORK_PAGE:
++ if self.opage == NETWORK_PAGE:
+ self.popup_network_label.set_text((_("Add Network Port for %s. Ports will be created when update is applied."))% self.application)
-+ self.popup_window_network.set_title((_("Add Network Port for %s"))% self.application)
++ self.network_popup_window.set_title((_("Add Network Port for %s"))% self.application)
+ self.init_network_dialog(args)
+ return
+
-+ if opage == FILES_PAGE:
++ if self.opage == FILES_PAGE:
+ self.popup_files_label.set_text((_("Add File Labeling for %s. File labels will be created when update is applied."))% self.application)
-+ self.popup_window_files.set_title((_("Add File Labeling for %s"))% self.application)
++ self.files_popup_window.set_title((_("Add File Labeling for %s"))% self.application)
+ self.init_files_dialog(args)
+ ipage = self.inner_notebook_files.get_current_page()
-+ if ipage == 0:
++ if ipage == EXE_PAGE:
+ self.files_path_entry.set_text("ex: /usr/sbin/Foobar")
+ else:
+ self.files_path_entry.set_text("ex: /var/lib/Foobar")
+ self.files_path_entry.select_region(0, -1)
+ self.clear_entry = True
+
-+ if opage == LOGIN_PAGE:
++ if self.opage == LOGIN_PAGE:
+ self.login_label.set_text((_("Add User Mapping. User Mapping will be created when Update is applied.")))
+ self.login_popup_window.set_title(_("Add User Mapping"))
+ self.login_init_dialog(args)
+ self.clear_entry = True
+
-+ if opage == USER_PAGE:
++ if self.opage == USER_PAGE:
+ self.user_label.set_text((_("Add SELinux User Role. SELinux user roles will be created when update is applied.")))
+ self.user_popup_window.set_title(_("Add SELinux Users"))
+ self.user_init_dialog(args)
+ self.clear_entry = True
+
++ if self.opage == FILE_EQUIV_PAGE:
++ self.file_equiv_source_entry.set_text("")
++ self.file_equiv_dest_entry.set_text("")
++ self.file_equiv_label.set_text((_("Add File Equivalency Mapping. Mapping will be created when update is applied.")))
++ self.file_equiv_popup_window.set_title(_("Add SELinux File Equivalency"))
++ self.clear_entry = True
++ self.show_popup(self.file_equiv_popup_window)
++
++ def show_popup(self, window):
++ self.popup_window = window
++ window.show()
++
++ def close_popup(self, *args):
++ self.popup_window.hide()
++ self.window.set_sensitive(True)
++
+ def modify_button_clicked(self, *args):
-+ opage = self.outer_notebook.get_current_page()
-+ if opage == NETWORK_PAGE:
++ iter = None
++ if self.treeview:
++ row = self.treeview.get_selection()
++ iter = row.get_selected()[1]
++ if not iter:
++ self.modify_button.set_sensitive(False)
++ return
++
++ self.modify = True
++ if self.opage == NETWORK_PAGE:
+ self.modify_button_network_clicked(args)
+
-+ if opage == FILES_PAGE:
++ if self.opage == FILES_PAGE:
+ self.popup_files_label.set_text((_("Modify File Labeling for %s. File labels will be created when update is applied."))% self.application)
-+ self.popup_window_files.set_title((_("Add File Labeling for %s"))% self.application)
++ self.files_popup_window.set_title((_("Add File Labeling for %s"))% self.application)
+ self.delete_old_item = None
+ self.init_files_dialog(args)
+ self.modify_mode=True
@@ -517470,92 +517502,77 @@ index 0000000..664b5bb
+ ipage = self.inner_notebook_files.get_current_page()
+ if (self.application, ipage, operation) not in self.filedict:
+ self.filedict[(self.application, ipage, operation)] = {}
-+ if ipage == self.EXE_PAGE:
-+ row = self.executable_files_treeview.get_selection()
-+ iter = row.get_selected()[1]
-+ if not iter:
-+ self.modify_button.set_sensitive(False)
-+ return
-+ iter = self.executable_files_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.exe_files_filter_data_set.convert_iter_to_child_iter(iter)
++
++ if ipage == EXE_PAGE:
++ iter = self.executable_files_filter.convert_iter_to_child_iter(iter)
+ self.delete_old_item = iter
-+ path = self.executable_files_treestore.get_value(iter, 0)
++ path = self.executable_files_liststore.get_value(iter, 0)
+ self.files_path_entry.set_text(path)
-+ ftype = self.executable_files_treestore.get_value(iter, 1)
++ ftype = self.executable_files_liststore.get_value(iter, 1)
+ if type != None:
+ self.combo_set_active_text(self.files_type_combobox, ftype)
-+ tclass = self.executable_files_treestore.get_value(iter, 2)
++ tclass = self.executable_files_liststore.get_value(iter, 2)
+ if tclass != None:
+ self.combo_set_active_text(self.files_class_combobox, tclass)
+
-+ if ipage == self.WRITABLE_PAGE:
-+ row = self.writable_files_treeview.get_selection()
-+ iter = row.get_selected()[1]
-+ if not iter:
-+ self.modify_button.set_sensitive(False)
-+
-+ return
-+ iter = self.writable_files_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.writable_files_filter_data_set.convert_iter_to_child_iter(iter)
++ if ipage == WRITABLE_PAGE:
++ iter = self.writable_files_filter.convert_iter_to_child_iter(iter)
+ self.delete_old_item = iter
-+ path = self.writable_files_treestore.get_value(iter, 0)
++ path = self.writable_files_liststore.get_value(iter, 0)
+ self.files_path_entry.set_text(path)
-+ type = self.writable_files_treestore.get_value(iter, 1)
++ type = self.writable_files_liststore.get_value(iter, 1)
+ if type != None:
+ self.combo_set_active_text(self.files_type_combobox, type)
-+ tclass = self.writable_files_treestore.get_value(iter, 2)
++ tclass = self.writable_files_liststore.get_value(iter, 2)
+ if tclass != None:
+ self.combo_set_active_text(self.files_class_combobox, tclass)
+
-+ if ipage == self.APP_PAGE:
-+ row = self.application_files_treeview.get_selection()
-+ # iter[0] is tree model iter[1] is the iter
-+ iter = row.get_selected()[1]
-+ if not iter:
-+ self.modify_button.set_sensitive(False)
-+ return
-+ iter = self.application_files_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.application_files_filter_data_set.convert_iter_to_child_iter(iter)
++ if ipage == APP_PAGE:
++ iter = self.application_files_filter.convert_iter_to_child_iter(iter)
+ self.delete_old_item = iter
-+ path = self.application_files_treestore.get_value(iter, 0)
++ path = self.application_files_liststore.get_value(iter, 0)
+ self.files_path_entry.set_text(path)
+ try:
-+ get_type = self.application_files_treestore.get_value(iter, 1)
++ get_type = self.application_files_liststore.get_value(iter, 1)
+ get_type = get_type.split("<b>")[1].split("</b>")
+ except AttributeError:
+ pass
-+ type = self.application_files_treestore.get_value(iter, 2)
++ type = self.application_files_liststore.get_value(iter, 2)
+ if type != None:
+ self.combo_set_active_text(self.files_type_combobox, type)
+ tclass = get_type[0]
+ if tclass != None:
+ self.combo_set_active_text(self.files_class_combobox, tclass)
-+
++
+ self.filedict[(self.application, ipage, operation)][(path, type)] = {"type": tclass, "mls": mls, "changed": True, "old": False}
+
-+ if opage == USER_PAGE:
-+ row = self.user_treeview.get_selection()
-+ iter = row.get_selected()[1]
++ if self.opage == USER_PAGE:
+ self.user_init_dialog(args)
+ self.user_liststore.get_value(iter,0), self.user_liststore.get_value(iter,1)
+ self.user_name_entry.set_text(self.user_liststore.get_value(iter,0))
+ self.user_mls_entry.set_text(self.user_liststore.get_value(iter,3))
-+ self.user_popup_window.show()
-+
-+ if opage == LOGIN_PAGE:
++ self.show_popup(self.user_popup_window)
++
++ if self.opage == LOGIN_PAGE:
+ self.login_init_dialog(args)
-+ row = self.login_treeview.get_selection()
-+ iter = row.get_selected()[1]
-+ self.login_popup_window.show()
+ self.login_name_entry.set_text(self.login_liststore.get_value(iter,0))
+ self.login_mls_entry.set_text(self.login_liststore.get_value(iter,2))
+ self.combo_set_active_text(self.login_seuser_combobox, self.login_liststore.get_value(iter,1))
++ self.show_popup(self.login_popup_window)
++
++ if self.opage == FILE_EQUIV_PAGE:
++ self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter,0))
++ self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter,1))
++ self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied.")))
++ self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency"))
++ self.clear_entry = True
++ self.show_popup(self.file_equiv_popup_window)
+
+ def populate_type_combo(self, tree, loc, *args):
+ iter = self.more_types_files_liststore.get_iter(loc)
+ ftype = self.more_types_files_liststore.get_value(iter, 0)
+ self.combo_set_active_text(self.files_type_combobox, ftype)
-+ self.popup_window_files.show()
++ self.show_popup(self.files_popup_window)
+ self.moreTypes_window_files.hide()
+
+ def strip_domain(self, domain):
@@ -517576,8 +517593,7 @@ index 0000000..664b5bb
+ def init_files_dialog(self, *args):
+ exclude_list = []
+ self.files_class_combobox.set_sensitive(True)
-+ self.popup_window_files.show()
-+ self.window.set_sensitive(False)
++ self.show_popup(self.files_popup_window)
+ ipage = self.inner_notebook_files.get_current_page()
+ self.files_type_combolist.clear()
+ self.files_class_combolist.clear()
@@ -517592,7 +517608,7 @@ index 0000000..664b5bb
+ iter = self.files_class_combolist.append()
+ self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files])
+
-+ if ipage == self.EXE_PAGE and self.entrypoints != None:
++ if ipage == EXE_PAGE and self.entrypoints != None:
+ for exe in self.entrypoints.keys():
+ if exe.startswith(compare):
+ iter = self.files_type_combolist.append()
@@ -517602,7 +517618,7 @@ index 0000000..664b5bb
+ self.files_class_combobox.set_active(4)
+ self.files_class_combobox.set_sensitive(False)
+
-+ elif ipage == self.WRITABLE_PAGE and self.writable_files != None:
++ elif ipage == WRITABLE_PAGE and self.writable_files != None:
+ for write in self.writable_files.keys():
+ if write.startswith(compare) and not self.exclude_type(write, exclude_list):
+ iter = self.files_type_combolist.append()
@@ -517610,7 +517626,7 @@ index 0000000..664b5bb
+ iter = self.more_types_files_liststore.append()
+ self.more_types_files_liststore.set_value(iter, 0, write)
+ self.files_class_combobox.set_active(0)
-+ elif ipage == self.APP_PAGE and self.file_types != None:
++ elif ipage == APP_PAGE and self.file_types != None:
+ for app in sepolicy.get_all_file_types():
+ if app.startswith(compare):
+ if app.startswith(compare) and not self.exclude_type(app, exclude_list):
@@ -517623,14 +517639,20 @@ index 0000000..664b5bb
+ print "error"
+ pass
+ self.files_type_combobox.set_active(0)
-+ self.files_mls_combobox.set_active(0)
++ self.files_mls_entry.set_text("s0")
+ iter = self.files_type_combolist.append()
+ self.files_type_combolist.set_value(iter, 0, _('More...'))
+
+ def modify_button_network_clicked(self, *args):
++ row = self.treeview.get_selection()
++ iter = row.get_selected()[1]
++ if not iter:
++ self.modify_button.set_sensitive(False)
++ return
++
+ if self.application != None:
+ self.popup_network_label.set_text((_("Modify Network Port for %s. Ports will be created when update is applied."))% self.application)
-+ self.popup_window_network.set_title((_("Modify Network Port for %s"))% self.application)
++ self.network_popup_window.set_title((_("Modify Network Port for %s"))% self.application)
+ self.delete_old_item = None
+ self.init_network_dialog(args)
+ operation = "Modify"
@@ -517639,59 +517661,44 @@ index 0000000..664b5bb
+ ipage = self.inner_notebook_network.get_current_page()
+ if (self.application, ipage, operation) not in self.portdict:
+ self.portdict[(self.application, ipage, operation)] = {}
-+ if ipage == OUTBOUND:
-+ row = self.out_network_treeview.get_selection()
-+ iter = row.get_selected()[1]
-+ if not iter:
-+ self.modify_button.set_sensitive(False)
-+ return
-+ iter = self.out_network_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.out_network_filter_data_set.convert_iter_to_child_iter(iter)
-+ self.delete_old_item = iter
-+ port = self.out_network_tree_data_set.get_value(iter, 0)
++ self.delete_old_item = iter
++ if ipage == OUTBOUND_PAGE:
++ iter = self.network_out_filter.convert_iter_to_child_iter(iter)
++ port = self.network_out_liststore.get_value(iter, 0)
+ self.network_ports_entry.set_text(port)
-+ type = self.out_network_tree_data_set.get_value(iter, 2)
++ type = self.network_out_liststore.get_value(iter, 2)
+ if type != None:
+ self.combo_set_active_text(self.network_port_type_combobox, type)
-+ protocol = self.out_network_tree_data_set.get_value(iter, 1)
++ protocol = self.network_out_liststore.get_value(iter, 1)
+ if protocol == "tcp":
+ self.network_tcp_button.set_active(True)
+ elif protocol == "udp":
+ self.network_udp_button.set_active(True)
+
-+ elif ipage == INBOUND:
-+ row = self.in_network_treeview.get_selection()
-+ iter = row.get_selected()[1]
-+ if not iter:
-+ self.modify_button.set_sensitive(False)
-+ return
-+ iter = self.in_network_treemodel_sort.convert_iter_to_child_iter(iter)
-+ iter = self.in_network_filter_data_set.convert_iter_to_child_iter(iter)
-+ self.delete_old_item = iter
-+ port = self.in_network_tree_data_set.get_value(iter, 0)
++ elif ipage == INBOUND_PAGE:
++ iter = self.network_in_filter.convert_iter_to_child_iter(iter)
++ port = self.network_in_liststore.get_value(iter, 0)
+ self.network_ports_entry.set_text(port)
-+ type = self.in_network_tree_data_set.get_value(iter, 2)
++ type = self.network_in_liststore.get_value(iter, 2)
+ if type != None:
+ self.combo_set_active_text(self.network_port_type_combobox, type)
-+ protocol = self.in_network_tree_data_set.get_value(iter, 1)
++ protocol = self.network_in_liststore.get_value(iter, 1)
+ if protocol == "tcp":
+ self.network_tcp_button.set_active(True)
-+
-+ elif protocol == "udp":
++ if protocol == "udp":
+ self.network_udp_button.set_active(True)
+
+ self.portdict[(self.application, ipage, operation)][(port, protocol)] = {"type": type, "mls": mls, "changed": True, "old": False}
+
+ def init_network_dialog(self, *args):
-+ self.popup_window_network.show()
-+ self.window.set_sensitive(False)
++ self.show_popup(self.network_popup_window)
+ ipage = self.inner_notebook_network.get_current_page()
+ self.network_port_type_combolist.clear()
+ self.network_protocol_combolist.clear()
+ self.network_ports_entry.set_text("")
+
+ try:
-+ if ipage == OUTBOUND:
++ if ipage == OUTBOUND_PAGE:
+ netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_connect")
+ iter = self.network_protocol_combolist.append()
+ self.network_protocol_combolist.set_value(iter, 0, "tcp")
@@ -517699,7 +517706,7 @@ index 0000000..664b5bb
+ for t,ports in netd[k]:
+ iter = self.network_port_type_combolist.append()
+ self.network_port_type_combolist.set_value(iter, 0, t)
-+ elif ipage == INBOUND:
++ elif ipage == INBOUND_PAGE:
+ netd = sepolicy.network.get_network_connect(self.application, "tcp", "name_bind")
+ iter = self.network_protocol_combolist.append()
+ self.network_protocol_combolist.set_value(iter, 0, "tcp")
@@ -517719,24 +517726,7 @@ index 0000000..664b5bb
+
+ self.network_port_type_combobox.set_active(0)
+ self.network_tcp_button.set_active(True)
-+ self.network_mls_combobox.set_active(0)
-+
-+ def user_close_popup(self, *args):
-+ self.user_popup_window.hide()
-+ self.window.set_sensitive(True)
-+
-+ def user_advanced_button(self, label, *args):
-+ advanced = (label.get_text() == ADVANCED_LABEL[0])
-+ self.user_mls_label.set_visible(advanced)
-+ self.user_mls_entry.set_visible(advanced)
-+ if advanced:
-+ label.set_text(ADVANCED_LABEL[1])
-+ else:
-+ label.set_text(ADVANCED_LABEL[0])
-+
-+ def login_close_popup(self, *args):
-+ self.login_popup_window.hide()
-+ self.window.set_sensitive(True)
++ self.network_mls_entry.set_text("s0")
+
+ def login_seuser_combobox_change(self, combo, *args):
+ seuser = self.combo_get_active_text(combo)
@@ -517745,28 +517735,19 @@ index 0000000..664b5bb
+ if seuser == u['name']:
+ self.login_mls_entry.set_text(u['range'])
+
-+ def login_advanced_button(self, label, *args):
-+ advanced = (label.get_text() == ADVANCED_LABEL[0])
-+ self.login_mls_label.set_visible(advanced)
-+ self.login_mls_entry.set_visible(advanced)
-+ if advanced:
-+ label.set_text(ADVANCED_LABEL[1])
-+ else:
-+ label.set_text(ADVANCED_LABEL[0])
-+
+ def cursor_changed(self, treeview, *args):
+ row = treeview.get_selection()
+ if row == None:
+ self.modify_button.set_sensitive(False)
+ return
-+ iter = row.get_selected()[1]
++ iter = row.get_selected()[1]
+ self.modify_button.set_sensitive(iter == None)
+
+ def row_activated(self, treeview, *args):
+ self.modify_button.set_sensitive(True)
+
+ def login_init_dialog(self, *args):
-+ self.login_popup_window.show()
++ self.show_popup(self.login_popup_window)
+ self.login_seuser_combolist.clear()
+ users = sepolicy.get_all_users()
+ users.sort()
@@ -517777,7 +517758,7 @@ index 0000000..664b5bb
+ self.login_mls_entry.set_text("")
+
+ def user_init_dialog(self, *args):
-+ self.user_popup_window.show()
++ self.show_popup(self.user_popup_window)
+ self.user_liststore.clear()
+ roles = sepolicy.get_all_roles()
+ roles.sort()
@@ -517787,34 +517768,43 @@ index 0000000..664b5bb
+ self.user_name_entry.set_text("")
+ self.user_mls_entry.set_text("")
+
++ def on_deny_ptrace(self, checkbutton):
++ if self.finish_init:
++ update_buffer = "boolean -m -%d deny_ptrace" % checkbutton.get_active()
++ self.wait_mouse()
++ try:
++ self.dbus.semanage(update_buffer)
++ except dbus.exceptions.DBusException, e:
++ self.error(e)
++ self.ready_mouse()
++
+ def show_modified(self, checkbutton):
-+ opage = self.outer_notebook.get_current_page()
-+ if opage == BOOLEANS_PAGE:
++ if self.opage == BOOLEANS_PAGE:
+ self.bools_show_modified(checkbutton)
-+ if opage == FILES_PAGE:
++ if self.opage == FILES_PAGE:
+ self.files_show_modified(checkbutton)
-+ if opage == NETWORK_PAGE:
++ if self.opage == NETWORK_PAGE:
+ self.network_show_modified(checkbutton)
+
+ def bools_show_modified(self, checkbutton):
+ append_list = []
+ if checkbutton.get_active() == True:
+ for bools in self.booldict:
-+ for row in self.boolean_tree_data_set:
++ for row in self.boolean_liststore:
+ if row[2] == bools:
+ append_list.append(bools)
-+ self.boolean_tree_data_set.clear()
++ self.boolean_liststore.clear()
+ for i in append_list:
-+ iter = self.boolean_tree_data_set.append()
-+ self.boolean_tree_data_set.set_value(iter, 0, self.booldict[i]['active'])
-+ self.boolean_tree_data_set.set_value(iter, 1, sepolicy.boolean_desc(i))
-+ self.boolean_tree_data_set.set_value(iter, 2, i)
-+ self.boolean_tree_data_set.set_value(iter, 3, _('More...'))
++ iter = self.boolean_liststore.append()
++ self.boolean_liststore.set_value(iter, 0, self.booldict[i]['active'])
++ self.boolean_liststore.set_value(iter, 1, sepolicy.boolean_desc(i))
++ self.boolean_liststore.set_value(iter, 2, i)
++ self.boolean_liststore.set_value(iter, 3, _('More...'))
+ elif self.application != None:
-+ self.boolean_tree_data_set.clear()
++ self.boolean_liststore.clear()
+ self.bool_initialize(self.application)
+
-+ def init_modified_files_treestore(self, tree, app, ipage, operation, path, fclass, ftype):
++ def init_modified_files_liststore(self, tree, app, ipage, operation, path, fclass, ftype):
+ iter = tree.append(None)
+ tree.set_value(iter, 0, path)
+ tree.set_value(iter, 1, ftype)
@@ -517824,11 +517814,11 @@ index 0000000..664b5bb
+ ipage = self.inner_notebook_files.get_current_page()
+ if checkbutton.get_active() == True:
+ modlist = {}
-+ if ipage == self.EXE_PAGE:
++ if ipage == EXE_PAGE:
+ removedict = {}
-+ for i in self.executable_files_treestore:
++ for i in self.executable_files_liststore:
+ modlist[i] = {'path': i[0], 'type': i[1], 'class': i[2]}
-+ self.executable_files_treestore.clear()
++ self.executable_files_liststore.clear()
+ try:
+ for exe, fclass in self.filedict[self.application, ipage, "Add"]:
+ ftype = self.filedict[self.application, ipage, "Add"][exe, fclass]["type"]
@@ -517837,7 +517827,7 @@ index 0000000..664b5bb
+ for i in modlist:
+ if exe == modlist[i]['path'] and fclass == modlist[i]['class'] and ftype == modlist[i]['type']:
+
-+ self.init_modified_files_treestore(self.executable_files_treestore, self.application, ipage, "Add", exe, fclass, ftype)
++ self.init_modified_files_liststore(self.executable_files_liststore, self.application, ipage, "Add", exe, fclass, ftype)
+ miss = False
+ if miss:
+ if (self.application, ipage, "Add") not in removedict:
@@ -517845,7 +517835,7 @@ index 0000000..664b5bb
+ removedict[self.application, ipage, "Add"][exe, fclass] = {"type": ftype}
+
+ else:
-+ self.init_modified_files_treestore(self.executable_files_treestore, self.application, ipage, "Add", exe, fclass, ftype)
++ self.init_modified_files_liststore(self.executable_files_liststore, self.application, ipage, "Add", exe, fclass, ftype)
+
+ for r in removedict:
+ for b in removedict[r]:
@@ -517855,18 +517845,18 @@ index 0000000..664b5bb
+ pass
+ try:
+ for exe, fclass in self.filedict[self.application, ipage, "Modify"]:
-+ iter = self.executable_files_treestore.append(None)
++ iter = self.executable_files_liststore.append(None)
+ if not self.filedict[(self.application, ipage, "Modify")][(exe, fclass)]["changed"]:
-+ self.executable_files_treestore.set_value(iter, 0, exe)
-+ self.executable_files_treestore.set_value(iter, 1, self.filedict[(self.application, ipage, "Modify")][(exe, fclass)]["type"])
-+ self.executable_files_treestore.set_value(iter, 2, fclass)
++ self.executable_files_liststore.set_value(iter, 0, exe)
++ self.executable_files_liststore.set_value(iter, 1, self.filedict[(self.application, ipage, "Modify")][(exe, fclass)]["type"])
++ self.executable_files_liststore.set_value(iter, 2, fclass)
+ except KeyError:
+ pass
-+ elif ipage == self.WRITABLE_PAGE:
++ elif ipage == WRITABLE_PAGE:
+ removedict = {}
-+ for i in self.writable_files_treestore:
++ for i in self.writable_files_liststore:
+ modlist[i] = {'path': i[0], 'type': i[1], 'class': i[2]}
-+ self.writable_files_treestore.clear()
++ self.writable_files_liststore.clear()
+ try:
+ for write, fclass in self.filedict[self.application, ipage, "Add"]:
+ ftype = self.filedict[self.application, ipage, "Add"][write, fclass]["type"]
@@ -517874,14 +517864,14 @@ index 0000000..664b5bb
+ miss = True
+ for i in modlist:
+ if write == modlist[i]['path'] and fclass == modlist[i]['class'] and ftype == modlist[i]['type']:
-+ self.init_modified_files_treestore(self.writable_files_treestore, self.application, ipage, "Add", write, fclass, ftype)
++ self.init_modified_files_liststore(self.writable_files_liststore, self.application, ipage, "Add", write, fclass, ftype)
+ miss = False
+ if miss:
+ if (self.application, ipage, "Add") not in removedict:
+ removedict[self.application, ipage, "Add"] = {}
+ removedict[self.application, ipage, "Add"][write, fclass] = {"type": ftype}
+ else:
-+ self.init_modified_files_treestore(self.writable_files_treestore, self.application, ipage, "Add", write, fclass, ftype)
++ self.init_modified_files_liststore(self.writable_files_liststore, self.application, ipage, "Add", write, fclass, ftype)
+
+ for r in removedict:
+ for b in removedict[r]:
@@ -517891,18 +517881,18 @@ index 0000000..664b5bb
+ pass
+ try:
+ for write, fclass in self.filedict[self.application, ipage, "Modify"]:
-+ iter = self.writable_files_treestore.append(None)
++ iter = self.writable_files_liststore.append(None)
+ if not self.filedict[(self.application, ipage, "Modify")][(write, fclass)]["changed"]:
-+ self.writable_files_treestore.set_value(iter, 0, write)
-+ self.writable_files_treestore.set_value(iter, 1, self.filedict[(self.application, ipage, "Modify")][(write, fclass)]["type"])
-+ self.writable_files_treestore.set_value(iter, 2, fclass)
++ self.writable_files_liststore.set_value(iter, 0, write)
++ self.writable_files_liststore.set_value(iter, 1, self.filedict[(self.application, ipage, "Modify")][(write, fclass)]["type"])
++ self.writable_files_liststore.set_value(iter, 2, fclass)
+ except KeyError:
+ pass
-+ elif ipage == self.APP_PAGE:
++ elif ipage == APP_PAGE:
+ removedict = {}
-+ for i in self.application_files_treestore:
++ for i in self.application_files_liststore:
+ modlist[i] = {'path': i[0], 'type': i[1], 'class': i[2]}
-+ self.application_files_treestore.clear()
++ self.application_files_liststore.clear()
+ try:
+ for app, fclass in self.filedict[self.application, ipage, "Add"]:
+ ftype = self.filedict[self.application, ipage, "Add"][app, fclass]["type"]
@@ -517910,7 +517900,7 @@ index 0000000..664b5bb
+ miss = True
+ for i in modlist:
+ if app == modlist[i]['path'] and fclass == modlist[i]['class'] and ftype == modlist[i]['type']:
-+ self.init_modified_files_treestore(self.application_files_treestore, self.application, ipage, "Add", app, fclass, ftype)
++ self.init_modified_files_liststore(self.application_files_liststore, self.application, ipage, "Add", app, fclass, ftype)
+ miss = False
+ if miss:
+ if (self.application, ipage, "Add") not in removedict:
@@ -517918,7 +517908,7 @@ index 0000000..664b5bb
+ removedict[self.application, ipage, "Add"][app, fclass] = {"type": ftype}
+ else:
+ markup = self.markup(ftype)
-+ self.init_modified_files_treestore(self.application_files_treestore, self.application, ipage, "Add", app, fclass, markup)
++ self.init_modified_files_liststore(self.application_files_liststore, self.application, ipage, "Add", app, fclass, markup)
+
+ for r in removedict:
+ for b in removedict[r]:
@@ -517929,113 +517919,68 @@ index 0000000..664b5bb
+ try:
+ for app, fclass in self.filedict[self.application, ipage, "Modify"]:
+ markup = self.markup(self.filedict[(self.application, ipage, "Modify")][(app, fclass)]["type"])
-+ iter = self.application_files_treestore.append(None)
++ iter = self.application_files_liststore.append(None)
+ if not self.filedict[(self.application, ipage, "Modify")][(app, fclass)]["changed"]:
-+ self.application_files_treestore.set_value(iter, 0, app)
-+ self.application_files_treestore.set_value(iter, 1, markup)
-+ self.application_files_treestore.set_value(iter, 2, fclass)
++ self.application_files_liststore.set_value(iter, 0, app)
++ self.application_files_liststore.set_value(iter, 1, markup)
++ self.application_files_liststore.set_value(iter, 2, fclass)
+ except KeyError:
+ pass
+
+ elif self.application != None:
-+ if ipage == self.EXE_PAGE:
-+ self.executable_files_treestore.clear()
++ if ipage == EXE_PAGE:
++ self.executable_files_liststore.clear()
+ self.executable_files_initialize(self.application)
-+ elif ipage == self.WRITABLE_PAGE:
-+ self.writable_files_treestore.clear()
++ elif ipage == WRITABLE_PAGE:
++ self.writable_files_liststore.clear()
+ self.writable_files_initialize(self.application)
-+ elif ipage == self.APP_PAGE:
-+ self.application_files_treestore.clear()
++ elif ipage == APP_PAGE:
++ self.application_files_liststore.clear()
+ self.application_file_types_initialize(self.application)
+
+ def network_show_modified(self, checkbutton):
+ ipage = self.inner_notebook_network.get_current_page()
++ liststore = (self.network_out_liststore, self.network_in_liststore)[ipage]
++ liststore.clear()
+ if checkbutton.get_active() == True:
-+ outlist = {}
-+ inlist = {}
-+ for i in self.out_network_tree_data_set:
-+ outlist[i] = {'port': i[0], 'protocol': i[1], 'type': i[2]}
-+ for j in self.in_network_tree_data_set:
-+ inlist[j] = {'port': j[0], 'protocol': j[1], 'type': j[2]}
-+ self.out_network_tree_data_set.clear()
-+ self.in_network_tree_data_set.clear()
-+ if ipage == OUTBOUND:
-+ try:
-+ for port, protocol in self.portdict[self.application, ipage, "Add"]:
-+ type = self.portdict[(self.application, ipage, "Add")][(port, protocol)]["type"]
-+ if self.portdict[(self.application, ipage, "Add")][(port, protocol)]["old"]:
++ for i in liststore:
++ list[i] = {'port': i[0], 'protocol': i[1], 'type': i[2]}
++ try:
++ for action, key in (("Add", "old"), ("Modify", "changed")):
++ for port, protocol in self.portdict[self.application, ipage, action]:
++ type = self.portdict[(self.application, ipage, action)][(port, protocol)]["type"]
++ if self.portdict[(self.application, ipage, action)][(port, protocol)][key]:
+ for i in outlist:
+ if port in outlist[i]['port'].split(',') and protocol == outlist[i]['protocol'] and type == outlist[i]['type']:
-+ iter = self.out_network_tree_data_set.append()
-+ self.out_network_tree_data_set.set_value(iter, 0, port)
-+ self.out_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.out_network_tree_data_set.set_value(iter, 2, type)
-+ else:
-+ iter = self.out_network_tree_data_set.append()
-+ self.out_network_tree_data_set.set_value(iter, 0, port)
-+ self.out_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.out_network_tree_data_set.set_value(iter, 2, type)
-+ except KeyError:
-+ pass
-+ try:
-+ for port, protocol in self.portdict[self.application, ipage, "Modify"]:
-+ if not self.portdict[(self.application, ipage, "Modify")][(port, protocol)]["changed"]:
-+ iter = self.out_network_tree_data_set.append()
-+ type = self.portdict[(self.application, ipage, "Modify")][(port, protocol)]["type"]
-+ self.out_network_tree_data_set.set_value(iter, 0, port)
-+ self.out_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.out_network_tree_data_set.set_value(iter, 2, type)
-+ except KeyError:
-+ pass
-+ elif ipage == INBOUND:
-+ try:
-+ for port, protocol in self.portdict[self.application, ipage, "Add"]:
-+ type = self.portdict[(self.application, ipage, "Add")][(port, protocol)]["type"]
-+ if self.portdict[(self.application, ipage, "Add")][(port, protocol)]["old"]:
-+ for i in inlist:
-+ if port in inlist[i]['port'] and protocol == inlist[i]['protocol'] and type == inlist[i]['type']:
-+ iter = self.in_network_tree_data_set.append()
-+ self.in_network_tree_data_set.set_value(iter, 0, port)
-+ self.in_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.in_network_tree_data_set.set_value(iter, 2, type)
++ iter = liststore.append()
++ liststore.set_value(iter, 0, port)
++ liststore.set_value(iter, 1, protocol)
++ liststore.set_value(iter, 2, type)
+ else:
-+ iter = self.in_network_tree_data_set.append()
-+ self.in_network_tree_data_set.set_value(iter, 0, port)
-+ self.in_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.in_network_tree_data_set.set_value(iter, 2, type)
-+ except IndexError:
-+ pass
-+ try:
-+ for port, protocol in self.portdict[self.application, ipage, "Modify"]:
-+ if not self.portdict[(self.application, ipage, "Modify")][(port, protocol)]["changed"]:
-+ iter = self.in_network_tree_data_set.append()
-+ type = self.portdict[(self.application, ipage, "Modify")][(port, protocol)]["type"]
-+ self.in_network_tree_data_set.set_value(iter, 0, port)
-+ self.in_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.in_network_tree_data_set.set_value(iter, 2, type)
-+ except KeyError:
-+ pass
++ iter = self.liststore.append()
++ liststore.set_value(iter, 0, port)
++ liststore.set_value(iter, 1, protocol)
++ liststore.set_value(iter, 2, type)
++ except KeyError:
++ pass
++ except IndexError:
++ pass
+ elif self.application != None:
-+ if ipage == OUTBOUND:
-+ self.out_network_tree_data_set.clear()
-+ self.network_initialize(self.application)
-+ elif ipage == INBOUND:
-+ self.in_network_tree_data_set.clear()
-+ self.network_initialize(self.application)
++ self.network_initialize(self.application)
+
+ def restore_to_default(self, *args):
+ print "restore to defualt clicked..."
+
+ def invalid_entry_retry(self, *args):
+ self.closewindow(self.error_check_window)
-+ self.popup_window_files.set_sensitive(True)
-+ self.popup_window_network.set_sensitive(True)
++ self.files_popup_window.set_sensitive(True)
++ self.network_popup_window.set_sensitive(True)
+
+ def error_check_files(self, insert_txt):
+ if len(insert_txt) == 0 or insert_txt[0] != '/':
+ self.error_check_window.show()
-+ self.popup_window_files.set_sensitive(False)
-+ self.popup_window_network.set_sensitive(False)
++ self.files_popup_window.set_sensitive(False)
++ self.network_popup_window.set_sensitive(False)
+ self.error_check_label.set_text((_("The entry '%s' is not a valid path. Paths must begin with a '/'.")) % insert_txt)
+ return True
+ return False
@@ -518047,21 +517992,41 @@ index 0000000..664b5bb
+ raise ValueError
+ except ValueError:
+ self.error_check_window.show()
-+ self.popup_window_files.set_sensitive(False)
-+ self.popup_window_network.set_sensitive(False)
++ self.files_popup_window.set_sensitive(False)
++ self.network_popup_window.set_sensitive(False)
+ self.error_check_label.set_text((_("Port number must be between 1 and 65536")))
+ return True
+ return False
+
+ def show_more_types(self, *args):
-+ if self.combo_get_active_text(self.files_type_combobox) == _('More...'):
-+ self.popup_window_files.hide()
-+ self.moreTypes_window_files.show()
++ if self.finish_init:
++ if self.combo_get_active_text(self.files_type_combobox) == _('More...'):
++ self.files_popup_window.hide()
++ self.moreTypes_window_files.show()
+
+ def update_to_login(self, *args):
+ type = self.combo_get_active_text(self.login_seuser_combolist)
+ print self.login_name_entry.get_text()
+ print self.login_mls_entry.get_text()
++ self.login_popup_window.hide()
++
++ def update_to_file_equiv(self, *args):
++ self.file_equiv_popup_window.hide()
++ self.wait_mouse()
++ try:
++ if self.modify:
++ row = self.treeview.get_selection()
++ iter = row.get_selected()[1]
++ buf = "fcontext -d -e %s\n" % self.file_equiv_liststore.get_value(iter,0)
++ buf += "fcontext -a -e %s %s\n" % (self.file_equiv_dest_entry.get_text(), self.file_equiv_source_entry.get_text())
++ self.dbus.semanage(buf)
++ else:
++ self.dbus.semanage("fcontext -a -e %s %s\n" % (self.file_equiv_dest_entry.get_text(), self.file_equiv_source_entry.get_text()))
++ except dbus.exceptions.DBusException, e:
++ self.ready_mouse()
++ self.error(e.get_dbus_message())
++ return
++ self.ready_mouse()
+
+ def update_to_files(self, *args):
+ self.files_add = True
@@ -518070,7 +518035,7 @@ index 0000000..664b5bb
+ if self.error_check_files(insert_txt):
+ return
+ type = self.combo_get_active_text(self.files_type_combobox)
-+ mls = self.combo_get_active_text(self.files_mls_combobox)
++ mls = self.files_mls_entry.get_text()
+ tclass = self.combo_get_active_text(self.files_class_combobox)
+
+ self.files_path_entry.set_text("")
@@ -518081,33 +518046,19 @@ index 0000000..664b5bb
+ ipage = self.inner_notebook_files.get_current_page()
+ if (self.application, ipage, operation) not in self.filedict:
+ self.filedict[(self.application, ipage, operation)] = {}
-+ if ipage == self.EXE_PAGE:
-+ iter = self.executable_files_treestore.append(None)
-+ self.executable_files_treestore.set_value(iter, 0, insert_txt)
-+ self.executable_files_treestore.set_value(iter, 1, type)
-+ self.executable_files_treestore.set_value(iter, 2, tclass)
-+ if operation == "Modify":
-+ self.executable_files_treestore.remove(self.delete_old_item)
-+ if ipage == self.WRITABLE_PAGE:
-+ iter = self.writable_files_treestore.append(None)
-+ self.writable_files_treestore.set_value(iter, 0, insert_txt)
-+ self.writable_files_treestore.set_value(iter, 1, type)
-+ self.writable_files_treestore.set_value(iter, 2, tclass)
-+ if operation == "Modify":
-+ self.writable_files_treestore.remove(self.delete_old_item)
-+ if ipage == self.APP_PAGE:
-+ markup = self.markup(type)
-+ iter = self.application_files_treestore.append(None)
-+ self.application_files_treestore.set_value(iter, 0, insert_txt)
-+ self.application_files_treestore.set_value(iter, 1 , markup)
-+ self.application_files_treestore.set_value(iter, 2, tclass)
-+ if operation == "Modify":
-+ self.application_files_treestore.remove(self.delete_old_item)
++ if ipage == APP_PAGE:
++ type = self.markup(type)
++ if operation == "Modify":
++ self.liststore.remove(self.delete_old_item)
++ iter = self.liststore.append(None)
++ self.liststore.set_value(iter, 0, insert_txt)
++ self.liststore.set_value(iter, 1, markup)
++ self.liststore.set_value(iter, 2, tclass)
++
+ self.filedict[(self.application, ipage, operation)][(insert_txt, tclass)] = {"type": type, "mls": mls, "changed": False, "old": False}
+ self.files_add = False
+ self.recursive_path_toggle.set_active(False)
-+ self.popup_window_files.hide()
-+ self.window.set_sensitive(True)
++ self.close_popup()
+ self.new_updates()
+
+ def update_to_network(self, *args):
@@ -518121,7 +518072,7 @@ index 0000000..664b5bb
+ protocol = "udp"
+ protocol = self.combo_get_active_text(self.network_protocol_combobox)
+ port_type = self.combo_get_active_text(self.network_port_type_combobox)
-+ mls = self.combo_get_active_text(self.network_mls_combobox)
++ mls = self.network_mls_entry.get_text()
+ self.network_ports_entry.set_text("")
+ if self.modify_mode:
+ operation = "Modify"
@@ -518130,32 +518081,23 @@ index 0000000..664b5bb
+ ipage = self.inner_notebook_network.get_current_page()
+ if (self.application, ipage, operation) not in self.portdict:
+ self.portdict[(self.application, ipage, operation)] = {}
-+ if ipage == OUTBOUND:
-+ iter = self.out_network_tree_data_set.append()
-+ self.out_network_tree_data_set.set_value(iter, 0, ports)
-+ self.out_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.out_network_tree_data_set.set_value(iter, 2, port_type)
-+ if operation == "Modify":
-+ self.out_network_tree_data_set.remove(self.delete_old_item)
-+ if ipage == INBOUND:
-+ iter = self.in_network_tree_data_set.append()
-+ self.in_network_tree_data_set.set_value(iter, 0, ports)
-+ self.in_network_tree_data_set.set_value(iter, 1, protocol)
-+ self.in_network_tree_data_set.set_value(iter, 2, port_type)
-+ if operation == "Modify":
-+ self.in_network_tree_data_set.remove(self.delete_old_item)
++ iter = self.liststore.append()
++ self.liststore.set_value(iter, 0, ports)
++ self.liststore.set_value(iter, 1, protocol)
++ self.liststore.set_value(iter, 2, port_type)
++ if operation == "Modify":
++ self.liststore.remove(self.delete_old_item)
+ self.portdict[(self.application, ipage, operation)][(ports, protocol)] = {"type": port_type, "mls": mls, "changed": False, "old": False}
+ self.network_add = False
-+ self.popup_window_network.hide()
++ self.network_popup_window.hide()
+ self.window.set_sensitive(True)
+ self.new_updates()
+
+ def delete_button_clicked(self, *args):
-+ opage = self.outer_notebook.get_current_page()
+ operation = "Add"
+ self.window.set_sensitive(False)
-+ if opage == NETWORK_PAGE:
-+ self.delete_window_network.show()
++ if self.opage == NETWORK_PAGE:
++ self.show_popup(self.delete_window_network)
+ self.current_popup = self.delete_window_network
+ self.delete_network_liststore.clear()
+ ipage = self.inner_notebook_network.get_current_page()
@@ -518171,8 +518113,8 @@ index 0000000..664b5bb
+ self.delete_network_liststore.set_value(iter, 3, ports[1])
+ return
+
-+ if opage == FILES_PAGE:
-+ self.delete_window_files.show()
++ if self.opage == FILES_PAGE:
++ self.show_popup(self.delete_window_files)
+ self.current_popup = self.delete_window_files
+ self.delete_files_liststore.clear()
+ ipage = self.inner_notebook_files.get_current_page()
@@ -518188,16 +518130,25 @@ index 0000000..664b5bb
+ self.delete_files_liststore.set_value(iter, 2, type)
+ self.delete_files_liststore.set_value(iter, 3, items[1])
+
++ if self.opage == USERS_PAGE:
++ self.show_popup(self.users_delete_window)
++
++ if self.opage == LOGIN_PAGE:
++ self.show_popup(self.login_delete_window)
++
++ if self.opage == FILE_EQUIV_PAGE:
++ self.show_popup(self.file_equiv_delete_window)
++
+ def delete_network_from_list_files(self, *args):
+ operation = "Add"
+ ipage = self.inner_notebook_network.get_current_page()
+ for delete in self.delete_network_liststore:
+ if delete[0]:
+ self.portdict[(self.application, ipage, operation)].pop((delete[1], delete[3]))
-+ if ipage == 0:
-+ self.ipage_delete(self.out_network_tree_data_set, (delete[1], delete[2]))
-+ elif ipage == 1:
-+ self.ipage_delete(self.in_network_tree_data_set, (delete[1], delete[2]))
++ if ipage == OUTBOUND_PAGE:
++ self.ipage_delete(self.network_out_liststore, (delete[1], delete[2]))
++ elif ipage == INBOUND_PAGE:
++ self.ipage_delete(self.network_in_liststore, (delete[1], delete[2]))
+ break
+ self.window.set_sensitive(True)
+ self.delete_window_network.hide()
@@ -518212,12 +518163,12 @@ index 0000000..664b5bb
+ for path, fclass in self.filedict[self.application, ipage, operation]:
+ if delete[0] and not self.filedict[self.application, ipage, operation][path, fclass]['old']:
+ self.filedict[(self.application, ipage, operation)].pop((delete[1], delete[3]))
-+ if ipage == 0:
-+ self.ipage_delete(self.executable_files_treestore, (delete[1], delete[3]))
-+ elif ipage == 1:
-+ self.ipage_delete(self.writable_files_treestore, (delete[1], delete[3]))
-+ elif ipage == 2:
-+ self.ipage_delete(self.application_files_treestore, (delete[1], delete[3]))
++ if ipage == EXE_PAGE:
++ self.ipage_delete(self.executable_files_liststore, (delete[1], delete[3]))
++ elif ipage == WRITABLE_PAGE:
++ self.ipage_delete(self.writable_files_liststore, (delete[1], delete[3]))
++ elif ipage == APP_PAGE:
++ self.ipage_delete(self.application_files_liststore, (delete[1], delete[3]))
+ break
+ elif delete[0] and self.filedict[self.application, ipage, operation][path, fclass]["old"]:
+ print delete[0], path
@@ -518236,61 +518187,32 @@ index 0000000..664b5bb
+ def on_toggle_update(self, cell, path, model):
+ model[path][0] = not model[path][0]
+
-+ def ipage_delete(self, treestore, key):
++ def ipage_delete(self, liststore, key):
+ ctr = 0
-+ for items in treestore:
++ for items in liststore:
+ if items[0] == key[0] and items[2] == key[1]:
-+ iter = treestore.get_iter(ctr)
-+ treestore.remove(iter)
++ iter = liststore.get_iter(ctr)
++ liststore.remove(iter)
+ return
+ ctr+=1
+
+ def on_toggle(self, cell, path, model):
+ if path is not None:
-+ p = self.booleans_treemodel_sort.get_iter(path)
-+ p = self.booleans_treemodel_sort.get_path(p)
-+ path = self.booleans_treemodel_sort.convert_path_to_child_path(p)
-+ it = self.booleans_filter_data_set.get_iter(path)
-+ it = self.booleans_filter_data_set.convert_iter_to_child_iter(it)
++ it = self.boolean_filter.get_iter(path)
++ it = self.boolean_filter.convert_iter_to_child_iter(it)
+ model.set_value(it, 0, not model.get_value(it, 0))
+ self.populate_booldict(model, it)
+ self.new_updates()
+
+ def get_advanced_filter_data(self, entry, *args):
+ self.filter_txt = entry.get_text()
-+ self.advanced_search_filter_data_set.refilter()
++ self.advanced_search_filter.refilter()
+
+ def get_filter_data(self, windows, *args):
+ #search for desired item
+ # The txt that the user inputs into the filter is stored in filter_txt
+ self.filter_txt = windows.get_text()
-+ opage = self.outer_notebook.get_current_page()
-+ if opage == BOOLEANS_PAGE:
-+ self.booleans_filter_data_set.refilter()
-+ if opage == FILES_PAGE:
-+ inner_notebook_tab = self.inner_notebook_files.get_current_page()
-+ if inner_notebook_tab == 0:
-+ self.exe_files_filter_data_set.refilter()
-+ elif inner_notebook_tab == 1:
-+ self.writable_files_filter_data_set.refilter()
-+ elif inner_notebook_tab == 2:
-+ self.application_files_filter_data_set.refilter()
-+
-+ if opage == NETWORK_PAGE:
-+ inner_notebook_tab = self.inner_notebook_network.get_current_page()
-+ if inner_notebook_tab == 0:
-+ self.out_network_filter_data_set.refilter()
-+ elif inner_notebook_tab == 1:
-+ self.in_network_filter_data_set.refilter()
-+
-+ if opage == TRANSITIONS_PAGE:
-+ inner_notebook_tab = self.inner_notebook_transitions.get_current_page()
-+ if inner_notebook_tab == 0:
-+ self.transitions_from_x_filter_data_set.refilter()
-+ if inner_notebook_tab == 1:
-+ self.transitions_into_x_filter_data_set.refilter()
-+ if inner_notebook_tab == 2:
-+ self.transitions_file_filter_data_set.refilter()
++ self.filter.refilter()
+
+ def populate_booldict(self, model, iter):
+ name = model.get_value(iter, 2)
@@ -518312,76 +518234,75 @@ index 0000000..664b5bb
+
+ def update_gui(self, *args):
+ self.update_or_revert = "update"
-+ self.update_treestore.clear()
++ self.update_liststore.clear()
+ networktabs=[("Outbound"), ("Inbound")]
+ filetabs=[("Executable Files"), ("Writable Files"), ("Application File Type")]
+ for bools in self.booldict:
+ if not self.booldict[bools]['old']:
-+ iter = self.update_treestore.append(None)
-+ self.update_treestore.set_value(iter, 0, True)
-+ self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools))
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(niter, 1, (_("SELinux name: %s"))% bools)
-+ self.update_treestore.set_value(iter, 4, True)
-+ self.update_treestore.set_value(niter, 4, False)
-+ self.update_treestore.set_value(iter, 2, "Booleans")
-+ self.update_treestore.set_value(iter, 3, action[self.booldict[bools]['active']])
++ iter = self.update_liststore.append(None)
++ self.update_liststore.set_value(iter, 0, True)
++ self.update_liststore.set_value(iter, 1, sepolicy.boolean_desc(bools))
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(niter, 1, (_("SELinux name: %s"))% bools)
++ self.update_liststore.set_value(iter, 4, True)
++ self.update_liststore.set_value(niter, 4, False)
++ self.update_liststore.set_value(iter, 2, "Booleans")
++ self.update_liststore.set_value(iter, 3, action[self.booldict[bools]['active']])
+
+ for app, ipage, operation in self.filedict:
+ for path, tclass in self.filedict[app, ipage, operation]:
+ if not self.filedict[(app, ipage, operation)][(path, tclass)]["changed"] and (not self.filedict[(app, ipage, operation)][(path, tclass)]["old"] or operation == 'Delete'):
-+ iter = self.update_treestore.append(None)
-+ self.update_treestore.set_value(iter, 0, True)
-+ self.update_treestore.set_value(iter, 2, filetabs[ipage])
-+ self.update_treestore.set_value(iter, 3, operation)
-+ self.update_treestore.set_value(iter, 0, True)
++ iter = self.update_liststore.append(None)
++ self.update_liststore.set_value(iter, 0, True)
++ self.update_liststore.set_value(iter, 2, filetabs[ipage])
++ self.update_liststore.set_value(iter, 3, operation)
++ self.update_liststore.set_value(iter, 0, True)
+ if operation == "Add":
-+ self.update_treestore.set_value(iter, 1, (_("Add file labeling for %s"))% self.application)
++ self.update_liststore.set_value(iter, 1, (_("Add file labeling for %s"))% self.application)
+ elif operation == "Delete":
-+ self.update_treestore.set_value(iter, 1, (_("Delete file labeling for %s"))% self.application)
++ self.update_liststore.set_value(iter, 1, (_("Delete file labeling for %s"))% self.application)
+ elif operation == "Modify":
-+ self.update_treestore.set_value(iter, 1, (_("Modify file labeling for %s"))% self.application)
-+
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(iter, 4, True)
-+ self.update_treestore.set_value(niter, 4, False)
-+ self.update_treestore.set_value(niter, 1, (_("File path: %s"))% path)
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(niter, 1, (_("File class: %s"))% tclass)
++ self.update_liststore.set_value(iter, 1, (_("Modify file labeling for %s"))% self.application)
++
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(iter, 4, True)
++ self.update_liststore.set_value(niter, 4, False)
++ self.update_liststore.set_value(niter, 1, (_("File path: %s"))% path)
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(niter, 1, (_("File class: %s"))% tclass)
+ type = self.filedict[(app, ipage, operation)][(path, tclass)]["type"]
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s"))% type)
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(niter, 1, (_("SELinux file type: %s"))% type)
+
+ for app, ipage, operation in self.portdict:
+ for ports, protocol in self.portdict[app, ipage, operation]:
+ if not self.portdict[(app, ipage, operation)][(ports, protocol)]["changed"] and not self.portdict[app, ipage, operation][ports, protocol]["old"]:
-+ iter = self.update_treestore.append(None)
-+ self.update_treestore.set_value(iter, 0, True)
-+ self.update_treestore.set_value(iter, 2, networktabs[ipage])
-+ self.update_treestore.set_value(iter, 3, operation)
-+ self.update_treestore.set_value(iter, 0, True)
++ iter = self.update_liststore.append(None)
++ self.update_liststore.set_value(iter, 0, True)
++ self.update_liststore.set_value(iter, 2, networktabs[ipage])
++ self.update_liststore.set_value(iter, 3, operation)
++ self.update_liststore.set_value(iter, 0, True)
+ if operation == "Add":
-+ self.update_treestore.set_value(iter, 1, (_("Add ports for %s"))% app)
++ self.update_liststore.set_value(iter, 1, (_("Add ports for %s"))% app)
+ elif operation == "delete":
-+ self.update_treestore.set_value(iter, 1, (_("Delete ports for %s"))% app)
++ self.update_liststore.set_value(iter, 1, (_("Delete ports for %s"))% app)
+ elif operation == "Modify":
-+ self.update_treestore.set_value(iter, 1, (_("Modify ports for %s"))% app)
-+
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(iter, 4, True)
-+ self.update_treestore.set_value(niter, 4, False)
-+ self.update_treestore.set_value(niter, 1, (_("Network ports: %s"))% ports)
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(niter, 1, (_("Network protocol: %s"))% protocol)
++ self.update_liststore.set_value(iter, 1, (_("Modify ports for %s"))% app)
++
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(iter, 4, True)
++ self.update_liststore.set_value(niter, 4, False)
++ self.update_liststore.set_value(niter, 1, (_("Network ports: %s"))% ports)
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(niter, 1, (_("Network protocol: %s"))% protocol)
+ type = self.portdict[(app, ipage, operation)][(ports, protocol)]["type"]
-+ niter = self.update_treestore.append(iter)
-+ self.update_treestore.set_value(niter, 1, (_("SELinux file type: %s"))% type)
-+ self.update_window.show()
-+ self.window.set_sensitive(False)
++ niter = self.update_liststore.append(iter)
++ self.update_liststore.set_value(niter, 1, (_("SELinux file type: %s"))% type)
++ self.show_popup(self.update_window)
+
+ def set_active_application_button(self):
-+ if self.booleans_radio_button.get_active():
-+ self.active_button = self.booleans_radio_button
++ if self.boolean_radio_button.get_active():
++ self.active_button = self.boolean_radio_button
+ if self.files_radio_button.get_active():
+ self.active_button = self.files_radio_button
+ if self.transitions_radio_button.get_active():
@@ -518391,7 +518312,7 @@ index 0000000..664b5bb
+
+ def clearbuttons(self, clear=True):
+ self.main_selection_window.hide()
-+ self.booleans_radio_button.set_visible(False)
++ self.boolean_radio_button.set_visible(False)
+ self.files_radio_button.set_visible(False)
+ self.network_radio_button.set_visible(False)
+ self.transitions_radio_button.set_visible(False)
@@ -518418,6 +518339,8 @@ index 0000000..664b5bb
+ self.applications_selection_button.set_label(_("File Equivalence"))
+ self.tab_change()
+ self.idle_func()
++ self.add_button.set_sensitive(True)
++ self.delete_button.set_sensitive(True)
+
+ def show_users_page(self):
+ self.clearbuttons()
@@ -518433,11 +518356,11 @@ index 0000000..664b5bb
+
+ def show_applications_page(self):
+ self.clearbuttons(False)
-+ self.booleans_radio_button.set_visible(True)
++ self.boolean_radio_button.set_visible(True)
+ self.files_radio_button.set_visible(True)
+ self.network_radio_button.set_visible(True)
+ self.transitions_radio_button.set_visible(True)
-+ self.booleans_radio_button.set_active(True)
++ self.boolean_radio_button.set_active(True)
+ self.tab_change()
+ self.idle_func()
+
@@ -518452,94 +518375,39 @@ index 0000000..664b5bb
+ ctr = 0
+ ipage = self.inner_notebook_files.get_current_page()
+ if checkbutton.get_active() == True:
-+ if ipage == 0:
-+ for items in self.executable_files_treestore:
-+ p = self.executable_files_treemodel_sort.get_iter(ctr)
-+ p = self.executable_files_treemodel_sort.get_path(p)
-+ path = self.executable_files_treemodel_sort.convert_path_to_child_path(p)
-+ if path != None:
-+ iter = self.exe_files_filter_data_set.get_iter(path)
-+ iter = self.exe_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ if self.executable_files_treestore.get_value(iter, 4) == False:
-+ iterlist.append(iter)
-+ ctr +=1
-+ for iters in iterlist:
-+ self.executable_files_treestore.remove(iters)
-+
-+ if ipage == 1:
-+ for items in self.writable_files_treestore:
-+ p = self.writable_files_treemodel_sort.get_iter(ctr)
-+ p = self.writable_files_treemodel_sort.get_path(p)
-+ path = self.writable_files_treemodel_sort.convert_path_to_child_path(p)
-+ if path != None:
-+ iter = self.writable_files_filter_data_set.get_iter(path)
-+ iter = self.writable_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ if self.writable_files_treestore.get_value(iter, 4) == False:
-+ iterlist.append(iter)
++ for items in self.liststore:
++ p = self.filter.get_iter(ctr)
++ path = self.filter.convert_path_to_child_path(p)
++ if path != None:
++ iter = self.liststore.get_iter(path)
++ iter = self.liststore.convert_iter_to_child_iter(iter)
++ if self.liststore.get_value(iter, 4) == False:
++ iterlist.append(iter)
+ ctr +=1
+ for iters in iterlist:
-+ self.writable_files_treestore.remove(iters)
-+
-+ if ipage == 2:
-+ for items in self.application_files_treestore:
-+ p = self.application_files_treemodel_sort.get_iter(ctr)
-+ p = self.application_files_treemodel_sort.get_path(p)
-+ path = self.application_files_treemodel_sort.convert_path_to_child_path(p)
-+ if path != None:
-+ iter = self.application_files_filter_data_set.get_iter(path)
-+ iter = self.application_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ if self.application_files_treestore.get_value(iter, 4) == False:
-+ iterlist.append(iter)
-+ ctr +=1
-+ for iters in iterlist:
-+ self.application_files_treestore.remove(iters)
++ self.liststore.remove(iters)
+
+ elif self.application != None:
-+ if ipage == 0:
-+ self.executable_files_treestore.clear()
++ self.liststore.clear()
++ if ipage == EXE_PAGE:
+ self.executable_files_initialize(self.application)
-+ elif ipage == 1:
-+ self.writable_files_treestore.clear()
++ elif ipage == WRITABLE_PAGE:
+ self.writable_files_initialize(self.application)
-+ elif ipage == 2:
-+ self.application_files_treestore.clear()
++ elif ipage == APP_PAGE:
+ self.application_file_types_initialize(self.application)
+
-+ def fix_mislabeled(self, button, loc):
-+ self.con = ''
-+ ipage = self.inner_notebook_files.get_current_page()
-+ if ipage == self.EXE_PAGE:
-+ loc = self.executable_files_treemodel_sort.convert_path_to_child_path(loc)
-+ iter = self.exe_files_filter_data_set.get_iter(loc)
-+ iter = self.exe_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ path = self.executable_files_treestore.get_value(iter, 0)
-+ cur = self.executable_files_treestore.get_value(iter, 5)
-+ con = self.executable_files_treestore.get_value(iter, 6)
-+
-+ elif ipage == self.WRITABLE_PAGE:
-+ loc = self.writable_files_treemodel_sort.convert_path_to_child_path(loc)
-+ iter = self.writable_files_filter_data_set.get_iter(loc)
-+ iter = self.writable_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ path = self.writable_files_treestore.get_value(iter, 0)
-+ cur = self.writable_files_treestore.get_value(iter, 5)
-+ con = self.writable_files_treestore.get_value(iter, 6)
-+
-+ elif ipage == self.APP_PAGE:
-+ loc = self.application_files_treemodel_sort.convert_path_to_child_path(loc)
-+ iter = self.application_files_filter_data_set.get_iter(loc)
-+ iter = self.application_files_filter_data_set.convert_iter_to_child_iter(iter)
-+ path = self.application_files_treestore.get_value(iter, 0)
-+ con = self.application_files_treestore.get_value(iter, 5)
-+ cur = self.application_files_treestore.get_value(iter, 6)
-+ self.fixlabel_label.set_text((_("You are about to fix the file label on %s from %s to SELinux system default label %s.")) % (path, con, cur))
-+ self.restorecon_path = path
-+ self.fix_label_window.show()
++ def fix_mislabeled(self, path):
++ cur = selinux.getfilecon(path)[1].split(":")[2]
++ con = selinux.matchpathcon(path,0)[1].split(":")[2]
++ if self.verify(_("Run restorecon on %s to change its type from %s to the default %s?") % (path, con, cur), title="restorecon dialog") == Gtk.ResponseType.YES:
++ self.dbus.restorecon(path)
++ self.application_selected()
+
+ def new_updates(self, *args):
+ self.update_button.clicked()
+ self.update_window.hide()
+ self.window.set_sensitive(True)
-+ if len(self.update_treestore) == 0:
++ if len(self.update_liststore) == 0:
+ self.update_button.set_sensitive(False)
+ self.revert_button.set_sensitive(False)
+ else:
@@ -518563,12 +518431,11 @@ index 0000000..664b5bb
+ self.new_updates()
+
+ def update_the_system(self, *args):
-+ self.update_window.hide()
-+ self.window.set_sensitive(True)
++ self.close_popup()
+ update_buffer = self.revert_to_previous_save(True)
+ self.wait_mouse()
+ try:
-+ print self.dbus.semanage(update_buffer)
++ self.dbus.semanage(update_buffer)
+ except dbus.exceptions.DBusException, e:
+ print e
+ self.finish_init = False
@@ -518596,15 +518463,15 @@ index 0000000..664b5bb
+ def revert_to_previous_save(self, update):
+ ctr = 0
+ update_buffer = ""
-+ for items in self.update_treestore:
-+ if self.update_treestore[ctr][0]:
-+ ipage = self.ipage_value_lookup(self.update_treestore[ctr][2])
-+ operation = self.update_treestore[ctr][3]
-+ path_or_port = self.get_attributes_update(self.update_treestore[ctr,0][1])
++ for items in self.update_liststore:
++ if self.update_liststore[ctr][0]:
++ ipage = self.ipage_value_lookup(self.update_liststore[ctr][2])
++ operation = self.update_liststore[ctr][3]
++ path_or_port = self.get_attributes_update(self.update_liststore[ctr,0][1])
+ try:
-+ self.bool_revert = self.get_attributes_update(self.update_treestore[ctr, 0][1])
-+ fclass_or_protocol = self.get_attributes_update(self.update_treestore[ctr,1][1])
-+ ftype = self.get_attributes_update(self.update_treestore[ctr,2][1])
++ self.bool_revert = self.get_attributes_update(self.update_liststore[ctr, 0][1])
++ fclass_or_protocol = self.get_attributes_update(self.update_liststore[ctr,1][1])
++ ftype = self.get_attributes_update(self.update_liststore[ctr,2][1])
+ except:
+ pass
+ popbools = []
@@ -518615,11 +518482,11 @@ index 0000000..664b5bb
+ popbools.append(self.bool_revert)
+ for pop in popbools:
+ self.booldict.pop(pop)
-+ elif self.update_treestore[ctr][2] == "Inbound" or self.update_treestore[ctr][2] == "Outbound":
++ elif self.update_liststore[ctr][2] == "Inbound" or self.update_liststore[ctr][2] == "Outbound":
+ for ports in self.portdict:
+ if self.portdict[self.application, ipage, operation][path_or_port, fclass_or_protocol]["type"] == ftype:
+ porttype = self.portdict[self.application, ipage, operation][(path_or_port, fclass_or_protocol)]["type"]
-+ update_buffer += "port -%s -t %s -p %s %s\n" % (operation[0].tolower(), porttype, fclass_or_protocol, path_or_port)
++ update_buffer += "port -%s -t %s -p %s %s\n" % (operation[0].lower(), porttype, fclass_or_protocol, path_or_port)
+ self.portdict[self.application, ipage, operation].pop((path_or_port, fclass_or_protocol))
+ break
+ else:
@@ -518627,16 +518494,15 @@ index 0000000..664b5bb
+ if self.filedict[self.application, ipage, operation][path_or_port, fclass_or_protocol]["type"] == ftype:
+
+
-+ update_buffer += "fcontext -%s -f %s -t %s %s\n" % (operation[0].tolower(), reverse_file_type_str[fclass_or_protocol], ftype, path_or_port)
++ update_buffer += "fcontext -%s -f %s -t %s %s\n" % (operation[0].lower(), reverse_file_type_str[fclass_or_protocol], ftype, path_or_port)
+ self.filedict[self.application, ipage, operation].pop((path_or_port, fclass_or_protocol))
+ break
-+
+ ctr += 1
+ if update == False:
-+ self.update_window.hide()
-+ self.window.set_sensitive(True)
++ self.close_popup()
+ else:
+ return update_buffer
++
+ def reveal_advanced_system(self, label, *args):
+ if label.get_text() == ADVANCED_LABEL[0]:
+ label.set_text(ADVANCED_LABEL[1])
@@ -518650,16 +518516,16 @@ index 0000000..664b5bb
+ def reveal_advanced(self, label, *args):
+ if label.get_text() == ADVANCED_LABEL[0]:
+ label.set_text(ADVANCED_LABEL[1])
-+ self.mls_label_files.set_visible(True)
-+ self.files_mls_combobox.set_visible(True)
-+ self.mls_label_network.set_visible(True)
-+ self.network_mls_combobox.set_visible(True)
++ self.files_mls_label.set_visible(True)
++ self.files_mls_entry.set_visible(True)
++ self.network_mls_label.set_visible(True)
++ self.network_mls_entry.set_visible(True)
+ else:
+ label.set_text(ADVANCED_LABEL[0])
-+ self.mls_label_files.set_visible(False)
-+ self.files_mls_combobox.set_visible(False)
-+ self.mls_label_network.set_visible(False)
-+ self.network_mls_combobox.set_visible(False)
++ self.files_mls_label.set_visible(False)
++ self.files_mls_entry.set_visible(False)
++ self.network_mls_label.set_visible(False)
++ self.network_mls_entry.set_visible(False)
+
+ def advanced_search_initialize(self, domain):
+ iter = self.advanced_search_liststore.append()
@@ -518687,11 +518553,11 @@ index 0000000..664b5bb
+ self.advanced_search_liststore.set_value(iter, 0, path)
+
+ def advanced_label_main(self, label, *args):
-+ if label.get_text() == ADVANCED_LABEL[1]:
-+ label.set_text(ADVANCED_LABEL[0])
++ if label.get_text() == ADVANCED_SEARCH_LABEL[1]:
++ label.set_text(ADVANCED_SEARCH_LABEL[0])
+ self.advanced_search_window.hide()
+ else:
-+ label.set_text(ADVANCED_LABEL[1])
++ label.set_text(ADVANCED_SEARCH_LABEL[1])
+ self.advanced_search_window.show()
+
+ def advanced_radio_select(self, button):
@@ -518746,13 +518612,14 @@ index 0000000..664b5bb
+ path = path.split("(/.*)?")[0]
+ self.files_path_entry.set_text(path)
+
-+ def fuzzin_modify(self, tree, *args):
-+ row = tree.get_selection()
-+ if row == None:
-+ self.modify_button.set_sensitive(False)
-+ return
-+ iter = row.get_selected()[1]
-+ self.modify_button.set_sensitive(iter != None)
++ def fuzzin_modify(self, *args):
++ if self.treeview:
++ row = self.treeview.get_selection()
++ if row == None:
++ self.modify_button.set_sensitive(False)
++ return
++ iter = row.get_selected()[1]
++ self.modify_button.set_sensitive(iter != None)
+
+ def highlight_entry_text(self, entry_obj, *args):
+ txt = entry_obj.get_text()
@@ -518773,9 +518640,9 @@ index 0000000..664b5bb
+ self.combo_set_active_text(self.files_type_combobox, t[0])
+
+ def resize_columns(self, *args):
-+ self.booleans_column_1 = self.boolean_treeview.get_col(1)
-+ width = self.booleans_column_1.get_width()
-+ renderer = self.booleans_column_1.get_cell_renderers()
++ self.boolean_column_1 = self.boolean_treeview.get_col(1)
++ width = self.boolean_column_1.get_width()
++ renderer = self.boolean_column_1.get_cell_renderers()
+
+ def browse_for_files(self, *args):
+ self.file_dialog.show()
@@ -518911,52 +518778,29 @@ index 0000000..664b5bb
+ self.recursive_path_toggle.set_active(False)
+ self.window.set_sensitive(True)
+ if self.moreTypes_window_files == window:
-+ self.popup_window_files.show()
++ self.show_popup(self.files_popup_window)
+ if self.combo_get_active_text(self.files_type_combobox) == _('More...'):
+ self.files_type_combobox.set_active(0)
+ if self.error_check_window == window:
-+ self.window.set_sensitive(False)
+ if self.files_add:
-+ self.popup_window_files.show()
++ self.show_popup(self.files_popup_window)
+ self.files_path_entry.select_region(0, -1)
+ self.files_path_entry.grab_focus()
+ elif self.network_add:
-+ self.popup_window_network.show()
++ self.show_popup(self.network_popup_window)
+ self.network_ports_entry.select_region(0, -1)
+ self.network_ports_entry.grab_focus()
-+ if self.mls_label_files.get_visible() or self.mls_label_network.get_visible():
++ if self.files_mls_label.get_visible() or self.network_mls_label.get_visible():
+ self.advanced_text_files.set_visible(True)
-+ self.mls_label_files.set_visible(False)
-+ self.files_mls_combobox.set_visible(False)
++ self.files_mls_label.set_visible(False)
++ self.files_mls_entry.set_visible(False)
+ self.advanced_text_network.set_visible(True)
-+ self.mls_label_network.set_visible(False)
-+ self.network_mls_combobox.set_visible(False)
-+ if self.main_advanced_label.get_text() == ADVANCED_LABEL[1]:
-+ self.main_advanced_label.set_text(ADVANCED_LABEL[0])
++ self.network_mls_label.set_visible(False)
++ self.network_mls_entry.set_visible(False)
++ if self.main_advanced_label.get_text() == ADVANCED_SEARCH_LABEL[1]:
++ self.main_advanced_label.set_text(ADVANCED_SEARCH_LABEL[0])
+ return True
+
-+ def close_fix_label_popup(self, *args):
-+ self.fix_label_window.hide()
-+
-+ def close_files_popup(self, *args):
-+ self.delete_window_files.hide()
-+ self.window.set_sensitive(True)
-+
-+ def close_network_popup(self, *args):
-+ self.delete_window_network.hide()
-+ self.window.set_sensitive(True)
-+ def close_add_network_popup(self, *args):
-+ self.popup_window_network.hide()
-+ self.window.set_sensitive(True)
-+ def close_add_files_popup(self, *args):
-+ self.popup_window_files.hide()
-+ self.window.set_sensitive(True)
-+ self.recursive_path_toggle.set_active(False)
-+
-+ def close_update_popup(self,*args):
-+ self.update_window.hide()
-+ self.window.set_sensitive(True)
-+
+ def wait_mouse(self):
+ self.window.get_window().set_cursor(self.busy_cursor)
+ self.idle_func()
@@ -519029,7 +518873,7 @@ index 0000000..664b5bb
+ self.ready_mouse()
+
+ def confirmation_close(self, button, *args):
-+ if len(self.update_treestore) > 0:
++ if len(self.update_liststore) > 0:
+ if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO:
+ return True
+ self.quit()
@@ -519037,11 +518881,6 @@ index 0000000..664b5bb
+ def quit(self, *args):
+ sys.exit(0)
+
-+ def restorecon(self, *args):
-+ self.dbus.restorecon(self.restorecon_path)
-+ self.application_selected()
-+ self.fix_label_window.hide()
-+
+if __name__ == '__main__':
+ start = SELinuxGui()
diff --git a/policycoreutils/sepolicy/sepolicy/help/__init__.py b/policycoreutils/sepolicy/sepolicy/help/__init__.py
@@ -519104,71 +518943,408 @@ index 0000000..2ba4ab9
+
+Toggle the button to turn on or off the boolean. This will not happen immediately. All changes on the application screen are bundled up into a single transacton. you need to select the update button to apply all of your changes to the system.
+
+diff --git a/policycoreutils/sepolicy/sepolicy/help/file_equiv.png b/policycoreutils/sepolicy/sepolicy/help/file_equiv.png
+new file mode 100644
+index 0000000..0f46ac0
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/file_equiv.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/file_equiv.txt b/policycoreutils/sepolicy/sepolicy/help/file_equiv.txt
+new file mode 100644
+index 0000000..5a163e3
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/file_equiv.txt
+@@ -0,0 +1,22 @@
++SELinux can either setup labeling directory using the Application/files screen, or you can setup file equivalence.
++
++File Equivalence allows an administrator to label entire directory trees as the same way as the Equivalence directory tree.
++
++Use Case 1:
++An administrator want to store his Apache root content in a location other then /var/www like /srv/www.
++He could define an equivalence between /srv/www and /var/www.
++
++libselinux reads the equivalence rules and does the substitution when ever the matchpathcon function is called. Tools like restorecon/rpm/udev
++and others will all follow the substitution. Using the example above when matchpathcon is handed /srv/www/cgi-bin/myscript.cgi, it substitutes /var/www for /svr/www and looks up the context of /var/www/cgi-bin/myscript.cgi.
++
++In the command line you could execute.
++
++# semanage fcontext -a -e /var/www /srv/www
++
++Another common case where you might want to use file equivalence, is if you put your users home directories in a location other then
++/home.
++
++If you setup an equivalence between /home and /export/home
++
++# matchpathcon /export/home/dwalsh/.ssh
++/export/home/dwalsh/.ssh unconfined_u:object_r:home_ssh_t:s0
diff --git a/policycoreutils/sepolicy/sepolicy/help/files_apps.png b/policycoreutils/sepolicy/sepolicy/help/files_apps.png
new file mode 100644
index 0000000..04dddf2
Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/files_apps.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/files_apps.txt b/policycoreutils/sepolicy/sepolicy/help/files_apps.txt
+new file mode 100644
+index 0000000..bbf6bcb
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/files_apps.txt
+@@ -0,0 +1,8 @@
++This screen shows application types that are defined for process running with the <b>%(APP)s</b> type.
++
++The description should give you a decent description for what the application is allowed to do with the type. If your application type is being denied access to a particular file, you might want to change the label of that file.
++
++It is recommended that you use one of the types defined on this page.
++
++Note if the label of the content that is being denied is owned by another domain, you might have to write policy or use <b>audit2allow -M mypol</b>
++to allow access.
diff --git a/policycoreutils/sepolicy/sepolicy/help/files_exec.png b/policycoreutils/sepolicy/sepolicy/help/files_exec.png
new file mode 100644
index 0000000..3de19cc
Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/files_exec.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/files_exec.txt b/policycoreutils/sepolicy/sepolicy/help/files_exec.txt
+new file mode 100644
+index 0000000..8e4a702
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/files_exec.txt
+@@ -0,0 +1,4 @@
++This screen shows application types that can transtion to a process running with the <b>%(APP)s</b> type.
++
++In SELinux these are called entrypoints.
++
diff --git a/policycoreutils/sepolicy/sepolicy/help/files_write.png b/policycoreutils/sepolicy/sepolicy/help/files_write.png
new file mode 100644
index 0000000..908fd81
Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/files_write.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png
-new file mode 100644
-index 0000000..af2dd9f
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png
+diff --git a/policycoreutils/sepolicy/sepolicy/help/files_write.txt b/policycoreutils/sepolicy/sepolicy/help/files_write.txt
new file mode 100644
-index 0000000..da8633b
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/system.png b/policycoreutils/sepolicy/sepolicy/help/system.png
+index 0000000..b8fb779
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/files_write.txt
+@@ -0,0 +1,8 @@
++This screen shows files types to which a process running with the <b>%(APP)s</b> type is allowed to write.
++
++The description should give you a decent description for what the application is allowed to do with the type. If your application type is being denied access to a particular file, you might want to change the label of that file.
++
++It is recommended that you use one of the types defined on this page.
++
++Note if the label of the content that is being denied is owned by another domain, you might have to write policy or use <b>audit2allow -M mypol</b>
++to allow access.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown.png b/policycoreutils/sepolicy/sepolicy/help/lockdown.png
new file mode 100644
-index 0000000..6727874
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_file.png b/policycoreutils/sepolicy/sepolicy/help/transition_file.png
+index 0000000..f622550
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/lockdown.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown.txt b/policycoreutils/sepolicy/sepolicy/help/lockdown.txt
new file mode 100644
-index 0000000..1234e54
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_file.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from.png b/policycoreutils/sepolicy/sepolicy/help/transition_from.png
+index 0000000..b779fd4
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/lockdown.txt
+@@ -0,0 +1,5 @@
++The Lockdown Screen allows you to tighten the SELinux Security on your machine.
++
++These lockdown measures are recommended, but can cause SELinux issues. If you
++have a machine you truly want to secure, and are confident in your understanding of
++SELinux you should try some of these options.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.png b/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.png
new file mode 100644
-index 0000000..26a6d43
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_from.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from.txt b/policycoreutils/sepolicy/sepolicy/help/transition_from.txt
+index 0000000..a1b0184
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.txt b/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.txt
new file mode 100644
-index 0000000..9547af7
+index 0000000..1167e75
--- /dev/null
-+++ b/policycoreutils/sepolicy/sepolicy/help/transition_from.txt
-@@ -0,0 +1,9 @@
-+This screen shows <b>Executable File Paths</b> that will transition from processes running with the <b>%(APP)s</b> type.
++++ b/policycoreutils/sepolicy/sepolicy/help/lockdown_permissive.txt
+@@ -0,0 +1,8 @@
++Disabling the permissivedomains module allows you to remove all permissive domains shipped by the distribution.
+
-+Under SELinux, when a process running with a "type" attempts to execute an executable, one of three things can happen.
++When the distribution policy writers write a new confined domain, they initially ship it in permissive mode. This means that the process type will be allowed to do anything on the system but the kernel will log the AVC messages and the access denials that would have happened if the process was in enforcing mode.
+
-+1. The process can be prevented from running the executable.
-+2. The executable executes with the same label as parent.
-+3. The executable <b>transitions</b> to a new "type" based on policy.
++Usually these policies are experimental and will be turned to enforcing on the next Operation System Release.
+
-+This screen shows the executables that transition to another domain when <b>%(APP)s</b> executes them, and the <b>SELinux Application Type</b> of the newly created process.
-diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png
++Note if you disable the permissive domains module, you may see an increase in the denials.
++
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.png b/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.png
new file mode 100644
-index 0000000..f3d2642
-Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png differ
-diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt
+index 0000000..a5c3f55
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.txt b/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.txt
new file mode 100644
-index 0000000..bd8539a
+index 0000000..48b5df8
--- /dev/null
-+++ b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt
-@@ -0,0 +1,8 @@
-+Transitions can be controlled by SELinux Booleans.
++++ b/policycoreutils/sepolicy/sepolicy/help/lockdown_ptrace.txt
+@@ -0,0 +1,11 @@
++The deny_ptrace feature allows an administrator to toggle the ability of processes on the computer system from examining other processes on the system, including user processes. It can even block processes running as root.
+
-+SELinux Booleans are If-then-else rules in policy, that allow the admistrator
-+to modify the access control on a process type.
++Most people do not realize that any program they run can examine the memory of any other process run by them. Meaning the computer game you are running on your desktop can watch everything going on in Firefox or a programs like pwsafe or kinit or other program that attempts to hide passwords..
+
-+Transition rules are either always allowed or can be turned on and off based on the boolean settings. If the <b>Boolean Enabled</b> column has an arrow on it, this indicates the transition is controlled by a boolean.
++SELinux defines this access as ptrace and sys_ptrace. These accesses allow one process to read the memory of another process. ptrace allows developers and administrators to debug how a process is running using tools like strace, ptrace and gdb. You can even use gdb (GNU Debugger) to manipulate another process running memory and environment.
+
-+Go to the next screen to see the effect of clicking on the arrow.
++The problem is this is allowed by default.
++
++My wife does not debug programs, why is she allowed to debug them? As a matter of fact most of the time, I am not debugging applications, so it would be more secure if we could disable it by default.
++
++Note: Disabling ptrace can break some bug trappers that attempt to collect crash data.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.png b/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.png
+new file mode 100644
+index 0000000..d952bc7
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.txt b/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.txt
+new file mode 100644
+index 0000000..c4c3a6d
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/lockdown_unconfined.txt
+@@ -0,0 +1,8 @@
++Disabling the unconfined module allows you to a lot of unconfined domains running in system space.
++
++By default any system process that is started at boot is run as initrc_t, which is unconfined if this module is enabled. Similarly other
++objects that do not have SELinux Policy rules written for them run as unconfined. Disabling the unconfined module moves you closer to what
++used to be called strict policy.
++
++Note if you disable the unconfined module, you may see an increase in the denials, and if you have processes
++running as initrc_t, you may need to write policy for them.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/login.png b/policycoreutils/sepolicy/sepolicy/help/login.png
+new file mode 100644
+index 0000000..5ea8603
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/login.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/login.txt b/policycoreutils/sepolicy/sepolicy/help/login.txt
+new file mode 100644
+index 0000000..2a6ec4c
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/login.txt
+@@ -0,0 +1,19 @@
++By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user.
++But SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This Login Mapping Screen allows you to map a Linux login user to an SELinux User.
++
++<b>Default SELinux Users </b>
++
++* Terminal user/ssh - guest_u
++ - No Network, No setuid, no exec in homedir
++
++* Browser user/kiosk - xguest_u
++ - Web access ports only. No setuid, no exec in homedir
++
++* Full Desktop user - User_u
++ - Full Network, No SETUID.
++
++* Confined Admin/Desktop User - Staff_u
++ - Full Network, sudo to admin only, no root password. Usually a confined admin
++
++* Unconfined user - unconfined_u (Default)
++ - SELinux does not block access.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/login_default.png b/policycoreutils/sepolicy/sepolicy/help/login_default.png
+new file mode 100644
+index 0000000..0da80ae
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/login_default.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/login_default.txt b/policycoreutils/sepolicy/sepolicy/help/login_default.txt
+new file mode 100644
+index 0000000..c3e9b43
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/login_default.txt
+@@ -0,0 +1,7 @@
++The Login Mapping Screen has a special Login user called __default__. This record is used to setup the default login user for any login account that is not specified separately.
++
++If this is a desktop system you might want to specify the user_u or xguest_u user. If this is a terminal server the guest_u user might be a good match.
++
++Then you would need to add the admin users or a Linux group with a different label. Perhaps as unconfined_u or staff_u.
++
++You could use %wheel to indicate the wheel group.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png
+new file mode 100644
+index 0000000..af2dd9f
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_inbound.txt b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.txt
+new file mode 100644
+index 0000000..45ef92f
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/ports_inbound.txt
+@@ -0,0 +1,5 @@
++This screen shows the network ports that processes running with the <b>%(APP)s</b> type is allowed to bind to.
++
++SELinux controls the network ports that a application is allowed to bind to based on SELinux Port types.
++
++This screen allows you to modify the port number/port type definitions, which the <b>%(APP)s</b> is currently allowed to bind.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png
+new file mode 100644
+index 0000000..da8633b
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/ports_outbound.txt b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.txt
+new file mode 100644
+index 0000000..cb70d23
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/ports_outbound.txt
+@@ -0,0 +1,5 @@
++This screen shows the network ports to which processes running with the <b>%(APP)s</b> type is allowed to connect.
++
++SELinux controls the network ports that a applications are allowed to connect, based on SELinux Port types.
++
++This screen allows you to modify the port number/port type definitions, which the <b>%(APP)s</b> is currently allowed to connect.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/start.png b/policycoreutils/sepolicy/sepolicy/help/start.png
+new file mode 100644
+index 0000000..8ef461b
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/start.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/start.txt b/policycoreutils/sepolicy/sepolicy/help/start.txt
+new file mode 100644
+index 0000000..6846b92
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/start.txt
+@@ -0,0 +1 @@
++You must "Select" the initial screen to view for SELinux Configuration.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system.png b/policycoreutils/sepolicy/sepolicy/help/system.png
+new file mode 100644
+index 0000000..3017bd4
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system.txt b/policycoreutils/sepolicy/sepolicy/help/system.txt
+new file mode 100644
+index 0000000..c3b4213
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system.txt
+@@ -0,0 +1 @@
++This screen allows you to view modify the way SELinux is running on your system.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.png b/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.png
+new file mode 100644
+index 0000000..38b112d
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.txt b/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.txt
+new file mode 100644
+index 0000000..dc70966
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system_boot_mode.txt
+@@ -0,0 +1,12 @@
++SELinux Systems can boot in three different modes.
++
++* Enforcing mode (Default)
++ - SELinux security policy is enforced.
++* Permissive
++ - SELinux prints warnings instead of enforcing.
++* Disabled
++ - No SELinux policy is loaded, SELinux does not run.
++
++You can use this screen to change the enforcing mode.
++
++Note if you disable SELinux, you will need to to reboot, to turn it off. Also the next time you turn SELinux on, a full system relabel will be permformed.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_current_mode.png b/policycoreutils/sepolicy/sepolicy/help/system_current_mode.png
+new file mode 100644
+index 0000000..d988e22
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system_current_mode.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_current_mode.txt b/policycoreutils/sepolicy/sepolicy/help/system_current_mode.txt
+new file mode 100644
+index 0000000..efaa3e1
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system_current_mode.txt
+@@ -0,0 +1,5 @@
++You can switch SELinux beteen Enforcing mode and Permissive mode.
++
++When a machine is in permissive mode, SELinux will continue to log SELinux AVC messages, that would have been denied if the machine was in enforcing mode.
++
++Changing the current mode of the system will not survive a reboot. You would need to change the system mode for this.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_export.png b/policycoreutils/sepolicy/sepolicy/help/system_export.png
+new file mode 100644
+index 0000000..b7db67b
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system_export.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_export.txt b/policycoreutils/sepolicy/sepolicy/help/system_export.txt
+new file mode 100644
+index 0000000..d48bbc8
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system_export.txt
+@@ -0,0 +1,6 @@
++SELinux allows you to export/import the current configuration of the machine.
++
++If you have several machines configured the same way you may want to modify the SELinux configuration on one machine and then export the configuration to a file. Then you could copy that file to another machine and import it on that machine.
++
++Note, If you import a configuration to a machine, the local configuation will get removed.
++
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_policy_type.png b/policycoreutils/sepolicy/sepolicy/help/system_policy_type.png
+new file mode 100644
+index 0000000..32c9a92
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system_policy_type.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_policy_type.txt b/policycoreutils/sepolicy/sepolicy/help/system_policy_type.txt
+new file mode 100644
+index 0000000..8743fa2
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system_policy_type.txt
+@@ -0,0 +1,6 @@
++For a very advanced system you could select the advanced tab and modify the policy type that SELinux is running with.
++
++Policy types are installed as subdirectories of /etc/selinux.
++
++If you change the policy type the machine will need to be relabeled in permissive mode, to make sure the proper labels get assigned on the next reboot.
++
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_relabel.png b/policycoreutils/sepolicy/sepolicy/help/system_relabel.png
+new file mode 100644
+index 0000000..ad8bdf3
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/system_relabel.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/system_relabel.txt b/policycoreutils/sepolicy/sepolicy/help/system_relabel.txt
+new file mode 100644
+index 0000000..78def57
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/system_relabel.txt
+@@ -0,0 +1,10 @@
++SELinux is a labeling system. Sometimes the labels on disk can get messed up. One way to fix this is to trigger a full relabel on the next boot.
++
++You can toggle this behaviour using this screen.
++
++Note: Sometimes a simple restorecon is all you need to fix the labels on a file or directory.
++
++If you add a new disk which does not have labels you could simply execute
++
++# restorecon -R -v PATHTODISK
++
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_file.png b/policycoreutils/sepolicy/sepolicy/help/transition_file.png
+new file mode 100644
+index 0000000..1234e54
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_file.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_file.txt b/policycoreutils/sepolicy/sepolicy/help/transition_file.txt
+new file mode 100644
+index 0000000..c728f28
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/transition_file.txt
+@@ -0,0 +1,14 @@
++This screen shows the <b>file types</b> of the specified <b>class<b> that will be created by processes running with <b>%(APP)s</b> type in the <b>target</b> directory.
++
++SELinux allows policy writers to define file transition rules. These rules define the label of a newly create file system object.
++
++By default an newly created file system object will get the label of the directory the object is being created in.
++
++Creating an file in a directory with the file type of etc_t will get the label etc_t. In certain situations SELinux aware applications
++can override this behaviour, for example the passwd command creates /etc/shadow with a type of shadow_t.
++
++A third option is for policy writers to write a transition rule. For example a process labeled NetworkManager creating content in a directory labeled etc_t will create it with the label net_conf_t.
++
++File Transition Rules can be written to create all objects of a particular class, or specific to a particular file name.
++
++You need to build a policy module if you want to add additional File Transition Rules.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from.png b/policycoreutils/sepolicy/sepolicy/help/transition_from.png
+new file mode 100644
+index 0000000..26a6d43
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_from.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from.txt b/policycoreutils/sepolicy/sepolicy/help/transition_from.txt
+new file mode 100644
+index 0000000..85992cc
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/transition_from.txt
+@@ -0,0 +1,9 @@
++This screen shows when a process running with the <b>%(APP)s</b> type executes <b>Commands File Paths</b> that they will transition to the specified types.
++
++Under SELinux, when a process running with a "type" attempts to execute an executable, one of three things can happen.
++
++1. The process can be prevented from running the executable.
++2. The executable executes with the same label as parent.
++3. The executable <b>transitions</b> to a new "type" based on policy.
++
++This screen shows the executables that transition to another domain when <b>%(APP)s</b> executes them, and the <b>SELinux Application Type</b> of the newly created process.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png
+new file mode 100644
+index 0000000..f3d2642
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt
+new file mode 100644
+index 0000000..bd8539a
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean.txt
+@@ -0,0 +1,8 @@
++Transitions can be controlled by SELinux Booleans.
++
++SELinux Booleans are If-then-else rules in policy, that allow the admistrator
++to modify the access control on a process type.
++
++Transition rules are either always allowed or can be turned on and off based on the boolean settings. If the <b>Boolean Enabled</b> column has an arrow on it, this indicates the transition is controlled by a boolean.
++
++Go to the next screen to see the effect of clicking on the arrow.
diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean_1.png b/policycoreutils/sepolicy/sepolicy/help/transition_from_boolean_1.png
new file mode 100644
index 0000000..9e660f8
@@ -519199,6 +519375,50 @@ diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_to.png b/policyco
new file mode 100644
index 0000000..49558d9
Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/transition_to.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/transition_to.txt b/policycoreutils/sepolicy/sepolicy/help/transition_to.txt
+new file mode 100644
+index 0000000..a960068
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/transition_to.txt
+@@ -0,0 +1,9 @@
++This screen shows the SELinux process <b>types</b> which will transition to the <b>%(APP)s</b> type when executing the <b>Commands File Paths</b>.
++
++Under SELinux, when a process running with a "type" attempts to execute an executable, one of three things can happen.
++
++1. The process can be prevented from running the executable.
++2. The executable executes with the same label as parent.
++3. The executable <b>transitions</b> to a new "type" based on policy.
++
++This screen shows the executables that transition to another domain when <b>%(APP)s</b> executes them, and the <b>SELinux Application Type</b> of the newly created process.
+diff --git a/policycoreutils/sepolicy/sepolicy/help/users.png b/policycoreutils/sepolicy/sepolicy/help/users.png
+new file mode 100644
+index 0000000..2173d25
+Binary files /dev/null and b/policycoreutils/sepolicy/sepolicy/help/users.png differ
+diff --git a/policycoreutils/sepolicy/sepolicy/help/users.txt b/policycoreutils/sepolicy/sepolicy/help/users.txt
+new file mode 100644
+index 0000000..2028e16
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/help/users.txt
+@@ -0,0 +1,19 @@
++By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user.
++But SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This SELinux User Screen allows you to create/modify SELinux Users and map them to SELinux Roles and MLS/MCS Ranges
++
++<b>Default SELinux Users </b>
++
++* Terminal user/ssh - guest_u
++ - No Network, No setuid, no exec in homedir
++
++* Browser user/kiosk - xguest_u
++ - Web access ports only. No setuid, no exec in homedir
++
++* Full Desktop user - User_u
++ - Full Network, No SETUID.
++
++* Confined Admin/Desktop User - Staff_u
++ - Full Network, sudo to admin only, no root password. Usually a confined admin
++
++* Unconfined user - unconfined_u (Default)
++ - SELinux does not block access.
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
index 8b063ca..c7dac62 100644
--- a/policycoreutils/sepolicy/sepolicy/interface.py
@@ -519980,10 +520200,10 @@ index 66efe26..6a7dab7 100755
return d
diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py
new file mode 100644
-index 0000000..7ad2af7
+index 0000000..f40924d
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/sedbus.py
-@@ -0,0 +1,55 @@
+@@ -0,0 +1,60 @@
+import sys
+import dbus
+import dbus.service
@@ -520018,6 +520238,11 @@ index 0000000..7ad2af7
+ return ret
+
+ @polkit.enable_proxy
++ def semodule_list (self):
++ ret = self.dbus_object.semodule_list(dbus_interface = "org.selinux")
++ return ret
++
++ @polkit.enable_proxy
+ def relabel_on_boot(self, value):
+ ret = self.dbus_object.relabel_on_boot(value, dbus_interface = "org.selinux")
+ return ret
@@ -520041,12 +520266,12 @@ index 0000000..7ad2af7
+ print e
diff --git a/policycoreutils/sepolicy/sepolicy/sepolicy.glade b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
new file mode 100644
-index 0000000..9e4e798
+index 0000000..db19cf8
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
-@@ -0,0 +1,4936 @@
+@@ -0,0 +1,5025 @@
+<?xml version="1.0" encoding="UTF-8"?>
-+<!-- Generated with glade 3.15.3 on Tue Sep 17 16:30:19 2013 -->
++<!-- Generated with glade 3.15.4 on Fri Sep 27 10:59:16 2013 -->
+<interface>
+ <!-- interface-requires gtk+ 3.8 -->
+ <object class="GtkListStore" id="Advanced_search_liststore">
@@ -520057,96 +520282,6 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkListStore" id="File_transitions_liststore">
-+ <columns>
-+ <!-- column-name Dir -->
-+ <column type="gchararray"/>
-+ <!-- column-name Class -->
-+ <column type="gchararray"/>
-+ <!-- column-name Destination -->
-+ <column type="gchararray"/>
-+ <!-- column-name File -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkTreeModelFilter" id="File_transitions_treemodel_filter">
-+ <property name="child_model">File_transitions_liststore</property>
-+ </object>
-+ <object class="GtkTreeModelSort" id="File_transitions_treemodel_sort">
-+ <property name="model">File_transitions_treemodel_filter</property>
-+ </object>
-+ <object class="GtkWindow" id="Fix_label_window">
-+ <property name="can_focus">False</property>
-+ <property name="type">popup</property>
-+ <property name="title" translatable="yes">Fix Label</property>
-+ <property name="modal">True</property>
-+ <property name="window_position">center-on-parent</property>
-+ <property name="default_width">300</property>
-+ <property name="default_height">180</property>
-+ <property name="transient_for">SELinux_window</property>
-+ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
-+ <child>
-+ <object class="GtkBox" id="vbox21">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="orientation">vertical</property>
-+ <child>
-+ <object class="GtkLabel" id="Fixlabel_label">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="label" translatable="yes">You are about to restore a the file label <mislabeled file label> to SELinux system default label <SELinux File Label>.</property>
-+ <property name="wrap">True</property>
-+ </object>
-+ <packing>
-+ <property name="expand">True</property>
-+ <property name="fill">True</property>
-+ <property name="position">0</property>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkBox" id="hbox24">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <child>
-+ <object class="GtkButton" id="fix_label_ok_button">
-+ <property name="label" translatable="yes">OK</property>
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_fix_label_ok_button_clicked" swapped="no"/>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="pack_type">end</property>
-+ <property name="position">0</property>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkButton" id="Fix_label_cancel">
-+ <property name="label" translatable="yes">Cancel</property>
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_Fix_label_cancel_clicked" swapped="no"/>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="pack_type">end</property>
-+ <property name="position">1</property>
-+ </packing>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="position">1</property>
-+ </packing>
-+ </child>
-+ </object>
-+ </child>
-+ </object>
+ <object class="GtkWindow" id="Main_selection_menu">
+ <property name="can_focus">False</property>
+ <property name="default_width">265</property>
@@ -520194,7 +520329,7 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">Advanced >></property>
++ <property name="label" translatable="yes">Advanced Search >></property>
+ <property name="selectable">True</property>
+ <attributes>
+ <attribute name="foreground" value="#00004e4e9999"/>
@@ -520213,8 +520348,8 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <property name="focus_on_click">False</property>
+ <property name="relief">none</property>
++ <property name="focus_on_click">False</property>
+ <property name="xalign">0</property>
+ <signal name="clicked" handler="on_file_equiv_button_clicked" swapped="no"/>
+ </object>
@@ -520343,15 +520478,12 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ </object>
-+ <object class="GtkTreeModelFilter" id="advanced_treemodel_filter">
++ <object class="GtkTreeModelFilter" id="advanced_filter">
+ <property name="child_model">Advanced_search_liststore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="advanced_treemodel_sort">
-+ <property name="model">advanced_treemodel_filter</property>
-+ </object>
+ <object class="GtkTreeStore" id="application_filetypes_treestore">
+ <columns>
-+ <!-- column-name File -->
++ <!-- column-name file -->
+ <column type="gchararray"/>
+ <!-- column-name Description -->
+ <column type="gchararray"/>
@@ -520367,27 +520499,24 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="application_filetypes_treemodelfilter">
++ <object class="GtkTreeModelFilter" id="application_filetypes_filter">
+ <property name="child_model">application_filetypes_treestore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="application_filetypes_treemodelsort">
-+ <property name="model">application_filetypes_treemodelfilter</property>
-+ </object>
+ <object class="GtkListStore" id="application_liststore">
+ <columns>
+ <!-- column-name Application -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
++ <object class="GtkTreeModelFilter" id="application_filter">
++ <property name="child_model">application_liststore</property>
++ </object>
+ <object class="GtkListStore" id="application_tree_list">
+ <columns>
+ <!-- column-name Process -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="application_treemodelfilter">
-+ <property name="child_model">application_liststore</property>
-+ </object>
+ <object class="GtkListStore" id="boolean_liststore">
+ <columns>
+ <!-- column-name Active -->
@@ -520400,12 +520529,9 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="boolean_treemodelfilter">
++ <object class="GtkTreeModelFilter" id="boolean_filter">
+ <property name="child_model">boolean_liststore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="boolean_treemodelsort">
-+ <property name="model">boolean_treemodelfilter</property>
-+ </object>
+ <object class="GtkListStore" id="booleans_more_detail_liststore">
+ <columns>
+ <!-- column-name Detail -->
@@ -520536,12 +520662,9 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="executable_files_treemodelfilter">
++ <object class="GtkTreeModelFilter" id="executable_files_filter">
+ <property name="child_model">executable_files_treestore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="executable_files_treemodelsort">
-+ <property name="model">executable_files_treemodelfilter</property>
-+ </object>
+ <object class="GtkListStore" id="file_equiv_liststore">
+ <columns>
+ <!-- column-name Source -->
@@ -520550,136 +520673,148 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkListStore" id="files_class_combo_store">
-+ <columns>
-+ <!-- column-name gchararray1 -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="files_mls_combo_store">
-+ <columns>
-+ <!-- column-name mls -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="files_type_combo_store">
-+ <columns>
-+ <!-- column-name Type -->
-+ <column type="gchararray"/>
-+ </columns>
++ <object class="GtkTreeModelFilter" id="file_equiv_filter">
++ <property name="child_model">file_equiv_liststore</property>
+ </object>
-+ <object class="GtkDialog" id="help_window">
++ <object class="GtkWindow" id="file_equiv_popup_window">
+ <property name="can_focus">False</property>
++ <property name="title" translatable="yes">Network Port Definitions</property>
+ <property name="resizable">False</property>
-+ <property name="default_width">200</property>
-+ <property name="default_height">500</property>
-+ <property name="type_hint">normal</property>
-+ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
-+ <child internal-child="vbox">
-+ <object class="GtkBox" id="dialog-vbox1">
++ <property name="modal">True</property>
++ <property name="window_position">center-on-parent</property>
++ <property name="transient_for">SELinux_window</property>
++ <child>
++ <object class="GtkBox" id="vbox12">
++ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
-+ <property name="spacing">2</property>
-+ <child internal-child="action_area">
-+ <object class="GtkButtonBox" id="dialog-action_area1">
++ <child>
++ <object class="GtkLabel" id="file_equiv_label">
++ <property name="visible">True</property>
+ <property name="can_focus">False</property>
-+ <property name="layout_style">end</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes">Add file Equivilence Mapping. Mapping will be created when Update is applied.</property>
++ <property name="justify">fill</property>
++ <property name="wrap">True</property>
++ </object>
++ <packing>
++ <property name="expand">True</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkTable" id="table5">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="n_rows">3</property>
++ <property name="n_columns">2</property>
+ <child>
-+ <object class="GtkButton" id="back_button">
++ <placeholder/>
++ </child>
++ <child>
++ <object class="GtkLabel" id="label24">
+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_back_button_clicked" swapped="no"/>
-+ <child>
-+ <object class="GtkArrow" id="arrow2">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="arrow_type">left</property>
-+ </object>
-+ </child>
++ <property name="can_focus">False</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes">Path</property>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">0</property>
++ <property name="y_options"/>
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkButton" id="forward_button">
++ <object class="GtkEntry" id="file_equiv_source_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_forward_button_clicked" swapped="no"/>
-+ <child>
-+ <object class="GtkArrow" id="arrow3">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ </object>
-+ </child>
++ <property name="tooltip_text" translatable="yes">Specify a new SELinux user name. By convention SELinux User names usually end in an _u.</property>
++ <property name="invisible_char">●</property>
++ <property name="primary_icon_activatable">False</property>
++ <property name="secondary_icon_activatable">False</property>
++ <property name="primary_icon_tooltip_text" translatable="yes">Enter the path to which you want to setup an equivalence label.</property>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">1</property>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
+ </packing>
+ </child>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="pack_type">end</property>
-+ <property name="position">0</property>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkBox" id="box9">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="orientation">vertical</property>
+ <child>
-+ <object class="GtkScrolledWindow" id="scrolledwindow14">
-+ <property name="height_request">250</property>
++ <object class="GtkLabel" id="label25">
+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="shadow_type">in</property>
-+ <child>
-+ <object class="GtkLabel" id="help_text">
++ <property name="can_focus">False</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes">Equivalence Path</property>
++ </object>
++ <packing>
++ <property name="top_attach">1</property>
++ <property name="bottom_attach">2</property>
++ <property name="y_options"/>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkBox" id="hbox4">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <child>
++ <object class="GtkButton" id="save_changes_file_equiv">
++ <property name="label" translatable="yes">Save to update</property>
+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="xalign">0</property>
-+ <property name="xpad">10</property>
-+ <property name="justify">fill</property>
-+ <property name="use_markup">True</property>
-+ <property name="wrap">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_save_changes_file_equiv_clicked" swapped="no"/>
+ </object>
+ <packing>
-+ <property name="expand">True</property>
++ <property name="expand">False</property>
+ <property name="fill">True</property>
++ <property name="pack_type">end</property>
+ <property name="position">0</property>
+ </packing>
-+ </child>
++ </child>
++ <child>
++ <object class="GtkButton" id="cancel_file_equiv">
++ <property name="label" translatable="yes">Cancel</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="pack_type">end</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">0</property>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
++ <property name="top_attach">2</property>
++ <property name="bottom_attach">3</property>
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkImage" id="help_image">
++ <object class="GtkEntry" id="file_equiv_dest_entry">
+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="pixbuf">images/booleans.png</property>
++ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Specify the mapping between the new path and the equivalence path. Everything under this new path will be labeled as if they were under the equivalence path.</property>
++ <property name="invisible_char">●</property>
++ <property name="primary_icon_activatable">False</property>
++ <property name="secondary_icon_activatable">False</property>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">1</property>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
++ <property name="top_attach">1</property>
++ <property name="bottom_attach">2</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
++ <property name="expand">True</property>
+ <property name="fill">True</property>
+ <property name="position">1</property>
+ </packing>
@@ -520687,113 +520822,36 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ </object>
-+ <object class="GtkListStore" id="in_network_liststore">
-+ <columns>
-+ <!-- column-name Port -->
-+ <column type="gchararray"/>
-+ <!-- column-name Protocol -->
-+ <column type="gchararray"/>
-+ <!-- column-name Modified -->
-+ <column type="gchararray"/>
-+ <!-- column-name SELinux -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkTreeModelFilter" id="in_network_treemodelfilter">
-+ <property name="child_model">in_network_liststore</property>
-+ </object>
-+ <object class="GtkTreeModelSort" id="in_network_treemodelsort">
-+ <property name="model">in_network_treemodelfilter</property>
-+ </object>
-+ <object class="GtkWindow" id="loading_gui">
-+ <property name="width_request">300</property>
-+ <property name="height_request">25</property>
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="title" translatable="yes">Analyzing Policy...</property>
-+ <property name="resizable">False</property>
-+ <property name="window_position">mouse</property>
-+ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
-+ <child>
-+ <object class="GtkProgressBar" id="progress_bar">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="pulse_step">0.050000000223517416</property>
-+ <property name="show_text">True</property>
-+ </object>
-+ </child>
-+ </object>
-+ <object class="GtkListStore" id="login_liststore">
++ <object class="GtkListStore" id="file_transitions_liststore">
+ <columns>
-+ <!-- column-name Username -->
-+ <column type="gchararray"/>
-+ <!-- column-name SELinuxUser -->
-+ <column type="gchararray"/>
-+ <!-- column-name MLS -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="login_seuser_liststore">
-+ <columns>
-+ <!-- column-name SELinuxUser -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="modify_liststore_files">
-+ <columns>
-+ <!-- column-name Path -->
-+ <column type="gchararray"/>
-+ <!-- column-name File -->
++ <!-- column-name Dir -->
+ <column type="gchararray"/>
+ <!-- column-name Class -->
+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="more_types_file_liststore">
-+ <columns>
-+ <!-- column-name types -->
++ <!-- column-name Destination -->
+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkListStore" id="network_mls_combo_store">
-+ <columns>
-+ <!-- column-name mls -->
++ <!-- column-name file -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkListStore" id="network_protocol_combo_store">
-+ <columns>
-+ <!-- column-name protocol -->
-+ <column type="gchararray"/>
-+ </columns>
++ <object class="GtkTreeModelFilter" id="file_transitions_filter">
++ <property name="child_model">file_transitions_liststore</property>
+ </object>
-+ <object class="GtkListStore" id="network_type_combo_store">
++ <object class="GtkListStore" id="files_class_combo_store">
+ <columns>
-+ <!-- column-name Type -->
++ <!-- column-name gchararray1 -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkListStore" id="out_network_liststore">
++ <object class="GtkListStore" id="files_type_combo_store">
+ <columns>
-+ <!-- column-name Port -->
-+ <column type="gchararray"/>
-+ <!-- column-name Protocol -->
-+ <column type="gchararray"/>
-+ <!-- column-name Modified -->
-+ <column type="gchararray"/>
-+ <!-- column-name SELinux -->
++ <!-- column-name Type -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="out_network_treemodelfilter">
-+ <property name="child_model">out_network_liststore</property>
-+ </object>
-+ <object class="GtkTreeModelSort" id="out_network_treemodelsort">
-+ <property name="model">out_network_treemodelfilter</property>
-+ </object>
-+ <object class="GtkWindow" id="popup_window_files">
++ <object class="GtkWindow" id="files_popup_window">
+ <property name="can_focus">False</property>
-+ <property name="title" translatable="yes">Add a File</property>
++ <property name="title" translatable="yes">Add a file</property>
+ <property name="resizable">False</property>
+ <property name="modal">True</property>
+ <property name="window_position">center-on-parent</property>
@@ -520805,7 +520863,7 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
-+ <object class="GtkLabel" id="Files_label">
++ <object class="GtkLabel" id="files_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
@@ -520860,7 +520918,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_files_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -520878,7 +520936,7 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkLabel" id="mls_label_files">
++ <object class="GtkLabel" id="files_mls_label">
+ <property name="width_request">40</property>
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
@@ -520893,25 +520951,6 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkComboBox" id="files_mls_combobox">
-+ <property name="width_request">360</property>
-+ <property name="can_focus">False</property>
-+ <property name="model">files_mls_combo_store</property>
-+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext27"/>
-+ <attributes>
-+ <attribute name="text">0</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="left_attach">1</property>
-+ <property name="right_attach">2</property>
-+ <property name="top_attach">5</property>
-+ <property name="bottom_attach">6</property>
-+ </packing>
-+ </child>
-+ <child>
+ <object class="GtkLabel" id="Advanced_text_files">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
@@ -520968,6 +521007,7 @@ index 0000000..9e4e798
+ <property name="width_request">360</property>
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
++ <property name="tooltip_text" translatable="yes">Select the file class to which this label will be applied. Defaults to all classes.</property>
+ <property name="model">files_class_combo_store</property>
+ <child>
+ <object class="GtkCellRendererText" id="cellrenderertext23"/>
@@ -520998,6 +521038,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">Select Make Path Recursive iff you want to apply this label to all children of the specified directory path. objects under the directory to have this label.</property>
+ <property name="xalign">0.5</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="on_make_path_recursive_toggled" swapped="no"/>
@@ -521014,6 +521055,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
++ <property name="tooltip_text" translatable="yes">Browse to select the file/directory for labeling.</property>
+ <signal name="clicked" handler="on_Browse_button_files_clicked" swapped="no"/>
+ </object>
+ <packing>
@@ -521068,6 +521110,7 @@ index 0000000..9e4e798
+ <object class="GtkEntry" id="files_path_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Specify the path using regular expressions that you would like to modify the labeling.</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -521089,6 +521132,7 @@ index 0000000..9e4e798
+ <property name="width_request">360</property>
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
++ <property name="tooltip_text" translatable="yes">Select the SELinux file type to assign to this path.</property>
+ <property name="model">files_type_combo_store</property>
+ <signal name="changed" handler="on_files_type_combobox_changed" swapped="no"/>
+ <child>
@@ -521112,6 +521156,22 @@ index 0000000..9e4e798
+ <property name="bottom_attach">3</property>
+ </packing>
+ </child>
++ <child>
++ <object class="GtkEntry" id="files_mls_entry">
++ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Enter the MLS Label to assign to this file path.</property>
++ <property name="invisible_char">●</property>
++ <property name="primary_icon_activatable">False</property>
++ <property name="secondary_icon_activatable">False</property>
++ <property name="primary_icon_tooltip_text" translatable="yes">SELinux MLS Label you wish to assign to this path.</property>
++ </object>
++ <packing>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
++ <property name="top_attach">5</property>
++ <property name="bottom_attach">6</property>
++ </packing>
++ </child>
+ </object>
+ <packing>
+ <property name="expand">True</property>
@@ -521122,7 +521182,156 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ </object>
-+ <object class="GtkWindow" id="popup_window_login">
++ <object class="GtkDialog" id="help_window">
++ <property name="can_focus">False</property>
++ <property name="resizable">False</property>
++ <property name="default_width">200</property>
++ <property name="default_height">500</property>
++ <property name="type_hint">normal</property>
++ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
++ <child internal-child="vbox">
++ <object class="GtkBox" id="dialog-vbox1">
++ <property name="can_focus">False</property>
++ <property name="orientation">vertical</property>
++ <property name="spacing">2</property>
++ <child internal-child="action_area">
++ <object class="GtkButtonBox" id="dialog-action_area1">
++ <property name="can_focus">False</property>
++ <property name="layout_style">end</property>
++ <child>
++ <object class="GtkButton" id="back_button">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_back_button_clicked" swapped="no"/>
++ <child>
++ <object class="GtkArrow" id="arrow2">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="arrow_type">left</property>
++ </object>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkButton" id="forward_button">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_forward_button_clicked" swapped="no"/>
++ <child>
++ <object class="GtkArrow" id="arrow3">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ </object>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="pack_type">end</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkBox" id="box9">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="orientation">vertical</property>
++ <child>
++ <object class="GtkScrolledWindow" id="scrolledwindow14">
++ <property name="height_request">250</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="shadow_type">in</property>
++ <child>
++ <object class="GtkTextView" id="help_textv">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="editable">False</property>
++ <property name="wrap_mode">word</property>
++ <property name="cursor_visible">False</property>
++ </object>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkImage" id="help_image">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="pixbuf">images/booleans.png</property>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
++ </object>
++ </child>
++ </object>
++ <object class="GtkWindow" id="loading_gui">
++ <property name="width_request">300</property>
++ <property name="height_request">25</property>
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="title" translatable="yes">Analyzing Policy...</property>
++ <property name="resizable">False</property>
++ <property name="window_position">mouse</property>
++ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
++ <child>
++ <object class="GtkProgressBar" id="progress_bar">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="pulse_step">0.050000000223517416</property>
++ <property name="show_text">True</property>
++ </object>
++ </child>
++ </object>
++ <object class="GtkListStore" id="login_liststore">
++ <columns>
++ <!-- column-name Username -->
++ <column type="gchararray"/>
++ <!-- column-name SELinuxUser -->
++ <column type="gchararray"/>
++ <!-- column-name MLS -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkTreeModelFilter" id="login_filter">
++ <property name="child_model">login_liststore</property>
++ </object>
++ <object class="GtkListStore" id="login_seuser_liststore">
++ <columns>
++ <!-- column-name SELinuxUser -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkWindow" id="login_popup_window">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">Network Port Definitions</property>
+ <property name="resizable">False</property>
@@ -521141,7 +521350,7 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">Add User Mapping. User Mapping will be created when Update is applied.</property>
++ <property name="label" translatable="yes">Add Login Mapping. Login Mapping will be created when update is applied.</property>
+ <property name="justify">fill</property>
+ <property name="wrap">True</property>
+ </object>
@@ -521155,15 +521364,12 @@ index 0000000..9e4e798
+ <object class="GtkTable" id="table1">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
-+ <property name="n_rows">5</property>
++ <property name="n_rows">4</property>
+ <property name="n_columns">2</property>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
-+ <placeholder/>
-+ </child>
-+ <child>
+ <object class="GtkLabel" id="label15">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
@@ -521179,6 +521385,7 @@ index 0000000..9e4e798
+ <object class="GtkEntry" id="login_name_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Enter the login user name of the user to which you wish to add SELinux User confinement.</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -521203,42 +521410,11 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkLabel" id="login_advanced_button">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="xalign">0</property>
-+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">Advanced >></property>
-+ <property name="selectable">True</property>
-+ <attributes>
-+ <attribute name="foreground" value="#00004e4e9999"/>
-+ </attributes>
-+ <signal name="button-press-event" handler="on_login_advanced_button_press_event" swapped="no"/>
-+ </object>
-+ <packing>
-+ <property name="top_attach">2</property>
-+ <property name="bottom_attach">3</property>
-+ <property name="y_options"/>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkLabel" id="login_mls_label">
-+ <property name="can_focus">False</property>
-+ <property name="xalign">0</property>
-+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">MLS</property>
-+ </object>
-+ <packing>
-+ <property name="top_attach">3</property>
-+ <property name="bottom_attach">4</property>
-+ <property name="y_options"/>
-+ </packing>
-+ </child>
-+ <child>
+ <object class="GtkComboBox" id="login_seuser_combobox">
+ <property name="width_request">360</property>
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
++ <property name="tooltip_text" translatable="yes">Select the SELinux User to assign to this login user. Login users by default get assigned by the __default__ user.</property>
+ <property name="model">login_seuser_liststore</property>
+ <signal name="changed" handler="on_login_seuser_combobox_changed" swapped="no"/>
+ <child>
@@ -521280,7 +521456,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_login_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -521293,13 +521469,30 @@ index 0000000..9e4e798
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
-+ <property name="top_attach">4</property>
-+ <property name="bottom_attach">5</property>
++ <property name="top_attach">3</property>
++ <property name="bottom_attach">4</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkLabel" id="login_mls_label">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="tooltip_text" translatable="yes">Enter MLS/MCS Range for this login User. Defaults to the range for the Selected SELinux User.</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes">MLS Range</property>
++ </object>
++ <packing>
++ <property name="top_attach">2</property>
++ <property name="bottom_attach">3</property>
++ <property name="y_options"/>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="login_mls_entry">
++ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Specify the MLS Range for this user to login in with. Defaults to the selected SELinux Users MLS Range.</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -521307,8 +521500,8 @@ index 0000000..9e4e798
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
-+ <property name="top_attach">3</property>
-+ <property name="bottom_attach">4</property>
++ <property name="top_attach">2</property>
++ <property name="bottom_attach">3</property>
+ </packing>
+ </child>
+ </object>
@@ -521321,7 +521514,53 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ </object>
-+ <object class="GtkWindow" id="popup_window_network">
++ <object class="GtkListStore" id="modify_liststore_files">
++ <columns>
++ <!-- column-name Path -->
++ <column type="gchararray"/>
++ <!-- column-name file -->
++ <column type="gchararray"/>
++ <!-- column-name Class -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkListStore" id="more_types_file_liststore">
++ <columns>
++ <!-- column-name types -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkListStore" id="network_in_liststore">
++ <columns>
++ <!-- column-name Port -->
++ <column type="gchararray"/>
++ <!-- column-name Protocol -->
++ <column type="gchararray"/>
++ <!-- column-name Modified -->
++ <column type="gchararray"/>
++ <!-- column-name SELinux -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkTreeModelFilter" id="network_in_filter">
++ <property name="child_model">network_in_liststore</property>
++ </object>
++ <object class="GtkListStore" id="network_out_liststore">
++ <columns>
++ <!-- column-name Port -->
++ <column type="gchararray"/>
++ <!-- column-name Protocol -->
++ <column type="gchararray"/>
++ <!-- column-name Modified -->
++ <column type="gchararray"/>
++ <!-- column-name SELinux -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkTreeModelFilter" id="network_out_filter">
++ <property name="child_model">network_out_liststore</property>
++ </object>
++ <object class="GtkWindow" id="network_popup_window">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">Network Port Definitions</property>
+ <property name="resizable">False</property>
@@ -521378,6 +521617,7 @@ index 0000000..9e4e798
+ <object class="GtkEntry" id="network_ports_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Enter the port number or range to which you want to add a port type.</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -521435,7 +521675,7 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkLabel" id="mls_label_network">
++ <object class="GtkLabel" id="network_mls_label">
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
+ <property name="xpad">10</property>
@@ -521448,29 +521688,11 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkComboBox" id="network_mls_combobox">
-+ <property name="width_request">360</property>
-+ <property name="can_focus">False</property>
-+ <property name="model">network_mls_combo_store</property>
-+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext34"/>
-+ <attributes>
-+ <attribute name="text">0</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="left_attach">1</property>
-+ <property name="right_attach">2</property>
-+ <property name="top_attach">4</property>
-+ <property name="bottom_attach">5</property>
-+ </packing>
-+ </child>
-+ <child>
+ <object class="GtkComboBox" id="network_type_combobox">
+ <property name="width_request">360</property>
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
++ <property name="tooltip_text" translatable="yes">Select the port type you want to assign to the specified port number.</property>
+ <property name="model">network_type_combo_store</property>
+ <child>
+ <object class="GtkCellRendererText" id="cellrenderertext33"/>
@@ -521511,7 +521733,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_network_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -521538,6 +521760,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_markup" translatable="yes">Select <b>tcp</b> if the port type should be assigned to tcp port numbers.</property>
+ <property name="xalign">0.5</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
@@ -521554,6 +521777,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_markup" translatable="yes">Select <b>udp</b> if the port type should be assigned to udp port numbers.</property>
+ <property name="xalign">0.5</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">tcp_button</property>
@@ -521572,6 +521796,21 @@ index 0000000..9e4e798
+ <property name="bottom_attach">2</property>
+ </packing>
+ </child>
++ <child>
++ <object class="GtkEntry" id="network_mls_entry">
++ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Enter the MLS Label to assign to this port.</property>
++ <property name="invisible_char">●</property>
++ <property name="primary_icon_activatable">False</property>
++ <property name="secondary_icon_activatable">False</property>
++ </object>
++ <packing>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
++ <property name="top_attach">4</property>
++ <property name="bottom_attach">5</property>
++ </packing>
++ </child>
+ </object>
+ <packing>
+ <property name="expand">True</property>
@@ -521582,13 +521821,25 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ </object>
++ <object class="GtkListStore" id="network_protocol_combo_store">
++ <columns>
++ <!-- column-name protocol -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
++ <object class="GtkListStore" id="network_type_combo_store">
++ <columns>
++ <!-- column-name Type -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
+ <object class="GtkListStore" id="system_policy_type_liststore">
+ <columns>
+ <!-- column-name gchararray1 -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeStore" id="transitions_from_x_treestore">
++ <object class="GtkTreeStore" id="transitions_from_treestore">
+ <columns>
+ <!-- column-name Enabled -->
+ <column type="gchararray"/>
@@ -521604,13 +521855,10 @@ index 0000000..9e4e798
+ <column type="gboolean"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="transitions_from_x_treemodelfilter">
-+ <property name="child_model">transitions_from_x_treestore</property>
++ <object class="GtkTreeModelFilter" id="transitions_from_filter">
++ <property name="child_model">transitions_from_treestore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="transitions_from_x_treemodelsort">
-+ <property name="model">transitions_from_x_treemodelfilter</property>
-+ </object>
-+ <object class="GtkListStore" id="transitions_into_x_liststore">
++ <object class="GtkListStore" id="transitions_into_liststore">
+ <columns>
+ <!-- column-name Activate -->
+ <column type="gchararray"/>
@@ -521620,11 +521868,8 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeModelFilter" id="transitions_into_x_treemodelfilter">
-+ <property name="child_model">transitions_into_x_liststore</property>
-+ </object>
-+ <object class="GtkTreeModelSort" id="transitions_into_x_treemodelsort">
-+ <property name="model">transitions_into_x_treemodelfilter</property>
++ <object class="GtkTreeModelFilter" id="transitions_into_filter">
++ <property name="child_model">transitions_into_liststore</property>
+ </object>
+ <object class="GtkListStore" id="user_liststore">
+ <columns>
@@ -521638,36 +521883,18 @@ index 0000000..9e4e798
+ <column type="gchararray"/>
+ </columns>
+ </object>
++ <object class="GtkTreeModelFilter" id="user_filter">
++ <property name="child_model">user_liststore</property>
++ </object>
+ <object class="GtkListStore" id="user_roles_liststore">
+ <columns>
+ <!-- column-name SELinuxRoles -->
+ <column type="gchararray"/>
+ </columns>
+ </object>
-+ <object class="GtkTreeStore" id="writable_files_treestore">
-+ <columns>
-+ <!-- column-name File -->
-+ <column type="gchararray"/>
-+ <!-- column-name SELinux -->
-+ <column type="gchararray"/>
-+ <!-- column-name File1 -->
-+ <column type="gchararray"/>
-+ <!-- column-name Label -->
-+ <column type="gboolean"/>
-+ <!-- column-name Mislabled -->
-+ <column type="gboolean"/>
-+ <!-- column-name Cur -->
-+ <column type="gchararray"/>
-+ <!-- column-name Con -->
-+ <column type="gchararray"/>
-+ </columns>
-+ </object>
-+ <object class="GtkTreeModelFilter" id="writable_files_treemodelfilter">
++ <object class="GtkTreeModelFilter" id="writable_files_filter">
+ <property name="child_model">writable_files_treestore</property>
+ </object>
-+ <object class="GtkTreeModelSort" id="writable_files_treemodelsort">
-+ <property name="model">writable_files_treemodelfilter</property>
-+ </object>
+ <object class="GtkWindow" id="SELinux_window">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">SELinux Policy Manager</property>
@@ -521772,8 +521999,8 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkRadioButton" id="Files_button">
-+ <property name="label" translatable="yes">Files</property>
++ <object class="GtkRadioButton" id="files_button">
++ <property name="label" translatable="yes">files</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
@@ -521790,7 +522017,7 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkRadioButton" id="Network_button">
++ <object class="GtkRadioButton" id="network_button">
+ <property name="label" translatable="yes">Network</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
@@ -521900,8 +522127,8 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="receives_default">False</property>
+ <property name="xalign">0</property>
-+ <property name="group">Booleans_button</property>
+ <property name="draw_indicator">False</property>
++ <property name="group">Booleans_button</property>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -522085,7 +522312,8 @@ index 0000000..9e4e798
+ <property name="no_show_all">True</property>
+ <property name="tooltip_text" translatable="yes">If-Then-Else rules written in policy that can
+allow alternative access control.</property>
-+ <property name="model">boolean_treemodelsort</property>
++ <property name="model">boolean_filter</property>
++ <property name="enable_search">False</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
+ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
@@ -522189,6 +522417,7 @@ index 0000000..9e4e798
+ <object class="GtkNotebook" id="files_inner_notebook">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <signal name="switch-page" handler="on_button_toggled" swapped="no"/>
+ <child>
+ <object class="GtkScrolledWindow" id="scrolledwindow1">
+ <property name="visible">True</property>
@@ -522198,7 +522427,8 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="no_show_all">True</property>
-+ <property name="model">executable_files_treemodelsort</property>
++ <property name="model">executable_files_filter</property>
++ <property name="enable_search">False</property>
+ <property name="search_column">0</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="button-press-event" handler="item_in_tree_selected" swapped="no"/>
@@ -522212,7 +522442,7 @@ index 0000000..9e4e798
+ <property name="resizable">True</property>
+ <property name="sizing">fixed</property>
+ <property name="min_width">355</property>
-+ <property name="title" translatable="yes">File Path</property>
++ <property name="title" translatable="yes">file Path</property>
+ <property name="expand">True</property>
+ <property name="clickable">True</property>
+ <property name="reorderable">True</property>
@@ -522226,7 +522456,7 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn16">
++ <object class="GtkTreeViewColumn" id="restorecon_col">
+ <property name="min_width">70</property>
+ <property name="max_width">70</property>
+ <child>
@@ -522306,7 +522536,8 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="no_show_all">True</property>
-+ <property name="model">writable_files_treemodelsort</property>
++ <property name="model">writable_files_filter</property>
++ <property name="enable_search">False</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="button-press-event" handler="item_in_tree_selected" swapped="no"/>
+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
@@ -522400,8 +522631,8 @@ index 0000000..9e4e798
+ <object class="GtkLabel" id="Writable_files_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
-+ <property name="tooltip_text" translatable="yes">Files to which the 'selected domain' can write.</property>
-+ <property name="label" translatable="yes">Writable Files</property>
++ <property name="tooltip_text" translatable="yes">files to which the 'selected domain' can write.</property>
++ <property name="label" translatable="yes">Writable files</property>
+ </object>
+ </child>
+ </object>
@@ -522419,7 +522650,8 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="no_show_all">True</property>
-+ <property name="model">application_filetypes_treemodelsort</property>
++ <property name="model">application_filetypes_filter</property>
++ <property name="enable_search">False</property>
+ <property name="search_column">0</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="button-press-event" handler="item_in_tree_selected" swapped="no"/>
@@ -522545,7 +522777,7 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child type="tab">
-+ <object class="GtkLabel" id="Files_tab">
++ <object class="GtkLabel" id="files_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Files</property>
@@ -522564,6 +522796,7 @@ index 0000000..9e4e798
+ <object class="GtkNotebook" id="network_inner_notebook">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <signal name="switch-page" handler="on_button_toggled" swapped="no"/>
+ <child>
+ <object class="GtkScrolledWindow" id="scrolledwindow3">
+ <property name="visible">True</property>
@@ -522573,9 +522806,11 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="no_show_all">True</property>
-+ <property name="model">out_network_treemodelsort</property>
++ <property name="model">network_out_filter</property>
++ <property name="enable_search">False</property>
+ <property name="search_column">0</property>
+ <property name="fixed_height_mode">True</property>
++ <property name="tooltip_column">0</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="button-press-event" handler="item_in_tree_selected" swapped="no"/>
+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
@@ -522591,6 +522826,7 @@ index 0000000..9e4e798
+ <property name="expand">True</property>
+ <property name="clickable">True</property>
+ <property name="reorderable">True</property>
++ <property name="sort_indicator">True</property>
+ <property name="sort_column_id">0</property>
+ <child>
+ <object class="GtkCellRendererText" id="cellrenderertext29"/>
@@ -522645,7 +522881,7 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <signal name="button-press-event" handler="on_tab_switch" swapped="no"/>
+ <child>
-+ <object class="GtkLabel" id="Outbound_tab">
++ <object class="GtkLabel" id="network_out_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Network Ports to which the 'selected domain' is allowed to connect.</property>
@@ -522666,9 +522902,11 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="no_show_all">True</property>
-+ <property name="model">in_network_treemodelsort</property>
++ <property name="model">network_in_filter</property>
++ <property name="enable_search">False</property>
+ <property name="search_column">0</property>
+ <property name="fixed_height_mode">True</property>
++ <property name="tooltip_column">0</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="button-press-event" handler="item_in_tree_selected" swapped="no"/>
+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
@@ -522740,7 +522978,7 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <signal name="button-press-event" handler="on_tab_switch" swapped="no"/>
+ <child>
-+ <object class="GtkLabel" id="Inbound_tab">
++ <object class="GtkLabel" id="network_in_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Network Ports to which the 'selected domain' is allowed to listen.</property>
@@ -522785,15 +523023,17 @@ index 0000000..9e4e798
+ <object class="GtkNotebook" id="transitions_inner_notebook">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <signal name="switch-page" handler="on_button_toggled" swapped="no"/>
+ <child>
+ <object class="GtkScrolledWindow" id="scrolledwindow6">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <child>
-+ <object class="GtkTreeView" id="transitions_from_x_treeview">
++ <object class="GtkTreeView" id="transitions_from_treeview">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="model">transitions_from_x_treemodelsort</property>
++ <property name="model">transitions_from_filter</property>
++ <property name="enable_search">False</property>
+ <property name="activate_on_single_click">True</property>
+ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
+ <child internal-child="selection">
@@ -522853,7 +523093,7 @@ index 0000000..9e4e798
+ </object>
+ </child>
+ <child type="tab">
-+ <object class="GtkLabel" id="Transitions_from_x_tab">
++ <object class="GtkLabel" id="Transitions_from_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Executables which will transition to a different domain, when the 'selected domain' executes them.</property>
@@ -522871,10 +523111,11 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <child>
-+ <object class="GtkTreeView" id="transitions_into_x_treeview">
++ <object class="GtkTreeView" id="transitions_into_treeview">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="model">transitions_into_x_treemodelsort</property>
++ <property name="model">transitions_into_filter</property>
++ <property name="enable_search">False</property>
+ <child internal-child="selection">
+ <object class="GtkTreeSelection" id="treeview-selection8"/>
+ </child>
@@ -522931,7 +523172,7 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child type="tab">
-+ <object class="GtkLabel" id="Transitions_into_x_tab">
++ <object class="GtkLabel" id="Transitions_into_tab">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="tooltip_text" translatable="yes">Executables which will transition to the 'selected domain', when executing a selected domains entrypoint.</property>
@@ -522950,7 +523191,9 @@ index 0000000..9e4e798
+ <object class="GtkTreeView" id="file_transitions_treeview">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="model">File_transitions_treemodel_sort</property>
++ <property name="tooltip_text" translatable="yes">File Transitions define what happens when the current domain creates the content of a particular class in a directory of the destination type. Optionally a file name could be specified for the transition.</property>
++ <property name="model">file_transitions_filter</property>
++ <property name="enable_search">False</property>
+ <child internal-child="selection">
+ <object class="GtkTreeSelection" id="treeview-selection9"/>
+ </child>
@@ -523050,61 +523293,69 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
-+ <object class="GtkTreeView" id="login_treeview">
++ <object class="GtkScrolledWindow" id="scrolledwindow17">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="no_show_all">True</property>
-+ <property name="model">login_liststore</property>
-+ <property name="search_column">0</property>
-+ <property name="activate_on_single_click">True</property>
-+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
-+ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
-+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection22"/>
-+ </child>
++ <property name="shadow_type">in</property>
+ <child>
-+ <object class="GtkTreeViewColumn" id="Login Name">
-+ <property name="resizable">True</property>
-+ <property name="sizing">fixed</property>
-+ <property name="title" translatable="yes">Login Name</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <property name="sort_column_id">0</property>
++ <object class="GtkTreeView" id="login_treeview">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="no_show_all">True</property>
++ <property name="model">login_filter</property>
++ <property name="enable_search">False</property>
++ <property name="search_column">0</property>
++ <property name="activate_on_single_click">True</property>
++ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
++ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
++ <child internal-child="selection">
++ <object class="GtkTreeSelection" id="treeview-selection10"/>
++ </child>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext22"/>
-+ <attributes>
-+ <attribute name="text">0</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="Login Name">
++ <property name="resizable">True</property>
++ <property name="sizing">fixed</property>
++ <property name="title" translatable="yes">Login Name</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
++ <property name="sort_column_id">0</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext22"/>
++ <attributes>
++ <attribute name="text">0</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="SELinuxUser">
-+ <property name="resizable">True</property>
-+ <property name="sizing">fixed</property>
-+ <property name="title" translatable="yes">SELinux User</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <property name="sort_indicator">True</property>
-+ <property name="sort_column_id">1</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext41"/>
-+ <attributes>
-+ <attribute name="text">1</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="SELinuxUser">
++ <property name="resizable">True</property>
++ <property name="sizing">fixed</property>
++ <property name="title" translatable="yes">SELinux User</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
++ <property name="sort_indicator">True</property>
++ <property name="sort_column_id">1</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext41"/>
++ <attributes>
++ <attribute name="text">1</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="MLS Range">
-+ <property name="resizable">True</property>
-+ <property name="title" translatable="yes">MLS Range</property>
-+ <property name="sort_column_id">2</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext52"/>
-+ <attributes>
-+ <attribute name="text">2</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="MLS Range">
++ <property name="resizable">True</property>
++ <property name="title" translatable="yes">MLS Range</property>
++ <property name="sort_column_id">2</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext52"/>
++ <attributes>
++ <attribute name="text">2</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
+ </object>
+ </child>
@@ -523137,81 +523388,89 @@ index 0000000..9e4e798
+ <property name="can_focus">False</property>
+ <property name="orientation">vertical</property>
+ <child>
-+ <object class="GtkTreeView" id="user_treeview">
++ <object class="GtkScrolledWindow" id="scrolledwindow16">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="no_show_all">True</property>
-+ <property name="tooltip_text" translatable="yes">If-Then-Else rules written in policy that can
-+allow alternative access control.</property>
-+ <property name="model">user_liststore</property>
-+ <property name="reorderable">True</property>
-+ <property name="search_column">0</property>
-+ <property name="activate_on_single_click">True</property>
-+ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
-+ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
-+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection21"/>
-+ </child>
++ <property name="shadow_type">in</property>
+ <child>
-+ <object class="GtkTreeViewColumn" id="SELinuxUser Name">
-+ <property name="resizable">True</property>
-+ <property name="min_width">240</property>
-+ <property name="title" translatable="yes">SELinux User</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <property name="sort_column_id">0</property>
++ <object class="GtkTreeView" id="user_treeview">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="no_show_all">True</property>
++ <property name="tooltip_text" translatable="yes">If-Then-Else rules written in policy that can
++allow alternative access control.</property>
++ <property name="model">user_filter</property>
++ <property name="reorderable">True</property>
++ <property name="enable_search">False</property>
++ <property name="search_column">0</property>
++ <property name="activate_on_single_click">True</property>
++ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
++ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
++ <child internal-child="selection">
++ <object class="GtkTreeSelection" id="treeview-selection11"/>
++ </child>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext48">
-+ <property name="wrap_mode">word</property>
-+ <property name="wrap_width">360</property>
++ <object class="GtkTreeViewColumn" id="SELinuxUser Name">
++ <property name="resizable">True</property>
++ <property name="min_width">240</property>
++ <property name="title" translatable="yes">SELinux User</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
++ <property name="sort_column_id">0</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext48">
++ <property name="wrap_mode">word</property>
++ <property name="wrap_width">360</property>
++ </object>
++ <attributes>
++ <attribute name="text">0</attribute>
++ </attributes>
++ </child>
+ </object>
-+ <attributes>
-+ <attribute name="text">0</attribute>
-+ </attributes>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="SELinuxRoles1">
-+ <property name="resizable">True</property>
-+ <property name="title" translatable="yes">SELinux Roles</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <property name="reorderable">True</property>
-+ <property name="sort_indicator">True</property>
-+ <property name="sort_column_id">1</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext49"/>
-+ <attributes>
-+ <attribute name="text">1</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="SELinuxRoles1">
++ <property name="resizable">True</property>
++ <property name="title" translatable="yes">SELinux Roles</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
++ <property name="reorderable">True</property>
++ <property name="sort_indicator">True</property>
++ <property name="sort_column_id">1</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext49"/>
++ <attributes>
++ <attribute name="text">1</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="DEFAULT Level">
-+ <property name="title" translatable="yes">Default Level</property>
-+ <property name="sort_indicator">True</property>
-+ <property name="sort_column_id">2</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext53"/>
-+ <attributes>
-+ <attribute name="text">2</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="DEFAULT Level">
++ <property name="title" translatable="yes">Default Level</property>
++ <property name="sort_indicator">True</property>
++ <property name="sort_column_id">2</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext53"/>
++ <attributes>
++ <attribute name="text">2</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn26">
-+ <property name="resizable">True</property>
-+ <property name="title" translatable="yes">MLS Range</property>
-+ <property name="sort_indicator">True</property>
-+ <property name="sort_column_id">3</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext54"/>
-+ <attributes>
-+ <attribute name="text">3</attribute>
-+ </attributes>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn26">
++ <property name="resizable">True</property>
++ <property name="title" translatable="yes">MLS Range</property>
++ <property name="sort_indicator">True</property>
++ <property name="sort_column_id">3</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext54"/>
++ <attributes>
++ <attribute name="text">3</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
+ </object>
+ </child>
@@ -523717,6 +523976,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">An unconfined domain is a process label that allows the process to do what it wants, without SELinux interfering. Applications started at boot by the init system that SELinux do not have defined SELinux policy will run as unconfined if this module is enabled. Disabling it means all daemons will now be confined. To disable the unconfined_t user you must first remove unconfined_t from the users/login screens.</property>
+ <property name="xalign">0</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
@@ -523734,6 +523994,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">An unconfined domain is a process label that allows the process to do what it wants, without SELinux interfering. Applications started at boot by the init system that SELinux do not have defined SELinux policy will run as unconfined if this module is enabled. Disabling it means all daemons will now be confined. To disable the unconfined_t user you must first remove unconfined_t from the users/login screens.</property>
+ <property name="xalign">0</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
@@ -523764,25 +524025,6 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkTreeView" id="unconfined_treeview">
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="hscroll_policy">natural</property>
-+ <property name="vscroll_policy">natural</property>
-+ <property name="enable_search">False</property>
-+ <property name="show_expanders">False</property>
-+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection17"/>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="left_attach">1</property>
-+ <property name="top_attach">0</property>
-+ <property name="width">1</property>
-+ <property name="height">1</property>
-+ </packing>
-+ </child>
-+ <child>
+ <object class="GtkFrame" id="frame2">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
@@ -523798,6 +524040,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">An permissive domain is a process label that allows the process to do what it wants, with SELinux only logging the denials, but not enforcing them. Usually permissive domains indicate experimental policy, disabling the module could cause SELinux to deny access to a domain, that should be allowed.</property>
+ <property name="xalign">0</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
@@ -523815,6 +524058,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">An permissive domain is a process label that allows the process to do what it wants, with SELinux only logging the denials, but not enforcing them. Usually permissive domains indicate experimental policy, disabling the module could cause SELinux to deny access to a domain, that should be allowed.</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">enable_permissive</property>
@@ -523844,6 +524088,25 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
++ <object class="GtkCheckButton" id="deny_ptrace_button">
++ <property name="label" translatable="yes">Deny all processes from ptracing ordebugging other processes.
++</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">False</property>
++ <property name="tooltip_text" translatable="yes">By default SELinux does not block user processes and unconfined processes from ptrace each other. Ptrace allows one process to read and manipulate memory of a nother process. Normal Linux permissions only allow ptrace between processes with the same UID unless the process has privledge. Denying ptrace could block certail bug catching tools from working properly and will prevent gdb and strace from working. </property>
++ <property name="xalign">0</property>
++ <property name="draw_indicator">True</property>
++ <signal name="toggled" handler="on_deny_ptrace" swapped="no"/>
++ </object>
++ <packing>
++ <property name="left_attach">1</property>
++ <property name="top_attach">0</property>
++ <property name="width">1</property>
++ <property name="height">1</property>
++ </packing>
++ </child>
++ <child>
+ <placeholder/>
+ </child>
+ </object>
@@ -523863,28 +524126,46 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkTreeView" id="file_equiv_treeview">
++ <object class="GtkScrolledWindow" id="scrolledwindow15">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="model">file_equiv_liststore</property>
-+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection23"/>
-+ </child>
++ <property name="shadow_type">in</property>
+ <child>
-+ <object class="GtkTreeViewColumn" id="file_equiv_source">
-+ <property name="resizable">True</property>
-+ <property name="title" translatable="yes">Source</property>
++ <object class="GtkTreeView" id="file_equiv_treeview">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">File equivalence cause the system to label content under the new path as if it were under the equivalence path.</property>
++ <property name="model">file_equiv_filter</property>
++ <property name="enable_search">False</property>
++ <property name="activate_on_single_click">True</property>
++ <signal name="cursor-changed" handler="on_treeview_cursor_changed" swapped="no"/>
++ <signal name="row-activated" handler="on_column_clicked" swapped="no"/>
++ <child internal-child="selection">
++ <object class="GtkTreeSelection" id="treeview-selection13"/>
++ </child>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext55"/>
++ <object class="GtkTreeViewColumn" id="file_equiv_source">
++ <property name="resizable">True</property>
++ <property name="title" translatable="yes">Path</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext55"/>
++ <attributes>
++ <attribute name="text">0</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn25">
-+ <property name="resizable">True</property>
-+ <property name="title" translatable="yes">Destination</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext56"/>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn25">
++ <property name="resizable">True</property>
++ <property name="title" translatable="yes">Equivalence Path</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext56"/>
++ <attributes>
++ <attribute name="text">1</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
+ </object>
+ </child>
@@ -524170,10 +524451,11 @@ index 0000000..9e4e798
+ <object class="GtkTreeView" id="advanced_search_treeview">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="model">advanced_treemodel_sort</property>
++ <property name="model">advanced_filter</property>
++ <property name="enable_search">False</property>
+ <signal name="row-activated" handler="on_advanced_search_treeview_row_activated" swapped="no"/>
+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection10"/>
++ <object class="GtkTreeSelection" id="treeview-selection15"/>
+ </child>
+ <child>
+ <object class="GtkTreeViewColumn" id="treeviewcolumn14">
@@ -524247,7 +524529,7 @@ index 0000000..9e4e798
+ <property name="can_focus">True</property>
+ <property name="model">booleans_more_detail_liststore</property>
+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection15"/>
++ <object class="GtkTreeSelection" id="treeview-selection18"/>
+ </child>
+ <child>
+ <object class="GtkTreeViewColumn" id="more_detail1">
@@ -524300,7 +524582,7 @@ index 0000000..9e4e798
+ <property name="can_focus">True</property>
+ <property name="model">delete_files_liststore</property>
+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection11"/>
++ <object class="GtkTreeSelection" id="treeview-selection20"/>
+ </child>
+ <child>
+ <object class="GtkTreeViewColumn" id="Select">
@@ -524389,7 +524671,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_delete_files_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -524534,7 +524816,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_delete_network_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -524578,15 +524860,153 @@ index 0000000..9e4e798
+ <property name="model">more_types_file_liststore</property>
+ <signal name="row-activated" handler="on_moreTypes_treeview_files_row_activated" swapped="no"/>
+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection13"/>
++ <object class="GtkTreeSelection" id="treeview-selection23"/>
++ </child>
++ <child>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn19">
++ <property name="title" translatable="yes">Types</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext28"/>
++ <attributes>
++ <attribute name="text">0</attribute>
++ </attributes>
++ </child>
++ </object>
++ </child>
++ </object>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">True</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkButton" id="select_type_files">
++ <property name="label" translatable="yes">Select</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_select_type_files_clicked" swapped="no"/>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">False</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
++ </object>
++ </child>
++ </object>
++ <object class="GtkWindow" id="update_window">
++ <property name="can_focus">False</property>
++ <property name="modal">True</property>
++ <property name="window_position">center-on-parent</property>
++ <property name="default_width">650</property>
++ <property name="default_height">450</property>
++ <property name="transient_for">SELinux_window</property>
++ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
++ <child>
++ <object class="GtkBox" id="vbox16">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="orientation">vertical</property>
++ <child>
++ <object class="GtkBox" id="box11">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="orientation">vertical</property>
++ <child>
++ <object class="GtkLabel" id="label8">
++ <property name="visible">True</property>
++ <property name="can_focus">False</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes">Review the updates you have made before committing them to the system. To reset an item, uncheck the checkbox. All items checked will be updated in the system when you select update.</property>
++ <property name="justify">fill</property>
++ <property name="wrap">True</property>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">True</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkScrolledWindow" id="scrolledwindow10">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <child>
++ <object class="GtkTreeView" id="update_treeview">
++ <property name="height_request">380</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="model">Update_treestore</property>
++ <property name="search_column">0</property>
++ <child internal-child="selection">
++ <object class="GtkTreeSelection" id="treeview-selection16"/>
++ </child>
++ <child>
++ <object class="GtkTreeViewColumn" id="Select2">
++ <property name="min_width">20</property>
++ <property name="title" translatable="yes">Select</property>
++ <property name="clickable">True</property>
++ <child>
++ <object class="GtkCellRendererToggle" id="toggle_update"/>
++ <attributes>
++ <attribute name="visible">4</attribute>
++ <attribute name="active">0</attribute>
++ </attributes>
++ </child>
++ </object>
++ </child>
++ <child>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn20">
++ <property name="min_width">275</property>
++ <property name="title" translatable="yes">Description</property>
++ <property name="clickable">True</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext62">
++ <property name="wrap_mode">word</property>
++ </object>
++ <attributes>
++ <attribute name="text">1</attribute>
++ </attributes>
++ </child>
++ </object>
++ </child>
++ <child>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn21">
++ <property name="min_width">75</property>
++ <property name="title" translatable="yes">Section</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
++ <child>
++ <object class="GtkCellRendererText" id="cellrenderertext63"/>
++ <attributes>
++ <attribute name="text">2</attribute>
++ </attributes>
++ </child>
++ </object>
+ </child>
+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn19">
-+ <property name="title" translatable="yes">Types</property>
++ <object class="GtkTreeViewColumn" id="treeviewcolumn22">
++ <property name="min_width">25</property>
++ <property name="title" translatable="yes">Action</property>
++ <property name="expand">True</property>
++ <property name="clickable">True</property>
+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext28"/>
++ <object class="GtkCellRendererText" id="cellrenderertext64"/>
+ <attributes>
-+ <attribute name="text">0</attribute>
++ <attribute name="text">3</attribute>
+ </attributes>
+ </child>
+ </object>
@@ -524597,27 +525017,54 @@ index 0000000..9e4e798
+ <packing>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
-+ <property name="position">0</property>
++ <property name="position">1</property>
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkButton" id="select_type_files">
-+ <property name="label" translatable="yes">Select</property>
++ <object class="GtkHBox" id="hbox26">
+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_select_type_files_clicked" swapped="no"/>
++ <property name="can_focus">False</property>
++ <child>
++ <object class="GtkButton" id="apply_button">
++ <property name="label" translatable="yes">Apply</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_apply_button_clicked" swapped="no"/>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">False</property>
++ <property name="pack_type">end</property>
++ <property name="position">0</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkButton" id="cancel_update">
++ <property name="label" translatable="yes">Cancel</property>
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="receives_default">True</property>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
++ </object>
++ <packing>
++ <property name="expand">False</property>
++ <property name="fill">False</property>
++ <property name="pack_type">end</property>
++ <property name="position">1</property>
++ </packing>
++ </child>
+ </object>
+ <packing>
+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="position">1</property>
++ <property name="fill">True</property>
++ <property name="position">2</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
-+ <object class="GtkWindow" id="popup_window_user">
++ <object class="GtkWindow" id="user_popup_window">
+ <property name="can_focus">False</property>
+ <property name="title" translatable="yes">Network Port Definitions</property>
+ <property name="resizable">False</property>
@@ -524656,9 +525103,6 @@ index 0000000..9e4e798
+ <placeholder/>
+ </child>
+ <child>
-+ <placeholder/>
-+ </child>
-+ <child>
+ <object class="GtkLabel" id="label16">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
@@ -524674,6 +525118,7 @@ index 0000000..9e4e798
+ <object class="GtkEntry" id="user_name_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Specify a new SELinux user name. By convention SELinux User names usually end in an _u.</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -524698,30 +525143,12 @@ index 0000000..9e4e798
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkLabel" id="user_advanced_button">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="xalign">0</property>
-+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">Advanced >></property>
-+ <property name="selectable">True</property>
-+ <attributes>
-+ <attribute name="foreground" value="#00004e4e9999"/>
-+ </attributes>
-+ <signal name="button-press-event" handler="on_user_advanced_button_press_event" swapped="no"/>
-+ </object>
-+ <packing>
-+ <property name="top_attach">2</property>
-+ <property name="bottom_attach">3</property>
-+ <property name="y_options"/>
-+ </packing>
-+ </child>
-+ <child>
+ <object class="GtkLabel" id="user_mls_label">
++ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">MLS</property>
++ <property name="label" translatable="yes">MLS Range</property>
+ </object>
+ <packing>
+ <property name="top_attach">3</property>
@@ -524774,7 +525201,7 @@ index 0000000..9e4e798
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_user_clicked" swapped="no"/>
++ <signal name="clicked" handler="on_cancel_popup_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -524793,7 +525220,10 @@ index 0000000..9e4e798
+ </child>
+ <child>
+ <object class="GtkEntry" id="user_mls_entry">
++ <property name="visible">True</property>
+ <property name="can_focus">True</property>
++ <property name="tooltip_text" translatable="yes">Enter MLS/MCS Range for this SELinux User.
++s0-s0:c1023</property>
+ <property name="invisible_char">●</property>
+ <property name="primary_icon_activatable">False</property>
+ <property name="secondary_icon_activatable">False</property>
@@ -524805,181 +525235,65 @@ index 0000000..9e4e798
+ <property name="bottom_attach">4</property>
+ </packing>
+ </child>
-+ </object>
-+ <packing>
-+ <property name="expand">True</property>
-+ <property name="fill">True</property>
-+ <property name="position">1</property>
-+ </packing>
-+ </child>
-+ </object>
-+ </child>
-+ </object>
-+ <object class="GtkWindow" id="update_window">
-+ <property name="can_focus">False</property>
-+ <property name="modal">True</property>
-+ <property name="window_position">center-on-parent</property>
-+ <property name="default_width">650</property>
-+ <property name="default_height">450</property>
-+ <property name="transient_for">SELinux_window</property>
-+ <signal name="delete-event" handler="gtk_widget_hide" swapped="no"/>
-+ <child>
-+ <object class="GtkBox" id="vbox16">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="orientation">vertical</property>
-+ <child>
-+ <object class="GtkBox" id="box11">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <property name="orientation">vertical</property>
+ <child>
-+ <object class="GtkLabel" id="label8">
++ <object class="GtkLabel" id="user_mls_level_label">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="xalign">0</property>
+ <property name="xpad">10</property>
-+ <property name="label" translatable="yes">Review the updates you have made before committing them to the system. To reset an item, uncheck the checkbox. All items checked will be updated in the system when you select update.</property>
-+ <property name="justify">fill</property>
-+ <property name="wrap">True</property>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">0</property>
-+ </packing>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">True</property>
-+ <property name="position">0</property>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkScrolledWindow" id="scrolledwindow10">
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <child>
-+ <object class="GtkTreeView" id="update_treeview">
-+ <property name="height_request">380</property>
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="model">Update_treestore</property>
-+ <property name="search_column">0</property>
-+ <child internal-child="selection">
-+ <object class="GtkTreeSelection" id="treeview-selection16"/>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="Select2">
-+ <property name="min_width">20</property>
-+ <property name="title" translatable="yes">Select</property>
-+ <property name="clickable">True</property>
-+ <child>
-+ <object class="GtkCellRendererToggle" id="toggle_update"/>
-+ <attributes>
-+ <attribute name="visible">4</attribute>
-+ <attribute name="active">0</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn20">
-+ <property name="min_width">275</property>
-+ <property name="title" translatable="yes">Description</property>
-+ <property name="clickable">True</property>
-+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext62">
-+ <property name="wrap_mode">word</property>
-+ </object>
-+ <attributes>
-+ <attribute name="text">1</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn21">
-+ <property name="min_width">75</property>
-+ <property name="title" translatable="yes">Section</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext63"/>
-+ <attributes>
-+ <attribute name="text">2</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ </child>
-+ <child>
-+ <object class="GtkTreeViewColumn" id="treeviewcolumn22">
-+ <property name="min_width">25</property>
-+ <property name="title" translatable="yes">Action</property>
-+ <property name="expand">True</property>
-+ <property name="clickable">True</property>
-+ <child>
-+ <object class="GtkCellRendererText" id="cellrenderertext64"/>
-+ <attributes>
-+ <attribute name="text">3</attribute>
-+ </attributes>
-+ </child>
-+ </object>
-+ </child>
-+ </object>
-+ </child>
-+ </object>
-+ <packing>
-+ <property name="expand">True</property>
-+ <property name="fill">True</property>
-+ <property name="position">1</property>
-+ </packing>
-+ </child>
-+ <child>
-+ <object class="GtkHBox" id="hbox26">
-+ <property name="visible">True</property>
-+ <property name="can_focus">False</property>
-+ <child>
-+ <object class="GtkButton" id="apply_button">
-+ <property name="label" translatable="yes">Apply</property>
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_apply_button_clicked" swapped="no"/>
++ <property name="label" translatable="yes">Default Level</property>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="pack_type">end</property>
-+ <property name="position">0</property>
++ <property name="top_attach">2</property>
++ <property name="bottom_attach">3</property>
++ <property name="y_options"/>
+ </packing>
+ </child>
+ <child>
-+ <object class="GtkButton" id="cancel_update">
-+ <property name="label" translatable="yes">Cancel</property>
++ <object class="GtkEntry" id="user_mls_level_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
-+ <property name="receives_default">True</property>
-+ <signal name="clicked" handler="on_cancel_update_clicked" swapped="no"/>
++ <property name="tooltip_text" translatable="yes">Specify the default level that you would like this SELinux user to login with. Defaults to s0.</property>
++ <property name="invisible_char">●</property>
++ <property name="primary_icon_activatable">False</property>
++ <property name="secondary_icon_activatable">False</property>
++ <property name="primary_icon_tooltip_text" translatable="yes">Enter Default Level for SELinux User to login with. Default s0</property>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ <property name="pack_type">end</property>
-+ <property name="position">1</property>
++ <property name="left_attach">1</property>
++ <property name="right_attach">2</property>
++ <property name="top_attach">2</property>
++ <property name="bottom_attach">3</property>
+ </packing>
+ </child>
+ </object>
+ <packing>
-+ <property name="expand">False</property>
++ <property name="expand">True</property>
+ <property name="fill">True</property>
-+ <property name="position">2</property>
++ <property name="position">1</property>
+ </packing>
+ </child>
+ </object>
+ </child>
+ </object>
++ <object class="GtkTreeStore" id="writable_files_treestore">
++ <columns>
++ <!-- column-name file -->
++ <column type="gchararray"/>
++ <!-- column-name SELinux -->
++ <column type="gchararray"/>
++ <!-- column-name file1 -->
++ <column type="gchararray"/>
++ <!-- column-name Label -->
++ <column type="gboolean"/>
++ <!-- column-name Mislabled -->
++ <column type="gboolean"/>
++ <!-- column-name Cur -->
++ <column type="gchararray"/>
++ <!-- column-name Con -->
++ <column type="gchararray"/>
++ </columns>
++ </object>
+</interface>
diff --git a/policycoreutils/sepolicy/sepolicy/templates/network.py b/policycoreutils/sepolicy/sepolicy/templates/network.py
index 4499440..43feee4 100644
@@ -525505,7 +525819,7 @@ index 57ae46a..406594b 100644
/* Things that need to be init'd */
struct restore_opts {
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index 80b6d6e..ff759af 100644
+index 80b6d6e..672bbd2 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
@@ -525545,8 +525859,12 @@ index 80b6d6e..ff759af 100644
.TP
.B \-f infilename
infilename contains a list of files to be processed. Use \- for stdin.
-@@ -49,7 +53,7 @@ ignore files that do not exist.
- don't change any file labels (passive check).
+@@ -46,10 +50,10 @@ display usage information and exit.
+ ignore files that do not exist.
+ .TP
+ .B \-n
+-don't change any file labels (passive check).
++don't change any file labels (passive check). To display the files whose labels would be changed, add -v.
.TP
.B \-o outfilename
-save list of files with incorrect context in outfilename.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a70a11a..973d2a4 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
-Release: 81%{?dist}
+Release: 82%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -94,8 +94,8 @@ desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
%{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
-rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
+rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
%find_lang %{name}
@@ -344,6 +344,14 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
+* Sat Sep 28 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-82
+- Improvements to sepolicy gui
+ - Add more help information
+ - Cleanup code
+ - Add deny_ptrace on lockdown screen
+ - Make unconfined/permissivedomains lockdown work
+ - Add more support for file equivalency
+
* Wed Sep 18 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-81
- Add back in the help png files
- Begin Adding support for file equivalency.
diff --git a/sepolicy-help.tgz b/sepolicy-help.tgz
index fd579a5..b9a9151 100644
Binary files a/sepolicy-help.tgz and b/sepolicy-help.tgz differ
More information about the scm-commits
mailing list