#!/usr/bin/python
import commands
import sys
import os

policy_dir="/etc/security/selinux/src/policy"
context_dir="%s/file_contexts" % policy_dir

def makeFileContext():
	rc=commands.getstatusoutput("cd %s;rm file_contexts/file_contexts; make file_contexts/file_contexts" % policy_dir)
	if rc[0] != 0:
		raise ValueError, rc[1]
def makeRelabel():
	rc=commands.getstatusoutput("cd %s;make relabel" % policy_dir)
	if rc[0] != 0:
		raise ValueError, rc[1]
	
def getUsers():
	rc=commands.getstatusoutput("seuser show users")
	udict={}
	if rc[0] == 0:
		ulist=rc[1].strip().split("\n")
		for u in ulist:
			user=u.split(":")
			if user[0]=="root" or user[0]=="user_u" or user[0]=="system_u":
				continue
			role = user[1].split()[0].split("_r")[0]
			if role == "user":
				continue
			udict[user[0]]=role
	return udict

def usage():
	print "Usage: %s" % sys.argv[0]
	sys.exit(1)
	
def update(user, role):
	rc=commands.getstatusoutput("cd %s; grep -h '/home/\[\^' file_contexts | grep -v vmware | sed 's|/home/\[\^\/\]+|/home/%s|g' | sed 's/user/%s/' > /tmp/user_context.tmp; cat /tmp/user_context.tmp >> file_contexts; rm /tmp/user_context.tmp" % (context_dir,user, role))
	if rc[0] != 0:
		print rc[1]
		sys.exit(1)
	return rc

try:
	makeFileContext()
	users=getUsers()
	for u in users.keys():
		update (u, users[u])

       	makeRelabel()
except ValueError, error:
	print error