From 908340e8e7a9cc2715a399831f2397ffa57ec2a8 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 5 Aug 2017 18:37:48 +0200
Subject: [PATCH] sepolicy: support non-MLS policy in manpage

"sepolicy manpage" fails when the system does not use MLS because
using x.context.range_ raises an exception. Avoid using range and levels
when _pol.mls is False.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 python/sepolicy/sepolicy/__init__.py | 18 +++++++++++++++---
 python/sepolicy/sepolicy/manpage.py  |  3 ++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 2d8e9ef6..03742346 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -207,10 +207,17 @@ def info(setype, name=None):
             elif len(ports) == 1:
                 q.ports = (ports[0], ports[0])
 
+        if _pol.mls:
+            return ({
+                'high': x.ports.high,
+                'protocol': str(x.protocol),
+                'range': str(x.context.range_),
+                'type': str(x.context.type_),
+                'low': x.ports.low,
+            } for x in q.results())
         return ({
             'high': x.ports.high,
             'protocol': str(x.protocol),
-            'range': str(x.context.range_),
             'type': str(x.context.type_),
             'low': x.ports.low,
         } for x in q.results())
@@ -220,11 +227,16 @@ def info(setype, name=None):
         if name:
             q.name = name
 
+        if _pol.mls:
+            return ({
+                'range': str(x.mls_range),
+                'name': str(x),
+                'roles': list(map(str, x.roles)),
+                'level': str(x.mls_level),
+            } for x in q.results())
         return ({
-            'range': str(x.mls_range),
             'name': str(x),
             'roles': list(map(str, x.roles)),
-            'level': str(x.mls_level),
         } for x in q.results())
 
     elif setype == BOOLEAN:
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 035065af..494c3431 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -84,7 +84,8 @@ def get_all_users_info():
 
     for d in allusers_info:
         allusers.append(d['name'])
-        users_range[d['name'].split("_")[0]] = d['range']
+        if 'range' in d:
+            users_range[d['name'].split("_")[0]] = d['range']
 
     for u in allusers:
         if u not in ["system_u", "root", "unconfined_u"]: