#! /usr/bin/python3 -Es

import sys
import seobject
from semanage import *
import string
import selinux

def translate(raw, prepend = 1):
        filler = "a:b:c:"
        if prepend == 1:
                context = "%s%s" % (filler, raw)
        else:
                context = raw
        (rc, trans) = selinux.selinux_raw_to_trans_context(context)
        if rc != 0:
                return raw
        if prepend:
                trans = trans[len(filler):]
        if trans == "":
                return raw
        else:
                return trans

def untranslate(trans, prepend = 1):
        filler = "a:b:c:"
        if prepend == 1:
                context = "%s%s" % (filler, trans)
        else:
                context = trans

        (rc, raw) = selinux.selinux_trans_to_raw_context(context)
        if rc != 0:
                return trans
        if prepend:
                raw = raw[len(filler):]
        if raw == "":
                return trans
        else:
                return raw

if len(sys.argv) > 1:
	if sys.argv[1] == "-t":
		serange = translate(sys.argv[2])
		print("%s" %(serange))
	elif sys.argv[1] == "-ut":
		serange = untranslate(sys.argv[2])
		print("%s" %(serange))
	else:
		store = ""
#	heading = True
#	locallist = False
#	OBJECT = seobject.seluserRecords(store)
#	OBJECT.list(heading, locallist)
		user=sys.argv[2]
		handle = semanage_handle_create()
		if not semanage_is_managed(handle):
			semanage_handle_destroy(handle)
			raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))

		rc = semanage_access_check(handle)
		if rc < 0:
			semanage_handle_destroy(handle)
			raise ValueError(_("Cannot read policy store."))

		rc = semanage_connect(handle)
		if rc < 0:
			semanage_handle_destroy(handle)
			raise ValueError(_("Could not establish semanage connection"))

		(rc, k) = semanage_user_key_create(handle, user)
		if rc < 0:
			raise ValueError(_("Could not create a key for %s") % user)

		(rc, u) = semanage_user_query(handle, k)
		if rc < 0:
			raise ValueError(_("Could not query user for %s") % user)

		if sys.argv[1] == "-u":
			serange=semanage_user_get_mlsrange(u)
			print("%s" %(serange))

		if sys.argv[1] == "-r":
			(rc,serole) = semanage_user_get_roles(handle,u)
			oldserole = string.join(serole, '\n');
			print("%s" %(oldserole))
		semanage_user_key_free(k)
		semanage_user_free(u)
