Sindbad~EG File Manager

Current Path : /lib/python3.6/site-packages/sepolgen/__pycache__/
Upload File :
Current File : //lib/python3.6/site-packages/sepolgen/__pycache__/interfaces.cpython-36.opt-1.pyc

3

Kl�fQ@�@s�dZddlZddlZddlmZddlmZddlmZddlmZddlm	Z	Gd	d
�d
�Z
dd�Zd
d�Zdd�Z
dd�Zdd�ZGdd�d�ZGdd�d�ZGdd�d�ZGdd�d�ZdS)z7
Classes for representing and manipulating interfaces.
�N�)�access)�	refpolicy)�objectmodel)�matching)�_c@sHeZdZdZdd�Zdd�Zdd�Zeee�Zedd	�d
�Z	dd�Z
d
S)�Paramz;
    Object representing a paramater for an interface.
    cCs"d|_tj|_tj�|_d|_dS)N�T)�_Param__namer�SRC_TYPE�type�IdSet�obj_classesZrequired)�self�r� /usr/lib/python3.6/interfaces.py�__init__&s
zParam.__init__cCs tj|�std|��||_dS)NzName [%s] is not a param)r�
is_idparam�
ValueErrorr
)r�namerrr�set_name,s
zParam.set_namecCs|jS)N)r
)rrrr�get_name1szParam.get_namecCst|jdd��S)Nr)�intr)rrrr�<lambda>6szParam.<lambda>)�fgetcCs d|jtj|jdj|j�fS)Nz0<sepolgen.policygen.Param instance [%s, %s, %s]>� )rr�field_to_strr�joinr)rrrr�__repr__8szParam.__repr__N)�__name__�
__module__�__qualname__�__doc__rrr�propertyr�numrrrrrr"s
rcCs�d}||kr�||}||jkr"dS|tjks6|tjkr�|jtjksN|jtjkr�d}|r`|jg}ng}x&tj|j|�D]}|tj	krtd}PqtWtj|_q�d}nt
�}||_||_|||j<|r�|jj|j�|S)Nrr)
rrr�TGT_TYPE�	obj_class�	itertools�chainrrZimplicitly_typed_objectsrr�add)rr�av�params�ret�pZavobjs�objrrr�__param_insert>s0




r/cCs~d}d}tj|j�r.t|jtj||�dkr.d}tj|j�rTt|jtj||�dkrTd}tj|j�rzt|jtj	||�dkrzd}|S)ajExtract the paramaters from an access vector.

    Extract the paramaters (in the form $N) from an access
    vector, storing them as Param objects in a dictionary.
    Some attempt is made at resolving conflicts with other
    entries in the dict, but if an unresolvable conflict is
    found it is reported to the caller.

    The goal here is to figure out how interface parameters are
    actually used in the interface - e.g., that $1 is a domain used as
    a SRC_TYPE. In general an interface will look like this:

    interface(`foo', `
       allow $1 foo : file read;
    ')

    This is simple to figure out - $1 is a SRC_TYPE. A few interfaces
    are more complex, for example:

    interface(`foo_trans',`
       domain_auto_trans($1,fingerd_exec_t,fingerd_t)

       allow $1 fingerd_t:fd use;
       allow fingerd_t $1:fd use;
       allow fingerd_t $1:fifo_file rw_file_perms;
       allow fingerd_t $1:process sigchld;
    ')

    Here the usage seems ambigious, but it is not. $1 is still domain
    and therefore should be returned as a SRC_TYPE.

    Returns:
      0  - success
      1  - conflict found
    rFr)
rr�src_typer/rr�tgt_typer%r&�	OBJ_CLASS)r*r+r,Z	found_srcrrr�av_extract_paramsjs$r3cCs"tj|j�rt|jtjd|�SdS)N)rr�roler/rZROLE)r4r+rrr�role_extract_params�sr5csl�fdd�}d}||jtj�r"d}||jtj�r4d}||jtj�rFd}tj|j	�rht
|j	tjd��rhd}|S)Ncs2d}x(|D] }tj|�r
t||d��r
d}q
W|S)Nrr)rrr/)�setrr,�x)r+rr�extract_from_set�s

z2type_rule_extract_params.<locals>.extract_from_setrr)�	src_typesrr�	tgt_typesr%rr2rrZ	dest_typer/Z	DEST_TYPE)�ruler+r8r,r)r+r�type_rule_extract_params�sr<cCs6d}x,|jD]"}tj|�rt|tjd|�rd}qW|S)Nrr)�argsrrr/rr)�ifcallr+r,�argrrr�ifcall_extract_params�s
r@c@seZdZdd�Zdd�ZdS)�AttributeVectorcCsd|_tj�|_dS)Nr	)rr�AccessVectorSet)rrrrr�szAttributeVector.__init__cCs|jj|�dS)N)r�add_av)rr*rrrrC�szAttributeVector.add_avN)rr r!rrCrrrrrA�srAc@s$eZdZdd�Zdd�Zdd�ZdS)�AttributeSetcCs
i|_dS)N)�
attributes)rrrrr�szAttributeSet.__init__cCs||j|j<dS)N)rEr)r�attrrrr�add_attr�szAttributeSet.add_attrcCs~dd�}d}x^|D]V}|dd�}|ddkrF|r<|j|�||�}q|r|jd�}tj|�}|j|�qW|rz|j|�dS)NcSsH|dd�j�}t|�dks(|ddkr4td|��t�}|d|_|S)Nr�rZ	Attributez#Syntax error Attribute statement %s���)�split�len�SyntaxErrorrAr)�line�fields�arrr�
parse_attr�s
z*AttributeSet.from_file.<locals>.parse_attrrr�[�,rI)rGrJr�AccessVectorrC)r�fdrPrOrM�lr*rrr�	from_file�s	




zAttributeSet.from_fileN)rr r!rrGrVrrrrrD�srDc@sFeZdZdifdd�Zifdd�Zdd�Zdd	�Zd
d�Zdd
�ZdS)�InterfaceVectorNcCs6d|_d|_tj�|_i|_|r,|j||�d|_dS)NTr	F)�enabledrrrBr+�from_interface�expanded)r�	interfacerErrrr�s
zInterfaceVector.__init__c
CsF|j|_xN|j�D]B}|jtjjkr&qd|jkr2qtj|�}x|D]}|j|�qBWqW|r�x�|j	�D]v}xp|j
D]f}||j
kr�qr|j
|}xJ|jD]@}	tj|	�}|j|jkr�|j
|_|j|jkr�|j
|_|j|�q�WqrWqfWx|j�D]}
t|
|j�r�q�Wx |j�D]}t||j��r�qWx |j�D]}t||j��r*�q*WdS)NZ	dontaudit)rZavrulesZ	rule_typerZAVRuleZALLOWrZavrule_to_access_vectorsrCZtypeattributesrE�copyr0rr1Zrolesr5r+Z	typerulesr<�interface_callsr@)
rr[rEZavruleZavsr*Z
typeattributerFZattr_vecrOr4r;r>rrrrY�s>





zInterfaceVector.from_interfacecCs t||j�dkr|jj|�dS)Nr)r3r+rrC)rr*rrrrC3szInterfaceVector.add_avcCs<g}|jd|j�x|jD]}|jt|��qWdj|�S)Nz[InterfaceVector %s]�
)�appendrr�strr)r�sr*rrr�	to_string9s
zInterfaceVector.to_stringcCs|j�S)N)r)rrrr�__str__@szInterfaceVector.__str__cCsd|j|jfS)Nz<InterfaceVector %s:%s>)rrX)rrrrrCszInterfaceVector.__repr__)	rr r!rrYrCrbrcrrrrrrW�s4rWc@sxeZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zifdd�Z	difdd�Z
dd�Zdd�Zdd�Z
dd�ZdS)�InterfaceSetNcCsi|_i|_g|_||_dS)N)�
interfaces�tgt_type_map�tgt_type_all�output)rrhrrrrHszInterfaceSet.__init__cCs|jr|jj|d�dS)Nr^)rh�write)rr`rrr�oNszInterfaceSet.ocCs�x�t|jj�dd�d�D]�}|jd|j�x:t|jj�dd�d�D] }|jd|jtj|jf�qDW|jd�t|j	j
��}x&|D]}|jdj|��|jd	�q�WqWdS)
NcSs|jS)N)r)r7rrrrSsz&InterfaceSet.to_file.<locals>.<lambda>)�keyz[InterfaceVector %s cSs|jS)N)r)r7rrrrUsz%s:%s z]
rRr^)�sortedre�valuesrirr+rrrrZto_listr)rrTZiv�paramZavlr*rrr�to_fileRs 

zInterfaceSet.to_filecCs�dd�}d}x^|D]V}|dd�}|ddkrF|r<|j|�||�}q|r|jd�}tj|�}|j|�qW|rz|j|�|j�dS)NcSs�|dd�j�}t|�dks(|ddkr4td|��t�}|d|_t|�dkrTdSxb|dd�D]R}|jd�}t|�dkr�td|��t�}|d|_tj|d|_||j	|j<qbW|S)	NrrHrrWz)Syntax error InterfaceVector statement %s�:z-Invalid param in InterfaceVector statement %srI)
rJrKrLrWrrrZstr_to_fieldrr+)rMrN�ifvZfieldr-rnrrr�	parse_ifv^s 


z)InterfaceSet.from_file.<locals>.parse_ifvrrrQrRrI)�add_ifvrJrrSrC�index)rrTrrrqrMrUr*rrrrV]s





zInterfaceSet.from_filecCs||j|j<dS)N)rer)rrqrrrrs�szInterfaceSet.add_ifvcCs�xz|jj�D]l}t�}x:|jD]0}tj|j�rB|jj|�t�}P|j|j�qWx$|D]}|j	j
|g�}|j|�qXWqWdS)N)rermr6rrr1rgr_r)rf�
setdefault)rrqr:r*rrUrrrrt�s
zInterfaceSet.indexcCst||�}|j|�dS)N)rWrs)rr[rErqrrrr)�s
zInterfaceSet.addcCs@x(tj|j�|j��D]}|j||�qW|j|�|j�dS)N)r'r(re�	templatesr)�expand_ifcallsrt)r�headersrhrE�irrr�add_headers�s
zInterfaceSet.add_headerscCsZtj|�rPt|dd��}|t|j�kr,dS|j|d}t|t�rH|S|gSn|gSdS)Nr)rrrrKr=�
isinstance�list)r�idr>r$r?rrr�	map_param�s

zInterfaceSet.map_paramc
Cs�|j|j|�}|dkrdS|j|j|�}|dkr4dS|j|j|�}|dkrNdStj�}x0|jD]&}|j||�}	|	dkrzq^q^|j|	�q^Wt|�dkr�dSx:|D]2}
x,|D]$}x|D]}|j	j
|
|||�q�Wq�Wq�WdS)Nr)r~r0r1r&rr
Zperms�updaterKrr))
rrqr*r>r9r:rZ	new_permsZpermr-r0r1r&rrr�
map_add_av�s*


zInterfaceSet.map_add_avcCs�|dfg}|j|j}d|_x�t|�dkr�|jd�\}}|j|j}||krrx|jD]}|j|||�qTW|jrrqxv|j�D]j}	|	j|jkr�|j	t
d��dSy||	j}
Wn*tk
r�|j	t
d|	j��w|YnX|j|
|	f�q|WqWdS)NTrrzFound circular interface classz#Missing interface definition for %srI)
rerrZrK�poprr�r]Zifnamerjr�KeyErrorr_)rr[�
if_by_name�stackrqZcurZ
cur_ifcallZcur_ifvr*r>Znewifrrr�do_expand_ifcalls�s*
zInterfaceSet.do_expand_ifcallscCsZi}x&tj|j�|j��D]}|||j<qWx(tj|j�|j��D]}|j||�qBWdS)N)r'r(rervrr�)rrxr�ryr[rrrrw�s
zInterfaceSet.expand_ifcalls)N)rr r!rrjrorVrsrtr)rzr~r�r�rwrrrrrdGs
#$rd)r"r\r'r	rrrrZsepolgeni18nrrr/r3r5r<r@rArDrWrdrrrr�<module>s",4Z

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists