Directory:~$ /proc/self/root/usr/lib64/python2.7/site-packages/sepolgen/

Upload File

[Home] [System Details] [Kill Me]

�
��^c@s�dZd
dl
mZ
d
dl
mZ
ddlmZ
d�Zdejf
d��YZd	�Z	d
dd��YZ
d�Zd
�Zddd��YZ
dS(sV
Classes representing basic access.

SELinux - at the most basic level - represents access as
the 4-tuple subject (type or context), target (type or context),
object class, permission. The policy language elaborates this basic
access to faciliate more concise rules (e.g., allow rules can have multiple
source or target types - see refpolicy for more information).

This module has objects for representing the most basic access
(AccessVector)
and sets of that access (AccessVectorSet). These objects are used in
Madison
in a variety of ways, but they are the fundamental representation of
access.
i
(
t	refpolicy(
tutili����(
t	audit2whyc

CsUt|�
d
krM|ddkrMyt
|d
�

Wntk
rH


tSXtStSdS(s�Determine if an id is a paramater in the form $N,
where N is
    an integer.

    Returns:
      True if the id is a paramater
      False if the id is not a paramater
    i
it
$N(tlentintt
ValueErrortFalsetTrue(
tid((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt
is_idparam's"





tAccessVectorcBsYeZ
dZd	d
�
Zd�Zd�Zd�Zd�Zd�Z	d�Z
d�ZRS(
s�
    An access vector is the basic unit of access in SELinux.

    Access vectors are the most basic representation of access within
    SELinux. It represents the access a source type has to a target
    type in terms of an object class and a set of permissions.

    Access vectors are distinct from AVRules in that they can only
    store a single source type, target type, and object class. The
    simplicity of AccessVectors makes them useful for storing access
    in a form that is easy to search and compare.

    The source, target, and object are stored as string. No checking
    done to verify that the strings are valid SELinux identifiers.
    Identifiers in the form $N (where N is an integer) are reserved as
    interface parameters and are treated as wild cards in many
    circumstances.

    Properties:
     .src_type - The source type allowed access. [String or None]
     .tgt_type - The target type to which access is allowed. [String or
None]
     .obj_class - The object class to which access is allowed. [String or
None]
     .perms - The permissions allowed to the object class. [IdSet]
     .audit_msgs - The audit messages that generated this access vector
[List of strings]
    cCs�|
r|j|
�

nZd|_d|_d|_tj�|_g|_t	j
|_g|_d|_
d|_d|_d|_dS(
N(t	from_listtNonetsrc_typettgt_typet	obj_classRtIdSettpermst
audit_msgsRtTERULEttypetdatatobj_patht	base_typet__hash__t
info_flow_dir(tselft	init_list((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt__init__Rs

	
	
	

	

	
	
		cCslt|
�
d
kr+t
dt|
�
�
�
n|
d|_|
d|_|
d|_tj|
d�
|_dS(sxInitialize
an access vector from a list.

        Initialize an access vector from a list treating the list as
        positional arguments - i.e., 0 = src_type, 1 = tgt_type, etc.
        All of the list elements 3 and greater are treated as perms.
        For example, the list ['foo_t', 'bar_t',
'file', 'read', 'write']
        would create an access vector list with the source type
'foo_t',
        target type 'bar_t', object class 'file', and
permissions 'read'
        and 'write'.

        This format is useful for very simple storage to strings or disc
        (see to_list) and for initializing access vectors.
        is+List must contain at least four elements
%sii
iiN(	RRtstrRRRRRR(Rtlist((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRgs







c
Cs2|j|j
|jg}
|
jt|j�
�

|
S(
s�
        Convert an access vector to a list.

        Convert an access vector to a list treating the list as positional
        values. See from_list for more information on how an access vector
        is represented in a list.
       
(RRRtextendtsortedR(Rt
l((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytto_list|s

c


Cs
|j�S(
N(
t	to_string(
R((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt__str__�s
c

Cs&d
|j|j
|j|jj�fS(Nsallow
%s %s:%s
%s;(RRRRtto_space_str(
R((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR$�s

c
Cs"g}
|j|j
|jg}
|
S(
N(RRR(Rtbase_type_array((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytbase_file_type�s


cCs
|j|
jkr%t
|j|
j�S|j|
jkrJt
|j|
j�S|j|jkrot
|j|
j�St|j�
t|
j�
kr�t
t|j�
t|
j�
�St|j�
}|j�
t|
j�
}|j�
x6t||�D]%\}}||kr�t
||�Sq�Wd
S(Ni(	RtcmpRRRRRtsorttzip(Rtothert
xt
ytpatpb((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt__cmp__�s


















cCs�yyt|j
�
}|j|j|j|f}t|
j
�
}|j�
|j�
|
j|
j|
j|f}|||�SWnttfk
r�


tSXdS(
N(	RRRRRR*tAttributeErrort	TypeErrortNotImplemented(RR,tmethodR-t
aR.t
b((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt_compare�s










N(t__name__t
__module__t__doc__R
RRR#R%R$R(R1R8(((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR8s
						c
Cs�t|t
�r|g
Sg}
x||jD]q}xh|jD]]}xT|jD]I}t
�}||_||_||_|jj	�|_|
j
|�

qFWq6Wq&W|
S(
sQ
Convert an avrule into a list of access
vectors.

    AccessVectors and AVRules are similary, but differ in that
    an AVRule can more than one source type, target type, and
    object class. This function expands a single avrule into a
    list of one or more AccessVectors representing the access
    defined in the AVRule.

    
    (t
isinstanceRt	src_typest	tgt_typestobj_classesRRRRtcopytappend(tavruleR6RRRtaccess((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytavrule_to_access_vectors�s





	
	
	
	


tAccessVectorSetcBsbeZ
dZd
�Zd�Zd�Zd�Zd�Zddde	j
gd�Zdd�
ZRS(	s/A non-overlapping set of access vectors.

    An AccessVectorSet is designed to store one or more access vectors
    that are non-overlapping. Access can be added to the set
    incrementally and access vectors will be added or merged as
    necessary.  For example, adding the following access vectors using
    add_av:
       allow $1 etc_t : read;
       allow $1 etc_t : write;
       allow $1 var_log_t : read;
    Would result in an access vector set with the access vectors:
       allow $1 etc_t : { read write};
       allow $1 var_log_t : read;
    c

Csi|_d
|_d
S(s)Initialize an access vector set.
       
N(tsrcR
tinfo_dir(
R((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR�s	c
csQxJ|jj
�D]9}
x0|
j
�D]"}x|j
�D]}|V
q6Wq#WqWd
S(s9Iterate
over all of the unique access vectors in the
set.N(RFtvalues(Rttgtstobjstav((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt__iter__�s


c
CsKd
}
x>|jj
�D]-}x$|j
�D]}|
t|�
7}
q)WqW|
S(s5
Return
the number of unique access vectors in the set.

        Because of the inernal representation of the access vector set,
        __len__ is not a constant time operation. Worst case is O(N)
        where N is the number of unique access vectors, but the common
        case is probably better.
       
i(RFRHR(RR"RIRJ((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt__len__�s




c
Cs.g}
x!|D]}|
j|j
��

q
W|
S(
sbReturn the unique
access vectors in the set as a list.

        The format of the returned list is a set of nested lists,
        each access vector represented by a list. This format is
        designed to be simply  serializable to a file.

        For example, consider an access vector set with the following
        access vectors:
          allow $1 user_t : file read;
          allow $1 etc_t : file { read write};
        to_list would return the following:
          [[$1, user_t, file, read]
           [$1, etc_t, file, read, write]]

        See AccessVector.to_list for more information.
       
(RAR#(RR"RK((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR#�s


cCs(x!|
D]}|jt
|�
�

qWd
S(s
Add
access vectors stored in a list.

        See to list for more information on the list format that this
        method accepts.

        This will add all of the access from the list. Any existing
        access vectors in the set will be retained.
       
N(tadd_avR(RR"RK((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR
s	

c

Cs�|jj
|
i�}
|
j
|i�}||f|krL|||f}nXt�}|
|_||_||_||_|	|_||_||_	||||f<|j
j|�

|r�|jj
|�

nd
S(s)Add an access vector to the set.
        N(RFt
setdefaultRRRRRRRRRtupdateRRA(
RRRRRRRt	audit_msgtavc_typeRttgttclsRC((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytadd
s


	
	
	
	
	
	
	
	


cCs&|j|
j
|
j|
j|
j�
d
S(s Add
an access vector to the
set.N(RURRRR(RRKRQ((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRN5
sN(
R9R:R;RRLRMR#RR
RRRURN(((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRE�s
						
c
CsAtj
�}
x.|D]&}|
j|j�

|
j|j�

qW|
S(
N(RRRURR(tavsttypesRK((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytavs_extract_types:
s





c
Csci}
xV|D]N}|j|
kr2|
|j}nt
j�}||
|j<|j|j�

q
W|
S(
N(RRRRPR(RVRRKt
s((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pytavs_extract_obj_permsB
s








tRoleTypeSetc
Bs2eZ
dZd
�Zd�Zd�Zd�ZRS(s�A
non-overlapping set of role type statements.

    This clas allows the incremental addition of role type statements and
    maintains a non-overlapping list of statements.
    c

Cs
i|_d
S(s Initialize an access vector set.N(
t
role_types(
R((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRS
sc
cs#x|jj
�D]}
|
V
qWd
S(sAIterate
over all of the unique role allows statements in the
set.N(R\RH(Rt	role_type((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRLW
s
c

Cst|j
j��
S(
s2Return
the unique number of role allow
statements.(RR\tkeys(
R((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRM\
scCsU|
|jkr|j|
}n"t
j�}|
|_||j|
<|jj|�

dS(
N(R\RtRoleTypetroleRWRU(RR`RR]((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyRU`
s


	

(R9R:R;RRLRMRU(((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyR[M
s

			N(((R;tRR
tselinuxRR
t
ComparisonRRDRERXRZR[(((s5/usr/lib64/python2.7/site-packages/sepolgen/access.pyt<module>
s
	|	m