ó â„^c@sţdZddlZddlZddlmZddlmZddlmZddlmZddlm Z d dd „ƒYZ d „Z d „Z d „Z d„Zd„Zddd„ƒYZddd„ƒYZddd„ƒYZddd„ƒYZdS(s7 Classes for representing and manipulating interfaces. i˙˙˙˙Ni(taccess(t refpolicy(t objectmodel(tmatching(t_tParamcBsSeZdZd„Zd„Zd„ZeeeƒZedd„ƒZd„Z RS(s; Object representing a paramater for an interface. cCs1d|_tj|_tjƒ|_t|_dS(Nt(t _Param__nameRtSRC_TYPEttypetIdSett obj_classestTruetrequired(tself((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__init__&s  cCs/tj|ƒs"td|ƒ‚n||_dS(NsName [%s] is not a param(Rt is_idparamt ValueErrorR(Rtname((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytset_name,scCs|jS(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytget_name1stfgetcCst|jdƒS(Ni(tintR(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt6scCs*d|jtj|jdj|jƒfS(Ns0t (RRt field_to_strR tjoinR (R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__repr__8s( t__name__t __module__t__doc__RRRtpropertyRtnumR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR"s   cCs+d}||kră||}||jkr/dS|tjksM|tjkrÚ|jtjksq|jtjkrÚd}|rŒ|jg}ng}x6tj|j|ƒD]}|tj kr¨d}Pq¨q¨Wtj|_q d}n(t ƒ}||_ ||_|||j <|r'|jj |jƒn|S(Nii( R RRtTGT_TYPEt obj_classt itertoolstchainR Rtimplicitly_typed_objectsRRtadd(RR tavtparamstrettptavobjstobj((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__param_insert>s0  $     cCsd}t}tj|jƒrKt|jtj||ƒdkrKd}qKntj|jƒrŠt|jtj||ƒdkrŠd}qŠntj|j ƒrÉt|j tj ||ƒdkrÉd}qÉnxA|j D]6}tj|ƒrÓt|t ƒdkr d}q qÓqÓW|S(sjExtract the paramaters from an access vector. Extract the paramaters (in the form $N) from an access vector, storing them as Param objects in a dictionary. Some attempt is made at resolving conflicts with other entries in the dict, but if an unresolvable conflict is found it is reported to the caller. The goal here is to figure out how interface paramaters are actually used in the interface - e.g., that $1 is a domain used as a SRC_TYPE. In general an interface will look like this: interface(`foo', ` allow $1 foo : file read; ') This is simple to figure out - $1 is a SRC_TYPE. A few interfaces are more complex, for example: interface(`foo_trans',` domain_auto_trans($1,fingerd_exec_t,fingerd_t) allow $1 fingerd_t:fd use; allow fingerd_t $1:fd use; allow fingerd_t $1:fifo_file rw_file_perms; allow fingerd_t $1:process sigchld; ') Here the usage seems ambigious, but it is not. $1 is still domain and therefore should be returned as a SRC_TYPE. Returns: 0 - success 1 - conflict found ii( tFalseRRtsrc_typeR-RRttgt_typeR!R"t OBJ_CLASStpermstPERM(R'R(R)t found_srctperm((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytav_extract_paramsjs $! ! ! cCs/tj|jƒr+t|jtjd|ƒSdS(N(RRtroleR-RtROLEtNone(R7R(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytrole_extract_paramsŁscsŹ‡fd†}d}||jtjƒr3d}n||jtjƒrQd}n||jtjƒrod}ntj|j ƒr¨t |j tj dˆƒr¨d}q¨n|S(NcsKd}x>|D]6}tj|ƒr t||dˆƒrCd}qCq q W|S(Nii(RRR-R9(tsetR R)tx(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytextract_from_set¨s  ii( t src_typesRRt tgt_typesR!R R1RRt dest_typeR-t DEST_TYPER9(truleR(R=R)((R(s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyttype_rule_extract_params§s    cCsQd}xD|jD]9}tj|ƒrt|tjd|ƒrId}qIqqW|S(Nii(targsRRR-RRR9(tifcallR(R)targ((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytifcall_extract_paramsŔs tAttributeVectorcBseZd„Zd„ZRS(cCsd|_tjƒ|_dS(NR(RRtAccessVectorSet(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRĚs cCs|jj|ƒdS(N(Rtadd_av(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJĐs(RRRRJ(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRHËs t AttributeSetcBs#eZd„Zd„Zd„ZRS(cCs i|_dS(N(t attributes(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRÔscCs||j|j   cCs/t||jƒdkrn|jj|ƒdS(Ni(R6R(RRJ(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJ8scCsNg}|jd|jƒx$|jD]}|jt|ƒƒq$Wdj|ƒS(Ns[InterfaceVector %s]s (tappendRRtstrR(RtsR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt to_string>s cCs |jƒS(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__str__EscCsd|j|jfS(Ns(RR^(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRHsN( RRR9RR_RJRtRuR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR]ňs  4   t InterfaceSetcBs€eZd d„Zd„Zd„Zd„Zd„Zd„Zid„Z d id„Z d„Z d „Z d „Z d „ZRS( cCs(i|_i|_g|_||_dS(N(t interfacest tgt_type_mapt tgt_type_alltoutput(RRz((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRMs   cCs$|jr |jj|dƒndS(Ns (Rztwrite(RRr((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytoSs cCsäxÝt|jjƒdd„ƒD]˝}|jd|jƒxJt|jjƒdd„ƒD]*}|jd|jtj|jfƒqXW|jdƒt|j j ƒƒ}x1|D])}|jdj |ƒƒ|jdƒqŻWqWdS( NtkeycSs|jS(N(R(R<((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRXss[InterfaceVector %s cSs|jS(N(R(R<((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRZss%s:%s s] RXs ( tsortedRwtvaluesR{RR(RRR Rtto_listR(RRZtivtparamtavlR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytto_fileWs%%(  cCsˇd„}d}x|D]y}|d }|ddkr[|rL|j|ƒn||ƒ}q|r|jdƒ}tj|ƒ}|j|ƒqqW|rŠ|j|ƒn|jƒdS(NcSsű|dd!jƒ}t|ƒdks5|ddkrHtd|ƒ‚ntƒ}|d|_t|ƒdkrtdSx€|dD]t}|jdƒ}t|ƒdkrštd|ƒ‚ntƒ}|d|_tj|d|_||j |jR?R t new_permsR5R*R/R0R"((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt map_add_avąs*        c CsD|dfg}|j|j}t|_xt|ƒdkr?|jdƒ\}}|j|j}||kr§x$|jD]}|j|||ƒqxW|jr§q+q§nx’|j ƒD]„} | j |jkră|j t dƒƒdSy|| j } Wn.t k r$|j t d| j ƒƒq´nX|j| | fƒq´Wq+WdS(Nii˙˙˙˙sFound circular interface classs#Missing interface definition for %s(R9RwRR R`RQtpopRR˜RltifnameR|RtKeyErrorRq( RRat if_by_nametstackR‡tcurt cur_ifcalltcur_ifvR'REtnewif((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytdo_expand_ifcallsÍs*     cCsyi}x3tj|jƒ|jƒƒD]}|||js"   , 9   Z