PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` 3 KlfQ@@sdZddlZddlZddlmZddlmZddlmZddlmZddlm Z Gd d d Z d d Z d dZ ddZ ddZddZGdddZGdddZGdddZGdddZdS)z7 Classes for representing and manipulating interfaces. N)access) refpolicy) objectmodel)matching)_c@sHeZdZdZddZddZddZeeeZedd d Z d d Z d S)Paramz; Object representing a paramater for an interface. cCs"d|_tj|_tj|_d|_dS)NT) _Param__namerSRC_TYPEtypeIdSet obj_classesZrequired)selfr /usr/lib/python3.6/interfaces.py__init__&s zParam.__init__cCs tj|std|||_dS)NzName [%s] is not a param)r is_idparam ValueErrorr )rnamerrrset_name,s  zParam.set_namecCs|jS)N)r )rrrrget_name1szParam.get_namecCst|jddS)Nr)intr)rrrr6szParam.)fgetcCs d|jtj|jdj|jfS)Nz0 )rr field_to_strr joinr)rrrr__repr__8szParam.__repr__N) __name__ __module__ __qualname____doc__rrrpropertyrnumrrrrrr"s rcCsd}||kr||}||jkr"dS|tjks6|tjkr|jtjksN|jtjkrd}|r`|jg}ng}x&tj|j|D]}|tj krtd}PqtWtj|_qd}nt }||_ ||_|||j <|r|jj |j|S)Nrr) r rr TGT_TYPE obj_class itertoolschainrrZimplicitly_typed_objectsrradd)rr avparamsretpZavobjsobjrrr__param_insert>s0     r/cCs~d}d}tj|jr.t|jtj||dkr.d}tj|jrTt|jtj||dkrTd}tj|jrzt|jtj ||dkrzd}|S)ajExtract the paramaters from an access vector. Extract the paramaters (in the form $N) from an access vector, storing them as Param objects in a dictionary. Some attempt is made at resolving conflicts with other entries in the dict, but if an unresolvable conflict is found it is reported to the caller. The goal here is to figure out how interface parameters are actually used in the interface - e.g., that $1 is a domain used as a SRC_TYPE. In general an interface will look like this: interface(`foo', ` allow $1 foo : file read; ') This is simple to figure out - $1 is a SRC_TYPE. A few interfaces are more complex, for example: interface(`foo_trans',` domain_auto_trans($1,fingerd_exec_t,fingerd_t) allow $1 fingerd_t:fd use; allow fingerd_t $1:fd use; allow fingerd_t $1:fifo_file rw_file_perms; allow fingerd_t $1:process sigchld; ') Here the usage seems ambigious, but it is not. $1 is still domain and therefore should be returned as a SRC_TYPE. Returns: 0 - success 1 - conflict found rFr) rrsrc_typer/rr tgt_typer%r& OBJ_CLASS)r*r+r,Z found_srcrrrav_extract_paramsjs$   r3cCs"tj|jrt|jtjd|SdS)N)rrroler/rZROLE)r4r+rrrrole_extract_paramss r5cslfdd}d}||jtjr"d}||jtjr4d}||jtjrFd}tj|j rht |j tj drhd}|S)Ncs2d}x(|D] }tj|r t||dr d}q W|S)Nrr)rrr/)setr r,x)r+rrextract_from_sets   z2type_rule_extract_params..extract_from_setrr) src_typesrr tgt_typesr%rr2rrZ dest_typer/Z DEST_TYPE)ruler+r8r,r)r+rtype_rule_extract_paramss  r<cCs6d}x,|jD]"}tj|r t|tjd|r d}q W|S)Nrr)argsrrr/rr )ifcallr+r,argrrrifcall_extract_paramss   r@c@seZdZddZddZdS)AttributeVectorcCsd|_tj|_dS)Nr )rrAccessVectorSet)rrrrrszAttributeVector.__init__cCs|jj|dS)N)radd_av)rr*rrrrCszAttributeVector.add_avN)rr r!rrCrrrrrAsrAc@s$eZdZddZddZddZdS) AttributeSetcCs i|_dS)N) attributes)rrrrrszAttributeSet.__init__cCs||j|j<dS)N)rEr)rattrrrradd_attrszAttributeSet.add_attrcCs~dd}d}x^|D]V}|dd}|ddkrF|r<|j|||}q|r|jd}tj|}|j|qW|rz|j|dS)NcSsH|ddj}t|dks(|ddkr4td|t}|d|_|S)NrrZ Attributez#Syntax error Attribute statement %s)splitlen SyntaxErrorrAr)linefieldsarrr parse_attrs   z*AttributeSet.from_file..parse_attrrr[,rI)rGrJr AccessVectorrC)rfdrPrOrMlr*rrr from_files        zAttributeSet.from_fileN)rr r!rrGrVrrrrrDsrDc@sFeZdZdifddZifddZddZdd Zd d Zd d ZdS)InterfaceVectorNcCs6d|_d|_tj|_i|_|r,|j||d|_dS)NTr F)enabledrrrBr+from_interfaceexpanded)r interfacerErrrrs  zInterfaceVector.__init__c CsF|j|_xN|jD]B}|jtjjkr&qd|jkr2qtj|}x|D]}|j|qBWqW|rx|j D]v}xp|j D]f}||j krqr|j |}xJ|jD]@} t j | }|j |jkr|j |_ |j|jkr|j |_|j|qWqrWqfWx|jD]} t| |jrqWx |jD]} t| |jrqWx |jD]} t| |jr*q*WdS)NZ dontaudit)rZavrulesZ rule_typerZAVRuleZALLOWrZavrule_to_access_vectorsrCZtypeattributesrEcopyr0r r1Zrolesr5r+Z typerulesr<interface_callsr@) rr[rEZavruleZavsr*Z typeattributerFZattr_vecrOr4r;r>rrrrYs>           zInterfaceVector.from_interfacecCs t||jdkr|jj|dS)Nr)r3r+rrC)rr*rrrrC3szInterfaceVector.add_avcCs<g}|jd|jx|jD]}|jt|qWdj|S)Nz[InterfaceVector %s] )appendrrstrr)rsr*rrr to_string9s  zInterfaceVector.to_stringcCs|jS)N)r)rrrr__str__@szInterfaceVector.__str__cCsd|j|jfS)Nz)rrX)rrrrrCszInterfaceVector.__repr__) rr r!rrYrCrbrcrrrrrrWs  4rWc@sxeZdZdddZddZddZdd Zd d Zd d ZifddZ difddZ ddZ ddZ ddZ ddZdS) InterfaceSetNcCsi|_i|_g|_||_dS)N) interfaces tgt_type_map tgt_type_alloutput)rrhrrrrHszInterfaceSet.__init__cCs|jr|jj|ddS)Nr^)rhwrite)rr`rrroNszInterfaceSet.ocCsxt|jjdddD]}|jd|jx:t|jjdddD] }|jd|jtj|jfqDW|jdt|j j }x&|D]}|jdj ||jd qWqWdS) NcSs|jS)N)r)r7rrrrSsz&InterfaceSet.to_file..)keyz[InterfaceVector %s cSs|jS)N)r)r7rrrrUsz%s:%s z] rRr^) sortedrevaluesrirr+rrr rZto_listr)rrTZivparamZavlr*rrrto_fileRs   zInterfaceSet.to_filecCsdd}d}x^|D]V}|dd}|ddkrF|r<|j|||}q|r|jd}tj|}|j|qW|rz|j||jdS)NcSs|ddj}t|dks(|ddkr4td|t}|d|_t|dkrTdSxb|ddD]R}|jd}t|dkrtd|t}|d|_tj|d|_||j |j<qbW|S) NrrHrrWz)Syntax error InterfaceVector statement %s:z-Invalid param in InterfaceVector statement %srI) rJrKrLrWrrrZ str_to_fieldr r+)rMrNifvZfieldr-rnrrr parse_ifv^s        z)InterfaceSet.from_file..parse_ifvrrrQrRrI)add_ifvrJrrSrCindex)rrTrrrqrMrUr*rrrrV]s        zInterfaceSet.from_filecCs||j|j<dS)N)rer)rrqrrrrsszInterfaceSet.add_ifvcCsxz|jjD]l}t}x:|jD]0}tj|jrB|jj|t}P|j|jqWx$|D]}|j j |g}|j|qXWq WdS)N) rermr6rrr1rgr_r)rf setdefault)rrqr:r*r rUrrrrts    zInterfaceSet.indexcCst||}|j|dS)N)rWrs)rr[rErqrrrr)s zInterfaceSet.addcCs@x(tj|j|jD]}|j||qW|j||jdS)N)r'r(re templatesr)expand_ifcallsrt)rheadersrhrEirrr add_headerss zInterfaceSet.add_headerscCsZtj|rPt|dd}|t|jkr,dS|j|d}t|trH|S|gSn|gSdS)Nr)rrrrKr= isinstancelist)ridr>r$r?rrr map_params  zInterfaceSet.map_paramc Cs|j|j|}|dkrdS|j|j|}|dkr4dS|j|j|}|dkrNdStj}x0|jD]&}|j||} | dkrzq^q^|j| q^Wt|dkrdSx:|D]2} x,|D]$} x|D]} |j j | | | |qWqWqWdS)Nr) r~r0r1r&rr ZpermsupdaterKrr)) rrqr*r>r9r:rZ new_permsZpermr-r0r1r&rrr map_add_avs*      zInterfaceSet.map_add_avc Cs|dfg}|j|j}d|_xt|dkr|jd\}}|j|j}||krrx|jD]}|j|||qTW|jrrqxv|jD]j} | j|jkr|j t ddSy|| j} Wn*t k r|j t d| jw|YnX|j | | fq|WqWdS)NTrrzFound circular interface classz#Missing interface definition for %srI) rerrZrKpoprrr]ZifnamerjrKeyErrorr_) rr[ if_by_namestackrqZcurZ cur_ifcallZcur_ifvr*r>Znewifrrrdo_expand_ifcallss*     zInterfaceSet.do_expand_ifcallscCsZi}x&tj|j|jD]}|||j<qWx(tj|j|jD]}|j||qBWdS)N)r'r(rervrr)rrxrryr[rrrrws zInterfaceSet.expand_ifcalls)N)rr r!rrjrorVrsrtr)rzr~rrrwrrrrrdGs  # $rd)r"r\r'r rrrrZ sepolgeni18nrrr/r3r5r<r@rArDrWrdrrrrs"     ,4 Z