PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` 3 Klf}@sbddlZddlZdZdZdZdZdZdZddd d d d gZeeeeeed Z GdddZ Gddde Z Gddde Z dzddZ d{ddZd}ddZddZGd d!d!eZGd"d#d#e ZGd$d%d%e ZGd&d'd'ZGd(d)d)e ZGd*d+d+e ZGd,d-d-e ZGd.d/d/e ZGd0d1d1e ZGd2d3d3e ZGd4d5d5e ZGd6d7d7e ZGd8d9d9e ZGd:d;d;e ZGdd?d?e Z!Gd@dAdAe Z"GdBdCdCe Z#GdDdEdEe Z$GdFdGdGe Z%GdHdIdIe Z&GdJdKdKe Z'GdLdMdMe Z(GdNdOdOe Z)GdPdQdQe Z*GdRdSdSe Z+GdTdUdUe Z,GdVdWdWe Z-GdXdYdYe Z.GdZd[d[e Z/Gd\d]d]e Z0d^d_Z1Gd`dadae Z2Gdbdcdce Z3Gdddedee Z4Gdfdgdge Z5Gdhdidie Z6Gdjdkdke Z7Gdldmdme Z8Gdndodoe Z9Gdpdqdqe Z:Gdrdsdse Z;GdtduduZdS)~Nsourcetargetobject permissionrole destination)rrr r r r c@seZdZdddZdS) PolicyBaseNcCsd|_d|_dS)N)parentcomment)selfrr/usr/lib/python3.6/refpolicy.py__init__5szPolicyBase.__init__)N)__name__ __module__ __qualname__rrrrrr 4sr c@seZdZdZd/ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.ZdS)0NodeaBase class objects produced from parsing the reference policy. The Node class is used as the base class for any non-leaf object produced by parsing the reference policy. This object should contain a reference to its parent (or None for a top-level object) and 0 or more children. The general idea here is to have a very simple tree structure. Children are not separated out by type. Instead the tree structure represents fairly closely the real structure of the policy statements. The object should be iterable - by default over all children but subclasses are free to provide additional iterators over a subset of their childre (see Interface for example). NcCstj||g|_dS)N)r rchildren)rrrrrrJs z Node.__init__cCs t|jS)N)iterr)rrrr__iter__Nsz Node.__iter__cCstddt|S)NcSs t|tS)N) isinstancer)xrrrWszNode.nodes..)filterwalktree)rrrrnodesVsz Node.nodescCstddt|S)NcSs t|tS)N)rModule)rrrrrZszNode.modules..)rr)rrrrmodulesYsz Node.modulescCstddt|S)NcSs t|tS)N)r Interface)rrrrr]sz!Node.interfaces..)rr)rrrr interfaces\szNode.interfacescCstddt|S)NcSs t|tS)N)rTemplate)rrrrr`sz Node.templates..)rr)rrrr templates_szNode.templatescCstddt|S)NcSs t|tS)N)r SupportMacros)rrrrrcsz%Node.support_macros..)rr)rrrrsupport_macrosbszNode.support_macroscCstddt|S)NcSs t|tS)N)rModuleDeclaration)rrrrrhsz*Node.module_declarations..)rr)rrrrmodule_declarationsgszNode.module_declarationscCstddt|S)NcSs t|tS)N)r InterfaceCall)rrrrrksz&Node.interface_calls..)rr)rrrrinterface_callsjszNode.interface_callscCstddt|S)NcSs t|tS)N)rAVRule)rrrrrnszNode.avrules..)rr)rrrravrulesmsz Node.avrulescCstddt|S)NcSs t|tS)N)r AVExtRule)rrrrrqsz!Node.avextrules..)rr)rrrr avextrulespszNode.avextrulescCstddt|S)NcSs t|tS)N)rTypeRule)rrrrrtsz Node.typerules..)rr)rrrr typerulessszNode.typerulescCstddt|S)NcSs t|tS)N)r TypeBound)rrrrrwsz!Node.typebounds..)rr)rrrr typeboundsvszNode.typeboundscCstddt|S)zAIterate over all of the TypeAttribute children of this Interface.cSs t|tS)N)r TypeAttribute)rrrrr{sz%Node.typeattributes..)rr)rrrrtypeattributesyszNode.typeattributescCstddt|S)zAIterate over all of the RoleAttribute children of this Interface.cSs t|tS)N)r RoleAttribute)rrrrrsz%Node.roleattributes..)rr)rrrrroleattributes}szNode.roleattributescCstddt|S)NcSs t|tS)N)rRequire)rrrrrszNode.requires..)rr)rrrrrequiressz Node.requirescCstddt|S)NcSs t|tS)N)rRole)rrrrrszNode.roles..)rr)rrrrrolessz Node.rolescCstddt|S)NcSs t|tS)N)r RoleAllow)rrrrrsz"Node.role_allows..)rr)rrrr role_allowsszNode.role_allowscCstddt|S)NcSs t|tS)N)rRoleType)rrrrrsz!Node.role_types..)rr)rrrr role_typesszNode.role_typescCs(|jrt|jd|jS|jSdS)N )rstr to_string)rrrr__str__sz Node.__str__cCsd|jj|jfS)Nz<%s(%s)>) __class__rrC)rrrr__repr__sz Node.__repr__cCsdS)Nr)rrrrrCszNode.to_string)N)rrr__doc__rrr r"r$r&r(r*r,r.r0r2r4r6r8r:r<r>r@rDrFrCrrrrr9s. rc@s.eZdZd ddZddZddZdd ZdS) LeafNcCstj||dS)N)r r)rrrrrrsz Leaf.__init__cCs(|jrt|jd|jS|jSdS)NrA)rrBrC)rrrrrDsz Leaf.__str__cCsd|jj|jfS)Nz<%s(%s)>)rErrC)rrrrrFsz Leaf.__repr__cCsdS)NrGr)rrrrrCszLeaf.to_string)N)rrrrrDrFrCrrrrrIs rITFc cs|r d}nd}|dfg}xt|dkr|j|\}}|rD||fVn|Vt|trg}t|jd} xD| dkr|dkst|j| |r|j|j| |df| d8} qhW|j|qWdS)aIterate over a Node and its Children. The walktree function iterates over a tree containing Nodes and leaf objects. The iteration can perform a depth first or a breadth first traversal of the tree (controlled by the depthfirst paramater. The passed in node will be returned. This function will only work correctly for trees - arbitrary graphs will likely cause infinite looping. rrN)lenpoprrrappendextend) nodeZ depthfirst showdepthtypeindexstackZcurdepthitemsirrrrs"      rccs*x$|D]}|dkst||r|VqWdS)aIterate over the direct children of a Node. The walktree function iterates over the children of a Node. Unlike walktree it does note return the passed in node or the children of any Node objects (that is, it does not go beyond the current level in the tree). N)r)rOrQrrrrwalknodes rW{}cCsRt|}d}|dkrtddj|}|dkr2|S|dd|d|dSdS)zConvert a set (or any sequence type) into a string representation formatted to match SELinux space separated list conventions. For example the list ['read', 'write'] would be converted into: '{ read write }' rGrz"cannot convert 0 len set to string rN)rK ValueErrorjoin)scontlrBrrrlist_to_space_strs r`cCs"t|}|dkrtddj|S)Nrz'cannot conver 0 len set to comma stringz, )rKr[r\)r]r_rrrlist_to_comma_strsrac@s&eZdZdddZddZddZdS) IdSetNcCs&|rtj||n tj|d|_dS)NF)setrZ compliment)rlistrrrrs zIdSet.__init__cCs tt|S)N)r`sorted)rrrr to_space_strszIdSet.to_space_strcCs tt|S)N)rare)rrrr to_comma_strszIdSet.to_comma_str)N)rrrrrfrgrrrrrbs rbc@s4eZdZdZd ddZddZddZd d d ZdS) SecurityContextz;An SELinux security context with optional MCS / MLS fields.NcCs:tj||d|_d|_d|_d|_|dk r6|j|dS)zCreate a SecurityContext object, optionally from a string. Parameters: [context] - string representing a security context. Same format as a string passed to the from_string method. rGN)rIruserr rQlevel from_string)rcontextrrrrr s zSecurityContext.__init__cCstj|}|ddkr|d}|jd}t|dkr@td||d|_|d|_|d|_t|dkrdj|dd|_ nd|_ dS)zParse a string representing a context into a SecurityContext. The string should be in the standard format - e.g., 'user:role:type:level'. Raises ValueError if the string is not parsable as a security context. rr:rz)context string [%s] not in a valid formatrN) selinuxZselinux_trans_to_raw_contextsplitrKr[rir rQr\rj)rrlrawfieldsrrrrks         zSecurityContext.from_stringcCs0|j|jko.|j|jko.|j|jko.|j|jkS)aCompare two SecurityContext objects - all fields must be exactly the the same for the comparison to work. It is possible for the level fields to be semantically the same yet syntactically different - in this case this function will return false. )rir rQrj)rotherrrr__eq__4s   zSecurityContext.__eq__cCs\|j|j|jg}|jdkrF|dkr:tjdkrD|jdqR|j|n |j|jdj|S)aReturn a string representing this security context. By default, the string will contiain a MCS / MLS level potentially from the default which is passed in if none was set. Arguments: default_level - the default level to use if self.level is an empty string. Returns: A string represening the security context in the form 'user:role:type:level'. NrZs0rm)rir rQrjrnZis_selinux_mls_enabledrMr\)rZ default_levelrqrrrrC?s     zSecurityContext.to_string)NN)N)rrrrHrrkrsrCrrrrrh s   rhc@seZdZdZdddZdS) ObjectClassa"SELinux object class and permissions. This class is a basic representation of an SELinux object class - it does not represent separate common permissions - just the union of the common and class specific permissions. It is meant to be convenient for policy generation. rGNcCstj||||_t|_dS)N)rIrnamerbperms)rrurrrrras zObjectClass.__init__)rGN)rrrrHrrrrrrtYsrtc@s<eZdZdZdddZddZddZdd d Zd d Zd S)XpermSeta)Extended permission set. This class represents one or more extended permissions represented by numeric values or ranges of values. The .complement attribute is used to specify all permission except those specified. Two xperm set can be merged using the .extend() method. FcCs||_g|_dS)N) complementranges)rrxrrrrpszXpermSet.__init__cCs|jjd}x|t|jkrx|dt|jkr|j|dd|j|ddkr|j|dt|j|d|j|ddf|j|<|j|d=q Pq W|d7}qWdS)z0Ensure that ranges are not overlapping. rrN)rysortrKmax)rrVrrrZ__normalize_rangests $zXpermSet.__normalize_rangescCs|jj|j|jdS)z%Add ranges from an xperm set N)ryrN_XpermSet__normalize_ranges)rr]rrrrNszXpermSet.extendNcCs(|dkr |}|jj||f|jdS)z7Add value of range of values to the xperm set. N)ryrMr|)rZminimumZmaximumrrraddsz XpermSet.addcCsz|js dS|jrdnd}t|jdkrX|jdd|jddkrX|t|jddStdd|j}d|dj|fS) NrGz~ rrcSs$|d|dkrt|dSd|S)Nrrz%s-%s)rB)rrrrrsz$XpermSet.to_string..z%s{ %s }rZ)ryrxrKrBmapr\)rZcomplvalsrrrrCs*zXpermSet.to_string)F)N) rrrrHrr|rNr}rCrrrrrwfs    rwc@s"eZdZdZdddZddZdS)r5z[SElinux typeattribute statement. This class represents a typeattribute statement. NcCstj||d|_t|_dS)NrG)rIrrQrb attributes)rrrrrrs zTypeAttribute.__init__cCsd|j|jjfS)Nztypeattribute %s %s;)rQrrg)rrrrrCszTypeAttribute.to_string)N)rrrrHrrCrrrrr5s r5c@s"eZdZdZdddZddZdS)r7z[SElinux roleattribute statement. This class represents a roleattribute statement. NcCstj||d|_t|_dS)NrG)rIrr rbr8)rrrrrrs zRoleAttribute.__init__cCsd|j|jjfS)Nzroleattribute %s %s;)r r8rg)rrrrrCszRoleAttribute.to_string)N)rrrrHrrCrrrrr7s r7c@seZdZdddZddZdS)r;NcCstj||d|_t|_dS)NrG)rIrr rbtypes)rrrrrrs z Role.__init__cCs*d}x |jD]}|d|j|f7}q W|S)NrGzrole %s types %s; )rr )rr]trrrrCs zRole.to_string)N)rrrrrCrrrrr;s r;c@seZdZdddZddZdS)TyperGNcCs&tj||||_t|_t|_dS)N)rIrrurbraliases)rrurrrrrs z Type.__init__cCsRd|j}t|jdkr*|d|jj}t|jdkrJ|d|jj}|dS)Nztype %srzalias %sz, %s;)rurKrrfrrg)rr]rrrrCs  zType.to_string)rGN)rrrrrCrrrrrs rc@seZdZdddZddZdS) TypeAliasNcCstj||d|_t|_dS)NrG)rIrrQrbr)rrrrrrs zTypeAlias.__init__cCsd|j|jjfS)Nztypealias %s alias %s;)rQrrf)rrrrrCszTypeAlias.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS) AttributerGNcCstj||||_dS)N)rIrru)rrurrrrrs zAttribute.__init__cCs d|jS)Nz attribute %s;)ru)rrrrrCszAttribute.to_string)rGN)rrrrrCrrrrrs rc@seZdZdddZddZdS)Attribute_RolerGNcCstj||||_dS)N)rIrru)rrurrrrrs zAttribute_Role.__init__cCs d|jS)Nzattribute_role %s;)ru)rrrrrCszAttribute_Role.to_string)rGN)rrrrrCrrrrrs rc@sBeZdZdZdZdZdZdZdddZd d Z d d Z d dZ dS)r-aSELinux access vector (AV) rule. The AVRule class represents all varieties of AV rules including allow, dontaudit, and auditallow (indicated by the flags self.ALLOW, self.DONTAUDIT, and self.AUDITALLOW respectively). The source and target types, object classes, and perms are all represented by sets containing strings. Sets are used to make it simple to add strings repeatedly while avoiding duplicates. No checking is done to make certain that the symbols are valid or consistent (e.g., perms that don't match the object classes). It is even possible to put invalid types like '$1' into the rules to allow storage of the reference policy interfaces. rrrrNcCsFtj||t|_t|_t|_t|_|j|_|rB|j |dS)N) rIrrb src_types tgt_types obj_classesrvALLOW rule_typefrom_av)ravrrrrr s zAVRule.__init__cCsD|j|jkrdS|j|jkr dS|j|jkr0dS|j|jkr@dSdS)NZallowZ dontauditZ auditallowZ neverallow)rr DONTAUDIT AUDITALLOW NEVERALLOW)rrrr__rule_type_strs    zAVRule.__rule_type_strcCsV|jj|j|j|jkr(|jjdn|jj|j|jj|j|jj|jdS)zIAdd the access from an access vector to this allow rule. rN) rr}src_typetgt_typerr obj_classrvupdate)rrrrrrs  zAVRule.from_avcCs.d|j|jj|jj|jj|jjfS)zReturn a string representation of the rule that is a valid policy language representation (assuming that the types, object class, etc. are valie). z%s %s %s:%s %s;)_AVRule__rule_type_strrrfrrrv)rrrrrC*s zAVRule.to_string)NN) rrrrHrrrrrrrrCrrrrr-s   r-c@sBeZdZdZdZdZdZdZdddZd d Z d d Z d dZ dS)r/ajExtended permission access vector rule. The AVExtRule class represents allowxperm, dontauditxperm, auditallowxperm, and neverallowxperm rules. The source and target types, and object classes are represented by sets containing strings. The operation is a single string, e.g. 'ioctl'. Extended permissions are represented by an XpermSet. rrrrNcCsNtj||t|_t|_t|_|j|_t|_ ||_ |rJ|j ||dS)N) rIrrbrrr ALLOWXPERMrrwxperms operationr)rroprrrrrDs zAVExtRule.__init__cCsD|j|jkrdS|j|jkr dS|j|jkr0dS|j|jkr@dSdS)NZ allowxpermZdontauditxpermZauditallowxpermZneverallowxperm)rrDONTAUDITXPERMAUDITALLOWXPERMNEVERALLOWXPERM)rrrrrOs    zAVExtRule.__rule_type_strcCsZ|jj|j|j|jkr(|jjdn|jj|j|jj|j||_|j||_dS)Nr) rr}rrrrrrr)rrrrrrrYs zAVExtRule.from_avcCs2d|j|jj|jj|jj|j|jjfS)zReturn a string representation of the rule that is a valid policy language representation (assuming that the types, object class, etc. are valid). z%s %s %s:%s %s %s;)_AVExtRule__rule_type_strrrfrrrrrC)rrrrrCcs zAVExtRule.to_string)NNN) rrrrHrrrrrrrrCrrrrr/5s    r/c@s6eZdZdZdZdZdZd ddZdd Zd d Z dS) r1zSELinux type rules. This class is very similar to the AVRule class, but is for representing the type rules (type_trans, type_change, and type_member). The major difference is the lack of perms and only and sing destination type. rrrNcCs6tj||t|_t|_t|_d|_|j|_dS)NrG) rIrrbrrr dest_typeTYPE_TRANSITIONr)rrrrrrzs  zTypeRule.__init__cCs(|j|jkrdS|j|jkr dSdSdS)NZtype_transitionZ type_changeZ type_member)rr TYPE_CHANGE)rrrrrs   zTypeRule.__rule_type_strcCs*d|j|jj|jj|jj|jfS)Nz%s %s %s:%s %s;)_TypeRule__rule_type_strrrfrrr)rrrrrCs zTypeRule.to_string)N) rrrrHrrZ TYPE_MEMBERrrrCrrrrr1os r1c@s"eZdZdZdddZddZdS)r3zSSElinux typebound statement. This class represents a typebound statement. NcCstj||d|_t|_dS)NrG)rIrrQrbr)rrrrrrs zTypeBound.__init__cCsd|j|jjfS)Nztypebounds %s %s;)rQrrg)rrrrrCszTypeBound.to_string)N)rrrrHrrCrrrrr3s r3c@seZdZdddZddZdS)r=NcCs tj||t|_t|_dS)N)rIrrb src_roles tgt_roles)rrrrrrs zRoleAllow.__init__cCsd|jj|jjfS)Nz allow %s %s;)rrgr)rrrrrCs zRoleAllow.to_string)N)rrrrrCrrrrr=s r=c@seZdZdddZddZdS)r?NcCstj||d|_t|_dS)NrG)rIrr rbr)rrrrrrs zRoleType.__init__cCs*d}x |jD]}|d|j|f7}q W|S)NrGzrole %s types %s; )rr )rr]rrrrrCs zRoleType.to_string)N)rrrrrCrrrrr?s r?c@seZdZdddZddZdS)r)NcCs"tj||d|_d|_d|_dS)NrGF)rIrruversion refpolicy)rrrrrrs zModuleDeclaration.__init__cCs*|jrd|j|jfSd|j|jfSdS)Nzpolicy_module(%s, %s)z module %s %s;)rrur)rrrrrCszModuleDeclaration.to_string)N)rrrrrCrrrrr)s r)c@seZdZdddZddZdS) ConditionalNcCstj||g|_dS)N)rr cond_expr)rrrrrrs zConditional.__init__cCsdt|jddS)Nz[If %s]rG)r^)rGrG)r`r)rrrrrCszConditional.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS)BoolNcCstj||d|_d|_dS)NrGF)rIrrustate)rrrrrrs z Bool.__init__cCs$d|j}|jr|dS|dSdS)Nzbool %s trueZfalse)rur)rr]rrrrCs zBool.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS) InitialSidNcCstj||d|_d|_dS)NrG)rIrrurl)rrrrrZ__inits zInitialSid.__initcCsd|jt|jfS)Nz sid %s %s)rurBrl)rrrrrCszInitialSid.to_string)N)rrrZ_InitialSid__initrCrrrrrs rc@seZdZdddZddZdS)GenfsConNcCs"tj||d|_d|_d|_dS)NrG)rIr filesystempathrl)rrrrrrs zGenfsCon.__init__cCsd|j|jt|jfS)Nzgenfscon %s %s %s)rrrBrl)rrrrrCszGenfsCon.to_string)N)rrrrrCrrrrrs rc@s*eZdZdZdZdZd ddZddZdS) FilesystemUserrrNcCs$tj|||j|_d|_d|_dS)NrG)rIrXATTRrQrrl)rrrrrrs zFilesystemUse.__init__cCsNd}|j|jkrd}n"|j|jkr(d}n|j|jkr8d}d||jt|jfS)NrGz fs_use_xattr z fs_use_trans z fs_use_task z %s %s %s;)rQrTRANSTASKrrBrl)rr]rrrrCs   zFilesystemUse.to_string)N)rrrrrrrrCrrrrrs  rc@seZdZdddZddZdS)PortConNcCs"tj||d|_d|_d|_dS)NrG)rIr port_type port_numberrl)rrrrrrs zPortCon.__init__cCsd|j|jt|jfS)Nzportcon %s %s %s)rrrBrl)rrrrrCszPortCon.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS)NodeConNcCs"tj||d|_d|_d|_dS)NrG)rIrstartendrl)rrrrrr s zNodeCon.__init__cCsd|j|jt|jfS)Nznodecon %s %s %s)rrrBrl)rrrrrCszNodeCon.to_string)N)rrrrrCrrrrr s rc@seZdZdddZddZdS)NetifConNcCs"tj||d|_d|_d|_dS)NrG)rIr interfaceinterface_contextpacket_context)rrrrrrs zNetifCon.__init__cCsd|jt|jt|jfS)Nznetifcon %s %s %s)rrBrr)rrrrrCszNetifCon.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS)PirqConNcCstj||d|_d|_dS)NrG)rIr pirq_numberrl)rrrrrrs zPirqCon.__init__cCsd|jt|jfS)Nz pirqcon %s %s)rrBrl)rrrrrC#szPirqCon.to_string)N)rrrrrCrrrrrs rc@seZdZdddZddZdS)IomemConNcCstj||d|_d|_dS)NrG)rIr device_memrl)rrrrrr's zIomemCon.__init__cCsd|jt|jfS)Nziomemcon %s %s)rrBrl)rrrrrC,szIomemCon.to_string)N)rrrrrCrrrrr&s rc@seZdZdddZddZdS) IoportConNcCstj||d|_d|_dS)NrG)rIrioportrl)rrrrrr0s zIoportCon.__init__cCsd|jt|jfS)Nzioportcon %s %s)rrBrl)rrrrrC5szIoportCon.to_string)N)rrrrrCrrrrr/s rc@seZdZdddZddZdS) PciDeviceConNcCstj||d|_d|_dS)NrG)rIrdevicerl)rrrrrr9s zPciDeviceCon.__init__cCsd|jt|jfS)Nzpcidevicecon %s %s)rrBrl)rrrrrC>szPciDeviceCon.to_string)N)rrrrrCrrrrr8s rc@seZdZdddZddZdS) DeviceTreeConNcCstj||d|_d|_dS)NrG)rIrrrl)rrrrrrBs zDeviceTreeCon.__init__cCsd|jt|jfS)Nzdevicetreecon %s %s)rrBrl)rrrrrCGszDeviceTreeCon.to_string)N)rrrrrCrrrrrAs rcCsLxFt|ddD]6\}}d}xt|D] }|d}q$Wt|t|qWdS)NT)rPrG )rrangeprintrB)headrOrTr]rVrrr print_treeLs  rc@seZdZdddZddZdS)HeadersNcCstj||dS)N)rr)rrrrrrUszHeaders.__init__cCsdS)Nz [Headers]r)rrrrrCXszHeaders.to_string)N)rrrrrCrrrrrTs rc@seZdZdddZddZdS)r!NcCstj||dS)N)rr)rrrrrr]szModule.__init__cCsdS)NrGr)rrrrrC`szModule.to_string)N)rrrrrCrrrrr!\s r!c@s"eZdZdZdddZddZdS) r#zqA reference policy interface definition. This class represents a reference policy interface definition. rGNcCstj||||_dS)N)rrru)rrurrrrrhs zInterface.__init__cCs d|jS)Nz[Interface name: %s])ru)rrrrrClszInterface.to_string)rGN)rrrrHrrCrrrrr#cs r#c@seZdZdddZddZdS) TunablePolicyNcCstj||g|_dS)N)rrr)rrrrrrps zTunablePolicy.__init__cCsdt|jddS)Nz[Tunable Policy %s]rG)r^)rGrG)r`r)rrrrrCtszTunablePolicy.to_string)N)rrrrrCrrrrros rc@seZdZdddZddZdS)r%rGNcCstj||||_dS)N)rrru)rrurrrrrxs zTemplate.__init__cCs d|jS)Nz[Template name: %s])ru)rrrrrC|szTemplate.to_string)rGN)rrrrrCrrrrr%ws r%c@seZdZdddZddZdS)IfDefrGNcCstj||||_dS)N)rrru)rrurrrrrs zIfDef.__init__cCs d|jS)Nz[Ifdef name: %s])ru)rrrrrCszIfDef.to_string)rGN)rrrrrCrrrrrs rc@s&eZdZd ddZddZddZdS) r+rGNcCs"tj||||_g|_g|_dS)N)rIrifnameargsZcomments)rrrrrrrs zInterfaceCall.__init__cCsT|j|jkrdSt|jt|jkr(dSx&t|j|jD]\}}||kr8dSq8WdS)NFT)rrKrzip)rrrabrrrmatchess zInterfaceCall.matchescCsdd|j}d}xL|jD]B}t|tr.t|}n|}|dkrH|d|}n||}|d7}qW|dS)Nz%s(rz, %sr))rrrrdr`)rr]rVrrBrrrrCs     zInterfaceCall.to_string)rGN)rrrrrrCrrrrr+s  r+c@seZdZdddZddZdS)OptionalPolicyNcCstj||dS)N)rr)rrrrrrszOptionalPolicy.__init__cCsdS)Nz[Optional Policy]r)rrrrrCszOptionalPolicy.to_string)N)rrrrrCrrrrrs rc@s>eZdZdddZddZddZdd Zd d Zd d ZdS)r'NcCstj||d|_dS)N)rrr~)rrrrrrs zSupportMacros.__init__cCsdS)Nz[Support Macros]r)rrrrrCszSupportMacros.to_stringcCsDt}||jkr6x.|j|D]}|j|j|qWn |j||S)N)rcr~by_namer_SupportMacros__expand_permr})rpermr]prrrZ __expand_perms   zSupportMacros.__expand_permcCsJi|_x>|D]6}t}x|jD]}|j|j|qW||j|j<q WdS)N)r~rcrvrrru)rrZ exp_permsrrrrZ __gen_maps   zSupportMacros.__gen_mapcCs|js|j|j|S)N)r~_SupportMacros__gen_map)rrurrrrszSupportMacros.by_namecCs|js|j||jkS)N)r~r)rrurrrhas_keyszSupportMacros.has_key)N) rrrrrCrrrrrrrrr's   r'c@s&eZdZdddZddZddZdS) r9NcCs6tj||t|_i|_t|_t|_t|_dS)N)rIrrbrrr<datausers)rrrrrrs  zRequire.__init__cCs|jj|t}|j|dS)N)r setdefaultrbr)rrrvrrrr add_obj_classszRequire.add_obj_classcCsg}|jdx|jD]}|jd|qWx,|jjD]\}}|jd||jfq8Wx|jD]}|jd|qbWx|jD]}|jd|qWx|jD]}|jd|qW|jdt|dkrd Sd j |S) Nz require {z type %s;z class %s %s;z role %s;z bool %s;z user %s;rYrrGrA) rMrrrUrfr<rrrKr\)rr]rQrrvr boolrirrrrCs        zRequire.to_string)N)rrrrrrCrrrrr9s r9c@seZdZddZddZdS) ObjPermSetcCs||_t|_dS)N)rurcrv)rrurrrrszObjPermSet.__init__cCsd|j|jjfS)Nzdefine(`%s', `%s'))rurvrf)rrrrrCszObjPermSet.to_stringN)rrrrrCrrrrrsrc@seZdZddZddZdS)ClassMapcCs||_||_dS)N)rrv)rrrvrrrrszClassMap.__init__cCs|jd|jS)Nz: )rrv)rrrrrCszClassMap.to_stringN)rrrrrCrrrrrsrc@s.eZdZd ddZddZddZdd ZdS) CommentNcCs|r ||_ng|_dS)N)lines)rr_rrrr szComment.__init__cCsBt|jdkrdSg}x|jD]}|jd|qWdj|SdS)NrrG#rA)rKrrMr\)routlinerrrrCs  zComment.to_stringcCs2t|jr.x"|jD]}|dkr|jj|qWdS)NrG)rKrrM)rrrrrrrmerges  z Comment.mergecCs|jS)N)rC)rrrrrD!szComment.__str__)N)rrrrrCrrDrrrrr s  r)TFN)NrXrY)r)?stringrnZSRC_TYPEZTGT_TYPEZ OBJ_CLASSZPERMSZROLEZ DEST_TYPEZ field_to_strZ str_to_fieldr rrIrrWr`rarcrbrhrtrwr5r7r;rrrrr-r/r1r3r=r?r)rrrrrrrrrrrrrrrr!r#rr%rr+rr'r9rrrrrrrs| a &  P =    @:!               !&$