| Şuanki Dizin: /lib64/python3.9/site-packages/setools/__pycache__/ |
| Şuanki Dosya : //lib64/python3.9/site-packages/setools/__pycache__/permmap.cpython-39.pyc |
a
����q�qe�@�������������������
���@���s����d�dl�Z�d�dlZd�dlmZ�d�dlmZ�d�dlmZmZm Z m
Z
m
Z
m
Z
�d�dl
Z
ddlmZ�ddlmZ�ddlmZmZmZ�d ZdZd
ZG�d
d
��d
e
�Zeed
�dd�Ze
e
d�dd�Z
ee
ee
ee
e
e
e
ef�f�f�f�Z G�dd��d�Z G�dd��d�Z!dS�)�����N)�
OrderedDict)�suppress)�cast�Dict�Iterable�
NamedTuple�Optional�Union����)� exception)�PermissionMapDescriptor)�AVRule�
SELinuxPolicy�
TERuletype)�r�w�b�n�u�
���c�������������������@���s"���e�Zd�ZU�dZeed<�eed<�dS�)�
RuleWeightzDThe read and write weights for a rule, given all of its permissions.�read�writeN)�__name__�
__module__�
__qualname__�__doc__�int�__annotations__��r ���r ����5/usr/lib64/python3.9/site-packages/setools/permmap.pyr������s���
r���)�weight�returnc�����������������C���s(���t�|���krtks$n�td�|����|�S�)Nz$Permission weights must be 1-10: {0})�
MIN_WEIGHT�
MAX_WEIGHT�
ValueError�format)r!���r ���r ���r ����validate_weight!���s����r'���)� directionr"���c�����������������C���s���|�t�vrtd�|����|�S�)Nz'Invalid information flow direction: {0})�INFOFLOW_DIRECTIONSr%���r&���)r(���r ���r ���r ����validate_direction(���s����r*���c�������������������@���sf���e�Zd�ZU�dZede�Zede�Zede �Z
e
e
d<�e
e
d<�de
e
e
e dd �d
d
�Ze d
�d
d�ZdS�)�Mappingz1A mapping for a permission in the permission map.r!���r(����enabled�class_�permFN)�perm_map� classname�
permission�creater"���c�����������������C���s����||�_�||�_||�_|rD||�j�vr,t��|�j�|<�dddd�|�j�|�|<�n:||�j�vr^t�d�|���||�j�|�vr~t�d�||���d�S�)Nr���r
���T)r(���r!���r,����{0} is not mapped.z{0}:{1} is not mapped.)Z _perm_mapr-���r.���r���r
����
UnmappedClassr&���ZUnmappedPermission)�selfr/���r0���r1���r2���r ���r ���r ����__init__=���s ����
�
�zMapping.__init__�r"���c�����������������C���s$���|�j�|j�kr|�j|jk�S�|�j�|j�k�S��N)r-���r.���)r5����otherr ���r ���r ����__lt__T���s����
zMapping.__lt__)F)r���r���r���r
���r
���r'���r!���r*���r(����boolr,����strr
���� MapStructr6���r:���r ���r ���r ���r ���r+���3���s���
���
r+���c�������������������@���s8��e�Zd�ZdZd.ee�dd�dd�Zed�dd�Zd�d�d d
�Ze e
�d�d
d
�Z
edd�d
d�Z
edd�dd�Z
e e�d�dd�Zee e
�d�dd�Zeee
d�dd�Zedd�dd�Zeedd�d
d
�Zedd�d
d �Zeedd�d d!�Zedd"�d#d$�Zeed%�d&d'�Zeeedd(�d)d*�Zeeedd+�d,d-�Z
dS�)/�
PermissionMapz-Permission Map for information flow analysis.N)�
permmapfiler"���c�����������������C���sL���t��t�|�_t��|�_|��|r(|��|��n t�d�}d� |j
�}|��|��dS�)�\
Parameter:
permmapfile The path to the permission map to load.
Zsetoolsz{0}/setools/perm_mapN)
�loggingZ getLoggerr����logr����_permmap�load�
pkg_resourcesZget_distributionr&����location)r5���r?���Zdistro�pathr ���r ���r ���r6���_���s����
zPermissionMap.__init__r7���c�����������������C���s���|�j�S�r8���)�
_permmapfile�r5���r ���r ���r ����__str__p���s����zPermissionMap.__str__c�����������������C���s8���t��t��}|�j|_t�|�j�|_|�j|_||t|��<�|S�r8���)r>����__new__rB����copy�deepcopyrC���rH����id)r5����memoZnewobjr ���r ���r ����
__deepcopy__s���s
����
zPermissionMap.__deepcopy__c�����������������c���s(���|�����D�]}|��|�D�]
}|V��qqd�S�r8���)�classes�perms)r5����cls�mappingr ���r ���r ����__iter__{���s����
zPermissionMap.__iter__c��������������
���C���sv��|�j��d�|���t|d���}d}d}d}d}|�j����t|dd�D��]�\}}|���} t| �dksF| d�d�dkrvqF|dkr�zt | d��}W�n>�t
y��}
�z&t
�
d�||| d���|
�W�Y�d}
~
n
d}
~
0�0�|dk�r�t
�
d �||| d����d
}qF|d
k�r�t| �d
k�s| d�d
k�r.t
�
d
�||| ���t
| d��}
zt | d
��}
W�n@�t
�y��}
�z&t
�
d�||| d
���|
�W�Y�d}
~
n
d}
~
0�0�|
dk��r�t
�
d�||| d
����|d7�}||k�r�t
�
d�|||
���t��|�j|
<�d}
d
}qF|d
krFt
| d��}t
| d��}|tv�r,t
�
d�||| d����zt | d
��}W�n@�t
�y|�}
�z&t
�
d�||| d
���|
�W�Y�d}
~
n
d}
~
0�0�t|��k�r�tk�s�n�t
�
d�||| d
�tt���|�j��d�|
|||���|dk�r�|�j��d�|
|���t|�j|
|dd�}||_||_|d7�}|
d7�}
|
|
krFd
}qFW�d����n1��s<0����Y��||�_|�j��d�|���|�j��d�||���dS�)r@���z
Opening permission map "{0}"r���r���r
���)�start�#z&{0}:{1}:Invalid number of classes: {2}Nz/{0}:{1}:Number of classes must be positive: {2}���������classz&{0}:{1}:Invalid class declaration: {2}z*{0}:{1}:Invalid number of permissions: {2}z3{0}:{1}:Number of permissions must be positive: {2}z
{0}:{1}:Extra class found: {2}z/{0}:{1}:Invalid information flow direction: {2}z&{0}:{1}:Invalid permission weight: {2}z.{0}:{1}:Permission weight must be {3}-{4}: {2}zRead {0}:{1} {2} {3}r���z Permission {0}:{1} is unmapped.T�r2���z(Successfully opened permission map "{0}"z+Read {0} classes and {1} total permissions.)rB����infor&����openrC����clear� enumerate�split�lenr
���r%���r
���ZPermissionMapParseErrorr<���r���r)���r#���r$����debugr+���r(���r!���rH���)r5���r?����mapfileZ
total_permsZ
class_countZ
num_classes�stateZline_num�line�entry�ex�
class_nameZ num_permsZ
perm_count� perm_nameZflow_directionr!���rT���r ���r ���r ���rD�������s�����
���
��
��
���
��
��
��
���
��
�
�&
�zPermissionMap.loadc����������� ���
���C���s@��t�|d���
}|�j�d�|���|�d�t|�j����|�j���D�]�\}}|�d�|t|����|���D�]�\}}tt |d��}tt
|d��}t
|��kr�t
ks�n�J�d�|||���|t
v�s�J�d�|||���|d kr�|�j�d
�||���|�d
�|||���qf|�d
��q@|�j�d
�|���W�d����n1��s20����Y��dS�)z�
Save the permission map to the specified path. Existing files
will be overwritten.
Parameter:
permmapfile The path to write the permission map.
r���z Writing permission map to "{0}"z{0}
zclass {0} {1}
r(���r!���z={0}:{1} weight is out of range ({2}). This is an SETools bug.z@{0}:{1} flow direction ({2}) is invalid. This is an SETools bug.r���z1Warning: permission {0} in class {1} is unmapped.z{0:>20} {1:>9} {2:>9}
�
z*Successfully wrote permission map to "{0}"N)r]���rB���r\���r&���r���ra���rC����itemsr���r<���r
���r#���r$���r)���Zwarning) r5���r?���rc���r0���rR���ZpermnameZsettingsr(���r!���r ���r ���r ����save����s2������
��
�
zPermissionMap.savec�����������������c���s���|�j����E�dH��dS�)zw
Generate class names in the permission map.
Yield:
class An object class name.
N)rC����keysrI���r ���r ���r ���rQ�����s����zPermissionMap.classes)r-���r"���c��������������
���c���sd���z(|�j�|����D�]}t|�j�||�V��qW�n6�ty^�}�z
t�d�|��|�W�Y�d}~n
d}~0�0�dS�)z�
Generate permission mappings for the specified class.
Parameter:
class_ An object class name.
Yield:
Mapping A permission's complete map (weight, direction, enabled)
r3���N)rC���rm���r+����KeyErrorr
���r4���r&���)r5���r-���r.���rg���r ���r ���r ���rR��� ��s
����
zPermissionMap.perms)r-���r.���r"���c�����������������C���s���t�|�j||�S�)z)Retrieve a specific permission's mapping.)r+���rC����r5���r-���r.���r ���r ���r ���rT���/��s����zPermissionMap.mappingc�����������������C���s���|���|�D�]
}d|_q
dS�)a��
Exclude all permissions in an object class for calculating rule weights.
Parameter:
class_ The object class to exclude.
Exceptions:
UnmappedClass The specified object class is not mapped.
FN�rR���r,���ro���r ���r ���r ����
exclude_class3��s����
zPermissionMap.exclude_class)r-���r1���r"���c�����������������C���s���dt�|�j||�_dS�)a���
Exclude a permission for calculating rule weights.
Parameter:
class_ The object class of the permission.
permission The permission name to exclude.
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
FN�r+���rC���r,����r5���r-���r1���r ���r ���r ����exclude_permission@��s����
z PermissionMap.exclude_permissionc�����������������C���s���|���|�D�]
}d|_q
dS�)a��
Include all permissions in an object class for calculating rule weights.
Parameter:
class_ The object class to include.
Exceptions:
UnmappedClass The specified object class is not mapped.
TNrp���ro���r ���r ���r ����
include_classN��s����
zPermissionMap.include_classc�����������������C���s���dt�|�j||�_dS�)a���
Include a permission for calculating rule weights.
Parameter:
class_ The object class of the permission.
permission The permission name to include.
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
TNrr���rs���r ���r ���r ����include_permission\��s����
z PermissionMap.include_permission)�policyr"���c�������������� ���C���s����|����D�]�}t|�}||�jvr>|�j�d�||���t��|�j|<�|j}tt j
��
�||j
jO�}W�d����n1�sp0����Y��|D�]:}||�j|�vr~|�j�d�|||���t
|�j||dd��q~qdS�)zHCreate mappings for all classes and permissions in the specified policy.z"Adding unmapped class {0} from {1}Nz.Adding unmapped permission {0} in {1} from {2}Tr[���)
rQ���r<���rC���rB���rb���r&���r���rR���r���r
���ZNoCommon�commonr+���)r5���rw���r-���rh���rR���ri���r ���r ���r ����
map_policyk��s
����
*
�zPermissionMap.map_policy)�ruler"���c�����������������C���s����d}d}t�|j�}|jtjkr0t�d�|j���|jD�]l}t |�j
||�}|j
sPq6|j
dkrht
||j�}q6|j
dkr�t
||j�}q6|j
dkr6t
||j�}t
||j�}q6t||�S�)aT��
Get the type enforcement rule's information flow read and write weights.
Parameter:
rule A type enforcement rule.
Return: Tuple(read_weight, write_weight)
read_weight The type enforcement rule's read weight.
write_weight The type enforcement rule's write weight.
r���z1{0} rules cannot be used for calculating a weightr���r���r���)r<���ZtclassZruletyper���Zallowr
���Z
RuleTypeErrorr&���rR���r+���rC���r,���r(����maxr!���r���)r5���rz���Z
write_weightZ
read_weightrh���ri���rT���r ���r ���r ����
rule_weight��s&����
�
zPermissionMap.rule_weight)r-���r1���r(���r"���c�����������������C���s���|t�|�j||�_dS�)a���
Set the information flow direction of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
direction The information flow direction the permission (r/w/b/n).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
N)r+���rC���r(���)r5���r-���r1���r(���r ���r ���r ����
set_direction���s����
zPermissionMap.set_direction)r-���r1���r!���r"���c�����������������C���s���|t�|�j||�_dS�)a���
Set the weight of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
weight The weight of the permission (1-10).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
N)r+���rC���r!���)r5���r-���r1���r!���r ���r ���r ����
set_weight���s����
zPermissionMap.set_weight)N)
r���r���r���r
���r���r<���r6���rJ���rP���r���r+���rU���rD���rl���rQ���rR���rT���rq���rt���ru���rv���r���ry���r
���r���r|���r}���r
���r~���r ���r ���r ���r ���r>���[���s$���q%
'r>���)"rA���rL����
collectionsr����
contextlibr����typingr���r���r���r���r���r ���rE�����r
���Z
descriptorsr
���Z policyrepr
���r���r���r)���r#���r$���r���r
���r'���r<���r*���r;���r=���r+���r>���r ���r ���r ���r ����<module>���s"���
&(
Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4