Revonzy Mini Shell

Revonzy Mini Shell

Şuanki Dizin: /proc/self/root/lib/python3.9/site-packages/__pycache__/
Dosya Yükle :
Şuanki Dosya : //proc/self/root/lib/python3.9/site-packages/__pycache__/seobject.cpython-39.pyc

a


z
f���@sJddlZddlZddlZddlZddlZddlZddlZddlZddlTdZ	ddl
Z
ddlmZddl
mZddlZzFddlZiZejdkr�ded<eje	fd	d
ie�ddi��ZejZWnHzddlZeejd<Wn$ey�ddlZeejd<Yn0Yn0ddlZiZeed
<eed<eed<eed<eed<eed<e ed<e ed<e ed<e!ed<e!ed<e!ed<e"ed<e"ed<e"ed<e#ed<e#ed<e#ed<e$ed<e$ed <e$ed!<e%ed"<e%ed#<e%ed$<ddddddd d"d%�Z&d&d&d'd(d)d*d+d,dd-�	Z'z(ddl(Z(e(�)e(�*��Gd.d/�d/�Z+Wn&e,ef�yLGd0d/�d/�Z+Yn0Gd1d2�d2�Z-d3d4�Z.dTd6d7�Z/dUd8d9�Z0Gd:d;�d;�Z1Gd<d=�d=e1�Z2Gd>d?�d?e1�Z3Gd@dA�dAe1�Z4GdBdC�dCe1�Z5GdDdE�dEe1�Z6GdFdG�dGe1�Z7GdHdI�dIe1�Z8GdJdK�dKe1�Z9GdLdM�dMe1�Z:GdNdO�dOe1�Z;GdPdQ�dQe1�Z<GdRdS�dSe1�Z=dS)V�N)�*zselinux-python)�
SELinuxPolicy)�	TypeQuery)�T�unicode�	localedirz/usr/share/locale�fallback�_��	all files�a�regular filez--�fz-d�	directory�dz-c�character device�cz-b�block device�bz-s�socket�sz-l�l�
symbolic link�pz-p�
named pipe)rr
rrrrrr�any�block�char�dir�file�symlink�pipe)	r
rrrrrrrrc@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)�loggercCst��|_g|_g|_dS�N)�audit�
audit_open�audit_fd�log_list�log_change_list��self�r+�,/usr/lib/python3.9/site-packages/seobject.py�__init__ns
�logger.__init__r
c	
Cs�d}	||kr||	d7}d}	||kr4||	d7}d}	||krL||	d7}d}	|j�|jtjtjdt|�|d||||||dddg�dS)N�-�sename�,�role�rangerr
)r'�appendr&r$ZAUDIT_ROLE_ASSIGN�sys�argv�str)
r*�msg�namer0�serole�serange�	oldsename�	oldserole�
oldserange�sepr+r+r,�logss�
logger.logc		Cs<|j�|jtjtjdt|�|d||||||dddg�dS)Nrr
)r'r4r&r$ZAUDIT_ROLE_REMOVEr5r6r7�	r*r8r9r0r:r;r<r=r>r+r+r,�
log_remove�s�logger.log_removec	Cs&|j�|jtjt|�ddddg�dS)N�semanager
)r(r4r&r$ZAUDIT_USER_MAC_CONFIG_CHANGEr7�r*r8r+r+r,�
log_change�s�logger.log_changecCsH|jD]}tj||g�q|jD]}tj||g�q"g|_g|_dSr#)r'r$Zaudit_log_semanage_messager(Zaudit_log_user_comm_message)r*�successrr+r+r,�commit�s

�
logger.commitN)r
r
r
r
r
r
r
)r
r
r
r
r
r
r
��__name__�
__module__�__qualname__r-r@rCrGrJr+r+r+r,r"ls


r"c@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)r"cCs
g|_dSr#)r'r)r+r+r,r-�sr.r
c	
Cs�d||f}	|dkr |	d|7}	|dkr4|	d|7}	|dkrH|	d|7}	|dkr\|	d|7}	|dkrx|durx|	d|7}	|dkr�|dur�|	d|7}	|j�|	�dS)	Nz %s name=%sr
z sename=z oldsename=z role=z
 old_role=z
 MLSRange=z old_MLSRange=�r'r4)
r*r8r9r0r:r;r<r=r>�messager+r+r,r@�srAc		
Cs|�||||||||�dSr#)r@rBr+r+r,rC�srDcCs|j�d|�dS)Nz %srPrFr+r+r,rG�srHcCs4|dkrd}nd}|jD]}t�tj||�qdS)N�zSuccessful: zFailed: )r'�syslogZLOG_INFO)r*rIrQrr+r+r,rJ�s

rKN)r
r
r
r
r
r
r
)r
r
r
r
r
r
r
rLr+r+r+r,r"�s


c@s0eZdZddd�Zddd�Zdd�Zdd	�Zd
S)
�
nullloggerr
c		CsdSr#r+rBr+r+r,r@�sznulllogger.logc		CsdSr#r+rBr+r+r,rC�sznulllogger.log_removecCsdSr#r+rFr+r+r,rG�sznulllogger.log_changecCsdSr#r+)r*rIr+r+r,rJ�sznulllogger.commitN)r
r
r
r
r
r
r
)r
r
r
r
r
r
r
)rMrNrOr@rCrGrJr+r+r+r,rT�s

rTcCsXd}d}|d|d}|d|d}|d|dd|d}t�d	|d
|�S)Nzs[0-9]*zc[0-9]*z(\.z)?z(\,z)*z(-z(:�^�$)�re�search)�rawZsensitivity�categoryZ	cat_range�
categoriesZregr+r+r,�validate_level�sr\rRcCs`d}|dkrd||f}n|}t�|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdS�Nza:b:c:rR�%s%srr
)�selinuxZselinux_raw_to_trans_context�len)rY�prepend�filler�context�rc�transr+r+r,�	translate�srfcCs`d}|dkrd||f}n|}t�|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdSr])r_Zselinux_trans_to_raw_contextr`)rerarbrcrdrYr+r+r,�untranslate�srgc@sfeZdZdZdZdZdZddd�Zdd�Zdd�Z	d	d
�Z
dd�Zd
d�Zdd�Z
dd�Zdd�ZdS)�semanageRecordsFNcCs�|rt|t�r||_n||_t|dd�|_|js>t|dd�|_|�|j�|_t�	�\}}|jdksl|j|krvt
�|_n,t�
|j�t�dt��|jf�t�|_dS)N�noreloadF�storer
r^)�
isinstancer7rj�args�getattrri�
get_handle�shr_�selinux_getpolicytyper"�mylog�sepolicyZload_store_policyZselinux_set_policy_rootZselinux_pathrT)r*rlrdZ
localstorer+r+r,r-�s

zsemanageRecords.__init__cCs||_dSr#)ri)r*�loadr+r+r,�
set_reloadszsemanageRecords.set_reloadcCs�tjrtjSt�}|s"ttd���tjsB|dkrBt||t�|t_t	|�s^t
|�ttd���t|�}|tkr�t
|�ttd���t
|�}|dkr�t
|�ttd���t|�atdkr�t
|�ttd���|t_tjS)Nz Could not create semanage handler
z:SELinux policy is not managed or store cannot be accessed.zCannot read policy store.rz'Could not establish semanage connectionz!Could not test MLS enabled status)rh�handleZsemanage_handle_create�
ValueErrorr	�transactionZsemanage_select_storeZSEMANAGE_CON_DIRECTrjZsemanage_is_managedZsemanage_handle_destroyZsemanage_access_checkZSEMANAGE_CAN_READZsemanage_connectZsemanage_mls_enabled�is_mls_enabled)r*rjrurdr+r+r,rns2zsemanageRecords.get_handlecCsttd���dS�NzNot yet implemented�rvr	r)r+r+r,�	deleteall3szsemanageRecords.deleteallcCs$tjrttd���|��dt_dS)Nz(Semanage transaction already in progressT)rhrwrvr	�beginr)r+r+r,�start6szsemanageRecords.startcCs,tjr
dSt|j�}|dkr(ttd���dS)Nrz$Could not start semanage transaction)rhrwZsemanage_begin_transactionrorvr	�r*rdr+r+r,r|<s

zsemanageRecords.begincCsttd���dSryrzr)r+r+r,�
customizedCszsemanageRecords.customizedcCsVtjr
dS|jrt|jd�t|j�}|dkrF|j�d�tt	d���|j�d�dS)Nrz%Could not commit semanage transactionrR)
rhrwriZsemanage_set_reloadroZsemanage_commitrqrJrvr	r~r+r+r,rJFs
zsemanageRecords.commitcCs$tjsttd���dt_|��dS)Nz$Semanage transaction not in progressF)rhrwrvr	rJr)r+r+r,�finishRszsemanageRecords.finish)N)rMrNrOrwrurjrlr-rtrnr{r}r|rrJr�r+r+r+r,rh�s
$rhc@sPeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dd�Z
dS)�
moduleRecordsNcCst�||�dSr#�rhr-�r*rlr+r+r,r-[szmoduleRecords.__init__cCsg}t|j�\}}}|dkr(ttd���t|�D]�}t||�}t|j|�\}}|dkrbttd���t|j|�\}}|dkr�ttd���t|j|�\}}	|dkr�ttd���t	|j|�\}}
|dkr�ttd���|�
|||	|
f�q0|jdd�d	d
�|jdd�d�|S)
Nr�Could not list SELinux moduleszCould not get module namezCould not get module enabledzCould not get module priorityzCould not get module lang_extcSs|dS)Nrr+��tr+r+r,�<lambda>z�z'moduleRecords.get_all.<locals>.<lambda>T)�key�reversecSs|dS�Nrr+r�r+r+r,r�{r�)r�)Zsemanage_module_list_allrorvr	r3�semanage_module_list_nthZsemanage_module_info_get_nameZ semanage_module_info_get_enabledZ!semanage_module_info_get_priorityZ!semanage_module_info_get_lang_extr4�sort)r*rrd�mlist�number�i�modr9Zenabled�priorityZlang_extr+r+r,�get_all^s,
zmoduleRecords.get_allcCs0|��}t|�dkrgSdd�dd�|D�D�S)NrcSsg|]}d|d�qS)z-d %srr+��.0�xr+r+r,�
<listcomp>�r�z,moduleRecords.customized.<locals>.<listcomp>cSsg|]}|ddkr|�qS�rRrr+�r�r�r+r+r,r��r�)r�r`)r*�allr+r+r,r~szmoduleRecords.customizedrRrcCs�|��}t|�dkrdS|r:tdtd�td�td�f�|D]D}|ddkrXtd�}n
|r^q>d}td	|d|d
|d|f�q>dS)Nrz
%-25s %-9s %s
zModule NameZPriorityZLanguagerRZDisabledr
z%-25s %-9s %-5s %s�r)r�r`�printr	)r*�heading�	locallistr�r�Zdisabledr+r+r,�list�s
zmoduleRecords.listcCs`tj�|�sttd�|��t|j|�}|dkr@ttd�|��t|j|�}|dkr\|��dS)NzModule does not exist: %s r�3Invalid priority %d (needs to be between 1 and 999))	�os�path�existsrvr	�semanage_set_default_priorityroZsemanage_module_install_filerJ)r*rr�rdr+r+r,�add�szmoduleRecords.addcCs�|��D]�}t|j�\}}|dkr.ttd���t|j||�}|dkrPttd���t|j||�}|dkr|r|ttd�|��qttd�|��q|��dS)NrzCould not create module keyzCould not set module key namezCould not enable module %szCould not disable module %s)�splitZsemanage_module_key_createrorvr	Zsemanage_module_key_set_nameZsemanage_module_set_enabledrJ)r*�module�enable�mrdr�r+r+r,�set_enabled�szmoduleRecords.set_enabledcCsjt|j|�}|dkr$ttd�|��|��D]0}t|j|�}|dkr,|dkr,ttd�|��q,|��dS)Nrr����z*Could not remove module %s (remove failed))r�rorvr	r��semanage_module_removerJ)r*r�r�rdr�r+r+r,�delete�szmoduleRecords.deletecCs6dd�dd�|��D�D�}|D]}|�|d�q dS)NcSsg|]}|d�qS)rr+r�r+r+r,r��r�z+moduleRecords.deleteall.<locals>.<listcomp>cSsg|]}|ddkr|�qSr�r+r�r+r+r,r��r�T)r�r�)r*rr�r+r+r,r{�szmoduleRecords.deleteall)N)rRr)rMrNrOr-r�rr�r�r�r�r{r+r+r+r,r�Ys
 
r�c@seZdZddd�Zdd�ZdS)�dontauditClassNcCst�||�dSr#r�r�r+r+r,r-�szdontauditClass.__init__cCs8|dvrttd���|��t|j|dk�|��dS)N)�on�offz'dontaudit requires either 'on' or 'off'r�)rvr	r|Zsemanage_set_disable_dontauditrorJ)r*Z	dontauditr+r+r,�toggle�s
zdontauditClass.toggle)N)rMrNrOr-r�r+r+r+r,r��s
r�c@sHeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dS)�permissiveRecordsNcCst�||�dSr#r�r�r+r+r,r-�szpermissiveRecords.__init__cCsng}t|j�\}}}|dkr(ttd���t|�D]8}t||�}t|�}|r0|�d�r0|�|�	d�d�q0|S)Nrr�Zpermissive_rR)
Zsemanage_module_listrorvr	r3r�Zsemanage_module_get_name�
startswithr4r�)r*rrdr�r�r�r�r9r+r+r,r��s
zpermissiveRecords.get_allcCsdd�t|���D�S)NcSsg|]}d|�qS)z-a %sr+r�r+r+r,r��r�z0permissiveRecords.customized.<locals>.<listcomp>)�sortedr�r)r+r+r,r�szpermissiveRecords.customizedrRrcCs�dd�dd�t�tj�D�D�}t|�dkr0dS|rDtdtd��|��}|D]}||vrPt|�qPt|�dkrvdS|r�tdtd��|D]}t|�q�dS)NcSsg|]}|d�qS)r9r+)r��yr+r+r,r��r�z*permissiveRecords.list.<locals>.<listcomp>cSsg|]}|dr|�qS)Z
permissiver+r�r+r+r,r��r�rz
%-25s
zBuiltin Permissive TypeszCustomized Permissive Types)rr�infoZTYPEr`r�r	r�)r*r�r�r�rr�r+r+r,r��s 
zpermissiveRecords.listcCsRd|}d|}t|j|t|�|d�}|dkr6|��|dkrNttd�|��dS)N�
permissive_%sz(typepermissive %s)Zcilrz?Could not set permissive domain %s (module installation failed))Zsemanage_module_installror`rJrvr	)r*�typer9Zmodtxtrdr+r+r,r��szpermissiveRecords.addcCsB|��D],}t|jd|�}|dkrttd�|��q|��dS)Nr�rz5Could not remove permissive domain %s (remove failed))r�r�rorvr	rJ)r*r9�nrdr+r+r,r�s
zpermissiveRecords.deletecCs,|��}t|�dkr(d�|�}|�|�dS)Nr� )r�r`�joinr�)r*rr�r+r+r,r{
s
zpermissiveRecords.deleteall)N)rRr)
rMrNrOr-r�rr�r�r�r{r+r+r+r,r��s


r�c@s~eZdZddd�Zdd�Zdd�Zdd	�Zd dd�Zd!d
d�Zdd�Z	dd�Z
dd�Zdd�Zd"dd�Z
dd�Zd#dd�ZdS)$�loginRecordsNcCs(t�||�d|_d|_d|_d|_dSr#)rhr-r<r>r0r;r�r+r+r,r-s
zloginRecords.__init__cCs�t�|�\}|_|_|dkr d}t|j�}|�|j�\}\}}|�|�\}\}}	tdkrn|dkrjt|�}n|}t	|j
|�\}}
|dkr�ttd�|��|ddkr�zt
�|dd��Wn$ttd�|dd���Yn0n,zt�|�Wnttd�|��Yn0t|j
�\}}|dk�r4ttd	�|��t|j
||�}|dk�r\ttd
�|��tdk�r�|dk�r�t|j
||�}|dk�r�ttd�|��t|j
||�}|dk�r�ttd�|��t|j
|
|�}|dk�r�ttd
�|��t|
�t|�dS)Nr
Zuser_urRr�Could not create a key for %s�%zLinux Group %s does not existzLinux User %s does not existz%Could not create login mapping for %s�Could not set name for %s�Could not set MLS range for %sz!Could not set SELinux user for %sz"Could not add login mapping for %s)r_�getseuserbynamer<r>�seluserRecordsrl�getrxrg�semanage_seuser_key_createrorvr	�grp�getgrnam�pwd�getpwnamZsemanage_seuser_createZsemanage_seuser_set_name�semanage_seuser_set_mlsrange�semanage_seuser_set_sename�semanage_seuser_modify_local�semanage_seuser_key_free�semanage_seuser_free)r*r9r0r;�rec�userrecr3rdr=r:�k�ur+r+r,�__addsP

 




zloginRecords.__addc
CszzL|��|�|�r4ttd�|�|�|||�n|�|||�|��Wn(tyt}z|�WYd}~n
d}~00dS)Nz:Login mapping for %s is already defined, modifying instead)r|�_loginRecords__existsr�r	�_loginRecords__modify�_loginRecords__addrJrv�r*r9r0r;�errorr+r+r,r�Ss
zloginRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)Nrr��2Could not check if login mapping for %s is defined)r�rorvr	�semanage_seuser_existsr��r*r9rdr�r�r+r+r,�__existsaszloginRecords.__existsr
c
Cs�t�|�\}|_|_|dkr0|dkr0ttd���t|j�}|�|j�\}\}}|dkrj|�|�\}\}}	n|}	|dkr~||_	n||_	t
|j|�\}}
|dkr�ttd�|��t|j|
�\}}|dkr�ttd�|��|s�ttd�|��t
|j|
�\}}|dk�rttd�|��t|�|_t|�|_tdk�rL|dk�rLt|j|t|��|dk�rlt|j||�||_n|j|_t|j|
|�}|dk�r�ttd	�|��t|
�t|�dS)
Nr
zRequires seuser or serangerr�r��#Login mapping for %s is not definedzCould not query seuser for %srRz%Could not modify login mapping for %s)r_r�r<r>rvr	r�rlr�r;r�ror�Zsemanage_seuser_query�semanage_seuser_get_mlsrange�semanage_seuser_get_senamerxr�rgr�r0r�r�r�)
r*r9r0r;r�r�r3rdr=r:r�r�r�r+r+r,�__modifymsF





zloginRecords.__modifyc
CsPz"|��|�|||�|��Wn(tyJ}z|�WYd}~n
d}~00dSr#)r|r�rJrvr�r+r+r,�modify�szloginRecords.modifyc
Cs*t�|�\}|_|_t|j�}|�|j�\}\}}t|j|�\}}|dkrZt	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t
|j|�}|dkr�t	t
d�|��t|�t�d�\}|_|_|�|j�\}\}}	dS)Nrr�r�r�z<Login mapping for %s is defined in policy, cannot be deletedz%Could not delete login mapping for %sZ__default__)r_r�r<r>r�rlr�r�rorvr	r�Zsemanage_seuser_exists_localZsemanage_seuser_del_localr�r0r;)
r*r9r�r�r3rdr=r�r�r:r+r+r,�__delete�s,
zloginRecords.__deletec
CsLz|��|�|�|��Wn(tyF}z|�WYd}~n
d}~00dSr#)r|�_loginRecords__deleterJrv�r*r9r�r+r+r,r��s
zloginRecords.deletec
Cs|t|j�\}}|dkr"ttd���z,|��|D]}|�t|��q0|��Wn(tyv}z|�WYd}~n
d}~00dS�Nr�Could not list login mappings)�semanage_seuser_list_localrorvr	r|r��semanage_seuser_get_namerJ�r*rd�ulistr�r�r+r+r,r{�szloginRecords.deleteallc
Cs�i}t��d|_t�|j�D]z\}}}||jkr|D]`}zHt|d|�}|�����d�}|�	�|d|d|df||<Wq6t
y�Yq60q6q|S)Nz/logins�/�:rRr�r)r_Zselinux_policy_root�logins_pathr��walk�open�read�rstripr��close�
IndexError)r*�ddictr��dirs�filesr9�fdr�r+r+r,�get_all_logins�s

zloginRecords.get_all_loginsrcCsli}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]"}t|�}t|�t|�df||<qD|S)Nrr�r)	r�ror�Zsemanage_seuser_listrvr	r�r�r�)r*r�r�rdr�r9r+r+r,r��s
zloginRecords.get_allcCspg}|�d�}t|���D]P}||drP|�d||d||d|f�q|�d||d|f�q|S)NTrRz-a -s %s -r '%s' %srz-a -s %s %s�r�r��keysr4�r*rr�r�r+r+r,r�s
&zloginRecords.customizedrRc	Cs@|�|�}|��}t|���}t|���}t|�dkrFt|�dkrFdStdkr�|rvtdtd�td�td�td�f�|D]0}||}td||dt|d�|d	f�qzt|�r�td
|j	�|D]0}||}td||dt|d�|d	f�q�nB|�rtdtd�td�f�|D]}td|||df��qdS)
NrrRz
%-20s %-20s %-20s %s
z
Login Name�SELinux Userz
MLS/MCS RangeZServicez%-20s %-20s %-20s %sr�z
Local customization in %sz
%-25s %-25s
z%-25s %-25s)
r�r�r�r�r`rxr�r	rfr�)	r*r�r�r�ZldictZlkeysr�r�r�r+r+r,r�s*
$&(zloginRecords.list)N)r
r
)r
r
)r)rRr)rMrNrOr-r�r�r�r�r�r�r�r{r�r�rr�r+r+r+r,r�s
6
2
	


r�c@s�eZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zgdddfd
d�Zgdddfdd�Z	dd�Z
dd�Zdd�Zd dd�Z
dd�Zd!dd�ZdS)"r�NcCst�||�dSr#r�r�r+r+r,r-szseluserRecords.__init__cCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|j|�\}}|dkrxttd�|��t|�}t|j|�}t|�t	|�||fS)Nrr��-Could not check if SELinux user %s is defined�Could not query user for %s)
�semanage_user_key_createrorvr	�semanage_user_exists�semanage_user_query�semanage_user_get_mlsrange�semanage_user_get_roles�semanage_user_key_free�semanage_user_free)r*r9rdr�r�r�r;r:r+r+r,r�"szseluserRecords.getcCstdkr4|dkrd}nt|�}|dkr,d}nt|�}t|�dkrPttd�|��t|j|�\}}|dkrxttd�|��t|j�\}}|dkr�ttd�|��t|j||�}|dkr�ttd�|��|D]0}	t	|j||	�}|dkr�ttd	�j
|	|d
���q�tdk�rTt|j||�}|dk�r,ttd�|��t|j||�}|dk�rTttd�|��t
|j||�}|dk�r�ttd
�j
|	|d���t|j|�\}}
|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|�t|�|jjd|d�|�|d�dS)NrRr
�s0z%You must add at least one role for %srr�z$Could not create SELinux user for %sr�z$Could not add role {role} for {name})r2r9r�zCould not set MLS level for %sz(Could not add prefix {prefix} for {role})r2�prefixzCould not extract key for %szCould not add SELinux user %s�seuserr1)r0r:r;)rxrgr`rvr	r�roZsemanage_user_createZsemanage_user_set_name�semanage_user_add_role�format�semanage_user_set_mlsrange�semanage_user_set_mlslevel�semanage_user_set_prefixZsemanage_user_key_extract�semanage_user_modify_localrrrqr@r�)r*r9�roles�selevelr;rrdr�r��rr�r+r+r,r�2sR





zseluserRecords.__addc
Cs�zT|��|�|�r8ttd�|�|�|||||�n|�|||||�|��Wn4ty�}z|j�d�|�WYd}~n
d}~00dS)Nz5SELinux user %s is already defined, modifying insteadr)	r|�_seluserRecords__existsr�r	�_seluserRecords__modify�_seluserRecords__addrJrvrq�r*r9rrr;rr�r+r+r,r�is
zseluserRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)Nrr�r�)r�rorvr	r�rr�r+r+r,r�vszseluserRecords.__existsr
c	Cs8d}d}d�|�}|dkrXt|�dkrX|dkrX|dkrXtdkrLttd���nttd���t|j|�\}	}
|	dkr�ttd�|��t|j|
�\}	}|	dkr�ttd�|��|s�ttd	�|��t|j|
�\}	}|	dkr�ttd
�|��t	|�}t
|j|�\}	}
|	dk�rd�|
�}tdk�r6|dk�r6t|j|t|��tdk�r\|dk�r\t
|j|t|��|dk�rtt|j||�t|�dk�r�|
D]}||v�r�t||��q�|D]}||
v�r�t|j||��q�t|j|
|�}	|	dk�r�ttd�|��t|
�t|�d�|���}d�|���}|jjd
||||||d�dS)Nr
r�rrRz&Requires prefix, roles, level or rangezRequires prefix or rolesr�r��SELinux user %s is not definedr�z Could not modify SELinux user %sr1r)r0r<r:r;r=r>)r�r`rxrvr	r�ror�rrrr
rgrrZsemanage_user_del_rolerr
rrr�rqr@)r*r9rrr;rr=r>Znewrolesrdr�r�r��rlistrr2r+r+r,r��sV
$





zseluserRecords.__modifyc
Cs`z&|��|�|||||�|��Wn4tyZ}z|j�d�|�WYd}~n
d}~00dSr�)r|rrJrvrqrr+r+r,r��szseluserRecords.modifyc	Cs8t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}t|j|�\}}d�	|�}t
|j|�}|dk�rttd�|��t|�t|�|j
jd	|||d
�dS)Nrr�r�rz7SELinux user %s is defined in policy, cannot be deletedr�r1z Could not delete SELinux user %sr)r<r>r=)r�rorvr	r�Zsemanage_user_exists_localrrrr�Zsemanage_user_del_localrrrqrC)	r*r9rdr�r�r�r>rr=r+r+r,r��s2

zseluserRecords.__deletec
CsXz|��|�|�|��Wn4tyR}z|j�d�|�WYd}~n
d}~00dSr�)r|�_seluserRecords__deleterJrvrqr�r+r+r,r��s
zseluserRecords.deletec
Cs�t|j�\}}|dkr"ttd���z,|��|D]}|�t|��q0|��Wn4ty�}z|j�d�|�WYd}~n
d}~00dSr�)	�semanage_user_list_localrorvr	r|r�semanage_user_get_namerJrqr�r+r+r,r{�szseluserRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]^}t|�}t|j|�\}}|dkrxttd�|��d�|�}t	|�t
|�t|�|f|t|�<qD|S)NrzCould not list SELinux usersz Could not list roles for user %sr�)rror�Zsemanage_user_listrvr	rrr�Zsemanage_user_get_prefixZsemanage_user_get_mlslevelr)r*r�r�rdr�r9rrr+r+r,r��s

"zseluserRecords.get_allcCs�g}|�d�}t|���D]f}||ds6||drf|�d||d||d||d|f�q|�d||d|f�q|S)NTrRr�z-a -L %s -r %s -R '%s' %srz
-a -R '%s' %sr�r�r+r+r,rs
0zseluserRecords.customizedrRc	Cs|�|�}t|�dkrdSt|���}tdkr�|r|tddtd�td�td�f�tdtd�td	�td
�td�td�f�|D]B}td
|||dt||d�t||d�||df�q�n>|r�tdtd�td�f�|D]}td|||df�q�dS)NrrRz
%-15s %-10s %-10s %-30sr
ZLabelingzMLS/z%-15s %-10s %-10s %-30s %s
r�ZPrefixz	MCS Levelz	MCS Rangez
SELinux Rolesz%-15s %-10s %-10s %-30s %sr�rz	%-15s %s
z%-15s %s)r�r`r�r�rxr�r	rf�r*r�r�r�r�r�r+r+r,r�s
 *BzseluserRecords.list)N)r)rRr)rMrNrOr-r�rr�rrr�rr�r{r�rr�r+r+r+r,r�s
7
8	!


r�c@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�portRecordsNcCsHt�||�z$ttt�tjd��dd�|_WntyBYn0dS)NZ	port_typer�types)rhr-r�rrr��	ATTRIBUTE�valid_types�RuntimeErrorr�r+r+r,r-1s
$zportRecords.__init__c
Cs�ttttd�}||��vr$||}nttd���|dkrDttd���t|t�r\|�	dd�}n|f}t
|�dkr�t|d�}}nt|d�}t|d�}|dkr�ttd	���t|j
|||�\}}	|dkr�ttd
�j||d���|	|||fS)N)ZtcpZudpZsctpZdccpz0Protocol has to be one of udp, tcp, dccp or sctpr
zPort is requiredr/rRr�zInvalid Portz)Could not create a key for {proto}/{port}��proto�port)ZSEMANAGE_PROTO_TCPZSEMANAGE_PROTO_UDPZSEMANAGE_PROTO_SCTPZSEMANAGE_PROTO_DCCPr�rvr	rkr7r�r`�intZsemanage_port_key_createror	)
r*r#r"Z	protocols�proto_dZports�high�lowrdr�r+r+r,�__genkey8s.�

zportRecords.__genkeyc	Cs>tdkr|dkrd}nt|�}|dkr2ttd���t�|�}||jvrVttd�|��|�||�\}}}}t|j	�\}	}
|	dkr�ttd�j
||d���t|
|�t|
||�t
|j	�\}	}|	dkr�ttd	�j
||d���t|j	|d
�}	|	dk�rttd�j
||d���t|j	|d�}	|	dk�r4ttd
�j
||d���t|j	||�}	|	dk�rbttd�j
||d���tdk�r�|dk�r�t|j	||�}	|	dk�r�ttd�j
||d���t|j	|
|�}	|	dk�r�ttd�j
||d���t|j	||
�}	|	dk�rttd�j
||d���t|�t|�t|
�|j�d|t�|�d
d||f�dS)NrRr
r�Type is required�'Type %s is invalid, must be a port typerz(Could not create port for {proto}/{port}r!z+Could not create context for {proto}/{port}�system_uz5Could not set user in port context for {proto}/{port}�object_rz5Could not set role in port context for {proto}/{port}z5Could not set type in port context for {proto}/{port}z;Could not set mls fields in port context for {proto}/{port}z-Could not set port context for {proto}/{port}z!Could not add port {proto}/{port}z8resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s)rxrgrvr	rr�get_real_type_namer�_portRecords__genkeyZsemanage_port_createror	Zsemanage_port_set_protoZsemanage_port_set_range�semanage_context_create�semanage_context_set_user�semanage_context_set_role�semanage_context_set_type�semanage_context_set_mlsZsemanage_port_set_con�semanage_port_modify_local�semanage_context_free�semanage_port_key_free�semanage_port_freerqrGr�getprotobyname)r*r#r"r;r�r�r%r'r&rdr�conr+r+r,r�XsR








zportRecords.__addcCsX|��|�||�r<ttd�j||d��|�||||�n|�||||�|��dS)Nz6Port {proto}/{port} already defined, modifying insteadr!)r|�_portRecords__existsr�r	r	�_portRecords__modify�_portRecords__addrJ)r*r#r"r;r�r+r+r,r��szportRecords.addc	CsN|�||�\}}}}t|j|�\}}|dkrBttd�j||d���t|�|S)Nr�1Could not check if port {proto}/{port} is definedr!)r.�semanage_port_existsrorvr	r	r6�	r*r#r"r�r%r'r&rdr�r+r+r,r��szportRecords.__existsc
	Cs�|dkr2|dkr2tdkr&ttd���nttd���t�|�}|rZ||jvrZttd�|��|�||�\}}}}t|j|�\}	}
|	dkr�ttd�j	||d���|
s�ttd	�j	||d���t
|j|�\}	}|	dkr�ttd
�j	||d���t|�}tdk�r|dk�rd}nt|j|t
|��|dk�r0t|j||�t|j||�}	|	dk�r^ttd�j	||d���t|�t|�|j�d
|t�|�dd||f�dS)Nr
rR�Requires setype or serange�Requires setyper*rr=r!�"Port {proto}/{port} is not definedz#Could not query port {proto}/{port}rz$Could not modify port {proto}/{port}z;resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%sr+r,)rxrvr	rrr-rr.r>ror	Zsemanage_port_query�semanage_port_get_conr3rgr2r4r6r7rqrGrr8)
r*r#r"r;�setyper�r%r'r&rdr�rr9r+r+r,r��s:




zportRecords.__modifycCs$|��|�||||�|��dSr#)r|r;rJ)r*r#r"r;rDr+r+r,r��szportRecords.modifycCs�t|j�\}}|dkr"ttd���|��|D]�}t|�}t|�}t|�}t|�}d||f}|�	||�\}	}
}}|dkr�ttd�|��t
|j|	�}|dkr�ttd�|��t|	�||kr�|}|j�
d|t�|�f�q.|��dS)NrzCould not list the ports�%s-%sr�zCould not delete the port %s�&resrc=port op=delete lport=%s proto=%s)�semanage_port_list_localrorvr	r|�semanage_port_get_proto�semanage_port_get_proto_str�semanage_port_get_low�semanage_port_get_highr.�semanage_port_del_localr6rqrGrr8rJ)r*rd�plistr#r"�	proto_strr'r&Zport_strr�r%r+r+r,r{�s*zportRecords.deleteallc	Cs�|�||�\}}}}t|j|�\}}|dkrBttd�j||d���|s\ttd�j||d���t|j|�\}}|dkr�ttd�j||d���|s�ttd�j||d���t|j|�}|dkr�ttd�j||d���t|�|j	�
d|t�|�f�dS)Nrr=r!rBz;Port {proto}/{port} is defined in policy, cannot be deletedz$Could not delete port {proto}/{port}rF)
r.r>rorvr	r	Zsemanage_port_exists_localrLr6rqrGrr8r?r+r+r,r��s zportRecords.__deletecCs |��|�||�|��dSr#)r|�_portRecords__deleterJ)r*r#r"r+r+r,r�szportRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]N}t|�}t|�}t|�}t	|�}t
|�}	t|�}
t|�}||f||
||	f<qD|S)Nr�Could not list ports)
rGrorM�semanage_port_listrvr	rC�semanage_context_get_type�semanage_context_get_mlsrHrIrJrK)r*r�r�rdr#r9�ctype�levelr"rNr'r&r+r+r,r�
s 
zportRecords.get_allcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]�}t|�}t|�}t|�}t	|�}t
|�}	t|�}
||f|��vr�g|||f<|	|
kr�|||f�
d|	�qD|||f�
d|	|
f�qD|S)NrrPz%dz%d-%d)rGrorMrQrvr	rCrRrHrIrJrKr�r4)r*r�r�rdr#r9rTr"rNr'r&r+r+r,�get_all_by_type!s&
zportRecords.get_all_by_typecCs�g}|�d�}t|���D]�}|d|dkr6|dnd|d|df}||dr�|�d||d||d|d|f�q|�d||d|d|f�q|S)NTrrRrEz-a -t %s -r '%s' -p %s %sr�z-a -t %s -p %s %sr��r*rr�r�r#r+r+r,r9s
,,"zportRecords.customizedrRcCs�|�|�}t|�dkrdSt|���}|rHtdtd�td�td�f�|D]J}d|}|d||d7}||dd�D]}|d	|7}q|t|�qLdS)
Nrz%-30s %-8s %s
zSELinux Port TypeZProto�Port Numberz%-30s %-8s �%srR�, %s)rVr`r�r�r�r	�r*r�r�r�r�r�r�rr+r+r,r�Ds
zportRecords.list)N)r)r)rRr)rMrNrOrr-r.r<r�r:r;r�r{rOr�r�rVrr�r+r+r+r,r-s
 :	
*

rc@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�
ibpkeyRecordsNcCsTt�||�z6ttt�|j��dgd�}tdd�|��D��|_	WnYn0dS)NZibpkey_type��attrscss|]}t|�VqdSr#�r7r�r+r+r,�	<genexpr>[r�z)ibpkeyRecords.__init__.<locals>.<genexpr>)
rhr-rrrr�get_store_policyrjr��resultsr�r*rl�qr+r+r,r-WszibpkeyRecords.__init__cCs�|dkrttd���|�d�}t|�dkr>t|dd�}}nt|dd�}t|dd�}|dkrnttd���t|j|||�\}}|dkr�ttd�j||d	���||||fS)
Nr
zSubnet Prefix is requiredr/rRrr zInvalid Pkeyz1Could not create a key for {subnet_prefix}/{pkey}��
subnet_prefix�pkey)rvr	r�r`r$Zsemanage_ibpkey_key_createror	)r*rgrfZpkeysr&r'rdr�r+r+r,r(_s
zibpkeyRecords.__genkeycCs tdkr|dkrd}nt|�}|dkr2ttd���t�|�}||jvrVttd�|��|�||�\}}}}t|j	�\}}	|dkr�ttd�j
||d���t|j	|	|�t|	||�t
|j	�\}}
|dkr�ttd	�j
||d���t|j	|
d
�}|dk�r
ttd�j
||d���t|j	|
d�}|dk�r8ttd
�j
||d���t|j	|
|�}|dk�rfttd�j
||d���tdk�r�|dk�r�t|j	|
|�}|dk�r�ttd�j
||d���t|j	|	|
�}|dk�r�ttd�j
||d���t|j	||	�}|dk�rttd�j
||d���t|
�t|�t|	�dS)NrRr
rr)�)Type %s is invalid, must be a ibpkey typerz2Could not create ibpkey for {subnet_prefix}/{pkey}rez3Could not create context for {subnet_prefix}/{pkey}r+z?Could not set user in ibpkey context for {subnet_prefix}/{pkey}r,z?Could not set role in ibpkey context for {subnet_prefix}/{pkey}z?Could not set type in ibpkey context for {subnet_prefix}/{pkey}zECould not set mls fields in ibpkey context for {subnet_prefix}/{pkey}z7Could not set ibpkey context for {subnet_prefix}/{pkey}z+Could not add ibpkey {subnet_prefix}/{pkey})rxrgrvr	rrr-r�_ibpkeyRecords__genkeyZsemanage_ibpkey_createror	Z!semanage_ibpkey_set_subnet_prefixZsemanage_ibpkey_set_ranger/r0r1r2r3Zsemanage_ibpkey_set_con�semanage_ibpkey_modify_localr5�semanage_ibpkey_key_free�semanage_ibpkey_free)r*rgrfr;r�r�r'r&rdrr9r+r+r,r�rsP







zibpkeyRecords.__addcCsX|��|�||�r<ttd�j||d��|�||||�n|�||||�|��dS)Nz@ibpkey {subnet_prefix}/{pkey} already defined, modifying insteadre)r|�_ibpkeyRecords__existsr�r	r	�_ibpkeyRecords__modify�_ibpkeyRecords__addrJ)r*rgrfr;r�r+r+r,r��szibpkeyRecords.addcCsN|�||�\}}}}t|j|�\}}|dkrBttd�j||d���t|�|S)Nr�;Could not check if ibpkey {subnet_prefix}/{pkey} is definedre)ri�semanage_ibpkey_existsrorvr	Zformnatrk�r*rgrfr�r'r&rdr�r+r+r,r��szibpkeyRecords.__existscCsl|dkr2|dkr2tdkr&ttd���nttd���t�|�}|rZ||jvrZttd�|��|�||�\}}}}t|j|�\}}	|dkr�ttd�j	||d���|	s�ttd	�j	||d���t
|j|�\}}
|dkr�ttd
�j	||d���t|
�}tdk�r|dk�rt|j|t
|��|dk�r*t|j||�t|j||
�}|dk�rXttd�j	||d���t|�t|
�dS)Nr
rRr@rArhrrpre�,ibpkey {subnet_prefix}/{pkey} is not definedz-Could not query ibpkey {subnet_prefix}/{pkey}z.Could not modify ibpkey {subnet_prefix}/{pkey})rxrvr	rrr-rrirqror	Zsemanage_ibpkey_query�semanage_ibpkey_get_conr3rgr2rjrkrl)r*rgrfr;rDr�r'r&rdr�rr9r+r+r,r��s4


zibpkeyRecords.__modifycCs$|��|�||||�|��dSr#)r|rnrJ)r*rgrfr;rDr+r+r,r��szibpkeyRecords.modifyc	Cs�t|j�\}}|dkr"ttd���|��|D]�}t|j|�\}}t|�}t|�}d||f}|�||�\}}}}|dkr�ttd�|��t	|j|�}|dkr�ttd�|��t
|�q.|��dS)NrzCould not list the ibpkeysrEr�zCould not delete the ibpkey %s)�semanage_ibpkey_list_localrorvr	r|�!semanage_ibpkey_get_subnet_prefix�semanage_ibpkey_get_low�semanage_ibpkey_get_highri�semanage_ibpkey_del_localrkrJ)	r*rdrM�ibpkeyrfr'r&Zpkey_strr�r+r+r,r{�s"
zibpkeyRecords.deleteallcCs�|�||�\}}}}t|j|�\}}|dkrBttd�j||d���|s\ttd�j||d���t|j|�\}}|dkr�ttd�j||d���|s�ttd�j||d���t|j|�}|dkr�ttd�j||d���t|�dS)NrrprerszEibpkey {subnet_prefix}/{pkey} is defined in policy, cannot be deletedz.Could not delete ibpkey {subnet_prefix}/{pkey})	rirqrorvr	r	Zsemanage_ibpkey_exists_localryrkrrr+r+r,r��szibpkeyRecords.__deletecCs |��|�||�|��dSr#)r|�_ibpkeyRecords__deleterJ)r*rgrfr+r+r,r�szibpkeyRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]X}t|�}t|�}|dkrbqDt|�}t	|j|�\}}t
|�}	t|�}
||f||	|
|f<qD|S)Nr�Could not list ibpkeysZreserved_ibpkey_t)rurorM�semanage_ibpkey_listrvr	rtrRrSrvrwrx)r*r�r�rdrzr9rTrUrfr'r&r+r+r,r�s"
zibpkeyRecords.get_allc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]�}t|�}t|�}t|j|�\}}t	|�}t
|�}	||f|��vr�g|||f<||	kr�|||f�d|�qD|||f�d||	f�qD|S)Nrr|�0x%xz	0x%x-0x%x)
rurorMr}rvr	rtrRrvrwrxr�r4)
r*r�r�rdrzr9rTrfr'r&r+r+r,rV-s$
zibpkeyRecords.get_all_by_typecCs�g}|�d�}t|���D]�}|d|dkr6|dnd|d|df}||dr�|�d||d||d|d|f�q|�d||d|d|f�q|S)NTrrRrEz-a -t %s -r '%s' -x %s %sr�z-a -t %s -x %s %sr�rWr+r+r,rDs
,,"zibpkeyRecords.customizedrRcCs�|�|�}|��}t|�dkr"dS|rDtdtd�td�td�f�t|�D]J}d|}|d||d7}||dd�D]}|d	|7}q|t|�qLdS)
Nr�%-30s %-18s %s
zSELinux IB Pkey TypeZ
Subnet_PrefixzPkey Number�%-30s %-18s rYrRrZ�rVr�r`r�r	r�r[r+r+r,r�Ps
zibpkeyRecords.list)N)r)r)rRr)rMrNrOrr-riror�rmrnr�r{r{r�r�rVrr�r+r+r+r,r\Ss
8	
&

r\c@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�ibendportRecordsNcCsTt�||�z6ttt�|j��dgd�}tdd�|��D��|_	WnYn0dS)NZibendport_typer]css|]}t|�VqdSr#r_r�r+r+r,r`gr�z,ibendportRecords.__init__.<locals>.<genexpr>)
rhr-rrrrrarj�setrbrrcr+r+r,r-cszibendportRecords.__init__cCsr|dkrttd���t|�}|dks,|dkr8ttd���t|j||�\}}|dkrhttd�j||d���|||fS)	Nr
zIB device name is required�rRzInvalid Port Numberrz=Could not create a key for ibendport {ibdev_name}/{ibendport}��
ibdev_name�	ibendport)rvr	r$Zsemanage_ibendport_key_createror	)r*r�r�r#rdr�r+r+r,r(kszibendportRecords.__genkeyc
Cstdkr|dkrd}nt|�}|dkr2ttd���t�|�}||jvrVttd�|��|�||�\}}}t|j	�\}}|dkr�ttd�j
||d���t|j	||�t||�t
|j	�\}}	|dkr�ttd	�j
||d���t|j	|	d
�}|dk�rttd�j
||d���t|j	|	d�}|dk�r4ttd
�j
||d���t|j	|	|�}|dk�rbttd�j
||d���tdk�r�|dk�r�t|j	|	|�}|dk�r�ttd�j
||d���t|j	||	�}|dk�r�ttd�j
||d���t|j	||�}|dk�rttd�j
||d���t|	�t|�t|�dS)NrRr
rr)�-Type %s is invalid, must be an ibendport typerz2Could not create ibendport for {ibdev_name}/{port}�r�r#z/Could not create context for {ibendport}/{port}r+z?Could not set user in ibendport context for {ibdev_name}/{port}r,z?Could not set role in ibendport context for {ibdev_name}/{port}z?Could not set type in ibendport context for {ibdev_name}/{port}zECould not set mls fields in ibendport context for {ibdev_name}/{port}z7Could not set ibendport context for {ibdev_name}/{port}z+Could not add ibendport {ibdev_name}/{port})rxrgrvr	rrr-r�_ibendportRecords__genkeyZsemanage_ibendport_createror	Z!semanage_ibendport_set_ibdev_nameZsemanage_ibendport_set_portr/r0r1r2r3Zsemanage_ibendport_set_con�semanage_ibendport_modify_localr5�semanage_ibendport_key_free�semanage_ibendport_free)
r*r�r�r;r�r�r#rdrr9r+r+r,r�ysP








zibendportRecords.__addcCsX|��|�||�r<ttd�j|td��|�||||�n|�||||�|��dS)Nz@ibendport {ibdev_name}/{port} already defined, modifying insteadr�)	r|�_ibendportRecords__existsr�r	r	r#�_ibendportRecords__modify�_ibendportRecords__addrJ)r*r�r�r;r�r+r+r,r��szibendportRecords.addcCsL|�||�\}}}t|j|�\}}|dkr@ttd�j||d���t|�|S)Nrz;Could not check if ibendport {ibdev_name}/{port} is definedr�)r��semanage_ibendport_existsrorvr	r	r��r*r�r�r�r#rdr�r+r+r,r��szibendportRecords.__existscCsj|dkr2|dkr2tdkr&ttd���nttd���t�|�}|rZ||jvrZttd�|��|�||�\}}}t|j|�\}}|dkr�ttd�j	||d���|s�ttd	�j	||d���t
|j|�\}}	|dkr�ttd
�j	||d���t|	�}
tdk�r|dk�rt|j|
t
|��|dk�r(t|j|
|�t|j||	�}|dk�rVttd�j	||d���t|�t|	�dS)Nr
rRr@rAr�r�@Could not check if ibendport {ibdev_name}/{ibendport} is definedr��1ibendport {ibdev_name}/{ibendport} is not definedz2Could not query ibendport {ibdev_name}/{ibendport}z3Could not modify ibendport {ibdev_name}/{ibendport})rxrvr	rrr-rr�r�ror	Zsemanage_ibendport_query�semanage_ibendport_get_conr3rgr2r�r�r�)r*r�r�r;rDr�r#rdr�rr9r+r+r,r��s4


zibendportRecords.__modifycCs$|��|�||||�|��dSr#)r|r�rJ)r*r�r�r;rDr+r+r,r��szibendportRecords.modifycCs�t|j�\}}|dkr"ttd���|��|D]�}t|j|�\}}t|�}|�t|�|�\}}}|dkr~ttd�j	||d���t
|j|�}|dkr�ttd�j	||d���t|�q.|��dS)NrzCould not list the ibendportsz.Could not create a key for {ibdev_name}/{port}r�z2Could not delete the ibendport {ibdev_name}/{port})
�semanage_ibendport_list_localrorvr	r|�!semanage_ibendport_get_ibdev_name�semanage_ibendport_get_portr�r7r	�semanage_ibendport_del_localr�rJ)r*rdrMr�r�r#r�r+r+r,r{�s
zibendportRecords.deleteallcCs�|�||�\}}}t|j|�\}}|dkr@ttd�j||d���|sZttd�j||d���t|j|�\}}|dkr�ttd�j||d���|s�ttd�j||d���t|j|�}|dkr�ttd�j||d���t|�dS)Nrr�r�r�zJibendport {ibdev_name}/{ibendport} is defined in policy, cannot be deletedz3Could not delete ibendport {ibdev_name}/{ibendport})	r�r�rorvr	r	Zsemanage_ibendport_exists_localr�r�r�r+r+r,r�szibendportRecords.__deletecCs |��|�||�|��dSr#)r|�_ibendportRecords__deleterJ)r*r�r�r+r+r,r�szibendportRecords.deleterc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]N}t|�}t|�}|dkrbqDt|�}t	|j|�\}}t
|�}	||f||	|f<qD|S)Nr�Could not list ibendportsZreserved_ibendport_t)r�rorM�semanage_ibendport_listrvr	r�rRrSr�r�)
r*r�r�rdr�r9rTrUr�r#r+r+r,r�s 
zibendportRecords.get_allc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]^}t|�}t|�}t|j|�\}}t	|�}||f|�
�vr�g|||f<|||f�d|�qD|S)Nrr�r~)r�rorMr�rvr	r�rRr�r�r�r4)	r*r�r�rdr�r9rTr�r#r+r+r,rV0s
z ibendportRecords.get_all_by_typec	Cs�g}|�d�}t|���D]d}||drZ|�d||d||d|d|df�q|�d||d|d|df�q|S)NTrRz-a -t %s -r '%s' -z %s %srz-a -t %s -z %s %sr�r�r+r+r,rCs
0&zibendportRecords.customizedrRcCs�|�|�}|��}t|�dkr"dS|rDtdtd�td�td�f�t|�D]J}d|}|d||d7}||dd�D]}|d	|7}q|t|�qLdS)
NrrzSELinux IB End Port TypezIB Device NamerXr�rYrRrZr�r[r+r+r,r�Ns
zibendportRecords.list)N)r)r)rRr)rMrNrOrr-r�r�r�r�r�r�r{r�r�r�rVrr�r+r+r+r,r�_s
7	
&

r�c@s~eZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
ddd�Zdd�Zd dd�ZdS)!�nodeRecordsNcCsRt�||�ddg|_z$ttt�tjd��dd�|_WntyLYn0dS)N�ipv4Zipv6Z	node_typerr)	rhr-�protocolr�rrr�rrrr�r+r+r,r-as
$znodeRecords.__init__c	Cs�|}|}d}|dkr ttd���t|�dks8|ddkrdt�||�}t|j�}t|j�}d|j}z|j	�
|�}Wnttd���Yn0zt�|�}Wn(|dkr�tj
}nttd���Yn0||||fS)Nr
zNode Address is requiredrr�zipv%dzUnknown or missing protocolr�)rvr	r`�	ipaddressZ
ip_networkr7Znetwork_addressZnetmask�versionr��indexrr8ZIPPROTO_IPIP)	r*�addr�maskr�ZnewaddrZnewmaskZnewprotocolr�Zaudit_protocolr+r+r,�validateis*


znodeRecords.validatec
Csf|�|||�\}}}}tdkr4|dkr,d}nt|�}|dkrHttd���t�|�}||jvrlttd�|��t|j	|||�\}}|dkr�ttd�|��t
|j	�\}}	|dkr�ttd�|��t|	|�t|j	|	||�}t
|j	�\}}
|dkr�ttd	�|��t|j	|	||�}|dk�r(ttd
�|��t|j	|
d�}|dk�rPttd�|��t|j	|
d
�}|dk�rxttd�|��t|j	|
|�}|dk�r�ttd�|��tdk�r�|dk�r�t|j	|
|�}|dk�r�ttd�|��t|j	|	|
�}|dk�rttd�|��t|j	||	�}|dk�r,ttd�|��t|
�t|�t|	�|j�d|||dd
||f�dS)NrRr
rzSELinux node type is required�'Type %s is invalid, must be a node typer�Could not create key for %szCould not create addr for %s�Could not create context for %szCould not set mask for %sr+z)Could not set user in addr context for %sr,z)Could not set role in addr context for %sz)Could not set type in addr context for %sz/Could not set mls fields in addr context for %sz!Could not set addr context for %szCould not add addr %szCresrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s)r�rxrgrvr	rrr-r�semanage_node_key_createroZsemanage_node_createZsemanage_node_set_protoZsemanage_node_set_addrr/Zsemanage_node_set_maskr0r1r2r3Zsemanage_node_set_con�semanage_node_modify_localr5�semanage_node_key_free�semanage_node_freerqrG)r*r�r�r"r;rT�audit_protordr��noder9r+r+r,r��s^









znodeRecords.__addcCsX|��|�|||�r:ttd�|�|�|||||�n|�|||||�|��dS)Nz*Addr %s already defined, modifying instead)r|�_nodeRecords__existsr�r	�_nodeRecords__modify�_nodeRecords__addrJ)r*r�r�r"r;rTr+r+r,r��sznodeRecords.addcCsv|�|||�\}}}}t|j|||�\}}|dkrBttd�|��t|j|�\}}|dkrjttd�|��t|�|S)Nrr��%Could not check if addr %s is defined)r�r�rorvr	�semanage_node_existsr��r*r�r�r"r�rdr�r�r+r+r,r��sznodeRecords.__existsc
Cs�|�|||�\}}}}|dkr2|dkr2ttd���t�|�}|rZ||jvrZttd�|��t|j|||�\}}|dkr�ttd�|��t|j|�\}}	|dkr�ttd�|��|	s�ttd�|��t	|j|�\}}
|dkr�ttd�|��t
|
�}td	k�r|dk�rt|j|t
|��|dk�r0t|j||�t|j||
�}|dk�rXttd
�|��t|�t|
�|j�d|||dd
||f�dS)Nr
r@r�rr�r��Addr %s is not definedzCould not query addr %srRzCould not modify addr %szFresrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%sr+r,)r�rvr	rrr-rr�ror�Zsemanage_node_query�semanage_node_get_conrxr3rgr2r�r�r�rqrG)r*r�r�r"r;rDr�rdr�r�r�r9r+r+r,r��s8


znodeRecords.__modifycCs&|��|�|||||�|��dSr#)r|r�rJ)r*r�r�r"r;rDr+r+r,r�sznodeRecords.modifycCs|�|||�\}}}}t|j|||�\}}|dkrBttd�|��t|j|�\}}|dkrjttd�|��|s~ttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|j	�
d|||f�dS)Nrr�r�r�z/Addr %s is defined in policy, cannot be deletedzCould not delete addr %sz1resrc=node op=delete laddr=%s netmask=%s proto=%s)r�r�rorvr	r�Zsemanage_node_exists_localZsemanage_node_del_localr�rqrGr�r+r+r,r�s&znodeRecords.__deletecCs"|��|�|||�|��dSr#)r|�_nodeRecords__deleterJ)r*r�r�r"r+r+r,r�,sznodeRecords.deletecCspt|j�\}}|dkr"ttd���|��|D]4}|�t|j|�dt|j|�d|jt	|��q.|�
�dS)Nrz!Could not deleteall node mappingsrR)�semanage_node_list_localrorvr	r|r��semanage_node_get_addr�semanage_node_get_maskr��semanage_node_get_protorJ)r*rdZnlistr�r+r+r,r{1s2znodeRecords.deleteallrc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]`}t|�}t|j|�}t|j|�}|j	t
|�}t|�t|�t
|�t|�f||d|d|f<qD|S)NrzCould not list addrsrR)r�ro�ilistZsemanage_node_listrvr	r�r�r�r�r��semanage_context_get_user�semanage_context_get_rolerRrS)	r*r�r�rdr�r9r�r�r"r+r+r,r�;s
0znodeRecords.get_allc
Cs�g}|�d�}t|���D]p}||dr`|�d|d|d||d||d|df�q|�d|d|d||d|df�q|S)NTrz-a -M %s -p %s -t %s -r '%s' %srRr�rz-a -M %s -p %s -t %s %sr�r�r+r+r,rMs
6,znodeRecords.customizedrRcCs�|�|�}t|�dkrdSt|���}|r6tdd�tr�|D]n}d}|D]}|dt|�}qJtd|d|d|d||d||d||dt||d	d
�f�q>nF|D]@}td|d|d|d||d||d||df�q�dS)Nrz%-18s %-18s %-5s %-5s
)z
IP AddressZNetmask�Protocol�Contextr
�	z%-18s %-18s %-5s %s:%s:%s:%s rRr�rFz%-18s %-18s %-5s %s:%s:%s )r�r`r�r�r�rxr7rf)r*r�r�r�r�r��val�fieldsr+r+r,r�Ws
PznodeRecords.list)N)r)rRr)rMrNrOrr-r�r�r�r�r�r�r�r�r{r�rr�r+r+r+r,r�]s
"B	(


r�c@sreZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zdd�Z	dd�Z
dd�Zddd�Zdd�Z
ddd�ZdS)�interfaceRecordsNcCst�||�dSr#r�r�r+r+r,r-lszinterfaceRecords.__init__cCstdkr|dkrd}nt|�}|dkr2ttd���t|j|�\}}|dkrZttd�|��t|j�\}}|dkr�ttd�|��t|j||�}t|j�\}}|dkr�ttd�|��t	|j|d	�}|dkr�ttd
�|��t
|j|d�}|dk�rttd�|��t|j||�}|dk�r*ttd
�|��tdk�rf|dk�rft|j||�}|dk�rfttd�|��t
|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|�t|�t|�|j�d|d	d||f�dS)NrRr
r�SELinux Type is requiredrr�z!Could not create interface for %sr�r+z.Could not set user in interface context for %sr,z.Could not set role in interface context for %sz.Could not set type in interface context for %sz4Could not set mls fields in interface context for %sz&Could not set interface context for %sz$Could not set message context for %szCould not add interface %sz4resrc=interface op=add netif=%s tcontext=%s:%s:%s:%s)rxrgrvr	�semanage_iface_key_createroZsemanage_iface_createZsemanage_iface_set_namer/r0r1r2r3Zsemanage_iface_set_ifconZsemanage_iface_set_msgcon�semanage_iface_modify_localr5�semanage_iface_key_free�semanage_iface_freerqrG)r*�	interfacer;rTrdr��ifacer9r+r+r,r�osT





zinterfaceRecords.__addcCsL|��|�|�r2ttd�|�|�|||�n|�|||�|��dS)Nz/Interface %s already defined, modifying instead)r|�_interfaceRecords__existsr�r	�_interfaceRecords__modify�_interfaceRecords__addrJ)r*r�r;rTr+r+r,r��s
zinterfaceRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)Nrr��*Could not check if interface %s is defined)r�rorvr	�semanage_iface_existsr��r*r�rdr�r�r+r+r,r��szinterfaceRecords.__existsc	Cs>|dkr|dkrttd���t|j|�\}}|dkrDttd�|��t|j|�\}}|dkrlttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}tdkr�|dkr�t|j|t	|��|dkr�t
|j||�t|j||�}|dk�rttd	�|��t|�t
|�|j�d
|dd||f�dS)
Nr
r@rr�r��Interface %s is not definedzCould not query interface %srRzCould not modify interface %sz7resrc=interface op=modify netif=%s tcontext=%s:%s:%s:%sr+r,)rvr	r�ror�Zsemanage_iface_query�semanage_iface_get_ifconrxr3rgr2r�r�r�rqrG)	r*r�r;rDrdr�r�r�r9r+r+r,r��s0
zinterfaceRecords.__modifycCs"|��|�|||�|��dSr#)r|r�rJ)r*r�r;rDr+r+r,r��szinterfaceRecords.modifycCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|j�	d|�dS)Nrr�r�r�z4Interface %s is defined in policy, cannot be deletedzCould not delete interface %sz"resrc=interface op=delete netif=%s)
r�rorvr	r�Zsemanage_iface_exists_localZsemanage_iface_del_localr�rqrGr�r+r+r,r��s$zinterfaceRecords.__deletecCs|��|�|�|��dSr#)r|�_interfaceRecords__deleterJ)r*r�r+r+r,r��s
zinterfaceRecords.deletecCsNt|j�\}}|dkr"ttd���|��|D]}|�t|��q.|��dS)Nrz(Could not delete all interface  mappings)�semanage_iface_list_localrorvr	r|r��semanage_iface_get_namerJ)r*rdr�r�r+r+r,r{	szinterfaceRecords.deleteallrcCszi}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]0}t|�}t|�t|�t	|�t
|�f|t|�<qD|S)NrzCould not list interfaces)r�ror�Zsemanage_iface_listrvr	r�r�r�rRrSr�)r*r�r�rdr�r9r+r+r,r�
	s
&zinterfaceRecords.get_allcCspg}|�d�}t|���D]P}||drP|�d||d||d|f�q|�d||d|f�q|S)NTrz-a -t %s -r '%s' %sr�z-a -t %s %sr�r�r+r+r,r	s
&zinterfaceRecords.customizedrRc
Cs�|�|�}t|�dkrdSt|���}|rBtdtd�td�f�tr�|D]@}td|||d||d||dt||dd	�f�qJn6|D]0}td
|||d||d||df�q�dS)Nrz	%-30s %s
zSELinux Interfacer�z%-30s %s:%s:%s:%s rRr�rFz%-30s %s:%s:%s )r�r`r�r�r�r	rxrfrr+r+r,r�&	s
@zinterfaceRecords.list)N)r)rRr)rMrNrOr-r�r�r�r�r�r�r�r{r�rr�r+r+r+r,r�js
:	"


r�c@s�eZdZgZd(dd�Zdd�Zdd�Zdd	�Zd)dd�Zd
d�Z	d*dd�Z
d+dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zd,d!d"�Zd#d$�Zd-d&d'�ZdS).�fcontextRecordsNcCsvt�||�zLttt�tjd��dd�|_|jttt�tjd��dd�7_WntyjYn0i|_i|_	d|_
z`tt�
�d�}|��D]<}|��}t|�dkr�q�|�d�r�q�|��\}}||j|<q�|��Wnty�Yn0zjtt��d�}|��D]F}|��}t|�dk�r(�q
|�d��r8�q
|��\}}||j	|<�q
|��Wnt�ypYn0dS)NZ	file_typerrZdevice_nodeFr�#)rhr-r�rrr�rrr�equiv�
equiv_dist�	equal_indr�r_�selinux_file_context_subs_path�	readlines�stripr`r�r�r��IOErrorZ#selinux_file_context_subs_dist_path)r*rlr�r��target�
substituter+r+r,r-:	sF ,
zfcontextRecords.__init__cCs�|jr�t��}d|}t|d�}|j��D]}|�d||j|f�q*|��zt�	|t�
|�t
j�WnYn0t�||�d|_t
�|�dS)Nz%s.tmp�wz%s %s
F)r�r_r�r�r�r��writer�r��chmod�stat�ST_MODE�renamerhrJ)r*Z	subs_fileZtmpfiler�r�r+r+r,rJ`	s
zfcontextRecords.commitc	CsD|��|dkr,|ddkr,ttd�|��|dkrP|ddkrPttd�|��||j��vr�ttd�|�||j|<d|_|j�dt	�
d|d	�t	�
d
|d	�f�|��dS|�|�|j|j
fD]6}|D],}|�|d�r�ttd�||||f��q�q�|j�dt	�
d|d	�t	�
d
|d	�f�||j|<d|_|��dS)
Nr����z=Target %s is not valid. Target is not allowed to end with '/'zESubstitute %s is not valid. Substitute is not allowed to end with '/'z:Equivalence class for %s already exists, modifying insteadT�$resrc=fcontext op=modify-equal %s %s�sglobr�tglobz4File spec %s conflicts with equivalency rule '%s %s'z!resrc=fcontext op=add-equal %s %s)r|rvr	r�r�r�r�rqrGr$�audit_encode_nv_stringrJr�r�r�)r*r�r��fdictr�r+r+r,�	add_equalp	s*
(
(
zfcontextRecords.add_equalc	Csj|��||j��vr&ttd�|��||j|<d|_|j�dt�	d|d�t�	d|d�f�|�
�dS)Nz'Equivalence class for %s does not existTr�r�rr�)r|r�r�rvr	r�rqrGr$r�rJ)r*r�r�r+r+r,�modify_equal�	s
(zfcontextRecords.modify_equalr+cCs�t|j�\}}|dkr&ttd�|��|dkr2d}t|j||�}|dkrXttd�|��t|j|d�}|dkr~ttd�|��tdkr�t|j|d	�}|dkr�ttd
�|��|S)Nrr�r
r+z)Could not set user in file context for %sr,z)Could not set role in file context for %srRr�/Could not set mls fields in file context for %s)r/rorvr	r0r1rxr3)r*r�rrdr9r+r+r,�	createcon�	s zfcontextRecords.createconcCs�|dks|�d�dkr"ttd���|�d�dkr<ttd���|j|jfD]J}|D]@}|�|d�rPt�||||�}ttd	�|||||f��qPqHdS)
Nr
�
rzInvalid file specificationr�r�z)File specification can not include spacesr�zMFile spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead)�findrvr	r�r�r�rW�sub)r*r�r�r�r�r+r+r,r��	szfcontextRecords.validater
c
	Cs�|�|�tdkrt|�}|dkr.ttd���|dkrZt�|�}||jvrZttd�|��t|j	|t
|�\}}|dkr�ttd�|��t|j	�\}}|dkr�ttd�|��t|j	||�}|dk�r\|�
||�}	t|j	|	|�}|dkr�ttd	�|��tdk�r4|dk�r4t|j	|	|�}|dk�r4ttd
�|��t|j	||	�}|dk�r\ttd�|��t|t
|�t|j	||�}|dk�r�ttd�|��|dk�r�t|	�t|�t|�|�s�d
}|j�dt�d|d�t||d||f�dS)NrRr
r��<<none>>�1Type %s is invalid, must be a file or device typerr�z$Could not create file context for %sz)Could not set type in file context for %sr��!Could not set file context for %sz!Could not add file context for %sr+z6resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%sr�r,)r�rxrgrvr	rrr-r�semanage_fcontext_key_createro�
file_typesZsemanage_fcontext_createZsemanage_fcontext_set_exprr�r2r3�semanage_fcontext_set_conZsemanage_fcontext_set_type�semanage_fcontext_modify_localr5�semanage_fcontext_key_free�semanage_fcontext_freerqrGr$r��ftype_to_audit)
r*r�r��ftyper;rrdr��fcontextr9r+r+r,r��	sN







zfcontextRecords.__addcCsV|��|�||�r8ttd�|�|�|||||�n|�|||||�|��dS)Nz6File context for %s already defined, modifying instead)r|�_fcontextRecords__existsr�r	�_fcontextRecords__modify�_fcontextRecords__addrJ)r*r�r�r�r;rr+r+r,r��	szfcontextRecords.addcCs�t|j|t|�\}}|dkr.ttd�|��t|j|�\}}|dkrVttd�|��|s�t|j|�\}}|dkr�ttd�|��t|�|S)Nrr��1Could not check if file context for %s is defined)r�ror�rvr	�semanage_fcontext_exists�semanage_fcontext_exists_localr��r*r�r�rdr�r�r+r+r,r��	szfcontextRecords.__existsc	Cs�|dkr$|dkr$|dkr$ttd���|dvrPt�|�}||jvrPttd�|��|�|�t|j|t|�\}}|dkr�ttd�|��t	|j|�\}}|dkr�ttd�|��|r�zt
|j|�\}}	Wn"ty�ttd�|��Yn0nzt|j|�\}}|dk�rttd�|��|�s.ttd	�|��zt
|j|�\}}	Wn$t�yfttd�|��Yn0|d
k�rt|	�}
|
du�r�|�|�}
tdk�r�|dk�r�t|j|
t|��|dk�r�t|j|
|�|dk�r�t|j|
|�t|j|	|
�}|dk�r6ttd�|��n(t|j|	d�}|dk�r6ttd�|��t|j||	�}|dk�r^ttd
�|��t|�t|	�|�sxd}|j�dt�d|d�t||d||f�dS)Nr
z"Requires setype, serange or seuser)r
r�r�rr�rz#Could not query file context for %s�"File context for %s is not definedr�rRr�z$Could not modify file context for %sr+z9resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%sr�r,)rvr	rrr-rr�r�ror�rZsemanage_fcontext_query�OSErrorrZsemanage_fcontext_query_local�semanage_fcontext_get_conr�rxr3rgr0r2r�r�r�r�rqrGr$r�r�)r*r�rDr�r;rrdr�r�rr9r+r+r,r�	
sf











zfcontextRecords.__modifycCs&|��|�|||||�|��dSr#)r|rrJ)r*r�rDr�r;rr+r+r,r�L
szfcontextRecords.modifyc	Cs�t|j�\}}|dkr"ttd���|��|D]�}t|�}t|�}t|�}t|j|t	|�\}}|dkrxttd�|��t
|j|�}|dkr�ttd�|��t|�|j�
dt�d|d�tt|f�q.i|_d|_|��dS)Nrz Could not list the file contextsr�z$Could not delete the file context %s�$resrc=fcontext op=delete %s ftype=%sr�T)�semanage_fcontext_list_localrorvr	r|�semanage_fcontext_get_expr�semanage_fcontext_get_type�semanage_fcontext_get_type_strr�r��semanage_fcontext_del_localr�rqrGr$r�r��file_type_str_to_optionr�r�rJ)r*rd�flistrr�r��	ftype_strr�r+r+r,r{Q
s&(zfcontextRecords.deleteallcCs:||j��vr>|j�|�d|_|j�dt�d|d��dSt|j	|t
|�\}}|dkrlttd�|��t
|j	|�\}}|dkr�ttd�|��|s�t|j	|�\}}|dkr�ttd�|��|r�ttd�|��nttd�|��t|j	|�}|dk�rttd	�|��t|�|j�d
t�d|d�t|f�dS)NTz!resrc=fcontext op=delete-equal %sr�rr�rz;File context for %s is defined in policy, cannot be deletedrz$Could not delete file context for %sr)r�r��popr�rqrGr$r�r�ror�rvr	rrrr�r�rr+r+r,r�k
s.
zfcontextRecords.__deletecCs |��|�||�|��dSr#)r|�_fcontextRecords__deleterJ)r*r�r�r+r+r,r��
szfcontextRecords.deletercCs|rt|j�\}|_n�t|j�\}|_|dkr:ttd���t|j�\}}|dkr\ttd���t|j�\}}|dkr~ttd���|j|7_|j|7_i}|jD]Z}t|�}t|�}t	|�}	t
|�}
|
r�t|
�t|
�t
|
�t|
�f|||	f<q�|
|||	f<q�|S)NrzCould not list file contextsz1Could not list file contexts for home directoriesz"Could not list local file contexts)rrorZsemanage_fcontext_listrvr	Zsemanage_fcontext_list_homedirsr
rrr
r�r�rRrS)r*r�rdZ
fchomedirsZfclocalr�r�exprr�rr9r+r+r,r��
s.
&zfcontextRecords.get_allc	Cs�g}|�d�}|��D]t}||r||drb|�dt|d||d||d|df�q|�dt|d||d|df�qt|j�r�|j��D]}|�d|j||f�q�|S)	NTrz-a -f %s -t %s -r '%s' '%s'rRr�rz-a -f %s -t %s '%s'z-a -e %s %s)r�r�r4rr`r�)r*r�	fcon_dictr�r�r+r+r,r�
s
4*
zfcontextRecords.customizedrRcCs�|�|�}t|�dk�r|r:tdtd�td�td�f�|rH|��}nt|���}|D]�}||r�tr�td|d|d||d||d||dt||d	d
�f�n6td|d|d||d||d||df�qXtd|d|df�qXt|j��rN|�sN|�r&ttd
��|j��D]}td||j|f��q0t|j	��r�|�rlttd��|j	��D]}td||j	|f��qvdS)Nrz%-50s %-18s %s
zSELinux fcontextr�r�z%-50s %-18s %s:%s:%s:%s rRr�rFz%-50s %-18s %s:%s:%s z%-50s %-18s <<None>>z,
SELinux Distribution fcontext Equivalence 
z%s = %sz%
SELinux Local fcontext Equivalence 
)
r�r`r�r	r�r�rxrfr�r�)r*r�r�rZfkeysr�r�r+r+r,r��
s0

H8zfcontextRecords.list)N)r+)r
r
r+)r
r
r+)r)rRr)rMrNrOrr-rJr�r�r�r�rr�rrr�r{rr�r�rr�r+r+r+r,r�6	s$
&

6
	C!
 r�c@sleZdZddd�Zdd�Zddd�Zd	d
�Zdd�Zd
d�Zddd�Z	dd�Z
dd�Zdd�Zddd�Z
dS)�booleanRecordsNcCs�t�||�i|_d|jd<d|jd<d|jd<d|jd<d|jd<d|jd<zt��\}|_t��\}}Wng|_d}Yn0|jd	ks�|j|kr�d
|_nd|_dS)NrRZTRUErZFALSEZONZOFF�1�0r
TF)	rhr-�dictr_Zsecurity_get_boolean_names�current_booleansrprj�modify_local)r*rlrdZptyper+r+r,r-�
s"






zbooleanRecords.__init__cCsNt�|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|��|j	vr�t
||j	|���nttd�d�|j	�����|j
�r||jv�rt|j||�}|dk�rttd�|��t|j||�}|dk�r:ttd	�|��t|�t|�dS)
Nrr��(Could not check if boolean %s is defined�Boolean %s is not definedzCould not query file context %sz0You must specify one of the following values: %sz, z(Could not set active value of boolean %szCould not modify boolean %s)r_�selinux_boolean_sub�semanage_bool_key_createrorvr	�semanage_bool_existsZsemanage_bool_query�upperrZsemanage_bool_set_valuer�r�rrZsemanage_bool_set_activeZsemanage_bool_modify_local�semanage_bool_key_freeZsemanage_bool_free)r*r9�valuerdr�r�rr+r+r,Z__mod�
s0


zbooleanRecords.__modFc	Cs�|��|r�t|�}|���d�D]j}|��}t|�dkr<q"z|�d�\}}Wn(tyvttd�j||d���Yn0|�	|��|���q"|�
�n|�	||�|��dS)Nr�r�=z&Bad format {filename}: Record {record})�filename�record)r|r�r�r�r�r`rvr	r	�_booleanRecords__modr�rJ)r*r9r%�use_filer�rZboolnamer�r+r+r,r�s
zbooleanRecords.modifycCs�t�|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t	|�dS)Nrr�rrz2Boolean %s is defined in policy, cannot be deletedzCould not delete boolean %s)
r_r r!rorvr	r"Zsemanage_bool_exists_localZsemanage_bool_del_localr$r�r+r+r,r�,s$
zbooleanRecords.__deletecCs|��|�|�|��dSr#)r|�_booleanRecords__deleterJ�r*r9r+r+r,r�Ds
zbooleanRecords.deletecCsVt|j�\}|_|dkr$ttd���|��|jD]}t|�}|�|�q2|��dS�NrzCould not list booleans)	�semanage_bool_list_localro�blistrvr	r|�semanage_bool_get_namer+rJ)r*rd�booleanr9r+r+r,r{Is
zbooleanRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���|jD]t}g}t|�}|�t|��|j	r�||j
vr�|�t�|��|�t�
|��n|�|d�|�|d�|||<qD|Sr-)r.ror/Zsemanage_bool_listrvr	r0r4Zsemanage_bool_get_valuerrr_Zsecurity_get_boolean_pendingZsecurity_get_boolean_active)r*r�r�rdr1r%r9r+r+r,r�Vs"

zbooleanRecords.get_allcCst�|�}t�|�Sr#)r_r rrZboolean_descr,r+r+r,�get_descms
zbooleanRecords.get_desccCst�|�}t�|�Sr#)r_r rrZboolean_categoryr,r+r+r,�get_categoryqs
zbooleanRecords.get_categorycCsFg}|�d�}t|���D]&}||r|�d||d|f�q|S)NTz	-m -%s %sr�r�r�r+r+r,rus
zbooleanRecords.customizedTc	Cs�td�td�f}|rT|�|�}t|���D]$}||r*td|||df�q*dS|�|�}t|�dkrndS|r�tdtd�td�td	�td
�f�t|���D]>}||r�td||||d|||d|�|�f�q�dS)Nr�r�z%s=%sr�rz%-30s %s  %s %s
zSELinux boolean�StateZDefaultZDescriptionz%-30s (%-5s,%5s)  %s)r	r�r�r�r�r`r2)r*r�r�r*Zon_offr�r�r+r+r,r�}s

$zbooleanRecords.list)N)NF)r)TFF)rMrNrOr-r)r�r+r�r{r�r2r3rr�r+r+r+r,r�
s


r)rR)rR)>r�r�r_r�rWr5r�rrEZPROGNAMErrZsetools.policyreprZsetools.typequeryrr��gettext�kwargs�version_info�translationr�r	�builtinsr7�__dict__�ImportErrorZ__builtin__rrSr�ZSEMANAGE_FCONTEXT_ALLZSEMANAGE_FCONTEXT_REGZSEMANAGE_FCONTEXT_DIRZSEMANAGE_FCONTEXT_CHARZSEMANAGE_FCONTEXT_BLOCKZSEMANAGE_FCONTEXT_SOCKZSEMANAGE_FCONTEXT_LINKZSEMANAGE_FCONTEXT_PIPErr�r$Zaudit_closer%r"r	rTr\rfrgrhr�r�r�r�r�rr\r�r�r�r�rr+r+r+r,�<module>s�

���
�	�
$$	

ik
C(M.

EliteHackz.ORG
Revonzy Mini Shell
root@revonzy.com

Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4