| Şuanki Dizin: /usr/lib64/python3.9/site-packages/setools/__pycache__/ |
| Şuanki Dosya : //usr/lib64/python3.9/site-packages/setools/__pycache__/dta.cpython-39.pyc |
a
q�qe�Z�@sddlZddlZddlmZddlmZddlmZmZm Z m
Z
m
Z
m
Z
z ddl
ZddlmZmZmZWn"ey�e�e��d�Yn0ddlmZmZdd lmZm
Z
m
Z
m
Z
gd
�Z Gd
d
�d
e
�Z Gd
d�de
�Z!ee!Z"ee
e efZ#Gdd�d�Z$Gdd�d�Z%dS)�N��
defaultdict)�suppress)�
DefaultDict�Iterable�List�
NamedTuple�Optional�Union)�
NetworkXError�NetworkXNoPath�
NodeNotFoundzNetworkX failed to import.�)�
EdgeAttrDict�
EdgeAttrList)� AnyTERule�
SELinuxPolicy�
TERuletype�Type)�DomainTransitionAnalysis�DomainTransition�DomainEntrypoint�DTAPathc@s>eZdZUdZeed<eeed<eeed<eeed<dS)rz0Entrypoint list entry named tuple output format.�name�
entrypoint�execute�type_transitionN)�__name__�
__module__�
__qualname__�__doc__r�__annotations__rr�r"r"�1/usr/lib64/python3.9/site-packages/setools/dta.pyrs
rc@s^eZdZUdZeed<eed<eeed<eeed<eeed<eeed<eeed<d S)
rz*Transition step output named tuple format.�source�target�
transition�
entrypoints�setexec�
dyntransition�
setcurrentN) r
r
r r rr!rrrr"r"r"r#r#s
rc@s�eZdZUdZeeed<eed<d,eee e
e
ee
fdd�dd�Z
eed �d
d
��Zejdd �d
d
��Zeeed �d
d��Zeje e
e
ee
fdd�dd��Ze
ee
fe
ee
fe
ed�dd�Zd-e
ee
fe
ee
fee
ed�dd�Ze
ee
fe
ee
fe
ed�dd�Ze
ee
fed�dd
�Ze
d �d
d
�Zed eed �d!d"��Zeeed#�d$d%�Z
dd �d&d'�Z
dd �d(d)�Z
dd �d*d+�Z dS).rzDomain transition analysis.�_exclude�_reverseFN)�policy�reverse�exclude�returncCsvt�t�|_||_||_||_d|_d|_zt �
�|_
|j
�
�|_
Wn,typ|j�d�|j�d��Yn0dS)z�
Parameter:
policy The policy to analyze.
Keyword Parameters:
reverse True means reverse the direction of the analysis (find parent domains).
exclude An iterable of types to exclude from the analysis.
TzLNetworkX is not available. This is requried for Domain Transition Analysis.z2This is typically in the python3-networkx package.N)�logging� getLoggerr
�logr-r/r.�
rebuildgraph�rebuildsubgraph�nxZDiGraph�G�copy�subG� NameErrorZcritical)�selfr-r.r/r"r"r#�__init__>s
z!DomainTransitionAnalysis.__init__)r0cCs|jS�N)r,�r;r"r"r#r.Ysz DomainTransitionAnalysis.reversecCst|�|_d|_dS)NT)�boolr,r5)r;� directionr"r"r#r.]s
cCs|jSr=)r+r>r"r"r#r/bsz DomainTransitionAnalysis.exclude)�typesr0cs*|r�fdd�|D��_ng�_d�_dS)Ncsg|]}�j�|��qSr")r-�
lookup_type)�.0�tr>r"r#�
<listcomp>i�z4DomainTransitionAnalysis.exclude.<locals>.<listcomp>T)r+r5)r;rAr"r>r#r/fs)r$r%r0ccs�|j�|�}|j�|�}|jr&|��|j�d�||��ttt ��*|�
t
j
|j
||d��VWd�n1st0YdS)a�
Generator which yields one shortest domain transition path
between the source and target types (there may be more).
Parameters:
source The source type.
target The target type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
z8Generating one domain transition path from {0} to {1}...)r$r%N)r-rBr5�_build_subgraphr3�info�formatrr
r
�)_DomainTransitionAnalysis__generate_stepsr6�
shortest_pathr9)r;r$r%�srDr"r"r#rKos
z&DomainTransitionAnalysis.shortest_path�)r$r%�maxlenr0ccs�|dkrtd��|j�|�}|j�|�}|jr6|��|j�d�|||��tt t
��4t
�
|j
|||�D]}|�|�VqjWd�n1s�0YdS)a�
Generator which yields all domain transition paths between
the source and target up to the specified maximum path
length.
Parameters:
source The source type.
target The target type.
maxlen Maximum length of paths.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
rz%Maximum path length must be positive.zIGenerating all domain transition paths from {0} to {1}, max length {2}...N)�
ValueErrorr-rBr5rGr3rHrIrr
r
r6Zall_simple_pathsr9rJ)r;r$r%rNrLrD�pathr"r"r#� all_paths�s
�
z"DomainTransitionAnalysis.all_pathsccs�|j�|�}|j�|�}|jr&|��|j�d�||��ttt ��2t
�
|j
||�D]}|�
|�VqVWd�n1s|0YdS)a�
Generator which yields all shortest domain transition paths
between the source and target types.
Parameters:
source The source type.
target The target type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
zBGenerating all shortest domain transition paths from {0} to {1}...N)r-rBr5rGr3rHrIrr
r
r6�all_shortest_pathsr9rJ)r;r$r%rLrDrPr"r"r#rR�s
�
z+DomainTransitionAnalysis.all_shortest_paths)�type_r0c
cs�|j�|�}|jr|��|j�d�||jr0dnd��tt ��t|j
�
|�D]V\}}t
|j
||�}|jrv||}}n
||}}t
|||j|�|�|j|j|j�VqNWd�n1s�0YdS)aM
Generator which yields all domain transitions out of a
specified source type.
Parameters:
type_ The starting type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
z)Generating all domain transitions {1} {0}zin tozout fromN)r-rBr5rGr3rHrIr.rr
r9Z out_edges�Edgerr&�/_DomainTransitionAnalysis__generate_entrypointsr(r)r*)r;rSrLr$r%�edge�
real_source�
real_targetr"r"r#�
transitions�s(
�
�z$DomainTransitionAnalysis.transitionscCs.|jr|��dt�|j��dt�|j���S)zR
Get the domain transition graph statistics.
Return: str
z
Graph nodes: z
Graph edges: )r4�
_build_graphr6�number_of_nodesr7�number_of_edgesr>r"r"r#� get_stats�s
�z"DomainTransitionAnalysis.get_statsrT)rVr0cs�fdd��jD�S)a�
Creates a list of entrypoint, execute, and
type_transition rules for each entrypoint.
Parameter:
data The dictionary of entrypoints.
Return: list of tuple(type, entry, exec, trans)
type The entrypoint type.
entry The list of entrypoint rules.
exec The list of execute rules.
trans The list of type_transition rules.
cs,g|]$}t|�j|�j|�j|��qSr")rrrr
)rC�e�rVr"r#rEs�zCDomainTransitionAnalysis.__generate_entrypoints.<locals>.<listcomp>)rr_r"r_r#Z__generate_entrypoints
s
�z/DomainTransitionAnalysis.__generate_entrypoints)rPr0c csztdt|��D]f}||d}||}t|j||�}|jrF||}}n
||}}t|||j|�|�|j|j |j
�VqdS)a
Generator which yields the source, target, and associated rules
for each domain transition.
Parameter:
path A list of graph node names representing an information flow path.
Yield: tuple(source, target, transition, entrypoints,
setexec, dyntransition, setcurrent)
source The source type for this step of the domain transition.
target The target type for this step of the domain transition.
transition The list of transition rules.
entrypoints Generator which yields entrypoint-related rules.
setexec The list of setexec rules.
dyntranstion The list of dynamic transition rules.
setcurrent The list of setcurrent rules.
rN)
�range�lenrTr9r.rr&rUr(r)r*)r;rPrLr$r%rVrWrXr"r"r#Z__generate_steps
s
�z)DomainTransitionAnalysis.__generate_stepscCs�|j��d�|j�|j_|j�d�|j��tt�}tt�}tdd��}tdd��}tdd��}|j� �D�]}|j
t
j
k�r"|j
dvr�ql|j
dk�r�d |jvr�t�|j��|j���D].\}}||kr�t|j||d
d
�} | j�|�q�d
|jv�rBt�|j��|j���D]2\}}||k�rt|j||d
d
�}
|
j�|��qd
|jv�rn|j��D]}||�|��qXd|jv�r |j��D]}||�|��q�n�d|jv�r�t�|j��|j���D]
\}}|||�|��q�d|jv�r|t�|j��|j���D]
\}}|||�|��qql|j
t
jkrl|j
dk�r<ql|j}
t�|j��|j���D] \}}||||
�|��qZqlg}
g}
g}|j��D�]�\}}t|j||�} d}d}| j�r�t||�
��}t||�
��}|�
|�}|�s�d
}n�|D]�}||v�s|||�rF| j
||||7<| j ||||7<||||�r�| j|||||7<�q�||v�r�| j �!||�| j �s�| j�s�d
}nd
}| j�r�||v�r�| j"�!||�nd
}nd
}|�r�|�r�|
�| �n"|�r|
�| �n|�r�|�| ��q�|j�#|
�|
D]} | `| ` | `
| `| ` �q*|D]} | `| `"�qJd|_$d
|_%|j�d�|j�&d�t'�(|j�t'�)|j���dS)Nz Domain transition graph for {0}.z,Building domain transition graph from {0}...cSstt�Sr=�r�listr"r"r"r#�<lambda>�rFz7DomainTransitionAnalysis._build_graph.<locals>.<lambda>cSstt�Sr=rbr"r"r"r#rd�rFcSs
tdd��S)NcSstt�Sr=rbr"r"r"r#rd�rFzIDomainTransitionAnalysis._build_graph.<locals>.<lambda>.<locals>.<lambda>rr"r"r"r#rd�rF)�process�filerer&T)�creater)r(r*rrFz+Completed building domain transition graph.z$Graph stats: nodes: {0}, edges: {1}.)*r7�clearrIr-rr3rHrrcZterulesZruletyperZallowZtclassZperms� itertools�productr$�expandr%rTr&�appendr)r
�default�edges�set�keys�
intersectionrrr(�extendr*�remove_edges_fromr4r5�debugr6r[r\)r;r(r*rrZ
type_transZrulerLrDrVr^�dZ
invalid_edgeZclear_transitionZclear_dyntransitionZ
invalid_transZinvalid_dyntrans�entryZexe�match�mr"r"r#rZ{s�
�
�
"
�z%DomainTransitionAnalysis._build_graphc
Cs�g}|j��D]�\}}t|j||�}t|j�}|�|j�|s@q|D]D}|j|=|j|=tt ��|j
|=Wd�qD1s~0YqD|js|j
s|�
|�q|j�
|�dSr=)r9rnrTror�intersection_updater/rr�KeyErrorr
r)rlrs)r;Z
invalid_edgesr$r%rVr'r^r"r"r#Z
__remove_excluded_entrypointss
(
z6DomainTransitionAnalysis.__remove_excluded_entrypointscCs�|jr|��|j�d�|j�d�|j��|j�d�|j��|jrZ|jjdd�|_ n
|j�
�|_ |jr�|j �
|j�|�
�d|_
|j�d�|j�d�t�|j �t�|j ���dS) Nz$Building domain transition subgraph.z
Excluding {0}z
Reverse {0}T)r8Fz.Completed building domain transition subgraph.z'Subgraph stats: nodes: {0}, edges: {1}.)r4rZr3rHrtrIr/r.r7r9r8Zremove_nodes_from�6_DomainTransitionAnalysis__remove_excluded_entrypointsr5r6r[r\r>r"r"r#rG+s"
�z(DomainTransitionAnalysis._build_subgraph)FN)rM) r
r
r r rrr!r?rr rr
�strr<�propertyr.�setterr/rrK�intrQrRrYr]�
staticmethodrrUrJrZr{rGr"r"r"r#r7sD
��
"�
�
%�
(^
rc@sveZdZdZed�Zed�Zed�Zed�Ze d�Z
e d�Z
e d�Z
de
e
ed
d
�d
d
�Zdd�Zee
d�dd�Zd
S)rTaS
A graph edge. Also used for returning domain transition steps.
Parameters:
graph The NetworkX graph.
source The source type of the edge.
target The target tyep of the edge.
Keyword Parameters:
create (T/F) create the edge if it does not exist.
The default is False.
r&r(r)r*rrr
FN)r$r%rgr0cCsj||_||_||_|j�||�sf|s.td��n8|j�||�d|_d|_d|_d|_ d|_
d|_
d|_
dS)Nz
Edge does not exist in graph)
r7r$r%Zhas_edgerOZadd_edger&rrr
r(r)r*)r;Zgraphr$r%rgr"r"r#r<^s
z
Edge.__init__cs4t|t�r&�fdd�t|�d��D�S��|�SdS)Ncsg|]}��|��qSr")�_index_to_item)rC�ir>r"r#rEtrFz$Edge.__getitem__.<locals>.<listcomp>rM)�
isinstance�slicer`�indicesr�)r;�keyr"r>r#�
__getitem__ps
zEdge.__getitem__)�indexr0cCs.|dkr|jS|dkr
|jStd�|���dS)z'Return source or target based on index.rrz,Invalid index (edges only have 2 items): {0}N)r$r%�
IndexErrorrI)r;r�r"r"r#r�xs
zEdge._index_to_item)F)r
r
r r rr&r(r)r*rrrr
rr?r<r�rr�r"r"r"r#rTGs
rT)&rir1�
collectionsr�
contextlibr�typingrrrrr r
Znetworkxr6Znetworkx.exceptionr
r
r
�
ImportErrorr2r
rtZ
descriptorsrrZ policyreprrrr�__all__rrrZRuleHashrrTr"r"r"r#�<module>s,
Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4