� ��^c@s�dZddlZddlZddlmZddlmZddlmZddlmZddlm Z d dd ��YZ d �Z d �Z d �Z d�Zd�Zddd��YZddd��YZddd��YZddd��YZdS(s7 Classes for representing and manipulating interfaces. i����Ni(taccess(t refpolicy(t objectmodel(tmatching(t_tParamcBsSeZdZd�Zd�Zd�Zeee�Zedd��Zd�Z RS(s; Object representing a paramater for an interface. cCs1d|_tj|_tj�|_t|_dS(Nt(t _Param__nameRtSRC_TYPEttypetIdSett obj_classestTruetrequired(tself((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__init__&s  cCs/tj|�s"td|��n||_dS(NsName [%s] is not a param(Rt is_idparamt ValueErrorR(Rtname((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytset_name,scCs|jS(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytget_name1stfgetcCst|jd�S(Ni(tintR(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt6scCs*d|jtj|jdj|j�fS(Ns0t (RRt field_to_strR tjoinR (R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__repr__8s( t__name__t __module__t__doc__RRRtpropertyRtnumR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR"s   cCs+d}||kr�||}||jkr/dS|tjksM|tjkr�|jtjksq|jtjkr�d}|r�|jg}ng}x6tj|j|�D]}|tj kr�d}Pq�q�Wtj|_q d}n(t �}||_ ||_|||j <|r'|jj |j�n|S(Nii( R RRtTGT_TYPEt obj_classt itertoolstchainR Rtimplicitly_typed_objectsRRtadd(RR tavtparamstrettptavobjstobj((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__param_insert>s0  $     cCsd}t}tj|j�rKt|jtj||�dkrKd}qKntj|j�r�t|jtj||�dkr�d}q�ntj|j �r�t|j tj ||�dkr�d}q�nxA|j D]6}tj|�r�t|t �dkr d}q q�q�W|S(sjExtract the paramaters from an access vector. Extract the paramaters (in the form $N) from an access vector, storing them as Param objects in a dictionary. Some attempt is made at resolving conflicts with other entries in the dict, but if an unresolvable conflict is found it is reported to the caller. The goal here is to figure out how interface paramaters are actually used in the interface - e.g., that $1 is a domain used as a SRC_TYPE. In general an interface will look like this: interface(`foo', ` allow $1 foo : file read; ') This is simple to figure out - $1 is a SRC_TYPE. A few interfaces are more complex, for example: interface(`foo_trans',` domain_auto_trans($1,fingerd_exec_t,fingerd_t) allow $1 fingerd_t:fd use; allow fingerd_t $1:fd use; allow fingerd_t $1:fifo_file rw_file_perms; allow fingerd_t $1:process sigchld; ') Here the usage seems ambigious, but it is not. $1 is still domain and therefore should be returned as a SRC_TYPE. Returns: 0 - success 1 - conflict found ii( tFalseRRtsrc_typeR-RRttgt_typeR!R"t OBJ_CLASStpermstPERM(R'R(R)t found_srctperm((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytav_extract_paramsjs $! ! ! cCs/tj|j�r+t|jtjd|�SdS(N(RRtroleR-RtROLEtNone(R7R(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytrole_extract_params�scs��fd�}d}||jtj�r3d}n||jtj�rQd}n||jtj�rod}ntj|j �r�t |j tj d��r�d}q�n|S(NcsKd}x>|D]6}tj|�r t||d��rCd}qCq q W|S(Nii(RRR-R9(tsetR R)tx(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytextract_from_set�s  ii( t src_typesRRt tgt_typesR!R R1RRt dest_typeR-t DEST_TYPER9(truleR(R=R)((R(s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyttype_rule_extract_params�s    cCsQd}xD|jD]9}tj|�rt|tjd|�rId}qIqqW|S(Nii(targsRRR-RRR9(tifcallR(R)targ((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytifcall_extract_params�s tAttributeVectorcBseZd�Zd�ZRS(cCsd|_tj�|_dS(NR(RRtAccessVectorSet(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR�s cCs|jj|�dS(N(Rtadd_av(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJ�s(RRRRJ(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRH�s t AttributeSetcBs#eZd�Zd�Zd�ZRS(cCs i|_dS(N(t attributes(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR�scCs||j|j   cCs/t||j�dkrn|jj|�dS(Ni(R6R(RRJ(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJ8scCsNg}|jd|j�x$|jD]}|jt|��q$Wdj|�S(Ns[InterfaceVector %s]s (tappendRRtstrR(RtsR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt to_string>s cCs |j�S(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__str__EscCsd|j|jfS(Ns(RR^(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRHsN( RRR9RR_RJRtRuR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR]�s  4   t InterfaceSetcBs�eZd d�Zd�Zd�Zd�Zd�Zd�Zid�Z d id�Z d�Z d �Z d �Z d �ZRS( cCs(i|_i|_g|_||_dS(N(t interfacest tgt_type_mapt tgt_type_alltoutput(RRz((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRMs   cCs$|jr |jj|d�ndS(Ns (Rztwrite(RRr((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytoSs cCs�x�t|jj�dd��D]�}|jd|j�xJt|jj�dd��D]*}|jd|jtj|jf�qXW|jd�t|j j ��}x1|D])}|jdj |��|jd�q�WqWdS( NtkeycSs|jS(N(R(R<�((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRXss[InterfaceVector %s cSs|jS(N(R(R<�((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRZss%s:%s s] RXs ( tsortedRwtvaluesR{RR(RRR Rtto_listR(RRZtivtparamtavlR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytto_fileWs%%(  cCs�d�}d}x�|D]y}|d }|ddkr[|rL|j|�n||�}q|r|jd�}tj|�}|j|�qqW|r�|j|�n|j�dS(NcSs�|dd!j�}t|�dks5|ddkrHtd|��nt�}|d|_t|�dkrtdSx�|dD]t}|jd�}t|�dkr�td|��nt�}|d|_tj|d|_||j |jR?R t new_permsR5R*R/R0R"((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt map_add_av�s*        c CsD|dfg}|j|j}t|_xt|�dkr?|jd�\}}|j|j}||kr�x$|jD]}|j|||�qxW|jr�q+q�nx�|j �D]�} | j |jkr�|j t d��dSy|| j } Wn.t k r$|j t d| j ��q�nX|j| | f�q�Wq+WdS(Nii����sFound circular interface classs#Missing interface definition for %s(R9RwRR R`RQtpopRR�RltifnameR|RtKeyErrorRq( RRat if_by_nametstackR�tcurt cur_ifcalltcur_ifvR'REtnewif((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytdo_expand_ifcalls�s*     cCsyi}x3tj|j�|j��D]}|||js"   , 9   Z