PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /usr/lib64/python2.7/site-packages/sepolgen
/usr/lib64/python2.7/site-packages/sepolgen/
Viewing File: /usr/lib64/python2.7/site-packages/sepolgen/audit.pyc
� ��^c@sLddlZddlZddlmZddlmZddlmZd�Zd�Zd�Zd fd ��YZ d e fd ��YZ d e fd��YZ ddl j Z iZde fd��YZde fd��YZde fd��YZde fd��YZdfd��YZdfd��YZdfd��YZdS(i����Ni(t refpolicy(taccess(tutilcCs�ddl}ddl}tdd�}t|j�j�d�}|j|j|j�|�}|jd|�}|jd|�}|j dd d d ||gd |j �j �d}t j r�t j|�}n|S( s Obtain all of the avc and policy load messages from the audit log. This function uses ausearch and requires that the current process have sufficient rights to run ausearch. Returns: string contain all of the audit messages returned by ausearch. i����Ns /proc/uptimetris%xs%Xs/sbin/ausearchs-ms5AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERRs-tststdout(t subprocessttimetopentfloattreadtsplittcloset localtimetstrftimetPopentPIPEt communicateRtPY3t decode_input(RRtfdtofftstbootdatetboottimetoutput((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_audit_boot_msgss   cCsVddl}|jdddgd|j�j�d}tjrRtj|�}n|S(s Obtain all of the avc and policy load messages from the audit log. This function uses ausearch and requires that the current process have sufficient rights to run ausearch. Returns: string contain all of the audit messages returned by ausearch. i����Ns/sbin/ausearchs-ms5AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERRRi(RRRRRRR(RR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_audit_msgs2s   cCsPddl}|jdgd|j�j�d}tjrLtj|�}n|S(s�Obtain all of the avc and policy load messages from /bin/dmesg. Returns: string contain all of the audit messages returned by dmesg. i����Ns /bin/dmesgRi(RRRRRRR(RR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_dmesg_msgsAs   t AuditMessagecBs eZdZd�Zd�ZRS(s�Base class for all objects representing audit messages. AuditMessage is a base class for all audit messages and only provides storage for the raw message (as a string) and a parsing function that does nothing. cCs||_d|_dS(Nt(tmessagetheader(tselfR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__init__Ws cCszxs|D]k}|jd�}t|�dkrQ|d dkr||_dSqn|ddkr|d|_dSqWdS( s�Parse a string that has been split into records by space into an audit message. This method should be overridden by subclasses. Error reporting should be done by raise ValueError exceptions. t=iisaudit(Nitmsgi(R tlenR(R trecsR#tfields((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytfrom_split_string[s   (t__name__t __module__t__doc__R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRPs tInvalidMessagecBseZdZd�ZRS(s�Class representing invalid audit messages. This is used to differentiate between audit messages that aren't recognized (that should return None from the audit message parser) and a message that is recognized but is malformed in some way. cCstj||�dS(N(RR!(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!vs(R(R)R*R!(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR+pst PathMessagecBs eZdZd�Zd�ZRS(s!Class representing a path messagecCstj||�d|_dS(NR(RR!tpath(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!{scCsttj||�x]|D]U}|jd�}t|�dkrDqn|ddkr|ddd!|_dSqWdS(NR"iiR-ii����(RR'R R$R-(R R%R#R&((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR's (R(R)R*R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR,ys t AVCMessagecBs2eZdZd�Zd�Zd�Zd�ZRS(skAVC message representing an access denial or granted message. This is a very basic class and does not represent all possible fields in an avc message. Currently the fields are: scontext - context for the source (process) that generated the message tcontext - context for the target tclass - object class for the target (only one) comm - the process name exe - the on-disc binary path - the path of the target access - list of accesses that were allowed or denied denial - boolean indicating whether this was a denial (True) or granted (False) message. An example audit message generated from the audit daemon looks like (line breaks added): 'type=AVC msg=audit(1155568085.407:10877): avc: denied { search } for pid=677 comm="python" name="modules" dev=dm-0 ino=13716388 scontext=user_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir' An example audit message stored in syslog (not processed by the audit daemon - line breaks added): 'Sep 12 08:26:43 dhcp83-5 kernel: audit(1158064002.046:4): avc: denied { read } for pid=2 496 comm="bluez-pin" name=".gdm1K3IFT" dev=dm-0 ino=3601333 scontext=user_u:system_r:bluetooth_helper_t:s0-s0:c0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file cCs�tj||�tj�|_tj�|_d|_d|_d|_d|_ d|_ d|_ g|_ t |_tj|_dS(NR(RR!RtSecurityContexttscontextttcontextttclasstcommtexeR-tnametinotaccessestTruetdenialt audit2whytTERULEttype(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!�s        cCs�t}|}|t|�dkr8td|j��nxN|t|�kr�||dkrgt}Pn|jj||�|d}q;W|s�td|j��n|dS(Nis#AVC message in invalid format [%s] t}(tFalseR$t ValueErrorRR8R7tappend(R R%tstartt found_closeti((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__parse_access�scCs>tj||�t}t}t}t}x�tt|��D]�}||dkrs|j||d�}t}q;n||dkr�t|_n||jd�}t|�dkr�q;n|ddkr�t j |d�|_ t}q;|ddkrt j |d�|_ t}q;|dd kr>|d|_ t}q;|dd kre|ddd !|_q;|dd kr�|ddd !|_q;|dd kr�|ddd !|_q;|ddkr�|ddd !|_q;|ddkr;|d|_q;q;W| s| s| s| r0td|j��n|j�dS(Nt{itgrantedR"iiR0R1R2R3i����R4R5R-R6s#AVC message in invalid format [%s] (RR'R>trangeR$t_AVCMessage__parse_accessR8R9R RR/R0R1R2R3R4R5R-R6R?Rtanalyze(R R%t found_srct found_tgtt found_classt found_accessRCR&((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR'�sJ     cCs�|jj�}|jj�}t|j�}g|_|||j|ftj�krt|||j|f\|_ |_n9t j |||j|j�\|_ |_|j t j kr�t j |_ n|j t jkr�td|��n|j t jkrtd|��n|j t jkr<td|j��n|j t jkrmtddj|j���n|j t jkr�td��n|j t jkr�|jg|_|jj|jjkr�|jjd|jjd|jjf�n|jj|jjkrK|jjdkrK|jjd |jjd |jjf�n|jj|jjkr�|jjd |jjd |jjf�q�n|j |jft|||j|f<dS( NsInvalid Target Context %s sInvalid Source Context %s sInvalid Type Class %s sInvalid permission %s t s&Error during access vector computations user (%s)tobject_rs role (%s)s level (%s)(R1t to_stringR0ttupleR7tdataR2tavcdicttkeysR<R:RItNOPOLICYR;tBADTCONR?tBADSCONtBADPERMtjoint BADCOMPUTEt CONSTRAINTtuserR@troletlevel(R R1R0t access_tuple((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRI�s8 !(*-*-0(R(R)R*R!RHR'RI(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR.�s    ,tPolicyLoadMessagecBseZdZd�ZRS(s6Audit message indicating that the policy was reloaded.cCstj||�dS(N(RR!(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!s(R(R)R*R!(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR`stDaemonStartMessagecBs eZdZd�Zd�ZRS(s3Audit message indicating that a daemon was started.cCstj||�t|_dS(N(RR!R>tauditd(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!#scCs,tj||�d|kr(t|_ndS(NRb(RR'R8Rb(R R%((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR''s (R(R)R*R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRa!s tComputeSidMessagecBs)eZdZd�Zd�Zd�ZRS(s�Audit message indicating that a sid was not valid. Compute sid messages are generated on attempting to create a security context that is not valid. Security contexts are invalid if the role is not authorized for the user or the type is not authorized for the role. This class does not store all of the fields from the compute sid message - just the type and role. cCsJtj||�tj�|_tj�|_tj�|_d|_dS(NR(RR!RR/tinvalid_contextR0R1R2(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!7s cCs�tj||�t|�dkr1td��nyztj|d�|_tj|djd�d�|_tj|djd�d�|_ |djd�d|_ Wntd��nXdS( Ni s;Split string does not represent a valid compute sid messageiiR"iii ( RR'R$R?RR/RdR R0R1R2(R R%((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR'>s##cCsd|j|jfS(Nsrole %s types %s; (R]R<(R ((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRJs(R(R)R*R!R'R(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRc-s   t AuditParsercBs�eZdZed�Zd�Zd�Zd�Zd�Zd�Z d�Z d d�Z d �Z d �Zd �Zd ed �ZRS(s�Parser for audit messages. This class parses audit messages and stores them according to their message type. This is not a general purpose audit message parser - it only extracts selinux related messages. Each audit messages are stored in one of four lists: avc_msgs - avc denial or granted messages. Messages are stored in AVCMessage objects. comput_sid_messages - invalid sid messages. Messages are stored in ComputSidMessage objects. invalid_msgs - selinux related messages that are not valid. Messages are stored in InvalidMessageObjects. policy_load_messages - policy load messages. Messages are stored in PolicyLoadMessage objects. These lists will be reset when a policy load message is seen if AuditParser.last_load_only is set to true. It is assumed that messages are fed to the parser in chronological order - time stamps are not parsed. cCs|j�||_dS(N(t_AuditParser__initializetlast_load_only(R Rg((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!es cCsVg|_g|_g|_g|_g|_i|_t|_i|_|j �dS(N( tavc_msgstcompute_sid_msgst invalid_msgstpolicy_load_msgst path_msgst by_headerR>tcheck_input_filet inode_dictt_AuditParser__store_base_types(R ((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt __initializeis        c CsPg|j�D]}|jd�^q }x!|D]}t}|dks_|dks_|dkrtt|�}t}n�|dkr�t|�}t}no|dks�|dkr�t|�}t}nB|dkr�t|�}t}n!|d krtt �}t}n|r/t|_ y|j |�Wnt k rCt |�}nX|Sq/WdS( Ns�savc:s message=avc:s msg='avc:ssecurity_compute_sid:stype=MAC_POLICY_LOADs type=1403s type=AVC_PATHstype=DAEMON_START(R tstripR>R.R8RcR`R,RatlistRnR'R?R+tNone(R tlinetxtrecRCtfoundR#((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt __parse_line�s4( $               cCse|j|�}|dkrdSt|t�rG|jr|j�qn�t|t�r�|jru|jru|j�n|jj |�n�t|t �r�|j j |�nft|t �r�|j j |�nDt|t�r�|jj |�n"t|t�r|jj |�n|jdkra|j|jkrK|j|jj |�qa|g|j|j<ndS(NR(t_AuditParser__parse_lineRtt isinstanceR`RgRfRaRbRkR@R.RhRcRiR+RjR,RlRRm(R RuR#((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__parse�s,   cCs�x�|jj�D]�}g}d}xE|D]=}t|t�rG|}q)t|t�r)|j|�q)q)Wt|�dkr|rx|D]}|j|_q�WqqWdS(Ni( RmtvaluesRtR{R,R.R@R$R-(R tvaluetavcR-R#ta((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__post_process�s   cCsi|j�}x#|r1|j|�|j�}qW|js[tjjd�tjd�n|j�dS(spParse the contents of a file object. This method can be called multiple times (along with parse_string).sNothing to do iN(treadlinet_AuditParser__parseRntsyststderrtwritetexitt_AuditParser__post_process(R tinputRu((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt parse_file�s    cCs;|jd�}x|D]}|j|�qW|j�dS(s�Parse a string containing audit messages - messages should be separated by new lines. This method can be called multiple times (along with parse_file).s N(R R�R�(R R�tlinestl((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt parse_string�s cCsYtj�}xF|jD];}| s2|j|�r|j|jj|jj�qqW|S(soReturn RoleAllowSet statements matching the specified filter Filter out types that match the filer, or all roles Params: role_filter - [optional] Filter object used to filter the output. Returns: Access vector set representing the denied access in the audit logs parsed by this object. (Rt RoleTypeSetRitfiltertaddRdR]R<(R t role_filtert role_typestcs((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytto_role�s #c Cs�ddl}ddl}d}|dks6|dkr:|Sx^|jD]S}||krm|j||krm|S||krD|j||krD|j|SqDW||jj�kr�||j|<nd|}y�|j|d|jdtdt�}yt|�} Wntk rnXxX|j d�D]G} y7t|j | �j �| kra| |j|<}|SWq%q%Xq%WWn|j k r�} nX|S(Ni����Rslocate -b '\%s'R�tshelltuniversal_newliness ( RtosRoRTt check_outputtSTDOUTR8tintR?R tlstattst_inotCalledProcessError( R R5tinodeRR�R-tdtcommandRR6tfilete((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__restore_path�s@        cCs"ddl}|jd�|_dS(Ni����tbase_file_type(tsepolicytget_types_from_attributet base_types(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__store_base_types#s cCs�ddl}|j|kr.|j|kr.dS||_||_xf|jD][}||krJxB|j|�D]1}|j|�rl|j|jd��rl|SqlWdSqJWdS(Ni����t_ti(R�t old_scontextt old_tcontextR�tget_writable_filestendswitht startswithtrstrip(R R1R0R�tbtypetwritable((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__get_base_type's    'cCsCtj�}d|_d|_x|jD]}|jtkrI|rIq(n|j|jj |j j �}|j dkr�|j |j |j�|_ n|r�|j|�r;|j|j j |jj |j|j|j ||d|j d|j�q;q(|j|j j |jj |j|j|j ||d|j d|j�q(W|S(s�Convert the audit logs access into a an access vector set. Convert the audit logs into an access vector set, optionally filtering the restults with the passed in filter object. Filter objects are object instances with a .filter method that takes and access vector and returns True if the message should be included in the final output and False otherwise. Params: avc_filter - [optional] Filter object used to filter the output. Returns: Access vector set representing the denied access in the audit logs parsed by this object. Rtavc_typeRR(RtAccessVectorSetR�R�RhR9R8t_AuditParser__get_base_typeR1R<R0R-t_AuditParser__restore_pathR5R6R�R�R2R7RR(R t avc_filtert only_denialstav_setRt base_type((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt to_access6s$   N(R(R)R*R>R!RfRzR�R�R�R�RtR�R�RpR�R8R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyReOs   $ %  $  t AVCTypeFiltercBseZd�Zd�ZRS(cCstj|�|_dS(N(tretcompiletregex(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!\scCs<|jj|jj�rtS|jj|jj�r8tStS(N(R�tmatchR0R<R8R1R>(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�_s (R(R)R!R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�[s tComputeSidTypeFiltercBseZd�Zd�ZRS(cCstj|�|_dS(N(R�R�R�(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!gscCsX|jj|jj�rtS|jj|jj�r8tS|jj|jj�rTtStS(N(R�R�RdR<R8R0R1R>(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�js(R(R)R!R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�fs (R�R�RRRRRRRRR+R,tselinux.audit2whyR:RSR.R`RaRcReR�R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt<module>s(       � "� 
webs 1.0 - Enhanced UI