PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /usr/lib64/python2.7/site-packages/sepolicy
/usr/lib64/python2.7/site-packages/sepolicy/
Viewing File: /usr/lib64/python2.7/site-packages/sepolicy/__init__.py
#!/usr/bin/python # Author: Dan Walsh <dwalsh@redhat.com> # Author: Ryan Hallisey <rhallise@redhat.com> from . import policy as _policy import errno import selinux import glob PROGNAME = "policycoreutils" import gettext import sepolgen.defaults as defaults import sepolgen.interfaces as interfaces from sepolgen import util import sys import subprocess gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: gettext.install(PROGNAME, unicode=True, codeset='utf-8') except TypeError: # Failover to python3 install gettext.install(PROGNAME, codeset='utf-8') except IOError: import builtins builtins.__dict__['_'] = str TYPE = _policy.TYPE ROLE = _policy.ROLE ATTRIBUTE = _policy.ATTRIBUTE PORT = _policy.PORT USER = _policy.USER BOOLEAN = _policy.BOOLEAN TCLASS = _policy.CLASS SENS = _policy.SENS CATS = _policy.CATS ALLOW = 'allow' AUDITALLOW = 'auditallow' NEVERALLOW = 'neverallow' DONTAUDIT = 'dontaudit' SOURCE = 'source' TARGET = 'target' PERMS = 'permlist' CLASS = 'class' TRANSITION = 'transition' ROLE_ALLOW = 'role_allow' def info(setype, name=None): dict_list = _policy.info(setype, name) return dict_list def search(types, info=None): if info: seinfo = info else: seinfo = {} valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] for setype in types: if setype not in valid_types: raise ValueError("Type has to be in %s" % valid_types) seinfo[setype] = True perms = [] if PERMS in seinfo: perms = info[PERMS] seinfo[PERMS] = ",".join(seinfo[PERMS]) dict_list = _policy.search(seinfo) if dict_list and len(perms) != 0: dict_list = [x for x in dict_list if _dict_has_perms(x, perms)] return dict_list def get_conditionals(src, dest, tclass, perm): tdict = {} tlist = [] if dest.endswith("_t"): allows = search([ALLOW], {SOURCE: src, TARGET: dest, CLASS: tclass, PERMS: perm}) else: # to include attribute allows = search([ALLOW], {SOURCE: src, CLASS: tclass, PERMS: perm}) for i in allows: if i['target'] == dest: allows = [] allows.append(i) try: for i in [(y) for y in [x for x in allows if set(perm).issubset(x[PERMS]) and x['boolean']]]: tdict.update({'source': i['source'], 'boolean': i['boolean']}) if tdict not in tlist: tlist.append(tdict) tdict = {} except KeyError: return(tlist) return (tlist) def get_conditionals_format_text(cond): enabled = len([x for x in cond if x['boolean'][0][1]]) > 0 return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(["%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]) for x in cond]))) def get_types_from_attribute(attribute): return info(ATTRIBUTE, attribute)[0]["types"] def get_attributes_from_type(setype): return info(TYPE, setype)[0]["attributes"] # determine if entered type is an alias # and return corresponding type name def get_real_type_name(setype): try: return info(TYPE, setype)[0]["name"] except RuntimeError: return None def file_type_is_executable(setype): if "exec_type" in get_attributes_from_type(setype): return True else: return False def file_type_is_entrypoint(setype): if "entry_type" in get_attributes_from_type(setype): return True else: return False def get_attributes_from_type(setype): return info(TYPE, setype)[0]["attributes"] def file_type_is_executable(setype): if "exec_type" in get_attributes_from_type(setype): return True else: return False def file_type_is_entrypoint(setype): if "entry_type" in get_attributes_from_type(setype): return True else: return False file_type_str = {} file_type_str["a"] = _("all files") file_type_str["f"] = _("regular file") file_type_str["d"] = _("directory") file_type_str["c"] = _("character device") file_type_str["b"] = _("block device") file_type_str["s"] = _("socket file") file_type_str["l"] = _("symbolic link") file_type_str["p"] = _("named pipe") trans_file_type_str = {} trans_file_type_str[""] = "a" trans_file_type_str["--"] = "f" trans_file_type_str["-d"] = "d" trans_file_type_str["-c"] = "c" trans_file_type_str["-b"] = "b" trans_file_type_str["-s"] = "s" trans_file_type_str["-l"] = "l" trans_file_type_str["-p"] = "p" def get_all_modules(): all_modules = [] cmd = "semodule --list=full 2>/dev/null" try: output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) l = output.split("\n") except subprocess.CalledProcessError as e: from .sedbus import SELinuxDBus l = SELinuxDBus().semodule_list().split("\n") for i in l: if len(i): all_modules.append(i.split()[1]) return all_modules def get_all_modules_from_mod_lst(): mod_lst_path = ["/usr/share/selinux/targeted/base.lst", "/usr/share/selinux/targeted/modules-base.lst", "/usr/share/selinux/targeted/modules-contrib.lst"] all_modules = [] mod_temp = [] for i in mod_lst_path: try: fd = open(i, "r") modules = fd.readlines() fd.close() modules = modules[0].split(" ")[:-1] for m in modules: mod_temp.append(m) all_modules.extend(mod_temp) mod_temp = [] except: all_modules = [] return all_modules def get_file_types(setype): flist = [] mpaths = {} for f in get_all_file_types(): if f.startswith(gen_short_name(setype)): flist.append(f) fcdict = get_fcdict() for f in flist: try: mpaths[f] = (fcdict[f]["regex"], file_type_str[fcdict[f]["ftype"]]) except KeyError: mpaths[f] = [] return mpaths def get_writable_files(setype): all_attributes = get_all_attributes() file_types = get_all_file_types() all_writes = [] mpaths = {} permlist = search([ALLOW], {'source': setype, 'permlist': ['open', 'write'], 'class': 'file'}) if permlist == None or len(permlist) == 0: return mpaths fcdict = get_fcdict() attributes = ["proc_type", "sysctl_type"] for i in permlist: if i['target'] in attributes: continue if "enabled" in i: if not i["enabled"]: continue if i['target'].endswith("_t"): if i['target'] not in file_types: continue if i['target'] not in all_writes: if i['target'] != setype: all_writes.append(i['target']) else: for t in get_types_from_attribute(i['target']): if t not in all_writes: all_writes.append(t) for f in all_writes: try: mpaths[f] = (fcdict[f]["regex"], file_type_str[fcdict[f]["ftype"]]) except KeyError: mpaths[f] = [] # {"regex":[],"paths":[]} return mpaths import os import re import sys def find_file(reg): if os.path.exists(reg): return [reg] try: pat = re.compile(r"%s$" % reg) except: print("bad reg:", reg) return [] p = reg if p.endswith("(/.*)?"): p = p[:-6] + "/" path = os.path.dirname(p) try: # Bug fix: when "all files on system" if path[-1] != "/": # is pass in it breaks without try block path += "/" except IndexError: print("try failed got an IndexError") pass try: pat = re.compile(r"%s$" % reg) return list(filter(pat.match, [path + x for x in os.listdir(path)])) except: return [] def find_all_files(domain, exclude_list=[]): all_entrypoints = [] executable_files = get_entrypoints(domain) for exe in list(executable_files.keys()): if exe.endswith("_exec_t") and exe not in exclude_list: for path in executable_files[exe]: for f in find_file(path): return f #all_entrypoints.append(f) return None #return all_entrypoints def find_entrypoint_path(exe, exclude_list=[]): fcdict = get_fcdict() try: if exe.endswith("_exec_t") and exe not in exclude_list: for path in fcdict[exe]["regex"]: for f in find_file(path): return f except KeyError: pass return None def read_file_equiv(edict, fc_path, modify): try: with open(fc_path, "r") as fd: fc = fd.readlines() for e in fc: f = e.split() edict[f[0]] = {"equiv": f[1], "modify": modify} except IOError as e: if e.errno != errno.ENOENT: raise return edict file_equiv_modified = None def get_file_equiv_modified(fc_path=selinux.selinux_file_context_path()): global file_equiv_modified if file_equiv_modified: return file_equiv_modified file_equiv_modified = {} file_equiv_modified = read_file_equiv(file_equiv_modified, fc_path + ".subs", modify=True) return file_equiv_modified file_equiv = None def get_file_equiv(fc_path=selinux.selinux_file_context_path()): global file_equiv if file_equiv: return file_equiv file_equiv = get_file_equiv_modified(fc_path) file_equiv = read_file_equiv(file_equiv, fc_path + ".subs_dist", modify=False) return file_equiv local_files = None def get_local_file_paths(fc_path=selinux.selinux_file_context_path()): global local_files if local_files: return local_files local_files = [] try: with open(fc_path + ".local", "r") as fd: fc = fd.readlines() except IOError as e: if e.errno != errno.ENOENT: raise return [] for i in fc: rec = i.split() if len(rec) == 0: continue try: if len(rec) > 2: ftype = trans_file_type_str[rec[1]] else: ftype = "a" local_files.append((rec[0], ftype)) except KeyError: pass return local_files fcdict = None def get_fcdict(fc_path=selinux.selinux_file_context_path()): global fcdict if fcdict: return fcdict fd = open(fc_path, "r") fc = fd.readlines() fd.close() try: with open(fc_path + ".homedirs", "r") as fd: fc += fd.readlines() except IOError as e: if e.errno != errno.ENOENT: raise fcdict = {} try: with open(fc_path + ".local", "r") as fd: fc += fd.readlines() except IOError as e: if e.errno != errno.ENOENT: raise for i in fc: rec = i.split() try: if len(rec) > 2: ftype = trans_file_type_str[rec[1]] else: ftype = "a" t = rec[-1].split(":")[2] if t in fcdict: fcdict[t]["regex"].append(rec[0]) else: fcdict[t] = {"regex": [rec[0]], "ftype": ftype} except: pass fcdict["logfile"] = {"regex": ["all log files"]} fcdict["user_tmp_type"] = {"regex": ["all user tmp files"]} fcdict["user_home_type"] = {"regex": ["all user home files"]} fcdict["virt_image_type"] = {"regex": ["all virtual image files"]} fcdict["noxattrfs"] = {"regex": ["all files on file systems which do not support extended attributes"]} fcdict["sandbox_tmpfs_type"] = {"regex": ["all sandbox content in tmpfs file systems"]} fcdict["user_tmpfs_type"] = {"regex": ["all user content in tmpfs file systems"]} fcdict["file_type"] = {"regex": ["all files on the system"]} fcdict["samba_share_t"] = {"regex": ["use this label for random content that will be shared using samba"]} return fcdict def get_transitions_into(setype): try: return [x for x in search([TRANSITION], {'class': 'process'}) if x["transtype"] == setype] except TypeError: pass return None def get_transitions(setype): try: return search([TRANSITION], {'source': setype, 'class': 'process'}) except TypeError: pass return None def get_file_transitions(setype): try: return [x for x in search([TRANSITION], {'source': setype}) if x['class'] != "process"] except TypeError: pass return None def get_boolean_rules(setype, boolean): boollist = [] permlist = search([ALLOW], {'source': setype}) for p in permlist: if "boolean" in p: try: for b in p["boolean"]: if boolean in b: boollist.append(p) except: pass return boollist def get_all_entrypoints(): return get_types_from_attribute("entry_type") def get_entrypoint_types(setype): entrypoints = [] try: entrypoints = [x['target'] for x in [x for x in search([ALLOW], {'source': setype, 'permlist': ['entrypoint'], 'class':'file'}) if x['source'] == setype]] except TypeError: pass return entrypoints def get_init_transtype(path): entrypoint = selinux.getfilecon(path)[1].split(":")[2] try: entrypoints = [x for x in search([TRANSITION], {'source': "init_t", 'class': 'process'}) if x['target'] == entrypoint] if len(entrypoints) == 0: return None return entrypoints[0]["transtype"] except TypeError: pass return None def get_init_entrypoint(transtype): try: entrypoints = [x for x in search([TRANSITION], {'source': "init_t", 'class': 'process'}) if x['transtype'] == transtype] if len(entrypoints) == 0: return None return entrypoints[0]["target"] except TypeError: pass return None def get_init_entrypoint_target(entrypoint): try: entrypoints = [x['transtype'] for x in search([TRANSITION], {'source': "init_t", 'target': entrypoint, 'class': 'process'})] return entrypoints[0] except TypeError: pass return None def get_entrypoints(setype): fcdict = get_fcdict() mpaths = {} for f in get_entrypoint_types(setype): try: mpaths[f] = (fcdict[f]["regex"], file_type_str[fcdict[f]["ftype"]]) except KeyError: mpaths[f] = [] return mpaths def policy_sortkey(policy_path): # Parse the extension of a policy path which looks like .../policy/policy.31 extension = policy_path.rsplit('/policy.', 1)[1] try: return int(extension), policy_path except ValueError: # Fallback with sorting on the full path return 0, policy_path def get_installed_policy(root="/"): try: path = root + selinux.selinux_binary_policy_path() policies = glob.glob("%s.*" % path) policies.sort(key=policy_sortkey) return policies[-1] except: pass raise ValueError(_("No SELinux Policy installed")) def get_store_policy(store): """Get the path to the policy file located in the given store name""" policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store)) if not policies: return None # Return the policy with the higher version number policies.sort(key=policy_sortkey) return policies[-1] methods = [] def get_methods(): global methods if len(methods) > 0: return methods gen_interfaces() fn = defaults.interface_info() try: fd = open(fn) # List of per_role_template interfaces ifs = interfaces.InterfaceSet() ifs.from_file(fd) methods = list(ifs.interfaces.keys()) fd.close() except: sys.stderr.write("could not open interface info [%s]\n" % fn) sys.exit(1) methods.sort() return methods all_types = None def get_all_types(): global all_types if all_types == None: all_types = [x['name'] for x in info(TYPE)] return all_types user_types = None def get_user_types(): global user_types if user_types == None: user_types = info(ATTRIBUTE, "userdomain")[0]["types"] return user_types role_allows = None def get_all_role_allows(): global role_allows if role_allows: return role_allows role_allows = {} for r in search([ROLE_ALLOW]): if r["source"] == "system_r" or r["target"] == "system_r": continue if r["source"] in role_allows: role_allows[r["source"]].append(r["target"]) else: role_allows[r["source"]] = [r["target"]] return role_allows def get_all_entrypoint_domains(): import re all_domains = [] types = get_all_types() types.sort() for i in types: m = re.findall("(.*)%s" % "_exec_t$", i) if len(m) > 0: if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains: all_domains.append(m[0]) return all_domains portrecs = None portrecsbynum = None def gen_interfaces(): ifile = defaults.interface_info() headers = defaults.headers() rebuild = False try: if os.stat(headers).st_mtime <= os.stat(ifile).st_mtime: return except OSError: pass if os.getuid() != 0: raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) print(subprocess.check_output("/usr/bin/sepolgen-ifgen", stderr=subprocess.STDOUT, shell=True)) def gen_port_dict(): global portrecs global portrecsbynum if portrecs: return (portrecs, portrecsbynum) portrecsbynum = {} portrecs = {} for i in info(PORT): if i['low'] == i['high']: port = str(i['low']) else: port = "%s-%s" % (str(i['low']), str(i['high'])) if (i['type'], i['protocol']) in portrecs: portrecs[(i['type'], i['protocol'])].append(port) else: portrecs[(i['type'], i['protocol'])] = [port] if 'range' in i: portrecsbynum[(i['low'], i['high'], i['protocol'])] = (i['type'], i['range']) else: portrecsbynum[(i['low'], i['high'], i['protocol'])] = (i['type']) return (portrecs, portrecsbynum) all_domains = None def get_all_domains(): global all_domains if not all_domains: all_domains = info(ATTRIBUTE, "domain")[0]["types"] return all_domains def mls_cmp(x, y): return (int(x[1:]) > int(y[1:])) - (int(x[1:]) < int(y[1:])) mls_range = None def get_mls_range(): global mls_range if mls_range: return mls_rangeroles range_dict = info(SENS) keys = range_dict.keys() keys.sort(key=util.cmp_to_key(mls_cmp)) mls_range = "%s-%s" % (keys[0], range_dict[keys[-1]]) return mls_range roles = None def get_all_roles(): global roles if roles: return roles roles = [x['name'] for x in info(ROLE)] roles.remove("object_r") roles.sort() return roles selinux_user_list = None def get_selinux_users(): global selinux_user_list if not selinux_user_list: selinux_user_list = info(USER) for x in selinux_user_list: x['range'] = "".join(x['range'].split(" ")) return selinux_user_list login_mappings = None def get_login_mappings(): global login_mappings if login_mappings: return login_mappings fd = open(selinux.selinux_usersconf_path(), "r") buf = fd.read() fd.close() login_mappings = [] for b in buf.split("\n"): b = b.strip() if len(b) == 0 or b.startswith("#"): continue x = b.split(":") login_mappings.append({"name": x[0], "seuser": x[1], "mls": ":".join(x[2:])}) return login_mappings def get_all_users(): users = [x['name'] for x in get_selinux_users()] users.sort() return users file_types = None def get_all_file_types(): global file_types if file_types: return file_types file_types = info(ATTRIBUTE, "file_type")[0]["types"] file_types.sort() return file_types port_types = None def get_all_port_types(): global port_types if port_types: return port_types port_types = info(ATTRIBUTE, "port_type")[0]["types"] port_types.sort() return port_types bools = None def get_all_bools(): global bools if not bools: bools = info(BOOLEAN) return bools def prettyprint(f, trim): return " ".join(f[:-len(trim)].split("_")) def markup(f): return f # Autofill for adding files ************************* DEFAULT_DIRS = {} DEFAULT_DIRS["/etc"] = "etc_t" DEFAULT_DIRS["/tmp"] = "tmp_t" DEFAULT_DIRS["/usr/lib/systemd/system"] = "unit_file_t" DEFAULT_DIRS["/lib/systemd/system"] = "unit_file_t" DEFAULT_DIRS["/etc/systemd/system"] = "unit_file_t" DEFAULT_DIRS["/var/cache"] = "var_cache_t" DEFAULT_DIRS["/var/lib"] = "var_lib_t" DEFAULT_DIRS["/var/log"] = "log_t" DEFAULT_DIRS["/var/run"] = "var_run_t" DEFAULT_DIRS["/run"] = "var_run_t" DEFAULT_DIRS["/run/lock"] = "var_lock_t" DEFAULT_DIRS["/var/run/lock"] = "var_lock_t" DEFAULT_DIRS["/var/spool"] = "var_spool_t" DEFAULT_DIRS["/var/www"] = "content_t" def get_description(f, markup=markup): txt = "Set files with the %s type, if you want to " % markup(f) if f.endswith("_var_run_t"): return txt + "store the %s files under the /run or /var/run directory." % prettyprint(f, "_var_run_t") if f.endswith("_pid_t"): return txt + "store the %s files under the /run directory." % prettyprint(f, "_pid_t") if f.endswith("_var_lib_t"): return txt + "store the %s files under the /var/lib directory." % prettyprint(f, "_var_lib_t") if f.endswith("_var_t"): return txt + "store the %s files under the /var directory." % prettyprint(f, "_var_lib_t") if f.endswith("_var_spool_t"): return txt + "store the %s files under the /var/spool directory." % prettyprint(f, "_spool_t") if f.endswith("_spool_t"): return txt + "store the %s files under the /var/spool directory." % prettyprint(f, "_spool_t") if f.endswith("_cache_t") or f.endswith("_var_cache_t"): return txt + "store the files under the /var/cache directory." if f.endswith("_keytab_t"): return txt + "treat the files as kerberos keytab files." if f.endswith("_lock_t"): return txt + "treat the files as %s lock data, stored under the /var/lock directory" % prettyprint(f, "_lock_t") if f.endswith("_log_t"): return txt + "treat the data as %s log data, usually stored under the /var/log directory." % prettyprint(f, "_log_t") if f.endswith("_config_t"): return txt + "treat the files as %s configuration data, usually stored under the /etc directory." % prettyprint(f, "_config_t") if f.endswith("_conf_t"): return txt + "treat the files as %s configuration data, usually stored under the /etc directory." % prettyprint(f, "_conf_t") if f.endswith("_exec_t"): return txt + "transition an executable to the %s_t domain." % f[:-len("_exec_t")] if f.endswith("_cgi_content_t"): return txt + "treat the files as %s cgi content." % prettyprint(f, "_cgi_content_t") if f.endswith("_rw_content_t"): return txt + "treat the files as %s read/write content." % prettyprint(f, "_rw_content_t") if f.endswith("_rw_t"): return txt + "treat the files as %s read/write content." % prettyprint(f, "_rw_t") if f.endswith("_write_t"): return txt + "treat the files as %s read/write content." % prettyprint(f, "_write_t") if f.endswith("_db_t"): return txt + "treat the files as %s database content." % prettyprint(f, "_db_t") if f.endswith("_ra_content_t"): return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_conten_t") if f.endswith("_cert_t"): return txt + "treat the files as %s certificate data." % prettyprint(f, "_cert_t") if f.endswith("_key_t"): return txt + "treat the files as %s key data." % prettyprint(f, "_key_t") if f.endswith("_secret_t"): return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t") if f.endswith("_ra_t"): return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t") if f.endswith("_ro_t"): return txt + "treat the files as %s read/only content." % prettyprint(f, "_ro_t") if f.endswith("_modules_t"): return txt + "treat the files as %s modules." % prettyprint(f, "_modules_t") if f.endswith("_content_t"): return txt + "treat the files as %s content." % prettyprint(f, "_content_t") if f.endswith("_state_t"): return txt + "treat the files as %s state data." % prettyprint(f, "_state_t") if f.endswith("_files_t"): return txt + "treat the files as %s content." % prettyprint(f, "_files_t") if f.endswith("_file_t"): return txt + "treat the files as %s content." % prettyprint(f, "_file_t") if f.endswith("_data_t"): return txt + "treat the files as %s content." % prettyprint(f, "_data_t") if f.endswith("_file_t"): return txt + "treat the data as %s content." % prettyprint(f, "_file_t") if f.endswith("_tmp_t"): return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t") if f.endswith("_etc_t"): return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t") if f.endswith("_home_t"): return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t") if f.endswith("_tmpfs_t"): return txt + "store %s files on a tmpfs file system." % prettyprint(f, "_tmpfs_t") if f.endswith("_unit_file_t"): return txt + "treat files as a systemd unit file." if f.endswith("_htaccess_t"): return txt + "treat the file as a %s access file." % prettyprint(f, "_htaccess_t") return txt + "treat the files as %s data." % prettyprint(f, "_t") all_attributes = None def get_all_attributes(): global all_attributes if not all_attributes: all_attributes = [x['name'] for x in info(ATTRIBUTE)] return all_attributes def policy(policy_file): global all_domains global all_attributes global bools global all_types global role_allows global users global roles global file_types global port_types all_domains = None all_attributes = None bools = None all_types = None role_allows = None users = None roles = None file_types = None port_types = None try: _policy.policy(policy_file) except: raise ValueError(_("Failed to read %s policy file") % policy_file) def load_store_policy(store): policy_file = get_store_policy(store) if not policy_file: return None policy(policy_file) try: policy_file = get_installed_policy() policy(policy_file) except ValueError as e: if selinux.is_selinux_enabled() == 1: raise e def _dict_has_perms(dict, perms): for perm in perms: if perm not in dict[PERMS]: return False return True def gen_short_name(setype): all_domains = get_all_domains() if setype.endswith("_t"): domainname = setype[:-2] else: domainname = setype if get_real_type_name(domainname + "_t") not in all_domains: raise ValueError("domain %s_t does not exist" % domainname) if domainname[-1] == 'd': short_name = domainname[:-1] + "_" else: short_name = domainname + "_" return (domainname, short_name) def get_bools(setype): bools = [] domainbools = [] domainname, short_name = gen_short_name(setype) for i in [x['boolean'] for x in [x for x in search([ALLOW], {'source': setype}) if 'boolean' in x]]: for b in i: if not isinstance(b, tuple): continue try: enabled = selinux.security_get_boolean_active(b[0]) except OSError: enabled = b[1] if b[0].startswith(short_name) or b[0].startswith(domainname): if (b[0], enabled) not in domainbools and (b[0], not enabled) not in domainbools: domainbools.append((b[0], enabled)) else: if (b[0], enabled) not in bools and (b[0], not enabled) not in bools: bools.append((b[0], enabled)) return (domainbools, bools) booleans = None def get_all_booleans(): global booleans if not booleans: booleans = selinux.security_get_boolean_names()[1] if util.PY3: booleans = [util.decode_input(x) for x in booleans] return booleans booleans_dict = None import gzip def policy_xml(path="/usr/share/selinux/devel/policy.xml"): try: fd = gzip.open(path) buf = fd.read() fd.close() except IOError: fd = open(path) buf = fd.read() fd.close() return buf def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): global booleans_dict if booleans_dict: return booleans_dict import xml.etree.ElementTree import re booleans_dict = {} try: tree = xml.etree.ElementTree.fromstring(policy_xml(path)) for l in tree.findall("layer"): for m in l.findall("module"): for b in m.findall("tunable"): desc = b.find("desc").find("p").text.strip("\n") desc = re.sub("\n", " ", desc) booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) for b in m.findall("bool"): desc = b.find("desc").find("p").text.strip("\n") desc = re.sub("\n", " ", desc) booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) for i in tree.findall("bool"): desc = i.find("desc").find("p").text.strip("\n") desc = re.sub("\n", " ", desc) booleans_dict[i.get('name')] = ("global", i.get('dftval'), desc) for i in tree.findall("tunable"): desc = i.find("desc").find("p").text.strip("\n") desc = re.sub("\n", " ", desc) booleans_dict[i.get('name')] = ("global", i.get('dftval'), desc) except IOError as e: pass return booleans_dict def boolean_category(boolean): booleans_dict = gen_bool_dict() if boolean in booleans_dict: return _(booleans_dict[boolean][0]) else: return _("unknown") def boolean_desc(boolean): booleans_dict = gen_bool_dict() if boolean in booleans_dict: return _(booleans_dict[boolean][2]) else: desc = boolean.split("_") return "Allow %s to %s" % (desc[0], " ".join(desc[1:])) def get_os_version(): system_release = "" try: with open('/etc/system-release') as f: system_release = f.readline().rstrip() except IOError: system_release = "Misc" return system_release def reinit(): global all_attributes global all_domains global all_types global booleans global booleans_dict global bools global fcdict global file_types global local_files global methods global methods global portrecs global portrecsbynum global port_types global role_allows global roles global login_mappings global selinux_user_list global user_types all_attributes = None all_domains = None all_types = None booleans = None booleans_dict = None bools = None fcdict = None file_types = None local_files = None methods = None methods = None portrecs = None portrecsbynum = None port_types = None role_allows = None roles = None user_types = None login_mappings = None selinux_user_list = None
webs 1.0 - Enhanced UI