a hP@@sdZddlZddlZddlmZddlmZddlmZddlmZddlm Z Gd d d Z d d Z d dZ ddZ ddZddZGdddZGdddZGdddZGdddZdS)z7 Classes for representing and manipulating interfaces. N)access) refpolicy) objectmodel)matching)_c@sHeZdZdZddZddZddZeeeZedd d Z d d Z d S)Paramz; Object representing a parameter for an interface. cCs"d|_tj|_t|_d|_dS)NT) _Param__namerSRC_TYPEtypeIdSet obj_classesrequiredselfr7/usr/lib/python3.9/site-packages/sepolgen/interfaces.py__init__&s zParam.__init__cCs t|std|||_dS)NzName [%s] is not a param)r is_idparam ValueErrorr )rnamerrrset_name,s  zParam.set_namecCs|jSN)r rrrrget_name1szParam.get_namecCst|jddSNr)intrrrrr6zParam.)fgetcCs d|jtj|jd|jfS)Nz0 )rr field_to_strr joinrrrrr__repr__8szParam.__repr__N) __name__ __module__ __qualname____doc__rrrpropertyrnumr#rrrrr"s rcCsd}||vr||}||jkr"dS|tjks6|tjkr|jtjksN|jtjkrd}|r`|jg}ng}t|j|D]}|tj vrrd}qqrtj|_qd}nt }||_ ||_|||j <|r|j |j|SNrr) r rr TGT_TYPE obj_class itertoolschainrrZimplicitly_typed_objectsrradd)rr avparamsretpZavobjsobjrrr__param_insert>s6       r5cCs~d}d}t|jr.t|jtj||dkr.d}t|jrTt|jtj||dkrTd}t|jrzt|jtj ||dkrzd}|S)ajExtract the parameters from an access vector. Extract the parameters (in the form $N) from an access vector, storing them as Param objects in a dictionary. Some attempt is made at resolving conflicts with other entries in the dict, but if an unresolvable conflict is found it is reported to the caller. The goal here is to figure out how interface parameters are actually used in the interface - e.g., that $1 is a domain used as a SRC_TYPE. In general an interface will look like this: interface(`foo', ` allow $1 foo : file read; ') This is simple to figure out - $1 is a SRC_TYPE. A few interfaces are more complex, for example: interface(`foo_trans',` domain_auto_trans($1,fingerd_exec_t,fingerd_t) allow $1 fingerd_t:fd use; allow fingerd_t $1:fd use; allow fingerd_t $1:fifo_file rw_file_perms; allow fingerd_t $1:process sigchld; ') Here the usage seems ambiguous, but it is not. $1 is still domain and therefore should be returned as a SRC_TYPE. Returns: 0 - success 1 - conflict found rFr) rrsrc_typer5rr tgt_typer+r, OBJ_CLASS)r0r1r2Z found_srcrrrav_extract_paramsjs$   r9cCs"t|jrt|jtjd|SdSr)rrroler5rZROLE)r:r1rrrrole_extract_paramss r;cslfdd}d}||jtjr"d}||jtjr4d}||jtjrFd}t|j rht |j tj drhd}|S)Ncs.d}|D] }t|rt||drd}q|Sr*)rrr5)setr r2xr1rrextract_from_sets  z2type_rule_extract_params..extract_from_setrr) src_typesrr tgt_typesr+rr8rrZ dest_typer5Z DEST_TYPE)ruler1r?r2rr>rtype_rule_extract_paramss  rCcCs2d}|jD]"}t|r t|tjd|r d}q |Sr*)argsrrr5rr )ifcallr1r2argrrrifcall_extract_paramss   rGc@seZdZddZddZdS)AttributeVectorcCsd|_t|_dS)Nr )rrAccessVectorSetrrrrrszAttributeVector.__init__cCs|j|dSr)radd_avrr0rrrrJszAttributeVector.add_avN)r$r%r&rrJrrrrrHsrHc@s$eZdZddZddZddZdS) AttributeSetcCs i|_dSr) attributesrrrrrszAttributeSet.__init__cCs||j|j<dSr)rMr)rattrrrradd_attrszAttributeSet.add_attrcCszdd}d}|D]V}|dd}|ddkrD|r:||||}q|r|d}t|}||q|rv||dS)NcSsH|dd}t|dks(|ddkr4td|t}|d|_|S)NrrZ Attributez#Syntax error Attribute statement %s)splitlen SyntaxErrorrHr)linefieldsarrr parse_attrs   z*AttributeSet.from_file..parse_attrrPr[,)rOrRr AccessVectorrJ)rfdrXrWrUlr0rrr from_files        zAttributeSet.from_fileN)r$r%r&rrOr^rrrrrLsrLc@sFeZdZdifddZifddZddZdd Zd d Zd d ZdS)InterfaceVectorNcCs6d|_d|_t|_i|_|r,|||d|_dS)NTr F)enabledrrrIr1from_interfaceexpanded)r interfacerMrrrrs  zInterfaceVector.__init__c Cs"|j|_|D]>}|jtjjkr$qd|jvr0qt|}|D]}||q>q|r| D]n}|j D]b}||j vrvqf|j |}|jD]@} t | }|j |jkr|j |_ |j|jkr|j |_||qqfq\|D]} t| |jrq|D]} t| |jrq|D]} t| |jrqdS)NZ dontaudit)rZavrulesZ rule_typerZAVRuleZALLOWrZavrule_to_access_vectorsrJZtypeattributesrMcopyr6r r7Zrolesr;r1Z typerulesrCinterface_callsrG) rrcrMZavruleZavsr0Z typeattributerNZattr_vecrWr:rBrErrrras>                zInterfaceVector.from_interfacecCs t||jdkr|j|dSr)r9r1rrJrKrrrrJ3szInterfaceVector.add_avcCs8g}|d|j|jD]}|t|qd|S)Nz[InterfaceVector %s] )appendrrstrr")rsr0rrr to_string9s  zInterfaceVector.to_stringcCs|Sr)r#rrrr__str__@szInterfaceVector.__str__cCsd|j|jfS)Nz)rr`rrrrr#CszInterfaceVector.__repr__) r$r%r&rrarJrjrkr#rrrrr_s  4r_c@sxeZdZdddZddZddZdd Zd d Zd d ZifddZ difddZ ddZ ddZ ddZ ddZdS) InterfaceSetNcCsi|_i|_g|_||_dSr) interfaces tgt_type_map tgt_type_alloutput)rrprrrrHszInterfaceSet.__init__cCs|jr|j|ddS)Nrf)rpwrite)rrhrrroNszInterfaceSet.ocCst|jdddD]}|d|jt|jdddD] }|d|jtj|jfq@|dt|j }|D]}|d ||d q~qdS) NcSs|jSrrr=rrrrSrz&InterfaceSet.to_file..)keyz[InterfaceVector %s cSs|jSrrsrtrrrrUrz%s:%s z] rZrf) sortedrmvaluesrqrr1rr!r rZto_listr")rr\ZivparamZavlr0rrrto_fileRs zInterfaceSet.to_filecCsdd}d}|D]V}|dd}|ddkrD|r:||||}q|r|d}t|}||q|rv|||dS)NcSs|dd}t|dks(|ddkr4td|t}|d|_t|dkrTdS|ddD]R}|d}t|dkrtd|t}|d|_tj|d|_||j |j<q`|S) NrrPrQrr_z)Syntax error InterfaceVector statement %s:z-Invalid param in InterfaceVector statement %s) rRrSrTr_rrrZ str_to_fieldr r1)rUrVifvZfieldr3rxrrr parse_ifv^s        z)InterfaceSet.from_file..parse_ifvrPrrYrZ)add_ifvrRrr[rJindex)rr\r|r{rUr]r0rrrr^]s        zInterfaceSet.from_filecCs||j|j<dSr)rmr)rr{rrrr}szInterfaceSet.add_ifvcCsv|jD]f}t}|jD]2}t|jr@|j|t}qN||jq|D]}|j |g}||qRq dSr) rmrwr<rrr7rorgr/rn setdefault)rr{rAr0r r]rrrr~s   zInterfaceSet.indexcCst||}||dSr)r_r})rrcrMr{rrrr/s zInterfaceSet.addcCs<t||D]}|||q|||dSr)r-r.rm templatesr/expand_ifcallsr~)rheadersrprMirrr add_headerss zInterfaceSet.add_headerscCsZt|rPt|dd}|t|jkr,dS|j|d}t|trH|S|gSn|gSdSr)rrrrSrD isinstancelist)ridrEr)rFrrr map_params  zInterfaceSet.map_paramc Cs||j|}|durdS||j|}|dur4dS||j|}|durNdSt}|jD]&}|||} | durxq\q\|| q\t|dkrdS|D]*} |D] } |D]} |j | | | |qqqdS)Nr) rr6r7r,rr ZpermsupdaterSrr/) rr{r0rEr@rArZ new_permsZpermr3r6r7r,rrr map_add_avs*    zInterfaceSet.map_add_avc Cs|dfg}|j|j}d|_t|dkr|d\}}|j|j}||krl|jD]}||||qP|jrlq|D]l} | j|jkr| t ddSz|| j} Wn*t y| t d| jYqtYn0| | | fqtqdS)NTrrPzFound circular interface classz#Missing interface definition for %s) rmrrbrSpoprrreZifnamerrrKeyErrorrg) rrc if_by_namestackr{ZcurZ cur_ifcallZcur_ifvr0rEZnewifrrrdo_expand_ifcallss*         zInterfaceSet.do_expand_ifcallscCsRi}t||D]}|||j<qt||D]}|||qs"     ,4 Z