def av_extract_params(av, params):
"""Extract the paramaters from an access vector.
Extract the paramaters (in the form $N) from an access
vector, storing them as Param objects in a dictionary.
Some attempt is made at resolving conflicts with other
entries in the dict, but if an unresolvable conflict is
found it is reported to the caller.
The goal here is to figure out how interface paramaters are
actually used in the interface - e.g., that $1 is a domain used as
a SRC_TYPE. In general an interface will look like this:
interface(`foo', `
allow $1 foo : file read;
')
This is simple to figure out - $1 is a SRC_TYPE. A few interfaces
are more complex, for example:
interface(`foo_trans',`
domain_auto_trans($1,fingerd_exec_t,fingerd_t)
allow $1 fingerd_t:fd use;
allow fingerd_t $1:fd use;
allow fingerd_t $1:fifo_file rw_file_perms;
allow fingerd_t $1:process sigchld;
')
Here the usage seems ambigious, but it is not. $1 is still domain
and therefore should be returned as a SRC_TYPE.
Returns:
0 - success
1 - conflict found
"""
ret = 0
found_src = False
if access.is_idparam(av.src_type):
if __param_insert(av.src_type, refpolicy.SRC_TYPE, av, params) == 1:
ret = 1
if access.is_idparam(av.tgt_type):
if __param_insert(av.tgt_type, refpolicy.TGT_TYPE, av, params) == 1:
ret = 1
if access.is_idparam(av.obj_class):
if __param_insert(av.obj_class, refpolicy.OBJ_CLASS, av, params) == 1:
ret = 1
for perm in av.perms:
if access.is_idparam(perm):
if __param_insert(perm, PERM) == 1:
ret = 1
return ret
def av_extract_params(av, params):
"""Extract the paramaters from an access vector.
Extract the paramaters (in the form $N) from an access
vector, storing them as Param objects in a dictionary.
Some attempt is made at resolving conflicts with other
entries in the dict, but if an unresolvable conflict is
found it is reported to the caller.
The goal here is to figure out how interface paramaters are
actually used in the interface - e.g., that $1 is a domain used as
a SRC_TYPE. In general an interface will look like this:
interface(`foo', `
allow $1 foo : file read;
')
This is simple to figure out - $1 is a SRC_TYPE. A few interfaces
are more complex, for example:
interface(`foo_trans',`
domain_auto_trans($1,fingerd_exec_t,fingerd_t)
allow $1 fingerd_t:fd use;
allow fingerd_t $1:fd use;
allow fingerd_t $1:fifo_file rw_file_perms;
allow fingerd_t $1:process sigchld;
')
Here the usage seems ambigious, but it is not. $1 is still domain
and therefore should be returned as a SRC_TYPE.
Returns:
0 - success
1 - conflict found
"""
ret = 0
found_src = False
if access.is_idparam(av.src_type):
if __param_insert(av.src_type, refpolicy.SRC_TYPE, av, params) == 1:
ret = 1
if access.is_idparam(av.tgt_type):
if __param_insert(av.tgt_type, refpolicy.TGT_TYPE, av, params) == 1:
ret = 1
if access.is_idparam(av.obj_class):
if __param_insert(av.obj_class, refpolicy.OBJ_CLASS, av, params) == 1:
ret = 1
for perm in av.perms:
if access.is_idparam(perm):
if __param_insert(perm, PERM) == 1:
ret = 1
return ret
def extract_from_set(set, type):
ret = 0
for x in set:
if access.is_idparam(x):
if __param_insert(x, type, None, params):
ret = 1
return ret
def extract_from_set(set, type):
ret = 0
for x in set:
if access.is_idparam(x):
if __param_insert(x, type, None, params):
ret = 1
return ret
def ifcall_extract_params(ifcall, params):
ret = 0
for arg in ifcall.args:
if access.is_idparam(arg):
# Assume interface arguments are source types. Fairly safe
# assumption for most interfaces
if __param_insert(arg, refpolicy.SRC_TYPE, None, params):
ret = 1
return ret
def ifcall_extract_params(ifcall, params):
ret = 0
for arg in ifcall.args:
if access.is_idparam(arg):
# Assume interface arguments are source types. Fairly safe
# assumption for most interfaces
if __param_insert(arg, refpolicy.SRC_TYPE, None, params):
ret = 1
return ret
def index(self):
for ifv in self.interfaces.values():
tgt_types = set()
for av in ifv.access:
if access.is_idparam(av.tgt_type):
self.tgt_type_all.append(ifv)
tgt_types = set()
break
tgt_types.add(av.tgt_type)
for type in tgt_types:
l = self.tgt_type_map.setdefault(type, [])
l.append(ifv)
def index(self):
for ifv in self.interfaces.values():
tgt_types = set()
for av in ifv.access:
if access.is_idparam(av.tgt_type):
self.tgt_type_all.append(ifv)
tgt_types = set()
break
tgt_types.add(av.tgt_type)
for type in tgt_types:
l = self.tgt_type_map.setdefault(type, [])
l.append(ifv)
def map_param(self, id, ifcall):
if access.is_idparam(id):
num = int(id[1:])
if num > len(ifcall.args):
# Tell caller to drop this because it must have
# been generated from an optional param.
return None
else:
arg = ifcall.args[num - 1]
if isinstance(arg, list):
return arg
else:
return [arg]
else:
return [id]
def map_param(self, id, ifcall):
if access.is_idparam(id):
num = int(id[1:])
if num > len(ifcall.args):
# Tell caller to drop this because it must have
# been generated from an optional param.
return None
else:
arg = ifcall.args[num - 1]
if isinstance(arg, list):
return arg
else:
return [arg]
else:
return [id]
def type_rule_extract_params(rule, params):
def extract_from_set(set, type):
ret = 0
for x in set:
if access.is_idparam(x):
if __param_insert(x, type, None, params):
ret = 1
return ret
ret = 0
if extract_from_set(rule.src_types, refpolicy.SRC_TYPE):
ret = 1
if extract_from_set(rule.tgt_types, refpolicy.TGT_TYPE):
ret = 1
if extract_from_set(rule.obj_classes, refpolicy.OBJ_CLASS):
ret = 1
if access.is_idparam(rule.dest_type):
if __param_insert(rule.dest_type, refpolicy.DEST_TYPE, None, params):
ret = 1
return ret
def type_rule_extract_params(rule, params):
def extract_from_set(set, type):
ret = 0
for x in set:
if access.is_idparam(x):
if __param_insert(x, type, None, params):
ret = 1
return ret
ret = 0
if extract_from_set(rule.src_types, refpolicy.SRC_TYPE):
ret = 1
if extract_from_set(rule.tgt_types, refpolicy.TGT_TYPE):
ret = 1
if extract_from_set(rule.obj_classes, refpolicy.OBJ_CLASS):
ret = 1
if access.is_idparam(rule.dest_type):
if __param_insert(rule.dest_type, refpolicy.DEST_TYPE, None, params):
ret = 1
return ret
def av_distance(self, req, prov):
"""Determine the 'distance' between 2 access vectors.
This function is used to find an access vector that matches
a 'required' access. To do this we comput a signed numeric
value that indicates how close the req access is to the
'provided' access vector. The closer the value is to 0
the closer the match, with 0 being an exact match.
A value over 0 indicates that the prov access vector provides more
access than the req (in practice, this means that the source type,
target type, and object class is the same and the perms in prov is
a superset of those in req.
A value under 0 indicates that the prov access less - or unrelated
- access to the req access. A different type or object class will
result in a very low value.
The values other than 0 should only be interpreted relative to
one another - they have no exact meaning and are likely to
change.
Params:
req - [AccessVector] The access that is required. This is the
access being matched.
prov - [AccessVector] The access provided. This is the potential
match that is being evaluated for req.
Returns:
0 : Exact match between the acess vectors.
< 0 : The prov av does not provide all of the access in req.
A smaller value indicates that the access is further.
> 0 : The prov av provides more access than req. The larger
the value the more access over req.
"""
# FUTURE - this is _very_ expensive and probably needs some
# thorough performance work. This version is meant to give
# meaningful results relatively simply.
dist = 0
# Get the difference between the types. The addition is safe
# here because type_distance only returns 0 or negative.
dist += self.type_distance(req.src_type, prov.src_type)
dist += self.type_distance(req.tgt_type, prov.tgt_type)
# Object class distance
if req.obj_class != prov.obj_class and not access.is_idparam(
prov.obj_class):
dist -= self.obj_penalty
# Permission distance
# If this av doesn't have a matching source type, target type, and object class
# count all of the permissions against it. Otherwise determine the perm
# distance and dir.
if dist < 0:
pdist = self.perm_maps.getdefault_distance(prov.obj_class,
prov.perms)
else:
pdist = self.perm_distance(req, prov)
# Combine the perm and other distance
if dist < 0:
if pdist < 0:
return dist + pdist
else:
return dist - pdist
elif dist >= 0:
if pdist < 0:
return pdist - dist
else:
return dist + pdist
def av_distance(self, req, prov):
"""Determine the 'distance' between 2 access vectors.
This function is used to find an access vector that matches
a 'required' access. To do this we comput a signed numeric
value that indicates how close the req access is to the
'provided' access vector. The closer the value is to 0
the closer the match, with 0 being an exact match.
A value over 0 indicates that the prov access vector provides more
access than the req (in practice, this means that the source type,
target type, and object class is the same and the perms in prov is
a superset of those in req.
A value under 0 indicates that the prov access less - or unrelated
- access to the req access. A different type or object class will
result in a very low value.
The values other than 0 should only be interpreted relative to
one another - they have no exact meaning and are likely to
change.
Params:
req - [AccessVector] The access that is required. This is the
access being matched.
prov - [AccessVector] The access provided. This is the potential
match that is being evaluated for req.
Returns:
0 : Exact match between the acess vectors.
< 0 : The prov av does not provide all of the access in req.
A smaller value indicates that the access is further.
> 0 : The prov av provides more access than req. The larger
the value the more access over req.
"""
# FUTURE - this is _very_ expensive and probably needs some
# thorough performance work. This version is meant to give
# meaningful results relatively simply.
dist = 0
# Get the difference between the types. The addition is safe
# here because type_distance only returns 0 or negative.
dist += self.type_distance(req.src_type, prov.src_type)
dist += self.type_distance(req.tgt_type, prov.tgt_type)
# Object class distance
if req.obj_class != prov.obj_class and not access.is_idparam(prov.obj_class):
dist -= self.obj_penalty
# Permission distance
# If this av doesn't have a matching source type, target type, and object class
# count all of the permissions against it. Otherwise determine the perm
# distance and dir.
if dist < 0:
pdist = self.perm_maps.getdefault_distance(prov.obj_class, prov.perms)
else:
pdist = self.perm_distance(req, prov)
# Combine the perm and other distance
if dist < 0:
if pdist < 0:
return dist + pdist
else:
return dist - pdist
elif dist >= 0:
if pdist < 0:
return pdist - dist
else:
return dist + pdist
def type_distance(self, a, b):
if a == b or access.is_idparam(b):
return 0
else:
return -self.type_penalty
def type_distance(self, a, b):
if a == b or access.is_idparam(b):
return 0
else:
return -self.type_penalty
def set_name(self, name):
if not access.is_idparam(name):
raise ValueError("Name [%s] is not a param" % name)
self.__name = name
def set_name(self, name):
if not access.is_idparam(name):
raise ValueError("Name [%s] is not a param" % name)
self.__name = name
def role_extract_params(role, params):
if access.is_idparam(role.role):
return __param_insert(role.role, refpolicy.ROLE, None, params)
def role_extract_params(role, params):
if access.is_idparam(role.role):
return __param_insert(role.role, refpolicy.ROLE, None, params)