Ejemplo n.º 1
0
    def __rule_arch_changed(self):
        '''Recompute self.machine_id and self.syscall_name_store.

        Raise ParsingError if the self.rule_arch.child is invalid.

        '''
        if not self.rule_arch_present.get_active():
            machine = util.audit_machine_id
            self.last_arch_name = None
        else:
            name = self.rule_arch.child.get_text()
            if self.last_arch_name is not None and name == self.last_arch_name:
                return
            machine = util.parse_elf(name) # May raise ParsingError
        if self.machine_id == machine:
            return
        self.machine_id = machine
        self.syscall_name_store.clear()

        def sc_to_name(sc):
            return audit.audit_syscall_to_name(sc, machine)
        names = lists.ids_to_names(lists.syscalls, sc_to_name)
        names.sort()
        # As an UGLY special case, some system calls never exit.  Exclude them
        # from exit filters == filters where the exit value is available.
        keep_non_exit = audit.AUDIT_EXIT in self.excluded_fields
        for name in names:
            if (keep_non_exit or
                self.__non_exit_syscall_re.search(name) is None):
                self.syscall_name_store.append((name,))
Ejemplo n.º 2
0
    def __init__(self, parent, excluded_fields, action_always_label,
                 action_never_label):
        '''Initialize a rule dialog, removing fields for excluded_fields.

        If audit.AUDIT_ARCH is in excluded_fields, all syscall handling is
        removed as well.

        '''
        DialogBase.__init__(self, 'rule_dialog', parent,
                            notebook_name = 'rule_notebook')
        self.excluded_fields = excluded_fields

        self.rule_always.set_label(action_always_label)
        util.connect_and_run(self.rule_always, 'toggled',
                             self.__rule_always_toggled)
        if audit.AUDIT_FILTERKEY not in self.excluded_fields:
            util.connect_and_run(self.rule_keys_present, 'toggled',
                                 self.__rule_keys_present_toggled)
            self.rule_keys_change.connect('clicked',
                                          self.__rule_keys_change_clicked)
        else:
            self.rule_keys_hbox.destroy()
        self.rule_never.set_label(action_never_label)
        if audit.AUDIT_ARCH not in self.excluded_fields:
            util.connect_and_run(self.rule_arch_present, 'toggled',
                                 self.__rule_arch_present_toggled)
            self.arch_store = gtk.ListStore(gobject.TYPE_STRING)
            for name in lists.sorted_machine_names:
                self.arch_store.append((name,))
            for name in ('', 'b32', 'b64'):
                self.arch_store.append((name,))
            self.rule_arch.set_model(self.arch_store)
            self.rule_arch.set_text_column(0)
            self.rule_arch.set_row_separator_func(util.is_row_separator)
        else:
            self.rule_arch_vbox.destroy()

        if audit.AUDIT_ARCH not in self.excluded_fields:
            util.connect_and_run(self.rule_syscalls_not_all, 'toggled',
                                 self.__rule_syscalls_not_all_toggled)
            self.syscall_store = gtk.ListStore(gobject.TYPE_STRING)
            self.rule_syscalls.set_model(self.syscall_store)
            c = gtk.TreeViewColumn(_('System Call'), gtk.CellRendererText(),
                                   text = 0)
            self.rule_syscalls.append_column(c)
            self.syscalls_selection = self.rule_syscalls.get_selection()
            util.connect_and_run(self.syscalls_selection, 'changed',
                                 self.__syscalls_selection_changed)
            self.rule_syscall_delete.connect('clicked',
                                             self.__rule_syscall_delete_clicked)
            self.syscall_name_store = gtk.ListStore(gobject.TYPE_STRING)
            self.rule_syscall_name.set_model(self.syscall_name_store)
            self.rule_syscall_name.set_text_column(0)
            self.rule_syscall_add.connect('clicked',
                                          self.__rule_syscall_add_clicked)
            self.fields_page = 2
        else:
            self.rule_notebook.remove_page(1)
            self.fields_page = 1

        self.fields_store = gtk.ListStore(gobject.TYPE_PYOBJECT,
                                          gobject.TYPE_STRING)
        self.rule_fields.set_model(self.fields_store)
        c = gtk.TreeViewColumn(_('Condition'), gtk.CellRendererText(), text = 1)
        self.rule_fields.append_column(c)
        self.fields_selection = self.rule_fields.get_selection()
        util.connect_and_run(self.fields_selection, 'changed',
                             self.__fields_selection_changed)
        self.rule_field_up.connect('clicked', self.__rule_field_up_clicked)
        self.rule_field_down.connect('clicked', self.__rule_field_down_clicked)
        self.rule_field_delete.connect('clicked',
                                       self.__rule_field_delete_clicked)
        self.rule_field_add.connect('clicked', self.__rule_field_add_clicked)
        self.field_var_store = gtk.ListStore(gobject.TYPE_STRING)
        fields = (field for field in lists.field_vars
                  if (field not in (audit.AUDIT_ARCH, audit.AUDIT_FILTERKEY) and
                      field not in self.excluded_fields))
        for name in sorted(lists.ids_to_names(fields,
                                              audit.audit_field_to_name)):
            self.field_var_store.append((name,))
        self.rule_field_var.set_model(self.field_var_store)
        cell = gtk.CellRendererText()
        self.rule_field_var.pack_start(cell, True)
        self.rule_field_var.set_attributes(cell, text = 0)
        util.connect_and_run(self.rule_field_var, 'changed',
                             self.__rule_field_var_changed)
        self.field_op_store = gtk.ListStore(gobject.TYPE_STRING)
        for op in Field.all_operators:
            self.field_op_store.append((op,))
        self.rule_field_op.set_model(self.field_op_store)
        cell = gtk.CellRendererText()
        self.rule_field_op.pack_start(cell, True)
        self.rule_field_op.set_attributes(cell, text = 0)
        self.rule_field_op.set_row_separator_func(util.is_row_separator)
        self.field_value_store = gtk.ListStore(gobject.TYPE_STRING)
        self.rule_field_value.set_model(self.field_value_store)
        self.rule_field_value.set_text_column(0)

        self.keys = []
        self.machine_id = None
        self.last_arch_name = None
        if audit.AUDIT_ARCH not in self.excluded_fields:
            util.connect_and_run(self.rule_arch.child, 'focus-out-event',
                                 self.__rule_arch_focus_out)