def __init__(self, message): AuditMessage.__init__(self, message) self.scontext = refpolicy.SecurityContext() self.tcontext = refpolicy.SecurityContext() self.tclass = "" self.comm = "" self.exe = "" self.path = "" self.accesses = [] self.denial = True
def from_split_string(self, recs): AuditMessage.from_split_string(self, recs) if len(recs) < 10: raise ValueError("Split string does not represent a valid compute sid message") try: self.invalid_context = refpolicy.SecurityContext(recs[5]) self.scontext = refpolicy.SecurityContext(recs[7].split("=")[1]) self.tcontext = refpolicy.SecurityContext(recs[8].split("=")[1]) self.tclass = recs[9].split("=")[1] except: raise ValueError("Split string does not represent a valid compute sid message")
def from_split_string(self, recs): AuditMessage.from_split_string(self, recs) # FUTURE - fully parse avc messages and store all possible fields # Required fields found_src = False found_tgt = False found_class = False found_access = False for i in range(len(recs)): if recs[i] == "{": i = self.__parse_access(recs, i + 1) found_access = True continue elif recs[i] == "granted": self.denial = False fields = recs[i].split("=") if len(fields) != 2: continue if fields[0] == "scontext": self.scontext = refpolicy.SecurityContext(fields[1]) found_src = True elif fields[0] == "tcontext": self.tcontext = refpolicy.SecurityContext(fields[1]) found_tgt = True elif fields[0] == "tclass": self.tclass = fields[1] found_class = True elif fields[0] == "comm": self.comm = fields[1][1:-1] elif fields[0] == "exe": self.exe = fields[1][1:-1] elif fields[0] == "name": self.name = fields[1][1:-1] elif fields[0] == "path": self.path = fields[1][1:-1] elif fields[0] == "ino": self.ino = fields[1] if not found_src or not found_tgt or not found_class or not found_access: raise ValueError("AVC message in invalid format [%s]\n" % self.message) self.analyze()
def p_security_context(p): '''security_context : IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER | IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER COLON mls_range_def''' # This will likely need some updates to handle complex levels s = refpolicy.SecurityContext() s.user = p[1] s.role = p[3] s.type = p[5] if len(p) > 6: s.level = p[7] p[0] = s
def __init__(self, message): AuditMessage.__init__(self, message) self.invalid_context = refpolicy.SecurityContext() self.scontext = refpolicy.SecurityContext() self.tcontext = refpolicy.SecurityContext() self.tclass = ""