def _get_trans(src):
src_list = [src] + list(
filter(lambda x: x['name'] == src,
sepolicy.get_all_types_info()))[0]['attributes']
trans_list = list(
filter(lambda x: x['source'] in src_list and x['class'] == 'process',
sepolicy.get_all_transitions()))
return trans_list
def _writes(self):
# add assigned attributes
src_list = [self.type]
try:
src_list += list(
filter(lambda x: x['name'] == self.type,
sepolicy.get_all_types_info()))[0]['attributes']
except:
pass
permlist = list(
filter(
lambda x: x['source'] in src_list and set(['open', 'write']).
issubset(x['permlist']) and x['class'] == 'file',
sepolicy.get_all_allow_rules()))
if permlist is None or len(permlist) == 0:
return
all_writes = []
attributes = ["proc_type", "sysctl_type"]
for i in permlist:
if self._valid_write(i['target'], attributes):
if i['target'] not in all_writes:
all_writes.append(i['target'])
if len(all_writes) == 0:
return
self.fd.write("""
.SH "MANAGED FILES"
""")
self.fd.write("""
The SELinux process type %s_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
""" % self.domainname)
all_writes.sort()
if "file_type" in all_writes:
all_writes = ["file_type"]
for f in all_writes:
self.fd.write("""
.br
.B %s
""" % f)
if f in self.fcdict:
for path in self.fcdict[f]["regex"]:
self.fd.write("""\t%s
.br
""" % path)
def _writes(self):
# add assigned attributes
src_list = [self.type]
try:
src_list += list(filter(lambda x: x['name'] == self.type, sepolicy.get_all_types_info()))[0]['attributes']
except:
pass
permlist = list(filter(lambda x:
x['source'] in src_list and
set(['open', 'write']).issubset(x['permlist']) and
x['class'] == 'file',
sepolicy.get_all_allow_rules()))
if permlist is None or len(permlist) == 0:
return
all_writes = []
attributes = ["proc_type", "sysctl_type"]
for i in permlist:
if self._valid_write(i['target'], attributes):
if i['target'] not in all_writes:
all_writes.append(i['target'])
if len(all_writes) == 0:
return
self.fd.write("""
.SH "MANAGED FILES"
""")
self.fd.write("""
The SELinux process type %s_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
""" % self.domainname)
all_writes.sort()
if "file_type" in all_writes:
all_writes = ["file_type"]
for f in all_writes:
self.fd.write("""
.br
.B %s
""" % f)
if f in self.fcdict:
for path in self.fcdict[f]["regex"]:
self.fd.write("""\t%s
.br
""" % path)
def _get_trans(src):
src_list = [src] + list(filter(lambda x: x['name'] == src, sepolicy.get_all_types_info()))[0]['attributes']
trans_list = list(filter(lambda x: x['source'] in src_list and x['class'] == 'process', sepolicy.get_all_transitions()))
return trans_list
