def avs_extract_types(avs):
types = refpolicy.IdSet()
for av in avs:
types.add(av.src_type)
types.add(av.tgt_type)
return types
def map_add_av(self, ifv, av, ifcall):
src_types = self.map_param(av.src_type, ifcall)
if src_types is None:
return
tgt_types = self.map_param(av.tgt_type, ifcall)
if tgt_types is None:
return
obj_classes = self.map_param(av.obj_class, ifcall)
if obj_classes is None:
return
new_perms = refpolicy.IdSet()
for perm in av.perms:
p = self.map_param(perm, ifcall)
if p is None:
continue
else:
new_perms.update(p)
if len(new_perms) == 0:
return
for src_type in src_types:
for tgt_type in tgt_types:
for obj_class in obj_classes:
ifv.access.add(src_type, tgt_type, obj_class, new_perms)
def avs_extract_obj_perms(avs):
perms = {}
for av in avs:
if perms.has_key(av.obj_class):
s = perms[av.obj_class]
else:
s = refpolicy.IdSet()
perms[av.obj_class] = s
s.update(av.perms)
return perms
def __init__(self, init_list=None):
if init_list:
self.from_list(init_list)
else:
self.src_type = None
self.tgt_type = None
self.obj_class = None
self.perms = refpolicy.IdSet()
self.audit_msgs = []
# The direction of the information flow represented by this
# access vector - used for matching
self.info_flow_dir = None
def p_names(p):
'''names : identifier
| nested_id_set
| asterisk
| TILDE identifier
| TILDE nested_id_set
| IDENTIFIER MINUS IDENTIFIER
'''
s = refpolicy.IdSet()
if len(p) < 3:
expand(p[1], s)
elif len(p) == 3:
expand(p[2], s)
s.compliment = True
else:
expand([p[1]])
s.add("-" + p[3])
p[0] = s
def from_list(self, list):
"""Initialize an access vector from a list.
Initialize an access vector from a list treating the list as
positional arguments - i.e., 0 = src_type, 1 = tgt_type, etc.
All of the list elements 3 and greater are treated as perms.
For example, the list ['foo_t', 'bar_t', 'file', 'read', 'write']
would create an access vector list with the source type 'foo_t',
target type 'bar_t', object class 'file', and permissions 'read'
and 'write'.
This format is useful for very simple storage to strings or disc
(see to_list) and for initializing access vectors.
"""
if len(list) < 4:
raise ValueError("List must contain at least four elements %s" %
str(list))
self.src_type = list[0]
self.tgt_type = list[1]
self.obj_class = list[2]
self.perms = refpolicy.IdSet(list[3:])
def __init__(self):
self.__name = ""
self.type = refpolicy.SRC_TYPE
self.obj_classes = refpolicy.IdSet()
self.required = True
