def __rule_arch_changed(self): '''Recompute self.machine_id and self.syscall_name_store. Raise ParsingError if the self.rule_arch.child is invalid. ''' if not self.rule_arch_present.get_active(): machine = util.audit_machine_id self.last_arch_name = None else: name = self.rule_arch.child.get_text() if self.last_arch_name is not None and name == self.last_arch_name: return machine = util.parse_elf(name) # May raise ParsingError if self.machine_id == machine: return self.machine_id = machine self.syscall_name_store.clear() def sc_to_name(sc): return audit.audit_syscall_to_name(sc, machine) names = lists.ids_to_names(lists.syscalls, sc_to_name) names.sort() # As an UGLY special case, some system calls never exit. Exclude them # from exit filters == filters where the exit value is available. keep_non_exit = audit.AUDIT_EXIT in self.excluded_fields for name in names: if (keep_non_exit or self.__non_exit_syscall_re.search(name) is None): self.syscall_name_store.append((name,))
def __init__(self, parent, excluded_fields, action_always_label, action_never_label): '''Initialize a rule dialog, removing fields for excluded_fields. If audit.AUDIT_ARCH is in excluded_fields, all syscall handling is removed as well. ''' DialogBase.__init__(self, 'rule_dialog', parent, notebook_name = 'rule_notebook') self.excluded_fields = excluded_fields self.rule_always.set_label(action_always_label) util.connect_and_run(self.rule_always, 'toggled', self.__rule_always_toggled) if audit.AUDIT_FILTERKEY not in self.excluded_fields: util.connect_and_run(self.rule_keys_present, 'toggled', self.__rule_keys_present_toggled) self.rule_keys_change.connect('clicked', self.__rule_keys_change_clicked) else: self.rule_keys_hbox.destroy() self.rule_never.set_label(action_never_label) if audit.AUDIT_ARCH not in self.excluded_fields: util.connect_and_run(self.rule_arch_present, 'toggled', self.__rule_arch_present_toggled) self.arch_store = gtk.ListStore(gobject.TYPE_STRING) for name in lists.sorted_machine_names: self.arch_store.append((name,)) for name in ('', 'b32', 'b64'): self.arch_store.append((name,)) self.rule_arch.set_model(self.arch_store) self.rule_arch.set_text_column(0) self.rule_arch.set_row_separator_func(util.is_row_separator) else: self.rule_arch_vbox.destroy() if audit.AUDIT_ARCH not in self.excluded_fields: util.connect_and_run(self.rule_syscalls_not_all, 'toggled', self.__rule_syscalls_not_all_toggled) self.syscall_store = gtk.ListStore(gobject.TYPE_STRING) self.rule_syscalls.set_model(self.syscall_store) c = gtk.TreeViewColumn(_('System Call'), gtk.CellRendererText(), text = 0) self.rule_syscalls.append_column(c) self.syscalls_selection = self.rule_syscalls.get_selection() util.connect_and_run(self.syscalls_selection, 'changed', self.__syscalls_selection_changed) self.rule_syscall_delete.connect('clicked', self.__rule_syscall_delete_clicked) self.syscall_name_store = gtk.ListStore(gobject.TYPE_STRING) self.rule_syscall_name.set_model(self.syscall_name_store) self.rule_syscall_name.set_text_column(0) self.rule_syscall_add.connect('clicked', self.__rule_syscall_add_clicked) self.fields_page = 2 else: self.rule_notebook.remove_page(1) self.fields_page = 1 self.fields_store = gtk.ListStore(gobject.TYPE_PYOBJECT, gobject.TYPE_STRING) self.rule_fields.set_model(self.fields_store) c = gtk.TreeViewColumn(_('Condition'), gtk.CellRendererText(), text = 1) self.rule_fields.append_column(c) self.fields_selection = self.rule_fields.get_selection() util.connect_and_run(self.fields_selection, 'changed', self.__fields_selection_changed) self.rule_field_up.connect('clicked', self.__rule_field_up_clicked) self.rule_field_down.connect('clicked', self.__rule_field_down_clicked) self.rule_field_delete.connect('clicked', self.__rule_field_delete_clicked) self.rule_field_add.connect('clicked', self.__rule_field_add_clicked) self.field_var_store = gtk.ListStore(gobject.TYPE_STRING) fields = (field for field in lists.field_vars if (field not in (audit.AUDIT_ARCH, audit.AUDIT_FILTERKEY) and field not in self.excluded_fields)) for name in sorted(lists.ids_to_names(fields, audit.audit_field_to_name)): self.field_var_store.append((name,)) self.rule_field_var.set_model(self.field_var_store) cell = gtk.CellRendererText() self.rule_field_var.pack_start(cell, True) self.rule_field_var.set_attributes(cell, text = 0) util.connect_and_run(self.rule_field_var, 'changed', self.__rule_field_var_changed) self.field_op_store = gtk.ListStore(gobject.TYPE_STRING) for op in Field.all_operators: self.field_op_store.append((op,)) self.rule_field_op.set_model(self.field_op_store) cell = gtk.CellRendererText() self.rule_field_op.pack_start(cell, True) self.rule_field_op.set_attributes(cell, text = 0) self.rule_field_op.set_row_separator_func(util.is_row_separator) self.field_value_store = gtk.ListStore(gobject.TYPE_STRING) self.rule_field_value.set_model(self.field_value_store) self.rule_field_value.set_text_column(0) self.keys = [] self.machine_id = None self.last_arch_name = None if audit.AUDIT_ARCH not in self.excluded_fields: util.connect_and_run(self.rule_arch.child, 'focus-out-event', self.__rule_arch_focus_out)