def avs_extract_types(avs): types = refpolicy.IdSet() for av in avs: types.add(av.src_type) types.add(av.tgt_type) return types
def map_add_av(self, ifv, av, ifcall): src_types = self.map_param(av.src_type, ifcall) if src_types is None: return tgt_types = self.map_param(av.tgt_type, ifcall) if tgt_types is None: return obj_classes = self.map_param(av.obj_class, ifcall) if obj_classes is None: return new_perms = refpolicy.IdSet() for perm in av.perms: p = self.map_param(perm, ifcall) if p is None: continue else: new_perms.update(p) if len(new_perms) == 0: return for src_type in src_types: for tgt_type in tgt_types: for obj_class in obj_classes: ifv.access.add(src_type, tgt_type, obj_class, new_perms)
def avs_extract_obj_perms(avs): perms = {} for av in avs: if perms.has_key(av.obj_class): s = perms[av.obj_class] else: s = refpolicy.IdSet() perms[av.obj_class] = s s.update(av.perms) return perms
def __init__(self, init_list=None): if init_list: self.from_list(init_list) else: self.src_type = None self.tgt_type = None self.obj_class = None self.perms = refpolicy.IdSet() self.audit_msgs = [] # The direction of the information flow represented by this # access vector - used for matching self.info_flow_dir = None
def p_names(p): '''names : identifier | nested_id_set | asterisk | TILDE identifier | TILDE nested_id_set | IDENTIFIER MINUS IDENTIFIER ''' s = refpolicy.IdSet() if len(p) < 3: expand(p[1], s) elif len(p) == 3: expand(p[2], s) s.compliment = True else: expand([p[1]]) s.add("-" + p[3]) p[0] = s
def from_list(self, list): """Initialize an access vector from a list. Initialize an access vector from a list treating the list as positional arguments - i.e., 0 = src_type, 1 = tgt_type, etc. All of the list elements 3 and greater are treated as perms. For example, the list ['foo_t', 'bar_t', 'file', 'read', 'write'] would create an access vector list with the source type 'foo_t', target type 'bar_t', object class 'file', and permissions 'read' and 'write'. This format is useful for very simple storage to strings or disc (see to_list) and for initializing access vectors. """ if len(list) < 4: raise ValueError("List must contain at least four elements %s" % str(list)) self.src_type = list[0] self.tgt_type = list[1] self.obj_class = list[2] self.perms = refpolicy.IdSet(list[3:])
def __init__(self): self.__name = "" self.type = refpolicy.SRC_TYPE self.obj_classes = refpolicy.IdSet() self.required = True