def _get_trans(src): src_list = [src] + list( filter(lambda x: x['name'] == src, sepolicy.get_all_types_info()))[0]['attributes'] trans_list = list( filter(lambda x: x['source'] in src_list and x['class'] == 'process', sepolicy.get_all_transitions())) return trans_list
def _writes(self): # add assigned attributes src_list = [self.type] try: src_list += list( filter(lambda x: x['name'] == self.type, sepolicy.get_all_types_info()))[0]['attributes'] except: pass permlist = list( filter( lambda x: x['source'] in src_list and set(['open', 'write']). issubset(x['permlist']) and x['class'] == 'file', sepolicy.get_all_allow_rules())) if permlist is None or len(permlist) == 0: return all_writes = [] attributes = ["proc_type", "sysctl_type"] for i in permlist: if self._valid_write(i['target'], attributes): if i['target'] not in all_writes: all_writes.append(i['target']) if len(all_writes) == 0: return self.fd.write(""" .SH "MANAGED FILES" """) self.fd.write(""" The SELinux process type %s_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. """ % self.domainname) all_writes.sort() if "file_type" in all_writes: all_writes = ["file_type"] for f in all_writes: self.fd.write(""" .br .B %s """ % f) if f in self.fcdict: for path in self.fcdict[f]["regex"]: self.fd.write("""\t%s .br """ % path)
def _writes(self): # add assigned attributes src_list = [self.type] try: src_list += list(filter(lambda x: x['name'] == self.type, sepolicy.get_all_types_info()))[0]['attributes'] except: pass permlist = list(filter(lambda x: x['source'] in src_list and set(['open', 'write']).issubset(x['permlist']) and x['class'] == 'file', sepolicy.get_all_allow_rules())) if permlist is None or len(permlist) == 0: return all_writes = [] attributes = ["proc_type", "sysctl_type"] for i in permlist: if self._valid_write(i['target'], attributes): if i['target'] not in all_writes: all_writes.append(i['target']) if len(all_writes) == 0: return self.fd.write(""" .SH "MANAGED FILES" """) self.fd.write(""" The SELinux process type %s_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. """ % self.domainname) all_writes.sort() if "file_type" in all_writes: all_writes = ["file_type"] for f in all_writes: self.fd.write(""" .br .B %s """ % f) if f in self.fcdict: for path in self.fcdict[f]["regex"]: self.fd.write("""\t%s .br """ % path)
def _get_trans(src): src_list = [src] + list(filter(lambda x: x['name'] == src, sepolicy.get_all_types_info()))[0]['attributes'] trans_list = list(filter(lambda x: x['source'] in src_list and x['class'] == 'process', sepolicy.get_all_transitions())) return trans_list