def _validate_get_failure(self): if (audit.AUDIT_ARCH not in self.excluded_fields and self.rule_arch_present.get_active()): try: util.parse_elf(self.rule_arch.child.get_text()) except util.ParsingError, e: return (str(e), 0, self.rule_arch)
def __rule_arch_changed(self): '''Recompute self.machine_id and self.syscall_name_store. Raise ParsingError if the self.rule_arch.child is invalid. ''' if not self.rule_arch_present.get_active(): machine = util.audit_machine_id self.last_arch_name = None else: name = self.rule_arch.child.get_text() if self.last_arch_name is not None and name == self.last_arch_name: return machine = util.parse_elf(name) # May raise ParsingError if self.machine_id == machine: return self.machine_id = machine self.syscall_name_store.clear() def sc_to_name(sc): return audit.audit_syscall_to_name(sc, machine) names = lists.ids_to_names(lists.syscalls, sc_to_name) names.sort() # As an UGLY special case, some system calls never exit. Exclude them # from exit filters == filters where the exit value is available. keep_non_exit = audit.AUDIT_EXIT in self.excluded_fields for name in names: if (keep_non_exit or self.__non_exit_syscall_re.search(name) is None): self.syscall_name_store.append((name,))
def parse_value(string, op, rule): if rule.syscalls: raise ParsingError(_('Architecture can not be changed after system ' 'calls are selected')) if op not in (Field.OP_EQ, Field.OP_NE): raise ParsingError(_('The only valid operators for "%s" are "=" ' 'and "!="') % audit.audit_field_to_name(audit.AUDIT_ARCH)) rule.machine = util.parse_elf(string) return string
def _save_rule(self, rule): '''Modify rule to reflect dialog state.''' rule.action = self._radio_get(self.__action_map) del rule.fields[:] if (audit.AUDIT_FILTERKEY not in self.excluded_fields and self.rule_keys_present.get_active()): for key in self.keys: f = Field() f.var = audit.AUDIT_FILTERKEY f.op = Field.OP_EQ f.value = key rule.fields.append(f) if audit.AUDIT_ARCH not in self.excluded_fields: if self.rule_arch_present.get_active(): f = Field() f.var = audit.AUDIT_ARCH f.op = Field.OP_EQ f.value = self.rule_arch.child.get_text() try: rule.machine = util.parse_elf(f.value) except util.ParsingError: assert False, 'Should have been validated' rule.fields.append(f) else: rule.machine = util.audit_machine_id it = self.fields_store.get_iter_first() while it is not None: rule.fields.append(self.fields_store.get_value(it, 0)) it = self.fields_store.iter_next(it) if audit.AUDIT_ARCH not in self.excluded_fields: del rule.syscalls[:] if self.rule_syscalls_not_all.get_active(): it = self.syscall_store.get_iter_first() while it is not None: name = self.syscall_store.get_value(it, 0) try: sc = util.parse_syscall(name, self.machine_id) except util.ParsingError: assert False, 'Should have been validated' rule.syscalls.append(sc) it = self.syscall_store.iter_next(it) assert len(rule.syscalls) > 0 else: rule.syscalls.append(Rule.SYSCALLS_ALL)
def _load_rule(self, rule): '''Modify dialog controls to reflect rule.''' self._radio_set(rule.action, self.__action_map) if audit.AUDIT_FILTERKEY not in self.excluded_fields: self.keys = [f.value for f in rule.fields if f.var == audit.AUDIT_FILTERKEY] self.rule_keys_present.set_active(len(self.keys) != 0) self.__update_rule_keys() if audit.AUDIT_ARCH not in self.excluded_fields: for f in rule.fields: if f.var == audit.AUDIT_ARCH: self.rule_arch_present.set_active(True) try: m = util.parse_elf(f.value) except util.ParsingError: assert False, 'Rule should not have been created' util.set_combo_entry_text(self.rule_arch, f.value) break else: self.rule_arch_present.set_active(False) self.rule_arch.set_active(-1) self.rule_arch.child.set_text('') m = util.audit_machine_id assert rule.machine == m self.__rule_arch_changed() if audit.AUDIT_ARCH not in self.excluded_fields: self.syscall_store.clear() if Rule.SYSCALLS_ALL in rule.syscalls: self.rule_syscalls_not_all.set_active(False) else: self.rule_syscalls_not_all.set_active(True) for sc in rule.syscalls: name = util.syscall_string(sc, self.machine_id) self.syscall_store.append((name,)) self.fields_store.clear() for field in rule.fields: if field.var not in (audit.AUDIT_ARCH, audit.AUDIT_FILTERKEY): it = self.fields_store.append() self.fields_store.set_value(it, 0, field) self.__update_fields_store_row(it)