404

3

Kl�f���@s2ddlZddlZddlZddlZddlZddlZddlZddlZddlTdZ	ddl
Z
ddlZddlZy:ddl
Z
iZejdRkr�ded<e
je	fddd	�e��WnJyddlZeejd
<Wn&ek
r�ddlZeejd
<YnXYnXddlZiZeed<eed<eed
<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<e ed <e ed!<e ed"<d
ddddddd d#�Z!d$d$d%d&d'd(d)d*dd+�	Z"y(ddl#Z#e#j$e#j%��Gd,d-�d-�Z&Wn(e'efk
�r4Gd.d-�d-�Z&YnXGd/d0�d0�Z(d1d2�Z)dSd4d5�Z*dTd6d7�Z+Gd8d9�d9�Z,Gd:d;�d;e,�Z-Gd<d=�d=e,�Z.Gd>d?�d?e,�Z/Gd@dA�dAe,�Z0GdBdC�dCe,�Z1GdDdE�dEe,�Z2GdFdG�dGe,�Z3GdHdI�dIe,�Z4GdJdK�dKe,�Z5GdLdM�dMe,�Z6GdNdO�dOe,�Z7GdPdQ�dQe,�Z8dS)U�N)�*zselinux-python�T�unicodez/usr/share/localezutf-8)Z	localedirZcodeset�_�z	all files�azregular filez--�fz-d�	directory�dz-czcharacter device�cz-bzblock device�bz-s�socket�sz-l�lz
symbolic link�pz-pz
named pipe)z	all fileszregular filer	zcharacter devicezblock devicer
z
symbolic linkz
named pipe�any�block�char�dir�file�symlink�pipe)	rrrrr
rrrrc@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)�loggercCstj�|_g|_g|_dS)N)�audit�
audit_open�audit_fd�log_list�log_change_list)�self�r�/usr/lib/python3.6/seobject.py�__init__ls
zlogger.__init__rc	
Cs�d}	||kr||	d7}d}	||kr4||	d7}d}	||krL||	d7}d}	|jj|jtjtjdt|�|d||||||dddg�dS)N�-�sename�,�role�rangerr)r�appendrrZAUDIT_ROLE_ASSIGN�sys�argv�str)
r�msg�namer#�serole�serange�	oldsename�	oldserole�
oldserange�seprrr �logqsz
logger.logc		Cs<|jj|jtjtjdt|�|d||||||dddg�dS)Nrr)rr'rrZAUDIT_ROLE_REMOVEr(r)r*)	rr+r,r#r-r.r/r0r1rrr �
log_remove�szlogger.log_removecCs&|jj|jtjt|�ddddg�dS)N�semanager)rr'rrZAUDIT_USER_MAC_CONFIG_CHANGEr*)rr+rrr �
log_change�szlogger.log_changecCsPx|jD]}tj||g�qWx|jD]}tj||g�q(Wg|_g|_dS)N)rrZaudit_log_semanage_messagerZaudit_log_user_comm_message)r�successrrrr �commit�sz
logger.commitN)rrrrrrr)rrrrrrr)�__name__�
__module__�__qualname__r!r3r4r6r8rrrr rjs


rc@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)rcCs
g|_dS)N)r)rrrr r!�szlogger.__init__rc	
Cs�d||f}	|dkr |	d|7}	|dkr4|	d|7}	|dkrH|	d|7}	|dkr\|	d|7}	|dkrx|dk	rx|	d|7}	|dkr�|dk	r�|	d|7}	|jj|	�dS)	Nz %s name=%srz sename=z oldsename=z role=z
 old_role=z
 MLSRange=z old_MLSRange=)rr')
rr+r,r#r-r.r/r0r1�messagerrr r3�sz
logger.logc			Cs|j||||||||�dS)N)r3)	rr+r,r#r-r.r/r0r1rrr r4�szlogger.log_removecCs|jjd|�dS)Nz %s)rr')rr+rrr r6�szlogger.log_changecCs8|dkrd}nd}x |jD]}tjtj||�qWdS)N�zSuccessful: zFailed: )r�syslogZLOG_INFO)rr7r<rrrr r8�s
z
logger.commitN)rrrrrrr)rrrrrrr)r9r:r;r!r3r4r6r8rrrr r�s


c@s0eZdZddd�Zddd�Zdd�Zdd	�Zd
S)
�
nullloggerrc		CsdS)Nr)	rr+r,r#r-r.r/r0r1rrr r3�sznulllogger.logc		CsdS)Nr)	rr+r,r#r-r.r/r0r1rrr r4�sznulllogger.log_removecCsdS)Nr)rr+rrr r6�sznulllogger.log_changecCsdS)Nr)rr7rrr r8�sznulllogger.commitN)rrrrrrr)rrrrrrr)r9r:r;r3r4r6r8rrrr r?�s

r?cCsXd}d}|d|d}|d|d}|d|dd|d}tjd	|d
|�S)Nzs[0-9]*zc[0-9]*z(\.z)?z(\,z)*z(-z(:�^�$)�re�search)�rawZsensitivity�categoryZ	cat_rangeZ
categoriesZregrrr �validate_level�srFr=cCs`d}|dkrd||f}n|}tj|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdS)Nza:b:c:r=z%s%srr)�selinuxZselinux_raw_to_trans_context�len)rD�prepend�filler�context�rc�transrrr �	translate�srNcCs`d}|dkrd||f}n|}tj|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdS)Nza:b:c:r=z%s%srr)rGZselinux_trans_to_raw_contextrH)rMrIrJrKrLrDrrr �untranslate�srOc@sfeZdZdZdZdZdZddd�Zdd�Zdd�Z	d	d
�Z
dd�Zd
d�Zdd�Z
dd�Zdd�ZdS)�semanageRecordsFNcCs�|rt|�tkr||_n||_t|dd�|_|js@t|dd�|_|j|j�|_tj	�\}}|jdksn|j|krxt
�|_n,tj
|j�tjdtj�|jf�t�|_dS)N�noreloadF�storerz%s%s)�typer*rR�args�getattrrQ�
get_handle�shrG�selinux_getpolicytyper�mylog�sepolicyZload_store_policyZselinux_set_policy_rootZselinux_pathr?)rrTrLZ
localstorerrr r!�s
zsemanageRecords.__init__cCs||_dS)N)rQ)r�loadrrr �
set_reload
szsemanageRecords.set_reloadcCs�tjrtjSt�}|s"ttd���tjrD|dkrDt||t�|t_t	|�s`t
|�ttd���t|�}|tkr�t
|�ttd���t
|�}|dkr�t
|�ttd���t|�atdkr�t
|�ttd���|t_tjS)Nz Could not create semanage handlerz:SELinux policy is not managed or store cannot be accessed.zCannot read policy store.rz'Could not establish semanage connectionz!Could not test MLS enabled status)rP�handleZsemanage_handle_create�
ValueErrorr�transactionZsemanage_select_storeZSEMANAGE_CON_DIRECTrRZsemanage_is_managedZsemanage_handle_destroyZsemanage_access_checkZSEMANAGE_CAN_READZsemanage_connectZsemanage_mls_enabled�is_mls_enabled)rrRr]rLrrr rV
s2zsemanageRecords.get_handlecCsttd���dS)NzNot yet implemented)r^r)rrrr �	deleteall1szsemanageRecords.deleteallcCs$tjrttd���|j�dt_dS)Nz(Semanage transaction already in progressT)rPr_r^r�begin)rrrr �start4szsemanageRecords.startcCs,tjr
dSt|j�}|dkr(ttd���dS)Nrz$Could not start semanage transaction)rPr_Zsemanage_begin_transactionrWr^r)rrLrrr rb:s

zsemanageRecords.begincCsttd���dS)NzNot yet implemented)r^r)rrrr �
customizedAszsemanageRecords.customizedcCsVtjr
dS|jrt|jd�t|j�}|dkrF|jjd�tt	d���|jjd�dS)Nrz%Could not commit semanage transactionr=)
rPr_rQZsemanage_set_reloadrWZsemanage_commitrYr8r^r)rrLrrr r8Ds
zsemanageRecords.commitcCs$tjsttd���dt_|j�dS)Nz$Semanage transaction not in progressF)rPr_r^rr8)rrrr �finishPszsemanageRecords.finish)N)r9r:r;r_r]rRrTr!r\rVrarcrbrdr8rerrrr rP�s
$rPc@sPeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dd�Z
dS)�
moduleRecordsNcCstj||�dS)N)rPr!)rrTrrr r!YszmoduleRecords.__init__cCsg}t|j�\}}}|dkr(ttd���x�t|�D]�}t||�}t|j|�\}}|dkrdttd���t|j|�\}}|dkr�ttd���t|j|�\}}	|dkr�ttd���t	|j|�\}}
|dkr�ttd���|j
|||	|
f�q2W|jdd�d	d
�|jdd�d�|S)
NrzCould not list SELinux moduleszCould not get module namezCould not get module enabledzCould not get module priorityzCould not get module lang_extcSs|dS)Nrr)�trrr �<lambda>xsz'moduleRecords.get_all.<locals>.<lambda>T)�key�reversecSs|dS)Nrr)rgrrr rhys)ri)Zsemanage_module_list_allrWr^rr&�semanage_module_list_nthZsemanage_module_info_get_nameZ semanage_module_info_get_enabledZ!semanage_module_info_get_priorityZ!semanage_module_info_get_lang_extr'�sort)rrrL�mlist�number�i�modr,Zenabled�priorityZlang_extrrr �get_all\s,
zmoduleRecords.get_allcCs0|j�}t|�dkrgSdd�dd�|D�D�S)NrcSsg|]}d|d�qS)z-d %srr)�.0�xrrr �
<listcomp>�sz,moduleRecords.customized.<locals>.<listcomp>cSsg|]}|ddkr|�qS)r=rr)rsrgrrr ru�s)rrrH)r�allrrr rd|szmoduleRecords.customizedr=rcCs�|j�}t|�dkrdS|r:tdtd�td�td�f�xL|D]D}|ddkrZtd�}n
|r`q@d}td	|d|d
|d|f�q@WdS)Nrz
%-25s %-9s %s
zModule NameZPriorityZLanguager=ZDisabledrz%-25s %-9s %-5s %s�r)rrrH�printr)r�heading�	locallistrvrgZdisabledrrr �list�s

zmoduleRecords.listcCs`tjj|�sttd�|��t|j|�}|dkr@ttd�|��t|j|�}|dkr\|j�dS)NzModule does not exist: %s rz3Invalid priority %d (needs to be between 1 and 999))	�os�path�existsr^r�semanage_set_default_priorityrWZsemanage_module_install_filer8)rrrqrLrrr �add�szmoduleRecords.addcCs�x�|j�D]�}t|j�\}}|dkr0ttd���t|j||�}|dkrRttd���t|j||�}|dkr
|r~ttd�|��q
ttd�|��q
W|j�dS)NrzCould not create module keyzCould not set module key namezCould not enable module %szCould not disable module %s)�splitZsemanage_module_key_createrWr^rZsemanage_module_key_set_nameZsemanage_module_set_enabledr8)r�module�enable�mrLrirrr �set_enabled�szmoduleRecords.set_enabledcCsnt|j|�}|dkr$ttd�|��x<|j�D]0}t|j|�}|dkr.|dkr.ttd�|��q.W|j�dS)Nrz3Invalid priority %d (needs to be between 1 and 999)rwz*Could not remove module %s (remove failed)���)rrWr^rr��semanage_module_remover8)rr�rqrLr�rrr �delete�szmoduleRecords.deletecCs:dd�dd�|j�D�D�}x|D]}|j|d�q"WdS)NcSsg|]}|d�qS)rr)rsrtrrr ru�sz+moduleRecords.deleteall.<locals>.<listcomp>cSsg|]}|ddkr|�qS)r=rr)rsrgrrr ru�sT)rrr�)rrr�rrr ra�s
zmoduleRecords.deleteall)N)r=r)r9r:r;r!rrrdr{r�r�r�rarrrr rfWs
 
rfc@seZdZddd�Zdd�ZdS)�dontauditClassNcCstj||�dS)N)rPr!)rrTrrr r!�szdontauditClass.__init__cCs8|dkrttd���|j�t|j|dk�|j�dS)N�on�offz'dontaudit requires either 'on' or 'off')r�r�)r^rrbZsemanage_set_disable_dontauditrWr8)rZ	dontauditrrr �toggle�s
zdontauditClass.toggle)N)r9r:r;r!r�rrrr r��s
r�c@sHeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dS)�permissiveRecordsNcCstj||�dS)N)rPr!)rrTrrr r!�szpermissiveRecords.__init__cCsrg}t|j�\}}}|dkr(ttd���xDt|�D]8}t||�}t|�}|r2|jd�r2|j|j	d�d�q2W|S)NrzCould not list SELinux modulesZpermissive_r=)
Zsemanage_module_listrWr^rr&rkZsemanage_module_get_name�
startswithr'r�)rrrLrmrnrorpr,rrr rr�s
zpermissiveRecords.get_allcCsdd�t|j��D�S)NcSsg|]}d|�qS)z-a %sr)rsrtrrr ru�sz0permissiveRecords.customized.<locals>.<listcomp>)�sortedrr)rrrr rd�szpermissiveRecords.customizedr=rcCs�dd�dd�tjtj�D�D�}t|�dkr0dS|rDtdtd��|j�}x|D]}||krRt|�qRWt|�dkrzdS|r�tdtd��x|D]}t|�q�WdS)NcSsg|]}|d�qS)r,r)rs�yrrr ru�sz*permissiveRecords.list.<locals>.<listcomp>cSsg|]}|dr|�qS)Z
permissiver)rsrtrrr ru�srz
%-25s
zBuiltin Permissive TypeszCustomized Permissive Types)rZ�infoZTYPErHrxrrr)rryrzrvrdrgrrr r{�s 

zpermissiveRecords.listcCs�yddlj}Wn tk
r.ttd���YnXd|}d|}t|j|t|�|d�}|dkrf|j�|dkr~ttd�|��dS)Nrz�The sepolgen python module is required to setup permissive domains.
In some distributions it is included in the policycoreutils-devel package.
# yum install policycoreutils-devel
Or similar for your distro.z
permissive_%sz(typepermissive %s)Zcilz?Could not set permissive domain %s (module installation failed))	Zsepolgen.moduler��ImportErrorr^rZsemanage_module_installrWrHr8)rrSr�r,ZmodtxtrLrrr r��szpermissiveRecords.addcCsFx8|j�D],}t|jd|�}|dkr
ttd�|��q
W|j�dS)Nz
permissive_%srz5Could not remove permissive domain %s (remove failed))r�r�rWr^rr8)rr,�nrLrrr r�s
zpermissiveRecords.deletecCs,|j�}t|�dkr(dj|�}|j|�dS)Nr� )rrrH�joinr�)rrrvrrr ras
zpermissiveRecords.deleteall)N)r=r)
r9r:r;r!rrrdr{r�r�rarrrr r��s


r�c@s~eZdZddd�Zdd�Zdd�Zdd	�Zd dd�Zd!d
d�Zdd�Z	dd�Z
dd�Zdd�Zd"dd�Z
dd�Zd#dd�ZdS)$�loginRecordsNcCs(tj||�d|_d|_d|_d|_dS)N)rPr!r/r1r#r.)rrTrrr r!s
zloginRecords.__init__cCs�tj|�\}|_|_|dkr d}t|j�}|j|j�\}\}}|j|�\}\}}	tdkrn|dkrjt|�}n|}t	|j
|�\}}
|dkr�ttd�|��|ddkr�yt
j|dd��Wn$ttd�|dd���YnXn,ytj|�Wnttd�|��YnXt|j
�\}}|dk�r4ttd	�|��t|j
||�}|dk�r\ttd
�|��tdk�r�|dk�r�t|j
||�}|dk�r�ttd�|��t|j
||�}|dk�r�ttd�|��t|j
|
|�}|dk�r�ttd
�|��t|
�t|�dS)NrZuser_ur=rzCould not create a key for %s�%zLinux Group %s does not existzLinux User %s does not existz%Could not create login mapping for %szCould not set name for %szCould not set MLS range for %sz!Could not set SELinux user for %sz"Could not add login mapping for %s)rG�getseuserbynamer/r1�seluserRecordsrT�getr`rO�semanage_seuser_key_createrWr^r�grpZgetgrnam�pwd�getpwnamZsemanage_seuser_createZsemanage_seuser_set_name�semanage_seuser_set_mlsrange�semanage_seuser_set_sename�semanage_seuser_modify_local�semanage_seuser_key_free�semanage_seuser_free)rr,r#r.�rec�userrecr&rLr0r-�k�urrr �__add sP

 




zloginRecords.__addcCsxyL|j�|j|�r4ttd�|�|j|||�n|j|||�|j�Wn&tk
rr}z
|�WYdd}~XnXdS)Nz:Login mapping for %s is already defined, modifying instead)rb�_loginRecords__existsrxr�_loginRecords__modify�_loginRecords__addr8r^)rr,r#r.�errorrrr r�Vs
zloginRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)NrzCould not create a key for %sz2Could not check if login mapping for %s is defined)r�rWr^r�semanage_seuser_existsr�)rr,rLr�r~rrr �__existsdszloginRecords.__existsrc
Cs�tj|�\}|_|_|dkr0|dkr0ttd���t|j�}|j|j�\}\}}|dkrj|j|�\}\}}	n|}	|dkr~||_	n||_	t
|j|�\}}
|dkr�ttd�|��t|j|
�\}}|dkr�ttd�|��|s�ttd�|��t
|j|
�\}}|dk�rttd�|��t|�|_t|�|_tdk�rL|dk�rLt|j|t|��|dk�rlt|j||�||_n|j|_t|j|
|�}|dk�r�ttd	�|��t|
�t|�dS)
NrzRequires seuser or serangerzCould not create a key for %sz2Could not check if login mapping for %s is definedz#Login mapping for %s is not definedzCould not query seuser for %sr=z%Could not modify login mapping for %s)rGr�r/r1r^rr�rTr�r.r�rWr�Zsemanage_seuser_query�semanage_seuser_get_mlsrange�semanage_seuser_get_senamer`r�rOr�r#r�r�r�)
rr,r#r.r�r�r&rLr0r-r�r~r�rrr �__modifypsF





zloginRecords.__modifycCsNy"|j�|j|||�|j�Wn&tk
rH}z
|�WYdd}~XnXdS)N)rbr�r8r^)rr,r#r.r�rrr �modify�szloginRecords.modifyc
Cs*tj|�\}|_|_t|j�}|j|j�\}\}}t|j|�\}}|dkrZt	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t
|j|�}|dkr�t	t
d�|��t|�tjd�\}|_|_|j|j�\}\}}	dS)NrzCould not create a key for %sz2Could not check if login mapping for %s is definedz#Login mapping for %s is not definedz<Login mapping for %s is defined in policy, cannot be deletedz%Could not delete login mapping for %sZ__default__)rGr�r/r1r�rTr�r�rWr^rr�Zsemanage_seuser_exists_localZsemanage_seuser_del_localr�r#r.)
rr,r�r�r&rLr0r�r~r-rrr �__delete�s,
zloginRecords.__deletecCsJy|j�|j|�|j�Wn&tk
rD}z
|�WYdd}~XnXdS)N)rb�_loginRecords__deleter8r^)rr,r�rrr r��s
zloginRecords.deletecCs~t|j�\}}|dkr"ttd���y0|j�x|D]}|jt|��q2W|j�Wn&tk
rx}z
|�WYdd}~XnXdS)NrzCould not list login mappings)�semanage_seuser_list_localrWr^rrbr��semanage_seuser_get_namer8)rrL�ulistr�r�rrr ra�s
zloginRecords.deleteallc
Cs�i}tj�d|_x�tj|j�D]�\}}}||jkr xj|D]b}yHt|d|�}|j�j�jd�}|j	�|d|d|df||<Wq:t
k
r�Yq:Xq:Wq W|S)Nz/logins�/�:r=rwr)rGZselinux_policy_root�logins_pathr|�walk�open�read�rstripr��close�
IndexError)r�ddictr}�dirs�filesr,�fdr�rrr �get_all_logins�s

zloginRecords.get_all_loginsrcCspi}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x,|jD]"}t|�}t|�t|�df||<qFW|S)NrzCould not list login mappingsr)	r�rWr�Zsemanage_seuser_listr^rr�r�r�)rrzr�rLr�r,rrr rr�szloginRecords.get_allcCstg}|jd�}x`t|j��D]P}||drR|jd||d||d|f�q|jd||d|f�qW|S)NTr=z-a -s %s -r '%s' %srz-a -s %s %s)rrr��keysr')rrr�r�rrr rd�s
&zloginRecords.customizedr=c	CsN|j|�}|j�}t|j��}t|j��}t|�dkrFt|�dkrFdStdk�r|rxtdtd�td�td�td�f�x8|D]0}||}td||dt|d�|d	f�q~Wt|�r�td
|j	�x�|D]0}||}td||dt|d�|d	f�q�WnF|�r"tdtd�td�f�x&|D]}td|||df��q(WdS)
Nrr=z
%-20s %-20s %-20s %s
z
Login NamezSELinux Userz
MLS/MCS RangeZServicez%-20s %-20s %-20s %srwz
Local customization in %sz
%-25s %-25s
z%-25s %-25s)
rrr�r�r�rHr`rxrrNr�)	rryrzr�ZldictZlkeysr�r�r�rrr r{s*

$
(
*
zloginRecords.list)N)rr)rr)r)r=r)r9r:r;r!r�r�r�r�r�r�r�rar�rrrdr{rrrr r�s
6
2
	


r�c@s�eZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zgdddfd
d�Zgdddfdd�Z	dd�Z
dd�Zdd�Zd dd�Z
dd�Zd!dd�ZdS)"r�NcCstj||�dS)N)rPr!)rrTrrr r!"szseluserRecords.__init__cCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|j|�\}}|dkrxttd�|��t|�}t|j|�}t|�t	|�||fS)NrzCould not create a key for %sz-Could not check if SELinux user %s is definedzCould not query user for %s)
�semanage_user_key_createrWr^r�semanage_user_exists�semanage_user_query�semanage_user_get_mlsrange�semanage_user_get_roles�semanage_user_key_free�semanage_user_free)rr,rLr�r~r�r.r-rrr r�%szseluserRecords.getcCstdkr4|dkrd}nt|�}|dkr,d}nt|�}t|�dkrPttd�|��t|j|�\}}|dkrxttd�|��t|j�\}}|dkr�ttd�|��t|j||�}|dkr�ttd�|��x6|D].}	t	|j||	�}|dkr�ttd	�|	|f��q�Wtdk�rVt
|j||�}|dk�r.ttd
�|��t|j||�}|dk�rVttd�|��t|j||�}|dk�r�ttd�|	|f��t
|j|�\}}
|dk�r�ttd
�|��t|j||�}|dk�r�ttd�|��t|�t|�|jjd|dj|�|d�dS)Nr=r�s0z%You must add at least one role for %srzCould not create a key for %sz$Could not create SELinux user for %szCould not set name for %szCould not add role %s for %szCould not set MLS range for %szCould not set MLS level for %szCould not add prefix %s for %szCould not extract key for %szCould not add SELinux user %s�seuserr$)r#r-r.)r`rOrHr^rr�rWZsemanage_user_createZsemanage_user_set_name�semanage_user_add_role�semanage_user_set_mlsrange�semanage_user_set_mlslevel�semanage_user_set_prefixZsemanage_user_key_extract�semanage_user_modify_localr�r�rYr3r�)rr,�roles�selevelr.�prefixrLr�r��rrirrr r�5sR






zseluserRecords.__addcCs�yT|j�|j|�r8ttd�|�|j|||||�n|j|||||�|j�Wn2tk
r�}z|jjd�|�WYdd}~XnXdS)Nz5SELinux user %s is already defined, modifying insteadr)	rb�_seluserRecords__existsrxr�_seluserRecords__modify�_seluserRecords__addr8r^rY)rr,r�r�r.r�r�rrr r�ls
zseluserRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)NrzCould not create a key for %sz-Could not check if SELinux user %s is defined)r�rWr^rr�r�)rr,rLr�r~rrr r�yszseluserRecords.__existsrc	Cs@d}d}dj|�}|dkrXt|�dkrX|dkrX|dkrXtdkrLttd���nttd���t|j|�\}	}
|	dkr�ttd�|��t|j|
�\}	}|	dkr�ttd�|��|s�ttd	�|��t|j|
�\}	}|	dkr�ttd
�|��t	|�}t
|j|�\}	}
|	dk�rdj|
�}tdk�r6|dk�r6t|j|t|��tdk�r\|dk�r\t
|j|t|��|dk�rtt|j||�t|�dk�r�x"|
D]}||k�r�t||��q�Wx&|D]}||
k�r�t|j||��q�Wt|j|
|�}	|	dk�r�ttd�|��t|
�t|�dj|j��}dj|j��}|jjd
||||||d�dS)Nrr�rr=z&Requires prefix, roles, level or rangezRequires prefix or roleszCould not create a key for %sz-Could not check if SELinux user %s is definedzSELinux user %s is not definedzCould not query user for %sz Could not modify SELinux user %sr$r�)r#r/r-r.r0r1)r�rHr`r^rr�rWr�r�r�r�r�rOr�r�Zsemanage_user_del_roler�r�r�r�r�rYr3)rr,r�r�r.r�r0r1ZnewrolesrLr�r~r��rlistr�r%rrr r��sV
$







zseluserRecords.__modifycCs^y&|j�|j|||||�|j�Wn2tk
rX}z|jjd�|�WYdd}~XnXdS)Nr)rbr�r8r^rY)rr,r�r�r.r�r�rrr r��szseluserRecords.modifyc	Cs8t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}t|j|�\}}dj	|�}t
|j|�}|dk�rttd�|��t|�t|�|j
jd	|||d
�dS)NrzCould not create a key for %sz-Could not check if SELinux user %s is definedzSELinux user %s is not definedz7SELinux user %s is defined in policy, cannot be deletedzCould not query user for %sr$z Could not delete SELinux user %sr�)r/r1r0)r�rWr^rr�Zsemanage_user_exists_localr�r�r�r�Zsemanage_user_del_localr�r�rYr4)	rr,rLr�r~r�r1r�r0rrr r��s2

zseluserRecords.__deletecCsVy|j�|j|�|j�Wn2tk
rP}z|jjd�|�WYdd}~XnXdS)Nr)rb�_seluserRecords__deleter8r^rY)rr,r�rrr r��s
zseluserRecords.deletecCs�t|j�\}}|dkr"ttd���y0|j�x|D]}|jt|��q2W|j�Wn2tk
r�}z|jjd�|�WYdd}~XnXdS)NrzCould not list login mappings)	�semanage_user_list_localrWr^rrbr��semanage_user_get_namer8rY)rrLr�r�r�rrr ra�s
zseluserRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xh|jD]^}t|�}t|j|�\}}|dkrzttd�|��dj|�}t	|�t
|�t|�|f|t|�<qFW|S)NrzCould not list SELinux usersz Could not list roles for user %sr�)r�rWr�Zsemanage_user_listr^rr�r�r�Zsemanage_user_get_prefixZsemanage_user_get_mlslevelr�)rrzr�rLr�r,r�r�rrr rr�s
$zseluserRecords.get_allcCs�g}|jd�}xvt|j��D]f}||ds8||drh|jd||d||d||d|f�q|jd||d|f�qW|S)NTr=rwz-a -L %s -r %s -R '%s' %srz
-a -R '%s' %s)rrr�r�r')rrr�r�rrr rds
0zseluserRecords.customizedr=c	Cs|j|�}t|�dkrdSt|j��}tdkr�|r|tddtd�td�td�f�tdtd�td	�td
�td�td�f�x�|D]B}td
|||dt||d�t||d�||df�q�WnB|r�tdtd�td�f�x$|D]}td|||df�q�WdS)Nrr=z
%-15s %-10s %-10s %-30srZLabelingzMLS/z%-15s %-10s %-10s %-30s %s
zSELinux UserZPrefixz	MCS Levelz	MCS Rangez
SELinux Rolesz%-15s %-10s %-10s %-30s %srwrz	%-15s %s
z%-15s %s)rrrHr�r�r`rxrrN)rryrzr�r�r�rrr r{s
 *
D
zseluserRecords.list)N)r)r=r)r9r:r;r!r�r�r�r�r�r�r�r�rarrrdr{rrrr r� s
7
8	!


r�c@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�portRecordsNcCsJtj||�y$tttjtjd��dd�|_Wntk
rDYnXdS)NZ	port_typer�types)rPr!r{rZr��	ATTRIBUTE�valid_types�RuntimeError)rrTrrr r!4s
$zportRecords.__init__c
Cs�ttttd�}||j�kr$||}nttd���|dkrDttd���|jd�}t|�dkrlt	|d�}}nt	|d�}t	|d�}|dkr�ttd	���t
|j|||�\}}	|dkr�ttd
�||f��|	|||fS)N)ZtcpZudpZsctpZdccpz0Protocol has to be one of udp, tcp, dccp or sctprzPort is requiredr"r=ri��zInvalid Portz Could not create a key for %s/%s)ZSEMANAGE_PROTO_TCPZSEMANAGE_PROTO_UDPZSEMANAGE_PROTO_SCTPZSEMANAGE_PROTO_DCCPr�r^rr�rH�intZsemanage_port_key_createrW)
r�port�protoZ	protocols�proto_dZports�high�lowrLr�rrr �__genkey;s(

zportRecords.__genkeycCs,tdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}}t|j	�\}	}
|	dkr�ttd�||f��t
|
|�t|
||�t|j	�\}	}|	dkr�ttd�||f��t
|j	|d	�}	|	dkr�ttd
�||f��t|j	|d�}	|	dk�r*ttd�||f��t|j	||�}	|	dk�rVttd
�||f��tdk�r�|dk�r�t|j	||�}	|	dk�r�ttd�||f��t|j	|
|�}	|	dk�r�ttd�||f��t|j	||
�}	|	dk�r�ttd�||f��t|�t|�t|
�|jjd|tj|�d	d||f�dS)Nr=rr�zType is requiredz'Type %s is invalid, must be a port typerzCould not create port for %s/%sz"Could not create context for %s/%s�system_uz,Could not set user in port context for %s/%s�object_rz,Could not set role in port context for %s/%sz,Could not set type in port context for %s/%sz2Could not set mls fields in port context for %s/%sz$Could not set port context for %s/%szCould not add port %s/%sz8resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s)r`rOr^rrZ�get_real_type_namer��_portRecords__genkeyZsemanage_port_createrWZsemanage_port_set_protoZsemanage_port_set_range�semanage_context_create�semanage_context_set_user�semanage_context_set_role�semanage_context_set_type�semanage_context_set_mlsZsemanage_port_set_con�semanage_port_modify_local�semanage_context_free�semanage_port_key_free�semanage_port_freerYr6r
�getprotobyname)rr�r�r.rSr�r�r�r�rLr�conrrr r�WsR







zportRecords.__addcCsX|j�|j||�r<ttd�j||d��|j||||�n|j||||�|j�dS)Nz6Port {proto}/{port} already defined, modifying instead)r�r�)rb�_portRecords__existsrxr�format�_portRecords__modify�_portRecords__addr8)rr�r�r.rSrrr r��szportRecords.addc	CsN|j||�\}}}}t|j|�\}}|dkrBttd�j||d���t|�|S)Nrz1Could not check if port {proto}/{port} is defined)r�r�)r��semanage_port_existsrWr^rr�r�)	rr�r�r�r�r�r�rLr~rrr r��szportRecords.__existsc
Cs�|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}}t|j|�\}	}
|	dkr�ttd�||f��|
s�ttd�||f��t	|j|�\}	}|	dkr�ttd	�||f��t
|�}tdk�r|dk�rd
}nt|j|t|��|dk�r*t
|j||�t|j||�}	|	dk�rVttd�||f��t|�t|�|jjd|tj|�d
d||f�dS)Nrr=zRequires setype or serangezRequires setypez'Type %s is invalid, must be a port typerz(Could not check if port %s/%s is definedzPort %s/%s is not definedzCould not query port %s/%sr�zCould not modify port %s/%sz;resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%sr�r�)r`r^rrZr�r�r�r�rWZsemanage_port_query�semanage_port_get_conr�rOr�r�r�r�rYr6r
r�)
rr�r�r.�setyper�r�r�r�rLr~rr�rrr r��s:




zportRecords.__modifycCs$|j�|j||||�|j�dS)N)rbr�r8)rr�r�r.rrrr r��szportRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|�}t|�}t|�}t|�}d||f}|j	||�\}	}
}}|dkr�ttd�|��t
|j|	�}|dkr�ttd�|��t|	�||kr�|}|jj
d|tj|�f�q0W|j�dS)NrzCould not list the portsz%s-%szCould not create a key for %szCould not delete the port %sz&resrc=port op=delete lport=%s proto=%s)�semanage_port_list_localrWr^rrb�semanage_port_get_proto�semanage_port_get_proto_str�semanage_port_get_low�semanage_port_get_highr��semanage_port_del_localr�rYr6r
r�r8)rrL�plistr�r��	proto_strr�r�Zport_strr�r�rrr ra�s*
zportRecords.deleteallc	Cs�|j||�\}}}}t|j|�\}}|dkr@ttd�||f��|sXttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�|jj	d|t
j|�f�dS)Nrz(Could not check if port %s/%s is definedzPort %s/%s is not definedz2Port %s/%s is defined in policy, cannot be deletedzCould not delete port %s/%sz&resrc=port op=delete lport=%s proto=%s)r�r�rWr^rZsemanage_port_exists_localrr�rYr6r
r�)	rr�r�r�r�r�r�rLr~rrr r��s zportRecords.__deletecCs |j�|j||�|j�dS)N)rb�_portRecords__deleter8)rr�r�rrr r�szportRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xX|jD]N}t|�}t|�}t|�}t	|�}t
|�}	t|�}
t|�}||f||
||	f<qFW|S)NrzCould not list ports)
rrWr�semanage_port_listr^rr�semanage_context_get_type�semanage_context_get_mlsrrrr)rrzr�rLr�r��ctype�levelr�r	r�r�rrr rrs zportRecords.get_allcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x�|jD]�}t|�}t|�}t|�}t	|�}t
|�}	t|�}
||f|j�kr�g|||f<|	|
kr�|||fj
d|	�qF|||fj
d|	|
f�qFW|S)NrzCould not list portsz%dz%d-%d)rrWrrr^rrrrrrrr�r')rrzr�rLr�r�rr�r	r�r�rrr �get_all_by_type s&zportRecords.get_all_by_typecCs�g}|jd�}x�t|j��D]�}|d|dkr8|dnd|d|df}||dr�|jd||d||d|d|f�q|jd||d|d|f�qW|S)NTrr=z%s-%sz-a -t %s -r '%s' -p %s %srwz-a -t %s -p %s %s)rrr�r�r')rrr�r�r�rrr rd8s
,,$zportRecords.customizedr=cCs�|j|�}t|�dkrdSt|j��}|rHtdtd�td�td�f�xV|D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-8s %s
zSELinux Port TypeZProtozPort Numberz%-30s %-8s z%sr=z, %s)rrHr�r�rxr)rryrzr�r�ror�rrrr r{Cs

zportRecords.list)N)r)r)r=r)r9r:r;r�r!r�r�r�r�r�r�rar
r�rrrrdr{rrrr r�0s
:	
*

r�c@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�
ibpkeyRecordsNc
CsXtj||�y:tjtjtj|j��dgd�}tdd�|j	�D��|_
WnYnXdS)NZibpkey_type)�attrscss|]}t|�VqdS)N)r*)rsrgrrr �	<genexpr>Zsz)ibpkeyRecords.__init__.<locals>.<genexpr>)rPr!�setools�	TypeQuery�
SELinuxPolicyrZ�get_store_policyrRr��resultsr�)rrT�qrrr r!VszibpkeyRecords.__init__cCs�|dkrttd���|jd�}t|�dkr>t|dd�}}nt|dd�}t|dd�}|dkrnttd���t|j|||�\}}|dkr�ttd�||f��||||fS)	NrzSubnet Prefix is requiredr"r=ri��zInvalid Pkeyz Could not create a key for %s/%s)r^rr�rHr�Zsemanage_ibpkey_key_createrW)r�pkey�
subnet_prefixZpkeysr�r�rLr�rrr r�^s
zibpkeyRecords.__genkeycCstdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}}t|j	�\}}	|dkr�ttd�||f��t
|j	|	|�t|	||�t|j	�\}}
|dkr�ttd�||f��t
|j	|
d	�}|dk�rttd
�||f��t|j	|
d�}|dk�r0ttd�||f��t|j	|
|�}|dk�r\ttd
�||f��tdk�r�|dk�r�t|j	|
|�}|dk�r�ttd�||f��t|j	|	|
�}|dk�r�ttd�||f��t|j	||	�}|dk�r�ttd�||f��t|
�t|�t|	�dS)Nr=rr�zType is requiredz)Type %s is invalid, must be a ibpkey typerz!Could not create ibpkey for %s/%sz"Could not create context for %s/%sr�z.Could not set user in ibpkey context for %s/%sr�z.Could not set role in ibpkey context for %s/%sz.Could not set type in ibpkey context for %s/%sz4Could not set mls fields in ibpkey context for %s/%sz&Could not set ibpkey context for %s/%szCould not add ibpkey %s/%s)r`rOr^rrZr�r��_ibpkeyRecords__genkeyZsemanage_ibpkey_createrWZ!semanage_ibpkey_set_subnet_prefixZsemanage_ibpkey_set_ranger�r�r�r�r�Zsemanage_ibpkey_set_con�semanage_ibpkey_modify_localr��semanage_ibpkey_key_free�semanage_ibpkey_free)rrrr.rSr�r�r�rLrr�rrr r�qsP







zibpkeyRecords.__addcCsX|j�|j||�r<ttd�j||d��|j||||�n|j||||�|j�dS)Nz@ibpkey {subnet_prefix}/{pkey} already defined, modifying instead)rr)rb�_ibpkeyRecords__existsrxrr��_ibpkeyRecords__modify�_ibpkeyRecords__addr8)rrrr.rSrrr r��szibpkeyRecords.addcCsN|j||�\}}}}t|j|�\}}|dkrBttd�j||d���t|�|S)Nrz;Could not check if ibpkey {subnet_prefix}/{pkey} is defined)rr)r�semanage_ibpkey_existsrWr^rZformnatr)rrrr�r�r�rLr~rrr r��szibpkeyRecords.__existscCsb|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}}t|j|�\}}	|dkr�ttd�||f��|	s�ttd�||f��t	|j|�\}}
|dkr�ttd	�||f��t
|
�}tdko�|dk�r
t|j|t|��|dk�r"t
|j||�t|j||
�}|dk�rNttd
�||f��t|�t|
�dS)Nrr=zRequires setype or serangezRequires setypez)Type %s is invalid, must be a ibpkey typerz*Could not check if ibpkey %s/%s is definedzibpkey %s/%s is not definedzCould not query ibpkey %s/%szCould not modify ibpkey %s/%s)r`r^rrZr�r�rr#rWZsemanage_ibpkey_query�semanage_ibpkey_get_conr�rOr�rrr)rrrr.rr�r�r�rLr~rr�rrr r��s4


zibpkeyRecords.__modifycCs$|j�|j||||�|j�dS)N)rbr!r8)rrrr.rrrr r��szibpkeyRecords.modifyc	Cs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|j|�\}}t|�}t|�}d||f}|j||�\}}}}|dkr�ttd�|��t	|j|�}|dkr�ttd�|��t
|�q0W|j�dS)NrzCould not list the ibpkeysz%s-%szCould not create a key for %szCould not delete the ibpkey %s)�semanage_ibpkey_list_localrWr^rrb�!semanage_ibpkey_get_subnet_prefix�semanage_ibpkey_get_low�semanage_ibpkey_get_highr�semanage_ibpkey_del_localrr8)	rrLr�ibpkeyrr�r�Zpkey_strr�rrr ra�s"
zibpkeyRecords.deleteallcCs�|j||�\}}}}t|j|�\}}|dkr@ttd�||f��|sXttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�dS)Nrz*Could not check if ibpkey %s/%s is definedzibpkey %s/%s is not definedz4ibpkey %s/%s is defined in policy, cannot be deletedzCould not delete ibpkey %s/%s)rr#rWr^rZsemanage_ibpkey_exists_localr)r)rrrr�r�r�rLr~rrr r��szibpkeyRecords.__deletecCs |j�|j||�|j�dS)N)rb�_ibpkeyRecords__deleter8)rrrrrr r�szibpkeyRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xb|jD]X}t|�}t|�}|dkrdqFt|�}t	|j|�\}}t
|�}	t|�}
||f||	|
|f<qFW|S)NrzCould not list ibpkeysZreserved_ibpkey_t)r%rWr�semanage_ibpkey_listr^rr$rr
r&r'r()rrzr�rLr*r�rrrr�r�rrr rrs"zibpkeyRecords.get_allc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x�|jD]�}t|�}t|�}t|j|�\}}t	|�}t
|�}	||f|j�kr�g|||f<||	kr�|||fjd|�qF|||fjd||	f�qFW|S)NrzCould not list ibpkeysz0x%xz	0x%x-0x%x)
r%rWrr,r^rr$rr&r'r(r�r')
rrzr�rLr*r�rrr�r�rrr r,s$zibpkeyRecords.get_all_by_typecCs�g}|jd�}x�t|j��D]�}|d|dkr8|dnd|d|df}||dr�|jd||d||d|d|f�q|jd||d|d|f�qW|S)NTrr=z%s-%sz-a -t %s -r '%s' -x %s %srwz-a -t %s -x %s %s)rrr�r�r')rrr�r�r�rrr rdCs
,,$zibpkeyRecords.customizedr=cCs�|j|�}|j�}t|�dkr"dS|rDtdtd�td�td�f�xZt|�D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-18s %s
zSELinux IB Pkey TypeZ
Subnet_PrefixzPkey Numberz%-30s %-18s z%sr=z, %s)rr�rHrxrr�)rryrzr�r�ror�rrrr r{Os
zibpkeyRecords.list)N)r)r)r=r)r9r:r;r�r!rr"r�r r!r�rar+r�rrrrdr{rrrr rRs
8	
&

rc@s�eZdZgZd dd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
d!dd�Zd"dd�Zdd�Zd#dd�ZdS)$�ibendportRecordsNc
CsXtj||�y:tjtjtj|j��dgd�}tdd�|j	�D��|_
WnYnXdS)NZibendport_type)rcss|]}t|�VqdS)N)r*)rsrgrrr rfsz,ibendportRecords.__init__.<locals>.<genexpr>)rPr!rrrrZrrR�setrr�)rrTrrrr r!bszibendportRecords.__init__cCsp|dkrttd���t|�}|dks,|dkr8ttd���t|j||�\}}|dkrfttd�||f��|||fS)NrzIB device name is required�r=zInvalid Port Numberrz*Could not create a key for ibendport %s/%s)r^rr�Zsemanage_ibendport_key_createrW)r�	ibendport�
ibdev_namer�rLr�rrr r�jszibendportRecords.__genkeyc
Cs
tdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}t|j	�\}}|dkr�ttd�||f��t
|j	||�t||�t|j	�\}}	|dkr�ttd�||f��t
|j	|	d	�}|dkr�ttd
�||f��t|j	|	d�}|dk�r*ttd�||f��t|j	|	|�}|dk�rVttd
�||f��tdk�r�|dk�r�t|j	|	|�}|dk�r�ttd�||f��t|j	||	�}|dk�r�ttd�||f��t|j	||�}|dk�r�ttd�||f��t|	�t|�t|�dS)Nr=rr�zType is requiredz-Type %s is invalid, must be an ibendport typerz$Could not create ibendport for %s/%sz"Could not create context for %s/%sr�z1Could not set user in ibendport context for %s/%sr�z1Could not set role in ibendport context for %s/%sz1Could not set type in ibendport context for %s/%sz7Could not set mls fields in ibendport context for %s/%sz)Could not set ibendport context for %s/%szCould not add ibendport %s/%s)r`rOr^rrZr�r��_ibendportRecords__genkeyZsemanage_ibendport_createrWZ!semanage_ibendport_set_ibdev_nameZsemanage_ibendport_set_portr�r�r�r�r�Zsemanage_ibendport_set_con�semanage_ibendport_modify_localr��semanage_ibendport_key_free�semanage_ibendport_free)
rr0r1r.rSr�r�rLrr�rrr r�xsP







zibendportRecords.__addcCsX|j�|j||�r<ttd�j|td��|j||||�n|j||||�|j�dS)Nz@ibendport {ibdev_name}/{port} already defined, modifying instead)r1r�)	rb�_ibendportRecords__existsrxrr�r��_ibendportRecords__modify�_ibendportRecords__addr8)rr0r1r.rSrrr r��szibendportRecords.addcCsL|j||�\}}}t|j|�\}}|dkr@ttd�j||d���t|�|S)Nrz;Could not check if ibendport {ibdev_name}/{port} is defined)r1r�)r2�semanage_ibendport_existsrWr^rr�r4)rr0r1r�r�rLr~rrr r��szibendportRecords.__existscCs`|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t	|j|�\}}	|dkr�ttd	�||f��t
|	�}
tdko�|dk�rt|j|
t|��|dk�r t
|j|
|�t|j||	�}|dk�rLttd
�||f��t|�t|	�dS)Nrr=zRequires setype or serangezRequires setypez-Type %s is invalid, must be an ibendport typerz-Could not check if ibendport %s/%s is definedzibendport %s/%s is not definedzCould not query ibendport %s/%sz Could not modify ibendport %s/%s)r`r^rrZr�r�r2r9rWZsemanage_ibendport_query�semanage_ibendport_get_conr�rOr�r3r4r5)rr0r1r.rr�r�rLr~rr�rrr r��s4


zibendportRecords.__modifycCs$|j�|j||||�|j�dS)N)rbr7r8)rr0r1r.rrrr r��szibendportRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]~}t|j|�\}}t|�}|jt|�|�\}}}|dkr~ttd�t	|f��t
|j|�}|dkr�ttd�||f��t|�q0W|j�dS)NrzCould not list the ibendportsz Could not create a key for %s/%dz$Could not delete the ibendport %s/%d)
�semanage_ibendport_list_localrWr^rrb�!semanage_ibendport_get_ibdev_name�semanage_ibendport_get_portr2r*Z	ibdevname�semanage_ibendport_del_localr4r8)rrLrr0r1r�r�rrr ra�s
zibendportRecords.deleteallcCs�|j||�\}}}t|j|�\}}|dkr>ttd�||f��|sVttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�dS)Nrz-Could not check if ibendport %s/%s is definedzibendport %s/%s is not definedz7ibendport %s/%s is defined in policy, cannot be deletedz Could not delete ibendport %s/%s)r2r9rWr^rZsemanage_ibendport_exists_localr>r4)rr0r1r�r�rLr~rrr r�szibendportRecords.__deletecCs |j�|j||�|j�dS)N)rb�_ibendportRecords__deleter8)rr0r1rrr r�szibendportRecords.deleterc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xX|jD]N}t|�}t|�}|dkrdqFt|�}t	|j|�\}}t
|�}	||f||	|f<qFW|S)NrzCould not list ibendportsZreserved_ibendport_t)r;rWr�semanage_ibendport_listr^rr:rr
r<r=)
rrzr�rLr0r�rrr1r�rrr rrs zibendportRecords.get_allc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xh|jD]^}t|�}t|�}t|j|�\}}t	|�}||f|j
�kr�g|||f<|||fjd|�qFW|S)NrzCould not list ibendportsz0x%x)r;rWrr@r^rr:rr<r=r�r')	rrzr�rLr0r�rr1r�rrr r/sz ibendportRecords.get_all_by_typecCs�g}|jd�}xtt|j��D]d}||dr\|jd||d||d|d|df�q|jd||d|d|df�qW|S)NTr=z-a -t %s -r '%s' -z %s %srz-a -t %s -z %s %s)rrr�r�r')rrr�r�rrr rdBs
0(zibendportRecords.customizedr=cCs�|j|�}|j�}t|�dkr"dS|rDtdtd�td�td�f�xZt|�D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-18s %s
zSELinux IB End Port TypezIB Device NamezPort Numberz%-30s %-18s z%sr=z, %s)rr�rHrxrr�)rryrzr�r�ror�rrrr r{Ms
zibendportRecords.list)N)r)r)r=r)r9r:r;r�r!r2r8r�r6r7r�rar?r�rrrrdr{rrrr r-^s
7	
&

r-c@s~eZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
ddd�Zdd�Zd dd�ZdS)!�nodeRecordsNcCsTtj||�ddg|_y$tttjtjd��dd�|_Wntk
rNYnXdS)NZipv4Zipv6Z	node_typerr�)	rPr!�protocolr{rZr�r�r�r�)rrTrrr r!`s
$znodeRecords.__init__c	Cs�|}|}d}|dkr ttd���t|�dks8|ddkrztj||�}t|j�}t|j�}|dkrp|jdkrpd}d|j}y|j	j
|�}Wnttd	���YnX|||fS)
NrzNode Address is requiredrr�z0.0.0.0�z::zipv%dzUnknown or missing protocol)r^rrH�	ipaddressZ
ip_networkr*Znetwork_addressZnetmask�versionrB�index)r�addr�maskrBZnewaddrZnewmaskZnewprotocolrorrr �validatehs"


znodeRecords.validatec
	Csp|j|||�\}}}tdkr2|dkr*d}nt|�}|dkrFttd���tj|�}||jkrjttd�|��t|j	|||�\}}|dkr�ttd�|��t
|j	�\}}|dkr�ttd�|��t||�t|j	|||�}t
|j	�\}}	|dkr�ttd	�|��t|j	|||�}|dk�r&ttd
�|��t|j	|	d�}|dk�rNttd�|��t|j	|	d
�}|dk�rvttd�|��t|j	|	|�}|dk�r�ttd�|��tdk�r�|dk�r�t|j	|	|�}|dk�r�ttd�|��t|j	||	�}|dk�rttd�|��t|j	||�}|dk�r*ttd�|��t|	�t|�t|�|jjd||tj|j|�dd
||f�dS)Nr=rr�zSELinux node type is requiredz'Type %s is invalid, must be a node typerzCould not create key for %szCould not create addr for %szCould not create context for %szCould not set mask for %sr�z)Could not set user in addr context for %sr�z)Could not set role in addr context for %sz)Could not set type in addr context for %sz/Could not set mls fields in addr context for %sz!Could not set addr context for %szCould not add addr %szCresrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s)rIr`rOr^rrZr�r��semanage_node_key_createrWZsemanage_node_createZsemanage_node_set_protoZsemanage_node_set_addrr�Zsemanage_node_set_maskr�r�r�r�Zsemanage_node_set_con�semanage_node_modify_localr��semanage_node_key_free�semanage_node_freerYr6r
r�rB)
rrGrHr�r.rrLr��noder�rrr r��s^









znodeRecords.__addcCsX|j�|j|||�r:ttd�|�|j|||||�n|j|||||�|j�dS)Nz*Addr %s already defined, modifying instead)rb�_nodeRecords__existsrxr�_nodeRecords__modify�_nodeRecords__addr8)rrGrHr�r.rrrr r��sznodeRecords.addcCst|j|||�\}}}t|j|||�\}}|dkr@ttd�|��t|j|�\}}|dkrhttd�|��t|�|S)NrzCould not create key for %sz%Could not check if addr %s is defined)rIrJrWr^r�semanage_node_existsrL)rrGrHr�rLr�r~rrr r��sznodeRecords.__existsc	Cs�|j|||�\}}}|dkr0|dkr0ttd���tj|�}|rX||jkrXttd�|��t|j|||�\}}|dkr�ttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t	|j|�\}}	|dkr�ttd�|��t
|	�}
td	k�r|dk�rt|j|
t
|��|dk�r.t|j|
|�t|j||	�}|dk�rVttd
�|��t|�t|	�|jjd||tj|j|�dd
||f�dS)NrzRequires setype or serangez'Type %s is invalid, must be a node typerzCould not create key for %sz%Could not check if addr %s is definedzAddr %s is not definedzCould not query addr %sr=zCould not modify addr %szFresrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%sr�r�)rIr^rrZr�r�rJrWrRZsemanage_node_query�semanage_node_get_conr`r�rOr�rKrLrMrYr6r
r�rB)rrGrHr�r.rrLr�r~rNr�rrr r��s8


znodeRecords.__modifycCs&|j�|j|||||�|j�dS)N)rbrPr8)rrGrHr�r.rrrr r�sznodeRecords.modifycCs
|j|||�\}}}t|j|||�\}}|dkr@ttd�|��t|j|�\}}|dkrhttd�|��|s|ttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|j	j
d||tj|j
|�f�dS)NrzCould not create key for %sz%Could not check if addr %s is definedzAddr %s is not definedz/Addr %s is defined in policy, cannot be deletedzCould not delete addr %sz1resrc=node op=delete laddr=%s netmask=%s proto=%s)rIrJrWr^rrRZsemanage_node_exists_localZsemanage_node_del_localrLrYr6r
r�rB)rrGrHr�rLr�r~rrr r�s&znodeRecords.__deletecCs"|j�|j|||�|j�dS)N)rb�_nodeRecords__deleter8)rrGrHr�rrr r�#sznodeRecords.deletecCstt|j�\}}|dkr"ttd���|j�x<|D]4}|jt|j|�dt|j|�d|jt	|��q0W|j
�dS)Nrz!Could not deleteall node mappingsr=)�semanage_node_list_localrWr^rrbrT�semanage_node_get_addr�semanage_node_get_maskrB�semanage_node_get_protor8)rrLZnlistrNrrr ra(s
4znodeRecords.deleteallrc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xj|jD]`}t|�}t|j|�}t|j|�}|j	t
|�}t|�t|�t
|�t|�f||d|d|f<qFW|S)NrzCould not list addrsr=)rUrW�ilistZsemanage_node_listr^rrSrVrWrBrX�semanage_context_get_user�semanage_context_get_rolerr
)	rrzr�rLrNr�rGrHr�rrr rr2s2znodeRecords.get_allc	Cs�g}|jd�}x�t|j��D]p}||drb|jd|d|d||d||d|df�q|jd|d|d||d|df�qW|S)NTrz-a -M %s -p %s -t %s -r '%s' %sr=rwrz-a -M %s -p %s -t %s %s)rrr�r�r')rrr�r�rrr rdDs
6.znodeRecords.customizedr=cCs|j|�}t|�dkrdSt|j��}|r6tdd�tr�x�|D]r}d}x|D]}|dt|�}qNWtd	|d|d
|d||d||d
||dt||dd
�f�q@WnJxH|D]@}td|d|d
|d||d||d
||df�q�WdS)Nrz%-18s %-18s %-5s %-5s
�
IP Address�Netmask�Protocol�Contextr�	z%-18s %-18s %-5s %s:%s:%s:%s r=rwrFz%-18s %-18s %-5s %s:%s:%s )r\r]r^r_)rrrHr�r�rxr`r*rN)rryrzr�r�r��valZfieldsrrr r{Ns


R
znodeRecords.list)N)r)r=r)r9r:r;r�r!rIrQr�rOrPr�rTr�rarrrdr{rrrr rA\s
B	(


rAc@sreZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zdd�Z	dd�Z
dd�Zddd�Zdd�Z
ddd�ZdS)�interfaceRecordsNcCstj||�dS)N)rPr!)rrTrrr r!cszinterfaceRecords.__init__cCstdkr|dkrd}nt|�}|dkr2ttd���t|j|�\}}|dkrZttd�|��t|j�\}}|dkr�ttd�|��t|j||�}t|j�\}}|dkr�ttd�|��t	|j|d	�}|dkr�ttd
�|��t
|j|d�}|dk�rttd�|��t|j||�}|dk�r*ttd
�|��tdk�rf|dk�rft|j||�}|dk�rfttd�|��t
|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|�t|�t|�|jjd|d	d||f�dS)Nr=rr�zSELinux Type is requiredrzCould not create key for %sz!Could not create interface for %szCould not create context for %sr�z.Could not set user in interface context for %sr�z.Could not set role in interface context for %sz.Could not set type in interface context for %sz4Could not set mls fields in interface context for %sz&Could not set interface context for %sz$Could not set message context for %szCould not add interface %sz4resrc=interface op=add netif=%s tcontext=%s:%s:%s:%s)r`rOr^r�semanage_iface_key_createrWZsemanage_iface_createZsemanage_iface_set_namer�r�r�r�r�Zsemanage_iface_set_ifconZsemanage_iface_set_msgcon�semanage_iface_modify_localr��semanage_iface_key_free�semanage_iface_freerYr6)r�	interfacer.rrLr��ifacer�rrr r�fsT





zinterfaceRecords.__addcCsL|j�|j|�r2ttd�|�|j|||�n|j|||�|j�dS)Nz/Interface %s already defined, modifying instead)rb�_interfaceRecords__existsrxr�_interfaceRecords__modify�_interfaceRecords__addr8)rrgr.rrrr r��s
zinterfaceRecords.addcCs\t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|�|S)NrzCould not create key for %sz*Could not check if interface %s is defined)rcrWr^r�semanage_iface_existsre)rrgrLr�r~rrr r��szinterfaceRecords.__existsc	Cs>|dkr|dkrttd���t|j|�\}}|dkrDttd�|��t|j|�\}}|dkrlttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}tdkr�|dkr�t|j|t	|��|dkr�t
|j||�t|j||�}|dk�rttd	�|��t|�t
|�|jjd
|dd||f�dS)
NrzRequires setype or serangerzCould not create key for %sz*Could not check if interface %s is definedzInterface %s is not definedzCould not query interface %sr=zCould not modify interface %sz7resrc=interface op=modify netif=%s tcontext=%s:%s:%s:%sr�r�)r^rrcrWrlZsemanage_iface_query�semanage_iface_get_ifconr`r�rOr�rdrerfrYr6)	rrgr.rrLr�r~rhr�rrr r��s0
zinterfaceRecords.__modifycCs"|j�|j|||�|j�dS)N)rbrjr8)rrgr.rrrr r��szinterfaceRecords.modifycCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|jj	d|�dS)NrzCould not create key for %sz*Could not check if interface %s is definedzInterface %s is not definedz4Interface %s is defined in policy, cannot be deletedzCould not delete interface %sz"resrc=interface op=delete netif=%s)
rcrWr^rrlZsemanage_iface_exists_localZsemanage_iface_del_localrerYr6)rrgrLr�r~rrr r��s$zinterfaceRecords.__deletecCs|j�|j|�|j�dS)N)rb�_interfaceRecords__deleter8)rrgrrr r��s
zinterfaceRecords.deletecCsRt|j�\}}|dkr"ttd���|j�x|D]}|jt|��q0W|j�dS)Nrz(Could not delete all interface  mappings)�semanage_iface_list_localrWr^rrbrn�semanage_iface_get_namer8)rrLr�rorrr ra�s
zinterfaceRecords.deleteallrcCs~i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x:|jD]0}t|�}t|�t|�t	|�t
|�f|t|�<qFW|S)NrzCould not list interfaces)rorWrYZsemanage_iface_listr^rrmrZr[rr
rp)rrzr�rLrgr�rrr rr	s(zinterfaceRecords.get_allcCstg}|jd�}x`t|j��D]P}||drR|jd||d||d|f�q|jd||d|f�qW|S)NTrz-a -t %s -r '%s' %srwz-a -t %s %s)rrr�r�r')rrr�r�rrr rd	s
&zinterfaceRecords.customizedr=c
Cs�|j|�}t|�dkrdSt|j��}|rBtdtd�td�f�tr�x�|D]@}td|||d||d||dt||dd	�f�qLWn:x8|D]0}td
|||d||d||df�q�WdS)Nrz	%-30s %s
zSELinux Interfacer_z%-30s %s:%s:%s:%s r=rwrFz%-30s %s:%s:%s )rrrHr�r�rxrr`rN)rryrzr�r�r�rrr r{	s

B
zinterfaceRecords.list)N)r)r=r)r9r:r;r!rkr�rirjr�rnr�rarrrdr{rrrr rbas
:	"


rbc@s�eZdZgZd(dd�Zdd�Zdd�Zdd	�Zd)dd�Zd
d�Z	d*dd�Z
d+dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zd,d!d"�Zd#d$�Zd-d&d'�ZdS).�fcontextRecordsNcCs�tj||�yLtttjtjd��dd�|_|jtttjtjd��dd�7_Wntk
rlYnXi|_i|_	d|_
ydttj
�d�}xH|j�D]<}|j�}t|�dkr�q�|jd�r�q�|j�\}}||j|<q�W|j�Wntk
r�YnXynttj�d�}xR|j�D]F}|j�}t|�dk�r2�q|jd��rB�q|j�\}}||j	|<�qW|j�Wntk
�r~YnXdS)NZ	file_typerr�Zdevice_nodeFr��#)rPr!r{rZr�r�r�r��equiv�
equiv_dist�	equal_indr�rG�selinux_file_context_subs_path�	readlines�striprHr�r�r��IOErrorZ#selinux_file_context_subs_dist_path)rrTr�ro�target�
substituterrr r!1	sF ,
zfcontextRecords.__init__c
Cs�|jr�tj�}d|}t|d�}x*|jj�D]}|jd||j|f�q,W|j�ytj	|tj
|�t
j�WnYnXtj||�d|_t
j|�dS)Nz%s.tmp�wz%s %s
F)rurGrvr�rsr��writer�r|�chmod�stat�ST_MODE�renamerPr8)rZ	subs_fileZtmpfiler�rzrrr r8W	s
zfcontextRecords.commitcCsL|j�|dkr,|d
dkr,ttd�|��|dkrP|ddkrPttd�|��||jj�kr�ttd�|�||j|<d|_|jjdt	j
d|d	�t	j
d
|d	�f�|j�dS|j|�xJ|j|j
fD]:}x4|D],}|j|d�r�ttd�||||f��q�Wq�W|jjdt	j
d|d	�t	j
d
|d	�f�||j|<d|_|j�dS)Nr�r=z=Target %s is not valid. Target is not allowed to end with '/'zESubstitute %s is not valid. Substitute is not allowed to end with '/'z:Equivalence class for %s already exists, modifying insteadTz$resrc=fcontext op=modify-equal %s %s�sglobr�tglobz4File spec %s conflicts with equivalency rule '%s %s'z!resrc=fcontext op=add-equal %s %s���r�)rbr^rrsr�rxrurYr6r�audit_encode_nv_stringr8rIrtr�)rrzr{�fdictrorrr �	add_equalg	s*
(

"(
zfcontextRecords.add_equalcCsj|j�||jj�kr&ttd�|��||j|<d|_|jjdtj	d|d�tj	d|d�f�|j
�dS)Nz'Equivalence class for %s does not existTz$resrc=fcontext op=modify-equal %s %sr�rr�)rbrsr�r^rrurYr6rr�r8)rrzr{rrr �modify_equal�	s
(zfcontextRecords.modify_equalr�cCs�t|j�\}}|dkr&ttd�|��|dkr2d}t|j||�}|dkrXttd�|��t|j|d�}|dkr~ttd�|��tdkr�t|j|d	�}|dkr�ttd
�|��|S)NrzCould not create context for %srr�z)Could not set user in file context for %sr�z)Could not set role in file context for %sr=r�z/Could not set mls fields in file context for %s)r�rWr^rr�r�r`r�)rrzr�rLr�rrr �	createcon�	s zfcontextRecords.createconcCs�|dks|jd�dkr"ttd���|jd�d
kr<ttd���x^|j|jfD]N}xH|D]@}|j|d�rTtj||||�}ttd	�|||||f��qTWqJWdS)Nr�
rzInvalid file specificationr�r=z)File specification can not include spacesr�zMFile spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' insteadr�)�findr^rrsrtr�rB�sub)rrzr�rorgrrr rI�	s
zfcontextRecords.validaterc
Cs�|j|�tdkrt|�}|dkr.ttd���|dkrZtj|�}||jkrZttd�|��t|j	|t
|�\}}|dkr�ttd�|��t|j	�\}}|dkr�ttd�|��t|j	||�}|dk�r\|j
||�}	t|j	|	|�}|dkr�ttd	�|��tdk�r4|dk�r4t|j	|	|�}|dk�r4ttd
�|��t|j	||	�}|dk�r\ttd�|��t|t
|�t|j	||�}|dk�r�ttd�|��|dk�r�t|	�t|�t|�|�s�d
}|jjdtjd|d�t||d||f�dS)Nr=rzSELinux Type is requiredz<<none>>z1Type %s is invalid, must be a file or device typerzCould not create key for %sz$Could not create file context for %sz)Could not set type in file context for %sz/Could not set mls fields in file context for %sz!Could not set file context for %sz!Could not add file context for %sr�z6resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%sr�r�)rIr`rOr^rrZr�r��semanage_fcontext_key_createrW�
file_typesZsemanage_fcontext_createZsemanage_fcontext_set_exprr�r�r��semanage_fcontext_set_conZsemanage_fcontext_set_type�semanage_fcontext_modify_localr��semanage_fcontext_key_free�semanage_fcontext_freerYr6rr��ftype_to_audit)
rrzrS�ftyper.r�rLr��fcontextr�rrr r��	sN







zfcontextRecords.__addcCsV|j�|j||�r8ttd�|�|j|||||�n|j|||||�|j�dS)Nz6File context for %s already defined, modifying instead)rb�_fcontextRecords__existsrxr�_fcontextRecords__modify�_fcontextRecords__addr8)rrzrSr�r.r�rrr r��	szfcontextRecords.addcCs�t|j|t|�\}}|dkr.ttd�|��t|j|�\}}|dkrVttd�|��|s�t|j|�\}}|dkr�ttd�|��t|�|S)NrzCould not create key for %sz1Could not check if file context for %s is defined)r�rWr�r^r�semanage_fcontext_exists�semanage_fcontext_exists_localr�)rrzr�rLr�r~rrr r��	szfcontextRecords.__existscCs�|dkr$|dkr$|dkr$ttd���|dkrPtj|�}||jkrPttd�|��|j|�t|j|t|�\}}|dkr�ttd�|��t	|j|�\}}|dkr�ttd�|��|r�yt
|j|�\}}	Wn$tk
r�ttd�|��YnXn|t|j|�\}}|dk�rttd�|��|�s0ttd	�|��yt
|j|�\}}	Wn&tk
�rjttd�|��YnX|dk�rt|	�}
|
dk�r�|j|�}
td
k�r�|dk�r�t|j|
t|��|dk�r�t|j|
|�|dk�r�t|j|
|�t|j|	|
�}|dk�r:ttd�|��n(t|j|	d�}|dk�r:ttd�|��t|j||	�}|dk�rbttd�|��t|�t|	�|�s|d
}|jjdtjd|d�t||d||f�dS)Nrz"Requires setype, serange or seuser�<<none>>z1Type %s is invalid, must be a file or device typerzCould not create a key for %sz1Could not check if file context for %s is definedz#Could not query file context for %sz"File context for %s is not definedr=z!Could not set file context for %sz$Could not modify file context for %sr�z9resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%sr�r�)rr�)r^rrZr�r�rIr�rWr�r�Zsemanage_fcontext_query�OSErrorr�Zsemanage_fcontext_query_local�semanage_fcontext_get_conr�r`r�rOr�r�r�r�r�r�rYr6rr�r�)rrzrr�r.r�rLr�r~r�r�rrr r�
sf











zfcontextRecords.__modifycCs&|j�|j|||||�|j�dS)N)rbr�r8)rrzrr�r.r�rrr r�C
szfcontextRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|�}t|�}t|�}t|j|t	|�\}}|dkrzttd�|��t
|j|�}|dkr�ttd�|��t|�|jj
dtjd|d�tt|f�q0Wi|_d|_|j�dS)Nrz Could not list the file contextszCould not create a key for %sz$Could not delete the file context %sz$resrc=fcontext op=delete %s ftype=%sr�T)�semanage_fcontext_list_localrWr^rrb�semanage_fcontext_get_expr�semanage_fcontext_get_type�semanage_fcontext_get_type_strr�r��semanage_fcontext_del_localr�rYr6rr�r��file_type_str_to_optionrsrur8)rrL�flistr�rzr��	ftype_strr�rrr raH
s&
*zfcontextRecords.deleteallcCs:||jj�kr>|jj|�d|_|jjdtjd|d��dSt|j	|t
|�\}}|dkrlttd�|��t
|j	|�\}}|dkr�ttd�|��|s�t|j	|�\}}|dkr�ttd�|��|r�ttd�|��nttd�|��t|j	|�}|dk�rttd	�|��t|�|jjd
tjd|d�t|f�dS)NTz!resrc=fcontext op=delete-equal %sr�rzCould not create a key for %sz1Could not check if file context for %s is definedz;File context for %s is defined in policy, cannot be deletedz"File context for %s is not definedz$Could not delete file context for %sz$resrc=fcontext op=delete %s ftype=%s)rsr��poprurYr6rr�r�rWr�r^rr�r�r�r�r�)rrzr�rLr�r~rrr r�b
s.
zfcontextRecords.__deletecCs |j�|j||�|j�dS)N)rb�_fcontextRecords__deleter8)rrzr�rrr r��
szfcontextRecords.deletercCs|rt|j�\}|_n�t|j�\}|_|dkr:ttd���t|j�\}}|dkr\ttd���t|j�\}}|dkr~ttd���|j|7_|j|7_i}xd|jD]Z}t|�}t|�}t	|�}	t
|�}
|
r�t|
�t|
�t
|
�t|
�f|||	f<q�|
|||	f<q�W|S)NrzCould not list file contextsz1Could not list file contexts for home directoriesz"Could not list local file contexts)r�rWr�Zsemanage_fcontext_listr^rZsemanage_fcontext_list_homedirsr�r�r�r�rZr[rr
)rrzrLZ
fchomedirsZfclocalr�r��exprr�r�r�rrr rr�
s.&zfcontextRecords.get_allcCs�g}|jd�}x�|j�D]t}||r||drd|jdt|d||d||d|df�q|jdt|d||d|df�qWt|j�r�x*|jj�D]}|jd|j||f�q�W|S)	NTrz-a -f %s -t %s -r '%s' '%s'r=rwrz-a -f %s -t %s '%s'z-a -e %s %s)rrr�r'r�rHrs)rr�	fcon_dictr�rzrrr rd�
s
4,
zfcontextRecords.customizedr=cCs�|j|�}t|�dk�r|r:tdtd�td�td�f�|rH|j�}nt|j��}x�|D]�}||r�tr�td|d|d||d||d||dt||d	d
�f�n6td|d|d||d||d||df�qZtd|d|df�qZWt|j��rV|�sV|�r*ttd
��x*|jj�D]}td||j|f��q6Wt|j	��r�|�rtttd��x*|j	j�D]}td||j	|f��q�WdS)Nrz%-50s %-18s %s
zSELinux fcontextrSr_z%-50s %-18s %s:%s:%s:%s r=rwrFz%-50s %-18s %s:%s:%s z%-50s %-18s <<None>>z,
SELinux Distribution fcontext Equivalence 
z%s = %sz%
SELinux Local fcontext Equivalence 
)
rrrHrxrr�r�r`rNrtrs)rryrzr�Zfkeysr�rzrrr r{�
s0


H8zfcontextRecords.list)N)r�)rrr�)rrr�)r)r=r)r9r:r;r�r!r8r�r�r�rIr�r�r�r�r�rar�r�rrrdr{rrrr rq-	s$
&

6
	C!
 rqc@sleZdZddd�Zdd�Zddd�Zd	d
�Zdd�Zd
d�Zddd�Z	dd�Z
dd�Zdd�Zddd�Z
dS)�booleanRecordsNc	Cs�tj||�i|_d|jd<d|jd<d|jd<d|jd<d|jd<d|jd<ytj�\}|_tj�\}}Wng|_d}YnX|jd	ks�|j|kr�d
|_nd|_dS)Nr=ZTRUErZFALSEZONZOFF�1�0rTF)	rPr!�dictrGZsecurity_get_boolean_names�current_booleansrXrR�modify_local)rrTrLZptyperrr r!�
s"






zbooleanRecords.__init__cCsLtj|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|j�|j	kr�t
||j	|j��nttd�dj|j	j����|j
o�||jk�rt|j||�}|dk�rttd�|��t|j||�}|dk�r8ttd	�|��t|�t|�dS)
NrzCould not create a key for %sz(Could not check if boolean %s is definedzBoolean %s is not definedzCould not query file context %sz0You must specify one of the following values: %sz, z(Could not set active value of boolean %szCould not modify boolean %s)rG�selinux_boolean_sub�semanage_bool_key_createrWr^r�semanage_bool_existsZsemanage_bool_query�upperr�Zsemanage_bool_set_valuer�r�r�r�Zsemanage_bool_set_activeZsemanage_bool_modify_local�semanage_bool_key_freeZsemanage_bool_free)rr,�valuerLr�r~rrrr Z__mod�
s0


zbooleanRecords.__modFcCs�|j�|r�t|�}x||j�jd�D]j}|j�}t|�dkr>q$y|jd�\}}Wn(tk
rxttd||f���YnX|j|j�|j��q$W|j	�n|j||�|j
�dS)Nr�r�=zBad format %s: Record %s)rbr�r�r�rxrHr^r�_booleanRecords__modr�r8)rr,r��use_filer�rZboolnamerarrr r�s
zbooleanRecords.modifycCs�tj|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t	|�dS)NrzCould not create a key for %sz(Could not check if boolean %s is definedzBoolean %s is not definedz2Boolean %s is defined in policy, cannot be deletedzCould not delete boolean %s)
rGr�r�rWr^rr�Zsemanage_bool_exists_localZsemanage_bool_del_localr�)rr,rLr�r~rrr r�#s$
zbooleanRecords.__deletecCs|j�|j|�|j�dS)N)rb�_booleanRecords__deleter8)rr,rrr r�;s
zbooleanRecords.deletecCsZt|j�\}|_|dkr$ttd���|j�x |jD]}t|�}|j|�q4W|j�dS)NrzCould not list booleans)	�semanage_bool_list_localrW�blistr^rrb�semanage_bool_get_namer�r8)rrL�booleanr,rrr ra@szbooleanRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x~|jD]t}g}t|�}|jt|��|j	r�||j
kr�|jtj|��|jtj
|��n|j|d�|j|d�|||<qFW|S)NrzCould not list booleans)r�rWr�Zsemanage_bool_listr^rr�r'Zsemanage_bool_get_valuer�r�rGZsecurity_get_boolean_pendingZsecurity_get_boolean_active)rrzr�rLr�r�r,rrr rrMs"zbooleanRecords.get_allcCstj|�}tj|�S)N)rGr�rZZboolean_desc)rr,rrr �get_descds
zbooleanRecords.get_desccCstj|�}tj|�S)N)rGr�rZZboolean_category)rr,rrr �get_categoryhs
zbooleanRecords.get_categorycCsJg}|jd�}x6t|j��D]&}||r|jd||d|f�qW|S)NTz	-m -%s %srw)rrr�r�r')rrr�r�rrr rdls
zbooleanRecords.customizedTcCs�td�td�f}|rX|j|�}x4t|j��D]$}||r,td|||df�q,WdS|j|�}t|�dkrrdS|r�tdtd�td�td	�td
�f�xNt|j��D]>}||r�td||||d|||d|j|�f�q�WdS)Nr�r�z%s=%srwrz%-30s %s  %s %s
zSELinux booleanZStateZDefaultZDescriptionz%-30s (%-5s,%5s)  %s)rrrr�r�rxrHr�)rryrzr�Zon_offr�r�rrr r{ts

$zbooleanRecords.list)N)NF)r)TFF)r9r:r;r!r�r�r�r�rarrr�r�rdr{rrrr r��
s


r�)r)r=)r=)9r�r�rGr|rBr(rr
r5ZPROGNAMErZrrD�gettext�kwargs�version_infoZinstall�builtinsr*�__dict__r�Z__builtin__rr>r�ZSEMANAGE_FCONTEXT_ALLZSEMANAGE_FCONTEXT_REGZSEMANAGE_FCONTEXT_DIRZSEMANAGE_FCONTEXT_CHARZSEMANAGE_FCONTEXT_BLOCKZSEMANAGE_FCONTEXT_SOCKZSEMANAGE_FCONTEXT_LINKZSEMANAGE_FCONTEXT_PIPEr�r�rZaudit_closerrr�r?rFrNrOrPrfr�r�r�r�r�rr-rArbrqr�rrrr �<module>s�
$$	

ik
H$M.
Name	Type	Size	Permission
_version.cpython-36.opt-1.pyc	File	134 B	0644
_version.cpython-36.pyc	File	134 B	0644
configargparse.cpython-36.opt-1.pyc	File	29.67 KB	0644
configargparse.cpython-36.pyc	File	29.67 KB	0644
configobj.cpython-36.opt-1.pyc	File	57.59 KB	0644
configobj.cpython-36.pyc	File	57.8 KB	0644
decorator.cpython-36.opt-1.pyc	File	12.05 KB	0644
decorator.cpython-36.pyc	File	12.14 KB	0644
distro.cpython-36.opt-1.pyc	File	35.37 KB	0644
distro.cpython-36.pyc	File	35.44 KB	0644
easy_install.cpython-36.opt-1.pyc	File	259 B	0644
easy_install.cpython-36.pyc	File	259 B	0644
hwdata.cpython-36.opt-1.pyc	File	5.01 KB	0644
hwdata.cpython-36.pyc	File	5.01 KB	0644
jsonpatch.cpython-36.opt-1.pyc	File	21.58 KB	0644
jsonpatch.cpython-36.pyc	File	21.58 KB	0644
jsonpointer.cpython-36.opt-1.pyc	File	8.43 KB	0644
jsonpointer.cpython-36.pyc	File	8.54 KB	0644
magic.cpython-36.opt-1.pyc	File	9.24 KB	0644
magic.cpython-36.pyc	File	9.24 KB	0644
prettytable.cpython-36.opt-1.pyc	File	43.36 KB	0644
prettytable.cpython-36.pyc	File	44.03 KB	0644
pyparsing.cpython-36.opt-1.pyc	File	196.32 KB	0644
pyparsing.cpython-36.pyc	File	196.32 KB	0644
seobject.cpython-36.opt-1.pyc	File	84.91 KB	0644
seobject.cpython-36.pyc	File	84.91 KB	0644
six.cpython-36.opt-1.pyc	File	24.43 KB	0644
six.cpython-36.pyc	File	24.43 KB	0644
socks.cpython-36.opt-1.pyc	File	22.6 KB	0644
socks.cpython-36.pyc	File	22.6 KB	0644
sockshandler.cpython-36.opt-1.pyc	File	3.59 KB	0644
sockshandler.cpython-36.pyc	File	3.59 KB	0644
validate.cpython-36.opt-1.pyc	File	43.27 KB	0644
validate.cpython-36.pyc	File	43.34 KB	0644
[ Avaa Bypassed ]

Upload:

Command:

Filemanager

Server Info

System Info
