3
�h>`����������������
���@���s����d�dl�Z�d�dlmZmZ�e�jedd�edd�dd�Zy
ejZW�n�ek
rX���ej�ZY�nX�d�dlT�d�dl T�d�dl
Z
d�dl
Z
G�d d
��d
e
�ZdS�)
�����N)�parse_config_setting�
get_configZgeneralZi18n_text_domainZi18n_locale_dirT)ZdomainZ localedirZfallback)�*c���������������@���s����e�Zd�ZdZdZdZed�ZdZdZ dd��Z
dd��Z
d d
��Z
d
d
��Z
d
d��Zdd��Zdd��Zdd
��Z
f�fdd�Zdd��Zdd��Zdd��Zd
d
��Zd
S�) �Plugina���
Each plugin object recognizes one or more access denials and
presents a description of the denial to the user. Optionally,
the plugin can provide a suggestion for allowing the access
to the user.
There are four user visible strings that are part of each Plugin
subclass (some or all of these can be changed by the plugin author):
* summary: summary of the denial
* problem_description: detailed description of the denial
* fix_description: description of how to allow the denied access
* fix_cmd: command that can be used to allow the access
All of the strings will have a standard set of substitutions performed.
Each keyword (proceeded by a '$' will be replace by a string) - see
http://docs.python.org/lib/node109.html for more information. The
keywords are:
* $SOURCE_TYPE - type for the source of the avc (usually the
process performing the operation).
* $TARGET_TYPE - type for the target of the avc (the type of
the object).
* $SOURCE_PATH - source of the executable (from the exe or comm
field of the exe). A full path is not always available.
* $TARGET_PATH - path for the target object. A full path is not
always available.
* $TARGET_DIR - path of the containing directory for TARGET_PATH.
Essentially os.path.dirname($TARGET_PATH)
* $TARGET_CLASS - the object class for the target.
* $PERMS - the permissions denied.
* $SOURCE_PACKAGE - name of the package which contains the
executable (from $SOURCE_PATH).
* $PORT_NUMBER - the port number for the connection denied.
Additional subtitutions can be added with set_template_substitutions.
You can also optional pass the name for a single boolean which will be
used to set the $BOOLEAN subtitution into Plugin.__init__.
o
You can also set the level, of the alert, if the plugin believes discovers
a signature of an attack, the level should be set to red
* level: Defines the level of the alert
** yellow default
** red Indicates troubleshooter believes machine is being attacked
** green Indicates a configuration issue. Browser will not display Report Bug button
** white Tells the troubleshooter to ignore the AVC
��zdIf you want to allow $SOURCE_BASE_PATH to have $ACCESS access on the $TARGET_BASE_PATH $TARGET_CLASSz
No defaultc�������������C���s2���t�jdd|�|�_d|�_d|�_d|�_d|�_d|�_d�S�)Nz
^plugins\.r����
���ZyellowF)�re�sub�
analysis_id�priority�levelZfixableZ
button_textZ
report_bug)�self�name��r����
/usr/lib/python3.6/Plugin.py�__init__`���s
����zPlugin.__init__c�������������C���s���d�S�)Nr���)r
����argsr���r���r���� init_argsh���s����zPlugin.init_argsc�������������C���s���|�j�S�)N)�problem_description)r
����avcr���r���r���r����get_problem_descriptionk���s����z
Plugin.get_problem_descriptionc�������������C���s���|�j�S�)N)�if_text)r
���r���r���r���r���r����
get_if_textn���s����zPlugin.get_if_textc�������������C���s���|�j�S�)N)� then_text)r
���r���r���r���r���r����
get_then_textq���s����zPlugin.get_then_textc�������������C���s���|�j�S�)N)�do_text)r
���r���r���r���r���r����
get_do_textt���s����zPlugin.get_do_textc�������������C���s���|�j�S�)N)Zfix_cmd)r
���r���r���r���r���r����
get_fix_cmdw���s����zPlugin.get_fix_cmdc�������������C���s���|�j�S�)N)r���)r
���r���r���r���r���r���r���z���s����c�������������C���s
���t�|�j|�S�)zC
Report a denial and solution to the fault server.
)ZSEPluginr
���)r
���r���r���r���r����report}���s����z
Plugin.reportc�������������C���s���dS�)NFr���)r
���r���r���r���r����analyze����s����zPlugin.analyzec�������������C���s
���||�_�d�S�)N)r
���)r
���r
���r���r���r����
set_priority����s����zPlugin.set_priorityc�������������C���s���|�j�S�)N)r
���)r
���r���r���r����
get_priority����s����zPlugin.get_priorityc�������������C���s*���|j�d�d�d�}tjjd|��r&|S�dS�)N�_r���Z_selinuxz/usr/share/man/man8/%s.8.gzr���)�split�os�path�isfile)r
���r���Zman_pager���r���r����
check_for_man����s����zPlugin.check_for_manN)�__name__�
__module__�
__qualname__�__doc__Zsummaryr���r"���r���r���r���r���r���r���r���r���r
���r
���r
���r ���r ���r!���r'���r���r���r���r���r���,���s&���-
r���)�gettextZsetroubleshoot.configr���r���Z
translationZugettextr"����AttributeErrorZsetroubleshoot.signatureZsetroubleshoot.utilZos.pathr$���r����objectr���r���r���r���r����<module>���s���