3
O+e�U��������������� ���@���s����d�dl�Z�d�dlZd�dlmZmZ�d�dlmZ�d�dlZd�dl m
Z
m
Z
�ddl
m
Z
mZ�ddlmZ�dgZed d
d
d
d
dddg�Zed
ddddg�ZG�dd��d�ZG�dd��d�ZdS�)�����N)�
defaultdict�
namedtuple)�suppress)�
NetworkXError�NetworkXNoPath����)�
EdgeAttrDict�
EdgeAttrList)�
TERuletype�DomainTransitionAnalysis�step�source�target�
transition�
entrypoints�setexec�
dyntransition�
setcurrent�name�
entrypoint�execute�type_transitionc���������������@���s����e�Zd�ZdZd!dd�Zedd���Zejdd���Zed d
���Zejd
d
���Zd
d
��Z d"dd�Z
dd��Z
dd��Z
dd��Z
edd���Zdd��Zdd
��Zd
d
��Zd d ��ZdS�)#r
���zDomain transition analysis.FNc�������������C���s>���t�jt�|�_||�_||�_||�_d|�_d|�_t j
��|�_
d|�_
dS�)zD
Parameter:
policy The policy to analyze.
TN)
�loggingZ getLogger�__name__�log�policy�exclude�reverse�
rebuildgraph�rebuildsubgraph�nxZDiGraph�G�subG)�selfr���r
���r
�����r$����/usr/lib64/python3.6/dta.py�__init__6���s����
z!DomainTransitionAnalysis.__init__c�������������C���s���|�j�S�)N)�_reverse)r#���r$���r$���r%���r
���E���s����z DomainTransitionAnalysis.reversec�������������C���s���t�|�|�_d|�_d�S�)NT)�boolr'���r ���)r#���� directionr$���r$���r%���r
���I���s����
c�������������C���s���|�j�S�)N)�_exclude)r#���r$���r$���r%���r
���N���s����z DomainTransitionAnalysis.excludec����������������s*���|r��fdd�|D����_�ng���_�d��_d�S�)Nc����������������s���g�|�]}��j�j|��qS�r$���)r����
lookup_type)�.0�t)r#���r$���r%����
<listcomp>U���s����z4DomainTransitionAnalysis.exclude.<locals>.<listcomp>T)r*���r ���)r#����typesr$���)r#���r%���r
���R���s����c����������
���c���sj���|�j�j|�}|�j�j|�}|�jr&|�j���|�jjdj||���tt��
�|�j t
j
|�j
||��V��W�dQ�R�X�dS�)a���
Generator which yields one shortest domain transition path
between the source and target types (there may be more).
Parameters:
source The source type.
target The target type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
z8Generating one domain transition path from {0} to {1}...N)
r���r+���r ����_build_subgraphr����info�formatr���r����)_DomainTransitionAnalysis__generate_stepsr ����
shortest_pathr"���)r#���r
���r����sr-���r$���r$���r%���r4���[���s����
z&DomainTransitionAnalysis.shortest_path����c����������
���c���s����|dk�rt�d��|�jj|�}|�jj|�}|�jr6|�j���|�jjdj|||���tt ��.�x&t
j
|�j
|||�D�]}|�j
|�V��qjW�W�dQ�R�X�dS�)a���
Generator which yields all domain transition paths between
the source and target up to the specified maximum path
length.
Parameters:
source The source type.
target The target type.
maxlen Maximum length of paths.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
r���z%Maximum path length must be positive.zIGenerating all domain transition paths from {0} to {1}, max length {2}...N)�
ValueErrorr���r+���r ���r0���r���r1���r2���r���r���r ���Zall_simple_pathsr"���r3���)r#���r
���r����maxlenr5���r-����pathr$���r$���r%���� all_pathsx���s����
z"DomainTransitionAnalysis.all_pathsc����������
���c���sx���|�j�j|�}|�j�j|�}|�jr&|�j���|�jjdj||���tt��,�x$t j
|�j
||�D�]}|�j
|�V��qVW�W�dQ�R�X�dS�)a���
Generator which yields all shortest domain transition paths
between the source and target types.
Parameters:
source The source type.
target The target type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
zBGenerating all shortest domain transition paths from {0} to {1}...N)
r���r+���r ���r0���r���r1���r2���r���r���r ����all_shortest_pathsr"���r3���)r#���r
���r���r5���r-���r9���r$���r$���r%���r;�������s����
z+DomainTransitionAnalysis.all_shortest_pathsc�������������c���s����|�j�j|�}|�jr|�j���|�jjdj||�jr0dnd���tt ��n�xf|�j
j
|�D�]V\}}t
|�j
||�}|�jrx||�}}n
||�}}t
|||j|�j|�|j|j|j�V��qPW�W�dQ�R�X�dS�)aM��
Generator which yields all domain transitions out of a
specified source type.
Parameters:
type_ The starting type.
Yield: generator(steps)
steps A generator that returns the tuple of
source, target, and rules for each
domain transition.
z)Generating all domain transitions {1} {0}zin tozout fromN)r���r+���r ���r0���r���r1���r2���r
���r���r���r"���Z out_edges�Edge�
step_outputr����/_DomainTransitionAnalysis__generate_entrypointsr���r���r���)r#���Ztype_r5���r
���r����edge�
real_source�
real_targetr$���r$���r%����
transitions����s"����
z$DomainTransitionAnalysis.transitionsc�������������C���s���|�j�r|�j���tj|�j�S�)zR
Get the domain transition graph statistics.
Return: str
)r
����
_build_graphr ���r1���r!���)r#���r$���r$���r%���� get_stats����s����z"DomainTransitionAnalysis.get_statsc����������������s�����fdd���j�D��S�)a���
Creates a list of entrypoint, execute, and
type_transition rules for each entrypoint.
Parameter:
data The dictionary of entrypoints.
Return: list of tuple(type, entry, exec, trans)
type The entrypoint type.
entry The list of entrypoint rules.
exec The list of execute rules.
trans The list of type_transition rules.
c����������������s,���g�|�]$}t�|��j|���j|���j|���qS�r$���)�entrypoint_outputr���r���r���)r,����e)r?���r$���r%���r.������s���zCDomainTransitionAnalysis.__generate_entrypoints.<locals>.<listcomp>)r���)r?���r$���)r?���r%���Z__generate_entrypoints����s����
z/DomainTransitionAnalysis.__generate_entrypointsc���������� ���c���s~���xxt�dt|��D�]f}||d��}||�}t|�j||�}|�jrH||�}}n
||�}}t|||j|�j|�|j|j |j
�V��qW�dS�)a��
Generator which yields the source, target, and associated rules
for each domain transition.
Parameter:
path A list of graph node names representing an information flow path.
Yield: tuple(source, target, transition, entrypoints,
setexec, dyntransition, setcurrent)
source The source type for this step of the domain transition.
target The target type for this step of the domain transition.
transition The list of transition rules.
entrypoints Generator which yields entrypoint-related rules.
setexec The list of setexec rules.
dyntranstion The list of dynamic transition rules.
setcurrent The list of setcurrent rules.
r���N)
�range�lenr<���r"���r
���r=���r���r>���r���r���r���)r#���r9���r5���r
���r���r?���r@���rA���r$���r$���r%���Z__generate_steps��s����
z)DomainTransitionAnalysis.__generate_stepsc�������������C���s���|�j�j���dj|�j�|�j�_|�jjdj|�j���tt�}tt�}tdd���}tdd���}tdd���}�x4|�jj ��D��]$}|j
t
j
k�r8|j
dkr�qp|j}|j
dk�r�d |kr�xJtj|jj��|jj���D�].\}} || kr�t|�j�|| d
d
�}
|
jj|��q�W�d
|k�rPxNtj|jj��|jj���D�]2\}} || k�rt|�j�|| d
d
�}
|
jj|���qW�d
|k�r~x"|jj��D�]}||�j|���qfW�d|k�r6x�|jj��D�]}||�j|���q�W�n�d|k�r�x8tj|jj��|jj���D�]
\}} ||�| �j|���q�W�d|k�r�x�tj|jj��|jj���D�]
\}} ||�| �j|���qW�qp|j
t
jkrp|j
dk�rRqp|j}
x<tj|jj��|jj���D�] \}} ||�| �|
�j|���qrW�qpW�g�}
g�}g�}�x�|�j�j��D��]�\}} t|�j�|| �}
d}d}|
j�r�t|| �j
���}t||�j
���}|j
|�}|�sd
}n�x�|D�]�}||k�s4||�|��rh|
j
|��|| �|�7��<�|
j |��||�|�7��<�||�|�| ��r|
j|��||�|�| �7��<��qW�||k�r�|
j j!||���|
j
��r�|
j
��r�d
}nd
}|
j�r�||k�r�|
j"j!||���nd
}nd
}|�r
|�r
|
j|
��n"|�r.|j|
��n|�r�|j|
���q�W�|�j�j#|
��x"|D�]}
|
`|
` |
`
|
`|
` �qVW�x|D�]}
|
`|
`"�qzW�d|�_$d
|�_%|�jjd��|�jj&djt'j(|�j��t'j)|�j�����d�S�)Nz Domain transition graph for {0}.z,Building domain transition graph from {0}...c���������������S���s���t�t�S�)N)r����listr$���r$���r$���r%����<lambda>n��s����z7DomainTransitionAnalysis._build_graph.<locals>.<lambda>c���������������S���s���t�t�S�)N)r���rI���r$���r$���r$���r%���rJ���o��s����c���������������S���s
���t�dd���S�)Nc���������������S���s���t�t�S�)N)r���rI���r$���r$���r$���r%���rJ���r��s����zIDomainTransitionAnalysis._build_graph.<locals>.<lambda>.<locals>.<lambda>)r���r$���r$���r$���r%���rJ���r��s�����process�filer���T)�creater���r���r���r���r���Fz+Completed building domain transition graph.z$Graph stats: nodes: {0}, edges: {1}.)rK���rL���)*r!����clearr2���r���r���r���r1���r���rI���ZterulesZruletyper
���ZallowZtclass�perms� itertools�productr
����expandr���r<���r����appendr���r����default�edges�set�keys�
intersectionr���r���r����extendr����remove_edges_fromr
���r ����debugr ����number_of_nodes�number_of_edges)r#���r���r���r���r���Z
type_transZrulerO���r5���r-���r?���rF����dZ
invalid_edgeZclear_transitionZclear_dyntransitionZ
invalid_transZinvalid_dyntrans�entryZexe�match�mr$���r$���r%���rC���a��s�����
"
"
"
"
$
z%DomainTransitionAnalysis._build_graphc����������
���C���s����g�}x�|�j�j��D�]�\}}t|�j�||�}t|j�}|j|�j��|sBqx8|D�]0}|j|=�|j|=�tt ���|j
|=�W�d�Q�R�X�qHW�|j
�r|j
�r|j
|��qW�|�j�j
|��d�S�)N)r"���rU���r<���rV���r����intersection_updater
���r���r����KeyErrorr���r���rS���rZ���)r#���Z
invalid_edgesr
���r���r?���r���rF���r$���r$���r%���Z
__remove_excluded_entrypoints���s
����
z6DomainTransitionAnalysis.__remove_excluded_entrypointsc�������������C���s����|�j�r|�j���|�jjd��|�jjdj|�j���|�jjdj|�j���|�jrZ|�jjdd�|�_ n
|�jj
��|�_ |�jr�|�j j
|�j��|�j
���d|�_
|�jjd��|�jjdjtj|�j �tj|�j ����d�S�) Nz$Building domain transition subgraph.z
Excluding {0}z
Reverse {0}T)�copyFz.Completed building domain transition subgraph.z'Subgraph stats: nodes: {0}, edges: {1}.)r
���rC���r���r1���r[���r2���r
���r
���r!���r"���rd���Zremove_nodes_from�6_DomainTransitionAnalysis__remove_excluded_entrypointsr ���r ���r\���r]���)r#���r$���r$���r%���r0�����s ����
z(DomainTransitionAnalysis._build_subgraph)FN)r6���)r����
__module__�
__qualname__�__doc__r&����propertyr
����setterr
���r4���r:���r;���rB���rD����
staticmethodr>���r3���rC���re���r0���r$���r$���r$���r%���r
���2���s"���
$ '
^�
c���������������@���sb���e�Zd�ZdZed�Zed�Zed�Zed�Ze d�Z
e d�Z
e d�Z
dd
d
�Z
d
d
��Zdd��ZdS�)r<���aS��
A graph edge. Also used for returning domain transition steps.
Parameters:
graph The NetworkX graph.
source The source type of the edge.
target The target tyep of the edge.
Keyword Parameters:
create (T/F) create the edge if it does not exist.
The default is False.
r���r���r���r���r���r���r���Fc�������������C���sj���||�_�||�_||�_|�j�j||�sf|s.td��n8|�j�j||��d�|�_d�|�_d�|�_d�|�_ d�|�_
d�|�_
d�|�_
d�S�)Nz
Edge does not exist in graph)
r!���r
���r���Zhas_edger7���Zadd_edger���r���r���r���r���r���r���)r#���Zgraphr
���r���rM���r$���r$���r%���r&���E��s
����
z
Edge.__init__c����������������s4���t�|t�r&��fdd�t|jd���D��S���j|�S�d�S�)Nc����������������s���g�|�]}��j�|��qS�r$���)�_index_to_item)r,����i)r#���r$���r%���r.���[��s����z$Edge.__getitem__.<locals>.<listcomp>r6���)�
isinstance�slicerG����indicesrl���)r#����keyr$���)r#���r%����
__getitem__W��s����
zEdge.__getitem__c�������������C���s.���|dkr|�j�S�|dkr
|�jS�tdj|���dS�)z'Return source or target based on index.r���r���z,Invalid index (edges only have 2 items): {0}N)r
���r����
IndexErrorr2���)r#����indexr$���r$���r%���rl���_��s
����zEdge._index_to_itemN)F)r���rf���rg���rh���r ���r���r���r���r���r���r���r���r���r&���rr���rl���r$���r$���r$���r%���r<���.��s���
r<���)rP���r����
collectionsr���r����
contextlibr���Znetworkxr ���Znetworkx.exceptionr���r���Z
descriptorsr���r ���Z policyrepr
����__all__r=���rE���r
���r<���r$���r$���r$���r%����<module>���s2���
�����