404

[ Avaa Bypassed ]

Upload:

Command:

elspacio@18.191.171.86: ~ $ 
3

�^�^�@spddlZddlmZmZddlmZddlmZddlm	Z	m
Z
mZddlm
Z
mZdd	lmZdd
lmZddlmZmZddlmZmZdd
lmZed�Zed�Zedddddg�Zeddddg�ZGdd�de�Zedddg�Z edddg�Z!ed ddg�Z"d!d"�Z#d#d$�Z$d%d&�Z%d'd(�Z&d)d*�Z'd+d,�Z(d-d.�Z)Gd/d0�d0e�Z*Gd1d2�d2e�Z+Gd3d4�d4e�Z,dS)5�N)�defaultdict�
namedtuple)�intern)�Enum�)�RuleNotConditional�RuleUseError�TERuleNoFilename)�IoctlSet�
TERuletype�)�conditional_wrapper_factory)�DiffResultDescriptor)�
Difference�Wrapper)�type_wrapper_factory�type_or_attr_wrapper_factory)�class_wrapper_factoryz<<unconditional>>�TrueZmodified_avrule�rule�added_perms�
removed_perms�
matched_permsZmodified_teruleZ
added_defaultZremoved_defaultc@seZdZdZdZdS)�SiderrN)�__name__�
__module__�__qualname__�left�right�rr�/usr/lib64/python3.6/terules.pyr-srZrule_db_side_data�perms�	orig_ruleZ
rule_db_sidesrrZType_dbcCs|tjkr|j}n|j}�x�|D�]�}t}t}y tt|j��}tt|j��}Wnt	k
rbYnX||kr�t
�||<t
�|||<n|||kr�t
�|||<|jj}dd�|j
D�}	t|	|�}
|||}�x.|jj�D�]}|j}
|
|kr�|||
<|
|k�rt
�||
<x�|jj�D]�}|j}||k�r4|||<|||
k�rPt
�||
|<d}d}|||
|k�r�||
||}|j}|j}|tjk�r�|�s�|
}n|j
|	B}|j}t||�}n&|�s�|
}n|j
|	B}|j}t||�}t||�||
||<�qWq�Wq WdS)aP
    Using rule_list, build up rule_db which is a data structure which consists
    of nested dicts that store BOTH the left and the right policies. All of the
    keys are interned strings. The permissions are stored as a set. The basic
    structure is rule_db[cond_exp][block_bool][src][tgt][tclass] = sides
    where:
      cond_exp is a boolean expression
      block_bool is either true or false
      src is the source type
      tgt is the target type
      tclass is the target class
      sides is a named tuple with attributes "left" and "right" referring to the
        left or right policy. Each attribute in the sides named tuple refers to a
        named tuple with attributes "perms" and "orig_rule" which refer to a
        permission set and the original unexpanded rule.
        sides = ((left_perms, left_orig_rule),(right_perms, right_orig_rule))
    There are a few advantages to this structure. First, it takes up way less
    memory. Second, it allows redundant rules to be easily eliminated. And,
    third, it makes it easy to create the added, removed, and modified rules.
    cSsh|]}|�qSrr)�.0�prrr �	<setcomp>csz+_avrule_expand_generator.<locals>.<setcomp>N)rrr�TERULES_UNCONDITIONAL�TERULES_UNCONDITIONAL_BLOCKr�str�conditional�conditional_blockr�dict�tclass�namer!�rule_db_side_data_record�source�expand�targetr"�rule_db_sides_record)�	rule_list�rule_db�type_dbZside�types�unexpanded_rule�cond_exp�
block_boolr,r!�	side_data�block�srcZsrc_str�tgtZtgt_str�	left_side�
right_sideZsidesr$Zorigrrr �_avrule_expand_generator9sd








r@cCsx|tt}�xd|j�D�]V\}}|tkr,q�x@|j�D�]2\}}�x&|j�D�]\}}||krbqN�x|j�D]�\}}	|||kr�qnx�|	j�D]�\}
}|
|||kr�q�||||
}|j}
|j}|jo�|
�r|
j|jj@}|�r|
j|}|�rt||
j�}
nd}
t|
|�|	|
<|jr�|r�|j|jj@}|r�|j|}|�rNt||j�}nd}t|
|�|	|
<q�WqnWqNWq8WqWdS)N)	r&r'�itemsrrr!r.r"r2)r4Zuncond_blockr8�cond_blocksr9r;r<�src_datar=�tgt_datar,r:Zuncond_side_datar>r?�cr$rrr �_av_remove_redundant_rules�sB


rFcCs|g}g}g}�xb|j�D�]T\}}�xH|j�D�]:\}}	�x.|	j�D�] \}
}�x|j�D�]\}}
x�|
j�D]�\}}|jr�|jr�|jj|jj@}|jj|}|jj|}|s�|r�|jj}|j|j|
|j||jj�}|jt||||��qn|j�r(|jj}|j|j|
|j||jj�}|j|�qn|jrn|jj}|j|j|
|j||jj�}|j|�qnWqZWqDWq.WqW|||fS)N)rArrr!r"Zderive_expanded�append�modified_avrule_record)�ruletyper4r5�added�removed�modifiedr8rBr9r;r<rCr=rDr,r:Zcommon_permsZ
left_permsZright_permsZ
original_rulerrrr �_av_generate_diffs�sB




rMcstj����fdd�}|S)z�
    This is a template for the access vector diff functions.

    Parameters:
    ruletype    The rule type, e.g. "allow".
    cs|jjdj�|��|js$|jr,|j�tt�t��}t�}t�|t<t�|tt	<t
jd�t|j�||tj
�t
jd�t|j�||tj�t
jd�t|�t
jd�t�||�\}}}|j
j�|jj�|j�t|dj��|�t|dj��|�t|dj��|�d	S)
z6Generate the difference in rules between the policies.zCGenerating {0} differences from {1.left_policy} to {1.right_policy}zExpanding left policyzExpanding right policyzRemoving redundant rulesz0Generating added, removed, and modified av rulesz
added_{0}szremoved_{0}sz
modified_{0}sN)�log�info�format�_left_te_rules�_right_te_rules�_create_te_rule_lists�type_db_recordr+r&r'�loggingr@rrrrFrM�clear�setattr)�selfr5r4rJrKrL)rIrr �diff�s.







zav_diff_template.<locals>.diff)r�lookup)rIrYr)rIr �av_diff_template�s
#r[c
Cs�t�}x\|D]T}xN|j�D]B}||�}y||j|jO_Wqtk
rZ|||<YqXqWqW|r�tjt�jdj|t	|���|j
�S)z`
    Generator that yields wrapped, expanded, av(x) rules with
    unioned permission sets.
    z/Expanded {0.ruletype} rules for {0.policy}: {1})r+r0r!�KeyErrorrUZ	getLoggerr�debugrP�len�keys)r3ZWrapperClassrAr7Z
expanded_ruleZexpanded_wrapped_rulerrr �_avxrule_expand_generator
s

r`cstj����fdd�}|S)z�
    This is a template for the extended permission access vector diff functions.

    Parameters:
    ruletype    The rule type, e.g. "allowxperm".
    c
	s|jjdj�|��|js$|jr,|j�|jt|j�t�t|j�t�dd�\}}}g}x^|D]V\}}|j|j	|j	dd�\}}}	|s�|rd|j
t|jt
|�t
|�t
dd�|	D����qdWt|dj��tdd�|D���t|dj��td	d�|D���t|d
j��|�dS)z6Generate the difference in rules between the policies.zCGenerating {0} differences from {1.left_policy} to {1.right_policy}F)Zunwrapcss|]}|dVqdS)rNr)r#r$rrr �	<genexpr>Qsz2avx_diff_template.<locals>.diff.<locals>.<genexpr>z
added_{0}scss|]}|jVqdS)N)�origin)r#�arrr raSszremoved_{0}scss|]}|jVqdS)N)rb)r#�rrrr raTsz
modified_{0}sN)rNrOrPrQrRrS�	_set_diffr`�AVRuleXpermWrapperr!rGrHrbr
rW�set)
rXrJrK�matchedrL�	left_rule�
right_rulerrr)rIrr rY3s,

  zavx_diff_template.<locals>.diff)rrZ)rIrYr)rIr �avx_diff_template)s
$rkcstj����fdd�}|S)z�
    This is a template for the type_* diff functions.

    Parameters:
    ruletype    The rule type, e.g. "type_transition".
    cs�|jjdj�|��|js$|jr,|j�|j|j|j�t�|j|j�t��\}}}g}x:|D]2\}}t	|j
�t	|j
�krd|jt||j
|j
��qdWt
|dj��|�t
|dj��|�t
|dj��|�dS)z6Generate the difference in rules between the policies.zCGenerating {0} differences from {1.left_policy} to {1.right_policy}z
added_{0}szremoved_{0}sz
modified_{0}sN)rNrOrPrQrRrSreZ_expand_generator�
TERuleWrapperr�defaultrG�modified_terule_recordrW)rXrJrKrhrLrirj)rIrr rYds"
zte_diff_template.<locals>.diff)rrZ)rIrYr)rIr �te_diff_templateZs
roc@s�eZdZdZed�Zed�Zed�Zed�Z	ed�Z
ed�Zed�Zed�Z
ed�Zed�Zed�Zed�Zed�Zed	�Zed	�Zed	�Zed
�Zed�Zed�Zed�Zed�Zed
�Zed
�Zed
�Zed�Zed�Z ed�Z!ed�Z"ed�Z#ed�Z$ed�Z%ed�Z&e'd�Z(ed�Z)ed�Z*ed�Z+e'd�Z,ed�Z-ed�Z.ed�Z/e'd�Z0ed�Z1ed�Z2ed�Z3e4e5�Z6e4e5�Z7dd�Z8dd�Z9dS)�TERulesDifferencezV
    Determine the difference in type enforcement rules
    between two policies.
    Zallow�diff_allowsZ
auditallow�diff_auditallowsZ
neverallow�diff_neverallowsZ	dontaudit�diff_dontauditsZ
allowxperm�diff_allowxpermsZauditallowxperm�diff_auditallowxpermsZneverallowxperm�diff_neverallowxpermsZdontauditxperm�diff_dontauditxpermsZtype_transition�diff_type_transitionsZtype_change�diff_type_changesZtype_member�diff_type_memberscCs�|jjdj|��x$|jj�D]}|j|jj|�qWx.|jj�D] \}}|jjdjt	|�|��qDW|jjdj|��x$|j
j�D]}|j|jj|�q�Wx.|jj�D] \}}|jjdjt	|�|��q�W|jjd�dS)z$Create rule lists for both policies.z+Building TE rule lists from {0.left_policy}zLoaded {0} {1} rules.z,Building TE rule lists from {0.right_policy}z!Completed building TE rule lists.N)rNr]rPZleft_policyZterulesrQrIrGrAr^Zright_policyrR)rXrrIZrulesrrr rS�sz'TERulesDifference._create_te_rule_listscCs�|jjd�d|_d|_d|_d|_d|_d|_d|_d|_	d|_
d|_d|_d|_
d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_ d|_!d|_"|j#j$�|j%j$�dS)z%Reset diff results on policy changes.zResetting TE rule differencesN)&rNr]�added_allows�removed_allows�modified_allows�added_auditallows�removed_auditallows�modified_auditallows�added_neverallows�removed_neverallows�modified_neverallows�added_dontaudits�removed_dontaudits�modified_dontaudits�added_allowxperms�removed_allowxperms�modified_allowxperms�added_auditallowxperms�removed_auditallowxperms�modified_auditallowxperms�added_neverallowxperms�removed_neverallowxperms�modified_neverallowxperms�added_dontauditxperms�removed_dontauditxperms�modified_dontauditxperms�added_type_transitions�removed_type_transitions�modified_type_transitions�added_type_changes�removed_type_changes�modified_type_changes�added_type_members�removed_type_members�modified_type_membersrQrVrR)rXrrr �_reset_diff�sH
zTERulesDifference._reset_diffN):rrr�__doc__r[rqrr|r}r~rrrr�r�rsr�r�r�rtr�r�r�rkrur�r�r�rvr�r�r�rwr�r�r�rxr�r�r�roryr�r�r�rzr�r�r�r{r�r�r�r�listrQrRrSr�rrrr rp�sbrpc@s4eZdZdZdZdd�Zd	d
�Zdd�Zd
d�ZdS)rfzEWrap extended permission access vector rules to allow set operations.r/r1r,�
xperm_typer!cCsH||_t|j�|_t|j�|_t|j�|_|j|_|j|_t|�|_	dS)N)
rbrr/r1rr,r�r!�hash�key)rXrrrr �__init__szAVRuleXpermWrapper.__init__cCs|jS)N)r�)rXrrr �__hash__szAVRuleXpermWrapper.__hash__cCs|j|jkS)N)r�)rX�otherrrr �__lt__szAVRuleXpermWrapper.__lt__cCs0|j|jko.|j|jko.|j|jko.|j|jkS)N)r/r1r,r�)rXr�rrr �__eq__szAVRuleXpermWrapper.__eq__N)r/r1r,r�r!)	rrrr��	__slots__r�r�r�r�rrrr rfs	rfc@s4eZdZdZdZdd	�Zd
d�Zdd
�Zdd�ZdS)rlz*Wrap type_* rules to allow set operations.r/r1r,r)r*�filenamecCs�||_t|j�|_t|j�|_t|j�|_t|�|_yt|j	�|_	|j
|_
Wn tk
rld|_	d|_
YnXy|j|_Wnt
tfk
r�d|_YnXdS)N)rbrr/r1rr,r�r�r
r)r*rr�rr	)rXrrrr r�)s
zTERuleWrapper.__init__cCs|jS)N)r�)rXrrr r�<szTERuleWrapper.__hash__cCs|j|jkS)N)r�)rXr�rrr r�?szTERuleWrapper.__lt__cCsH|j|jkoF|j|jkoF|j|jkoF|j|jkoF|j|jkoF|j|jkS)N)r/r1r,r)r*r�)rXr�rrr r�BszTERuleWrapper.__eq__N)r/r1r,r)r*r�)	rrrr�r�r�r�r�r�rrrr rl#srl)-rU�collectionsrr�sysr�enumrZ	exceptionrrr	Z	policyrepr
rr)r
Zdescriptorsr�
differencerrr6rrZobjclassrr&r'rHrnrr.r2rTr@rFrMr[r`rkrorprfrlrrrr �<module>s@Z&$01(

Filemanager

DIR : / lib64/ python3.6/ site-packages/ setools/ diff/ __pycache__/
Name Type Size Permission Actions
__init__.cpython-36.opt-1.pyc File 1.99 KB 0644
__init__.cpython-36.pyc File 1.99 KB 0644
bool.cpython-36.opt-1.pyc File 2.12 KB 0644
bool.cpython-36.pyc File 2.12 KB 0644
bounds.cpython-36.opt-1.pyc File 3.42 KB 0644
bounds.cpython-36.pyc File 3.42 KB 0644
commons.cpython-36.opt-1.pyc File 1.82 KB 0644
commons.cpython-36.pyc File 1.82 KB 0644
conditional.cpython-36.opt-1.pyc File 1.42 KB 0644
conditional.cpython-36.pyc File 1.42 KB 0644
constraints.cpython-36.opt-1.pyc File 7.03 KB 0644
constraints.cpython-36.pyc File 7.03 KB 0644
context.cpython-36.opt-1.pyc File 1.45 KB 0644
context.cpython-36.pyc File 1.45 KB 0644
default.cpython-36.opt-1.pyc File 2.85 KB 0644
default.cpython-36.pyc File 2.85 KB 0644
descriptors.cpython-36.opt-1.pyc File 1.07 KB 0644
descriptors.cpython-36.pyc File 1.07 KB 0644
difference.cpython-36.opt-1.pyc File 4.83 KB 0644
difference.cpython-36.pyc File 5 KB 0644
fsuse.cpython-36.opt-1.pyc File 2.64 KB 0644
fsuse.cpython-36.pyc File 2.64 KB 0644
genfscon.cpython-36.opt-1.pyc File 2.73 KB 0644
genfscon.cpython-36.pyc File 2.73 KB 0644
ibendportcon.cpython-36.opt-1.pyc File 2.75 KB 0644
ibendportcon.cpython-36.pyc File 2.75 KB 0644
ibpkeycon.cpython-36.opt-1.pyc File 2.73 KB 0644
ibpkeycon.cpython-36.pyc File 2.73 KB 0644
initsid.cpython-36.opt-1.pyc File 1.86 KB 0644
initsid.cpython-36.pyc File 1.86 KB 0644
mls.cpython-36.opt-1.pyc File 8.62 KB 0644
mls.cpython-36.pyc File 8.62 KB 0644
mlsrules.cpython-36.opt-1.pyc File 3.4 KB 0644
mlsrules.cpython-36.pyc File 3.4 KB 0644
netifcon.cpython-36.opt-1.pyc File 2.76 KB 0644
netifcon.cpython-36.pyc File 2.76 KB 0644
nodecon.cpython-36.opt-1.pyc File 2.64 KB 0644
nodecon.cpython-36.pyc File 2.64 KB 0644
objclass.cpython-36.opt-1.pyc File 2.43 KB 0644
objclass.cpython-36.pyc File 2.43 KB 0644
polcap.cpython-36.opt-1.pyc File 1.44 KB 0644
polcap.cpython-36.pyc File 1.44 KB 0644
portcon.cpython-36.opt-1.pyc File 2.68 KB 0644
portcon.cpython-36.pyc File 2.68 KB 0644
properties.cpython-36.opt-1.pyc File 1.3 KB 0644
properties.cpython-36.pyc File 1.3 KB 0644
rbacrules.cpython-36.opt-1.pyc File 4.85 KB 0644
rbacrules.cpython-36.pyc File 4.85 KB 0644
roles.cpython-36.opt-1.pyc File 2.39 KB 0644
roles.cpython-36.pyc File 2.39 KB 0644
terules.cpython-36.opt-1.pyc File 14.25 KB 0644
terules.cpython-36.pyc File 14.25 KB 0644
typeattr.cpython-36.opt-1.pyc File 2.52 KB 0644
typeattr.cpython-36.pyc File 2.52 KB 0644
types.cpython-36.opt-1.pyc File 3.08 KB 0644
types.cpython-36.pyc File 3.08 KB 0644
users.cpython-36.opt-1.pyc File 3.05 KB 0644
users.cpython-36.pyc File 3.05 KB 0644