404

# Copyright 2016, Tresys Technology, LLC
# Copyright 2018, Chris PeBenito <pebenito@ieee.org>
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools.  If not, see
# <http://www.gnu.org/licenses/>.
#
from collections import defaultdict, namedtuple

from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper, Wrapper

modified_cat_record = namedtuple("modified_category", ["added_aliases",
                                                       "removed_aliases",
                                                       "matched_aliases"])

modified_sens_record = namedtuple("modified_sensitivity", ["added_aliases",
                                                           "removed_aliases",
                                                           "matched_aliases"])

modified_level_record = namedtuple("modified_level", ["level",
                                                      "added_categories",
                                                      "removed_categories",
                                                      "matched_categories"])


_cats_cache = defaultdict(dict)
_sens_cache = defaultdict(dict)


def category_wrapper_factory(category):
    """
    Wrap category from the specified policy.

    This caches results to prevent duplicate wrapper
    objects in memory.
    """
    try:
        return _cats_cache[category.policy][category]
    except KeyError:
        c = SymbolWrapper(category)
        _cats_cache[category.policy][category] = c
        return c


def sensitivity_wrapper_factory(sensitivity):
    """
    Wrap sensitivity from the specified policy.

    This caches results to prevent duplicate wrapper
    objects in memory.
    """
    try:
        return _sens_cache[sensitivity.policy][sensitivity]
    except KeyError:
        c = SymbolWrapper(sensitivity)
        _sens_cache[sensitivity.policy][sensitivity] = c
        return c


class CategoriesDifference(Difference):

    """Determine the difference in categories between two policies."""

    added_categories = DiffResultDescriptor("diff_categories")
    removed_categories = DiffResultDescriptor("diff_categories")
    modified_categories = DiffResultDescriptor("diff_categories")

    def diff_categories(self):
        """Generate the difference in categories between the policies."""

        self.log.info(
            "Generating category differences from {0.left_policy} to {0.right_policy}".format(self))

        self.added_categories, self.removed_categories, matched_categories = self._set_diff(
            (category_wrapper_factory(c) for c in self.left_policy.categories()),
            (category_wrapper_factory(c) for c in self.right_policy.categories()))

        self.modified_categories = dict()

        for left_category, right_category in matched_categories:
            # Criteria for modified categories
            # 1. change to aliases
            added_aliases, removed_aliases, matched_aliases = self._set_diff(
                left_category.aliases(), right_category.aliases(), unwrap=False)

            if added_aliases or removed_aliases:
                self.modified_categories[left_category] = modified_cat_record(added_aliases,
                                                                              removed_aliases,
                                                                              matched_aliases)

    #
    # Internal functions
    #
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting category differences")
        self.added_categories = None
        self.removed_categories = None
        self.modified_categories = None


class SensitivitiesDifference(Difference):

    """Determine the difference in sensitivities between two policies."""

    added_sensitivities = DiffResultDescriptor("diff_sensitivities")
    removed_sensitivities = DiffResultDescriptor("diff_sensitivities")
    modified_sensitivities = DiffResultDescriptor("diff_sensitivities")

    def diff_sensitivities(self):
        """Generate the difference in sensitivities between the policies."""

        self.log.info(
            "Generating sensitivity differences from {0.left_policy} to {0.right_policy}".
            format(self))

        self.added_sensitivities, self.removed_sensitivities, matched_sensitivities = \
            self._set_diff(
                (sensitivity_wrapper_factory(s) for s in self.left_policy.sensitivities()),
                (sensitivity_wrapper_factory(s) for s in self.right_policy.sensitivities()))

        self.modified_sensitivities = dict()

        for left_sens, right_sens in matched_sensitivities:
            # Criteria for modified sensitivities
            # 1. change to aliases
            added_aliases, removed_aliases, matched_aliases = self._set_diff(
                left_sens.aliases(), right_sens.aliases(), unwrap=False)

            if added_aliases or removed_aliases:
                self.modified_sensitivities[left_sens] = modified_sens_record(added_aliases,
                                                                              removed_aliases,
                                                                              matched_aliases)

    #
    # Internal functions
    #
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting sensitivity differences")
        self.added_sensitivities = None
        self.removed_sensitivities = None
        self.modified_sensitivities = None


class LevelDeclsDifference(Difference):

    """Determine the difference in levels between two policies."""

    added_levels = DiffResultDescriptor("diff_levels")
    removed_levels = DiffResultDescriptor("diff_levels")
    modified_levels = DiffResultDescriptor("diff_levels")

    def diff_levels(self):
        """Generate the difference in levels between the policies."""

        self.log.info(
            "Generating level decl differences from {0.left_policy} to {0.right_policy}".
            format(self))

        self.added_levels, self.removed_levels, matched_levels = \
            self._set_diff(
                (LevelDeclWrapper(s) for s in self.left_policy.levels()),
                (LevelDeclWrapper(s) for s in self.right_policy.levels()))

        self.modified_levels = []

        for left_level, right_level in matched_levels:
            # Criteria for modified levels
            # 1. change to allowed categories
            added_categories, removed_categories, matched_categories = self._set_diff(
                (category_wrapper_factory(c) for c in left_level.categories()),
                (category_wrapper_factory(c) for c in right_level.categories()))

            if added_categories or removed_categories:
                self.modified_levels.append(modified_level_record(
                    left_level, added_categories, removed_categories, matched_categories))

    #
    # Internal functions
    #
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting sensitivity differences")
        self.added_levels = None
        self.removed_levels = None
        self.modified_levels = None


class LevelDeclWrapper(Wrapper):

    """Wrap level declarations to allow comparisons."""

    __slots__ = ("sensitivity")

    def __init__(self, level):
        self.origin = level
        self.sensitivity = sensitivity_wrapper_factory(level.sensitivity)
        self.key = hash(level)

    def __hash__(self):
        return self.key

    def __eq__(self, other):
        # non-MLS policies have no level declarations so there
        # should be no AttributeError possiblity here
        return self.sensitivity == other.sensitivity

    def __lt__(self, other):
        return self.sensitivity < other.sensitivity


class LevelWrapper(Wrapper):

    """Wrap levels to allow comparisons."""

    __slots__ = ("sensitivity", "categories")

    def __init__(self, level):
        self.origin = level
        self.sensitivity = sensitivity_wrapper_factory(level.sensitivity)
        self.categories = set(category_wrapper_factory(c) for c in level.categories())

    def __hash__(self):
        return hash(self.origin)

    def __eq__(self, other):
        try:
            return self.sensitivity == other.sensitivity and \
                self.categories == other.categories
        except AttributeError:
            # comparing an MLS policy to non-MLS policy will result in
            # other being None
            return False

    def __lt__(self, other):
        try:
            return self.sensitivity < other.sensitivity and \
                self.categories < other.categories
        except AttributeError:
            # comparing an MLS policy to non-MLS policy will result in
            # other being None
            return False


class RangeWrapper(Wrapper):

    """
    Wrap ranges to allow comparisons.

    This only compares the low and high levels of the range.
    It does not detect additions/removals/modifications
    to levels between the low and high levels of the range.
    """

    __slots__ = ("low", "high")

    def __init__(self, range_):
        self.origin = range_
        self.low = LevelWrapper(range_.low)
        self.high = LevelWrapper(range_.high)

    def __hash__(self):
        return hash(self.origin)

    def __eq__(self, other):
        try:
            return self.low == other.low and \
                self.high == other.high
        except AttributeError:
            # comparing an MLS policy to non-MLS policy will result in
            # other being None
            return False

    def __lt__(self, other):
        try:
            return self.low < other.low and \
                self.high < other.high
        except AttributeError:
            # comparing an MLS policy to non-MLS policy will result in
            # other being None
            return False
Name	Type	Size	Permission
__pycache__	Folder		0755
__init__.py	File	3.15 KB	0644
bool.py	File	2.83 KB	0644
bounds.py	File	4.1 KB	0644
commons.py	File	2.82 KB	0644
conditional.py	File	1.68 KB	0644
constraints.py	File	8.64 KB	0644
context.py	File	1.89 KB	0644
default.py	File	4.14 KB	0644
descriptors.py	File	1.6 KB	0644
difference.py	File	5.66 KB	0644
fsuse.py	File	3.11 KB	0644
genfscon.py	File	3.25 KB	0644
ibendportcon.py	File	3.28 KB	0644
ibpkeycon.py	File	3.29 KB	0644
initsid.py	File	2.48 KB	0644
mls.py	File	10.31 KB	0644
mlsrules.py	File	4.8 KB	0644
netifcon.py	File	3.71 KB	0644
nodecon.py	File	3.21 KB	0644
objclass.py	File	3.6 KB	0644
polcap.py	File	1.7 KB	0644
portcon.py	File	3.19 KB	0644
properties.py	File	2.33 KB	0644
rbacrules.py	File	6.42 KB	0644
roles.py	File	3.2 KB	0644
terules.py	File	23.71 KB	0644
typeattr.py	File	3.28 KB	0644
types.py	File	4.86 KB	0644
users.py	File	5.4 KB	0644
[ Avaa Bypassed ]

Upload:

Command:

Filemanager

Server Info

System Info
