KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/21585/root/usr/lib64/python2.4/site-packages/sepolgen/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/21585/root/usr/lib64/python2.4/site-packages/sepolgen/refpolicy.pyo
mò
d&KRc@s dkZdkZdZdZdZdZdZdZddd	d
ddgZhde<de<d	e<d
e<de<de<Z	d
fd„ƒYZ
dfd„ƒYZee
dd„Zdd„ZdLd„Zd„Zdefd„ƒYZdefd„ƒYZdfd„ƒYZdefd„ƒYZdefd „ƒYZd!efd"„ƒYZd#efd$„ƒYZd%efd&„ƒYZd'efd(„ƒYZd)efd*„ƒYZd+efd,„ƒYZd-efd.„ƒYZd/„Z d0e
fd1„ƒYZ!d2e
fd3„ƒYZ"d4e
fd5„ƒYZ#d6e
fd7„ƒYZ$d8e
fd9„ƒYZ%d:e
fd;„ƒYZ&d<e
fd=„ƒYZ'd>efd?„ƒYZ(d@e
fdA„ƒYZ)dBe
fdC„ƒYZ*dDefdE„ƒYZ+dFfdG„ƒYZ,dHfdI„ƒYZ-dJfdK„ƒYZ.dS(MNiiiiiitsourcettargettobjectt
permissiontroletdestinationtNodecBsªtZdZed„Zd„Zd„Zd„Zd„Zd„Z	d„Z
d„Zd	„Zd
„Z
d„Zd„Zd
„Zd„Zd„Zd„Zd„ZRS(sÁBase class objects produced from parsing the reference policy.

    The Node class is used as the base class for any non-leaf
    object produced by parsing the reference policy. This object
    should contain a reference to its parent (or None for a top-level
    object) and 0 or more children.

    The general idea here is to have a very simple tree structure. Children
    are not separated out by type. Instead the tree structure represents
    fairly closely the real structure of the policy statements.

    The object should be iterable - by default over all children but
    subclasses are free to provide additional iterators over a subset
    of their childre (see Interface for example).
    cCs||_g|_d|_dS(N(tparenttselftchildrentNonetcomment(RR((t8/usr/lib64/python2.4/site-packages/sepolgen/refpolicy.pyt__init__Es		cCs
t|iƒS(N(titerRR	(R((Rt__iter__JscCstid„t|ƒƒS(NcCs
t|tƒS(N(t
isinstancetxR(R((Rt<lambda>Ss(t	itertoolstifiltertwalktreeR(R((RtnodesRscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtModule(R((RRVs(RRRR(R((RtmodulesUscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRt	Interface(R((RRYs(RRRR(R((Rt
interfacesXscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtTemplate(R((RR\s(RRRR(R((Rt	templates[scCstid„t|ƒƒS(NcCs
t|tƒS(N(RRt
SupportMacros(R((RR_s(RRRR(R((Rtsupport_macros^scCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtModuleDeclaration(R((RRds(RRRR(R((Rtmodule_declarationscscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRt
InterfaceCall(R((RRgs(RRRR(R((Rtinterface_callsfscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtAVRule(R((RRjs(RRRR(R((RtavrulesiscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtTypeRule(R((RRms(RRRR(R((Rt	typeruleslscCstid„t|ƒƒS(sAIterate over all of the TypeAttribute children of this Interface.cCs
t|tƒS(N(RRt
TypeAttribute(R((RRqsN(RRRR(R((RttypeattributesoscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtRequire(R((RRts(RRRR(R((RtrequiressscCstid„t|ƒƒS(NcCs
t|tƒS(N(RRtRole(R((RRws(RRRR(R((RtrolesvscCs7|iot|iƒd|iƒSn|iƒSdS(Ns
(RRtstrt	to_string(R((Rt__str__ys
cCsd|ii|iƒfS(Ns<%s(%s)>(Rt	__class__t__name__R.(R((Rt__repr__scCsdS(Nt((R((RR.‚s(R1t
__module__t__doc__R
R
RRRRRRR R"R$R&R(R*R,R/R2R.(((RR4s$															tLeafcBs,tZd„Zd„Zd„Zd„ZRS(NcCs
d|_dS(N(R
RR(R((RR
‡scCs7|iot|iƒd|iƒSn|iƒSdS(Ns
(RRR-R.(R((RR/Šs
cCsd|ii|iƒfS(Ns<%s(%s)>(RR0R1R.(R((RR2scCsdS(NR3((R((RR.“s(R1R4R
R/R2R.(((RR6†s			c
cs|o
d}nd}|dfg}	xåt|	ƒdjoÑ|	i|ƒ\}}|o||fVn|Vt	|t
ƒog}t|iƒd}xb|djoT|djpt	|i||ƒo"|i|i||dfƒn|d8}q–W|	i|ƒq)q)WdS(s™Iterate over a Node and its Children.

    The walktree function iterates over a tree containing Nodes and
    leaf objects. The iteration can perform a depth first or a breadth
    first traversal of the tree (controlled by the depthfirst
    paramater. The passed in node will be returned.

    This function will only work correctly for trees - arbitrary graphs
    will likely cause infinite looping.
    iÿÿÿÿiiN(t
depthfirsttindextnodetstacktlentpoptcurtdeptht	showdepthRRtitemsR	tittypeR
tappendtextend(
R9R7R?RBR8R=RAR@R>R:((RRšs(


$"ccs:x3|D]+}|djpt||ƒo|VqqWdS(sIterate over the direct children of a Node.

    The walktree function iterates over the children of a Node.
    Unlike walktree it does note return the passed in node or
    the children of any Node objects (that is, it does not go
    beyond the current level in the tree).
    N(R9RRBR
R(R9RBR((RtwalknodeÀs
t{t}cCsst|ƒ}d}|djotdƒ‚ndi|ƒ}|djo|Sn|dd|d|dSdS(sáConvert a set (or any sequence type) into a string representation
    formatted to match SELinux space separated list conventions.

    For example the list ['read', 'write'] would be converted into:
    '{ read write }'
    R3is"cannot convert 0 len set to stringt iN(R;tstlR-t
ValueErrortjointcont(RIRMRJR-((Rtlist_to_space_strÍs

cCs6t|ƒ}|djotdƒ‚ndi|ƒS(Nis'cannot conver 0 len set to comma strings, (R;RIRJRKRL(RIRJ((Rtlist_to_comma_strÞs
tIdSetcBs&tZdd„Zd„Zd„ZRS(NcCs5|oti||ƒnti|ƒt|_dS(N(tlisttsetR
RtFalset
compliment(RRQ((RR
ès
cCs
t|ƒS(N(RNR(R((Rtto_space_strïscCs
t|ƒS(N(ROR(R((Rtto_comma_stròs(R1R4R
R
RURV(((RRPçs	tSecurityContextcBs8tZdZed„Zd„Zd„Zdd„ZRS(s;An SELinux security context with optional MCS / MLS fields.cCsSti|ƒd|_d|_d|_d|_|dj	o|i	|ƒndS(sßCreate a SecurityContext object, optionally from a string.

        Parameters:
           [context] - string representing a security context. Same format
              as a string passed to the from_string method.
        R3N(
R6R
RtuserRRBtleveltcontextR
tfrom_string(RRZ((RR
÷s
				
cCsš|idƒ}t|ƒdjotd|ƒ‚n|d|_|d|_|d|_t|ƒdjot	i
|ddƒ|_n
d|_dS(	sóParse a string representing a context into a SecurityContext.

        The string should be in the standard format - e.g.,
        'user:role:type:level'.

        Raises ValueError if the string is not parsable as a security context.
        t:is)context string [%s] not in a valid formatiiiR3N(RZtsplittfieldsR;RKRRXRRBtstringRLRY(RRZR^((RR[s


cCsI|i|ijo6|i|ijo#|i|ijo|i|ijS(sCompare two SecurityContext objects - all fields must be exactly the
        the same for the comparison to work. It is possible for the level fields
        to be semantically the same yet syntactically different - in this case
        this function will return false.
        N(RRXtotherRRBRY(RR`((Rt__eq__sts0cCsg|i|i|ig}|idjo"|djo|i|ƒqZn|i|iƒdi|ƒS(s½Return a string representing this security context.

        By default, the string will contiain a MCS / MLS level
        potentially from the default which is passed in if none was
        set.

        Arguments:
           default_level - the default level to use if self.level is an
             empty string.

        Returns:
           A string represening the security context in the form
              'user:role:type:level'.
        R3R\N(	RRXRRBR^RYt
default_levelRCRL(RRcR^((RR.&s
(R1R4R5R
R
R[RaR.(((RRWõs
		tObjectClasscBstZdZdd„ZRS(s"SELinux object class and permissions.

    This class is a basic representation of an SELinux object
    class - it does not represent separate common permissions -
    just the union of the common and class specific permissions.
    It is meant to be convenient for policy generation.
    R3cCs||_tƒ|_dS(N(tnameRRPtperms(RRe((RR
Es	(R1R4R5R
(((RRd=sR'cBs tZdZd„Zd„ZRS(s[SElinux typeattribute statement.

    This class represents a typeattribute statement.
    cCs&ti|ƒd|_tƒ|_dS(NR3(R6R
RRBRPt
attributes(R((RR
Ps
	cCsd|i|iiƒfS(Nstypeattribute %s %s;(RRBRgRV(R((RR.Us(R1R4R5R
R.(((RR'Ks	R+cBstZd„Zd„ZRS(NcCs&ti|ƒd|_tƒ|_dS(NR3(R6R
RRRPttypes(R((RR
Ys
	cCsd|i|iiƒfS(Nsrole %s types %s;(RRRhRV(R((RR.^s(R1R4R
R.(((RR+Xs	tTypecBstZdd„Zd„ZRS(NR3cCs2ti|ƒ||_tƒ|_tƒ|_dS(N(R6R
RReRPRgtaliases(RRe((RR
bs
	cCswd|i}t|iƒdjo|d|iiƒ}nt|iƒdjo|d|iiƒ}n|dS(Nstype %sisalias %ss, %st;(RReRIR;RjRURgRV(RRI((RR.hs
(R1R4R
R.(((RRiast	TypeAliascBstZd„Zd„ZRS(NcCs&ti|ƒd|_tƒ|_dS(NR3(R6R
RRBRPRj(R((RR
qs
	cCsd|i|iiƒfS(Nstypealias %s alias %s;(RRBRjRU(R((RR.vs(R1R4R
R.(((RRlps	t	AttributecBstZdd„Zd„ZRS(NR3cCsti|ƒ||_dS(N(R6R
RRe(RRe((RR
zs
cCsd|iS(Ns
attribute %s;(RRe(R((RR.~s(R1R4R
R.(((RRmysR#cBsGtZdZdZdZdZed„Zd„Zd„Z	d„Z
RS(s»SELinux access vector (AV) rule.

    The AVRule class represents all varieties of AV rules including
    allow, dontaudit, and auditallow (indicated by the flags self.ALLOW,
    self.DONTAUDIT, and self.AUDITALLOW respectively).

    The source and target types, object classes, and perms are all represented
    by sets containing strings. Sets are used to make it simple to add
    strings repeatedly while avoiding duplicates.

    No checking is done to make certain that the symbols are valid or
    consistent (e.g., perms that don't match the object classes). It is
    even possible to put invalid types like '$1' into the rules to allow
    storage of the reference policy interfaces.
    iiicCseti|ƒtƒ|_tƒ|_tƒ|_tƒ|_|i|_	|o|i|ƒndS(N(R6R
RRPt	src_typest	tgt_typestobj_classesRftALLOWt	rule_typetavtfrom_av(RRs((RR
—s
cCs>|i|ijodSn |i|ijodSndSdS(Ntallowt	dontauditt
auditallow(RRrRqt	DONTAUDIT(R((Rt__rule_type_str¡s
cCsw|ii|iƒ|i|ijo|iidƒn|ii|iƒ|ii|iƒ|i	i
|i	ƒdS(sIAdd the access from an access vector to this allow
        rule.
        RN(RRntaddRstsrc_typettgt_typeRoRpt	obj_classRftupdate(RRs((RRt©scCsAd|iƒ|iiƒ|iiƒ|iiƒ|iiƒfS(s«Return a string representation of the rule
        that is a valid policy language representation (assuming
        that the types, object class, etc. are valie).
        s%s %s %s:%s %s;N(Rt_AVRule__rule_type_strRnRURoRpRf(R((RR.µs(R1R4R5RqRxt
AUDITALLOWR
R
RRtR.(((RR#ƒs
		R%cBs;tZdZdZdZdZd„Zd„Zd„ZRS(söSELinux type rules.

    This class is very similar to the AVRule class, but is for representing
    the type rules (type_trans, type_change, and type_member). The major
    difference is the lack of perms and only and sing destination type.
    iiicCsJti|ƒtƒ|_tƒ|_tƒ|_d|_|i|_	dS(NR3(
R6R
RRPRnRoRpt	dest_typetTYPE_TRANSITIONRr(R((RR
Ês
	cCs>|i|ijodSn |i|ijodSndSdS(Nttype_transitionttype_changettype_member(RRrR‚tTYPE_CHANGE(R((RRyÒs
cCs;d|iƒ|iiƒ|iiƒ|iiƒ|ifS(Ns%s %s %s:%s %s;(Rt_TypeRule__rule_type_strRnRURoRpR(R((RR.Ús(	R1R4R5R‚R†tTYPE_MEMBERR
R‡R.(((RR%¿s		t	RoleAllowcBstZd„Zd„ZRS(NcCs)ti|ƒtƒ|_tƒ|_dS(N(R6R
RRPt	src_rolest	tgt_roles(R((RR
âs
cCs d|iiƒ|iiƒfS(Nsallow %s %s;(RRŠRVR‹(R((RR.çs(R1R4R
R.(((RR‰ás	RcBstZd„Zd„ZRS(NcCs,ti|ƒd|_d|_t|_dS(NR3(R6R
RRetversionRSt	refpolicy(R((RR
ìs
		cCs:|iod|i|ifSnd|i|ifSdS(Nspolicy_module(%s, %s)s
module %s %s;(RRReRŒ(R((RR.òs
(R1R4R
R.(((RRës	cCs]xVt|dtƒD]B\}}d}xt|ƒD]}|d}q2W|t|ƒGHqWdS(NR?R3s	(	RtheadtTrueR9R>RItrangeRAR-(RŽR9RAR>RI((Rt
print_treeüs
tHeaderscBstZdd„Zd„ZRS(NcCsti||ƒdS(N(RR
RR(RR((RR
scCsdS(Ns	[Headers]((R((RR.s(R1R4R
R
R.(((RR’sRcBstZdd„Zd„ZRS(NcCsti||ƒdS(N(RR
RR(RR((RR

scCsdS(NR3((R((RR.s(R1R4R
R
R.(((RRsRcBs&tZdZded„Zd„ZRS(sqA reference policy interface definition.

    This class represents a reference policy interface definition.
    R3cCsti||ƒ||_dS(N(RR
RRRe(RReR((RR
scCsd|iS(Ns[Interface name: %s](RRe(R((RR.s(R1R4R5R
R
R.(((RRst
TunablePolicycBstZdd„Zd„ZRS(NcCsti||ƒg|_dS(N(RR
RRt	cond_expr(RR((RR
 scCsdt|iddƒS(Ns[Tunable Policy %s]RMR3(R3R3(RNRR”(R((RR.$s(R1R4R
R
R.(((RR“sRcBs tZddd„Zd„ZRS(NR3cCsti||ƒ||_dS(N(RR
RRRe(RReR((RR
(scCsd|iS(Ns[Template name: %s](RRe(R((RR.,s(R1R4R
R
R.(((RR'stIfDefcBs tZddd„Zd„ZRS(NR3cCsti||ƒ||_dS(N(RR
RRRe(RReR((RR
0scCsd|iS(Ns[Ifdef name: %s](RRe(R((RR.4s(R1R4R
R
R.(((RR•/stConditionalcBstZdd„Zd„ZRS(NcCsti||ƒg|_dS(N(RR
RRR”(RR((RR
8scCsdt|iddƒS(Ns[If %s]RMR3(R3R3(RNRR”(R((RR.<s(R1R4R
R
R.(((RR–7sR!cBs&tZdd„Zd„Zd„ZRS(NR3cCs,ti|ƒ||_g|_g|_dS(N(R6R
Rtifnametargstcomments(RR—((RR
@s
		cCs|i|ijotSnt|iƒt|iƒjotSnx8t|i|iƒD]!\}}||jotSqXqXWt	S(N(
RR—R`RSR;R˜tziptatbR(RR`R›Rœ((RtmatchesFs
cCsˆd|i}d}xj|iD]_}t|tƒot|ƒ}n|}|djo|d|}n||}|d7}qW|dS(Ns%s(is, %sit)(
RR—RIRAR˜R›RRQRNR-(RR›RARIR-((RR.Ps



(R1R4R
RR.(((RR!?s	
tOptionalPolicycBstZdd„Zd„ZRS(NcCsti||ƒdS(N(RR
RR(RR((RR
ascCsdS(Ns[Optional Policy]((R((RR.ds(R1R4R
R
R.(((RRŸ`sRcBsAtZdd„Zd„Zd„Zd„Zd„Zd„ZRS(NcCsti||ƒd|_dS(N(RR
RRR
tmap(RR((RR
hscCsdS(Ns[Support Macros]((R((RR.lscCsatƒ}|ii|ƒo4x>|i|ƒD]}|i|i	|ƒƒq,Wn|i
|ƒ|S(N(RRRIRR thas_keytpermtby_nametpR~t_SupportMacros__expand_permRz(RR¢R¤RI((Rt
__expand_permos	
cCsah|_xQ|D]I}tƒ}x'|iD]}|i|i|ƒƒq)W||i|i	<qWdS(N(
RR RRRt	exp_permsRfR¢R~R¥Re(RRR§R¢((Rt	__gen_map{s		
cCs#|ip|iƒn|i|S(N(RR t_SupportMacros__gen_mapRe(RRe((RR£ƒs
cCs(|ip|iƒn|ii|ƒS(N(RR R©R¡Re(RRe((RR¡ˆs
(	R1R4R
R
R.R¥R©R£R¡(((RRgs				R)cBs#tZd„Zd„Zd„ZRS(NcCsJti|ƒtƒ|_h|_tƒ|_tƒ|_tƒ|_dS(N(	R6R
RRPRhRpR,tboolstusers(R((RR
Žs
	cCs)|ii|tƒƒ}|i|ƒdS(N(RRpt
setdefaultR}RPR¤R~Rf(RR}RfR¤((Rt
add_obj_class–scCsg}|idƒx"|iD]}|id|ƒqWx:|iiƒD])\}}|id||i	ƒfƒqHWx"|i
D]}|id|ƒqWx"|iD]}|id|ƒq¤Wx"|iD]}|id|ƒqÉW|idƒt|ƒdjod	Snd
i|ƒS(Ns	require {s		type %s;s
	class %s %s;s		role %s;s		bool %s;s		user %s;RGiR3s
(RIRCRRhRBRpR@R}RfRUR,RRªtboolR«RXR;RL(RRfRIR}RRXR®RB((RR.›s*

!



(R1R4R
R­R.(((RR)s		t
ObjPermSetcBstZd„Zd„ZRS(NcCs||_tƒ|_dS(N(ReRRRRf(RRe((RR
²s	cCsd|i|iiƒfS(Nsdefine(`%s', `%s')(RReRfRU(R((RR.¶s(R1R4R
R.(((RR¯±s	tClassMapcBstZd„Zd„ZRS(NcCs||_||_dS(N(R}RRf(RR}Rf((RR
ºs	cCs|id|iS(Ns: (RR}Rf(R((RR.¾s(R1R4R
R.(((RR°¹s	tCommentcBs/tZdd„Zd„Zd„Zd„ZRS(NcCs!|o
||_n
g|_dS(N(RJRtlines(RRJ((RR
Âs
cCsZt|iƒdjodSn9g}x"|iD]}|id|ƒq.Wdi|ƒSdS(NiR3t#s
(R;RR²touttlineRCRL(RRµR´((RR.Ès
cCsMt|iƒo9x6|iD]'}|djo|ii|ƒqqWndS(NR3(R;R`R²RµRRC(RR`Rµ((RtmergeÓs


cCs
|iƒS(N(RR.(R((RR/Ùs(R1R4R
R
R.R¶R/(((RR±Ás		(RFRG(/R_RtSRC_TYPEtTGT_TYPEt	OBJ_CLASStPERMStROLEt	DEST_TYPEtfield_to_strtstr_to_fieldRR6RRSR
RRERNRORRRPRWRdR'R+RiRlRmR#R%R‰RR‘R’RRR“RR•R–R!RŸRR)R¯R°R±(+R“R6R–R+RRR•R‘RiRRORºR¹RRPRNRlR¸RWR_R¯R)RER#R’R°R·R¼RRR±R‰RRŸR¾RdRR»R'RmR%R!R½((Rt?sT		<R&
		H
		
<"
	!&$

Anon7 - 2021