M|ey ddlZddlZddlZddlZddlZddlZddlZddlZddlTdZ ddl Z ddl m Z ddl mZddlZ ddlZiZejdkrded<eje fd d ied diZejZn0# ddlZeejd <n#e$rddlZeejd <YnwxYwYnxYwddlZiZeed <eed<eed<eed<eed<eed<e ed<e ed<e ed<e!ed<e!ed<e!ed<e"ed<e"ed<e"ed<e#ed<e#ed<e#ed<e$ed<e$ed <e$ed!<e%ed"<e%ed#<e%ed$<ddddddd d"d%Z&d&d&d'd(d)d*d+d,dd- Z' ddl(Z(e(j)e(j*Gd.d/Z+n#e,ef$rGd0d/Z+YnwxYwGd1d2Z-d3Z.dQd5Z/dQd6Z0Gd7d8Z1Gd9d:e1Z2Gd;de1Z4Gd?d@e1Z5GdAdBe1Z6GdCdDe1Z7GdEdFe1Z8GdGdHe1Z9GdIdJe1Z:GdKdLe1Z;GdMdNe1Z<GdOdPe1Z=dS)RN)*zselinux-python) SELinuxPolicy) TypeQuery)Tunicode localedirz/usr/share/localefallback_ all filesa regular filez--fz-d directorydz-ccharacter devicecz-b block devicebz-ssocketsz-ll symbolic linkpz-p named pipe)r rrrrrrranyblockchardirfilesymlinkpipe) r r rrrrrrrc0eZdZdZddZddZdZdZdS) loggercRtj|_g|_g|_dSN)audit audit_openaudit_fdlog_listlog_change_listselfs -/usr/lib/python3.11/site-packages/seobject.py__init__zlogger.__init__ns'!,..DMDM#%D r c d} ||kr || dzz }d} ||kr || dzz }d} ||kr || dzz }d} |j|jtjt jdt||d||||||dddgdS)N-sename,rolerangerr )r*appendr)r'AUDIT_ROLE_ASSIGNsysargvstr) r-msgnamer3seroleserange oldsename oldserole oldserangeseps r.logz logger.logssC" sX~%" sV|#*$ sW}$ M $-1H#(ST+WZ[^W_W_aeghjprx{BDMOXZdfhjlnp"q r r r r rr0c |j|jtjt jdt||d||||||dddgdS)Nrr )r*r7r)r'AUDIT_ROLE_REMOVEr9r:r; r-r<r=r3r>r?r@rArBs r. log_removezlogger.log_removes M $-1H#(ST+WZ[^W_W_aeghjprx{BDMOXZdfhjlnp"q r r r r rr0c |j|jtjt |ddddgdS)Nsemanager )r+r7r)r'AUDIT_USER_MAC_CONFIG_CHANGEr;r-r<s r. log_changezlogger.log_changesA  ' '8Z\_`c\d\dfprtvxz|(} ~ ~ ~ ~ ~r0c|jD]}tj||gz|jD]}tj||gzg|_g|_dSr&)r*r'audit_log_semanage_messager+audit_log_user_comm_message)r-successrs r.commitz logger.commitsl] C C01y=BBB) D D1A MCCCDM#%D r0Nr r r r r r r __name__ __module__ __qualname__r/rDrHrMrRr0r.r$r$lst & & & r r r r r r r r    & & & & &r0r$c0eZdZdZddZddZdZdZdS) r$cg|_dSr&)r*r,s r.r/zlogger.__init__s DMMMr0r c d|d|} |dkr| d|zz } |dkr| d|zz } |dkr| d|zz } |dkr| d|zz } |dkr || d|zz } |dkr || d |zz } |j| dS) N z name=r z sename=z oldsename=z role=z old_role=z MLSRange=z old_MLSRange=r*r7) r-r<r=r3r>r?r@rArBmessages r.rDz logger.logs'*ssDD1G| /:..B 5=944| -8f,,B 4<)33"} 2 2<'11R 9J 9+j88 M  ) ) ) ) )r0c >|||||||||dSr&)rDrGs r.rHzlogger.log_removes( HHS$Iz Z Z Z Z Zr0c@|jd|zdS)Nz %sr]rLs r.rMzlogger.log_changes" M  - - - - -r0ct|dkrd}nd}|jD]$}tjtj||z%dS)Nz Successful: zFailed: )r*syslogLOG_INFO)r-rQr^rs r.rRz logger.commitsP!| %($] < < fow{;;;; < * HQEFFGG G&+# r0r&)rUrVrWrrrrr/rrrrrrrRrrXr0r.rrsK F E D&&&&,!!!"&"&"&H333+++ HHH333   r0rcBeZdZd dZdZdZd dZdZd Zd Z d Z dS) moduleRecordsNc<t||dSr&rr/r-rs r.r/zmoduleRecords.__init__[  t,,,,,r0c&g}t|j\}}}|dkrttdt |D]}t ||}t |j|\}}|dkrttdt|j|\}}|dkrttdt|j|\}} |dkrttdt|j|\}} |dkrttd| ||| | f| dd | d |S) NrCould not list SELinux moduleszCould not get module namezCould not get module enabledzCould not get module priorityzCould not get module lang_extc|dS)NrrXts r.z'moduleRecords.get_all..z QqTr0T)keyreversec|dSNrrXrs r.rz'moduleRecords.get_all..{rr0)r) semanage_module_list_allrrr r6semanage_module_list_nthsemanage_module_info_get_name semanage_module_info_get_enabled!semanage_module_info_get_priority!semanage_module_info_get_lang_extr7sort) r-rrmlistnumberimodr=enabledprioritylang_exts r.get_allzmoduleRecords.get_all^s 6tw??UF 6 BQ?@@AA Av : :A*5!44C4TWcBBHBAv A #>!?!?@@@:47CHHKBAv D #A!B!BCCC>4000 >>"""r0c|}t|dkrgSdd|DDS)Nrc$g|] }d|dzS)z-d %srrX.0xs r. z,moduleRecords.customized..s FFF1!A$FFFr0c*g|]}|ddk|SrbrrXrrs r.rz,moduleRecords.customized..s%(E(E(Eq1Q419(E(E(E(Er0)rr|)r-alls r.rzmoduleRecords.customized~sIllnn s88q= IFF(E(EC(E(E(EFFFFr0rbrc |}t|dkrdS|rBtdtdddtdddtdd|D]R}|d dkrtd }n|r!d }t|ddd|d dd|d dd|SdS)Nr z Module Name25r\Priority9LanguagerbDisabledr r5)rr|printr )r-heading locallistrrdisableds r.listzmoduleRecords.listsllnn s88q=  F  Z E=)9)9)9)9)91Z=====!J----X Y Y Y G GAtqy Z== !A$$$$!addddHHE F F F F G Gr0cXtj|stt d|zt |j|}|dkrtt d|zt|j|}|dkr|dSdS)NzModule does not exist: %s r3Invalid priority %d (needs to be between 1 and 999)) ospathexistsrr semanage_set_default_priorityrsemanage_module_install_filerR)r-r rrs r.addzmoduleRecords.addsw~~d## EQ;<>BAv E #B!C!CDDD,TWc6BBBAv KK$Q'C%D%Dq%HIII$Q'D%E%E%IJJJ  K r0cPt|j|}|dkrttd|z|D]B}t |j|}|dkr%|dkrttd|zC|dS)Nrrz*Could not remove module %s (remove failed))rrrr rsemanage_module_removerR)r-rrrrs r.deletezmoduleRecords.deletes *47H = = 6 bQTUUX``aa a V VA'33BAv V"( V #O!P!PST!TUUU r0cdd|DD}|D]}||ddS)Ncg|] }|d SrrXrs r.rz+moduleRecords.deleteall..s D D DaQqT D D Dr0c*g|]}|ddk|SrrXrs r.rz+moduleRecords.deleteall..s%CCC!1CACCCr0T)rr)r-rrs r.rzmoduleRecords.deletealls^ D DCCt||~~CCC D D D & &A   Q % % % % & &r0r&r) rUrVrWr/rrrrrrrrXr0r.rrYs----@GGG GGGG   $   &&&&&r0rceZdZddZdZdS)dontauditClassNc<t||dSr&rrs r.r/zdontauditClass.__init__rr0c|dvrttd|t|j|dk|dS)N)onoffz'dontaudit requires either 'on' or 'off'r)rr rsemanage_set_disable_dontauditrrR)r- dontaudits r.togglezdontauditClass.toggles\ M ) KQHIIJJ J &tw U0BCCC r0r&)rUrVrWr/rrXr0r.r r s7----r0r c<eZdZd dZdZdZd dZdZd Zd Z dS) permissiveRecordsNc<t||dSr&rrs r.r/zpermissiveRecords.__init__rr0cjg}t|j\}}}|dkrttdt |D]f}t ||}t |}|rC|dr.|| ddg|S)Nrr permissive_rb) semanage_module_listrrr r6rsemanage_module_get_name startswithr7r)r-rrrrrrr=s r.rzpermissiveRecords.get_alls 247;;UF 6 BQ?@@AA Av 7 7A*5!44C+C00D 7 66 7M2215666r0cXdt|DS)Ncg|]}d|zS)z-a %srXrs r.rz0permissiveRecords.customized..s<<<! <<.s___Qqy___r0c"g|] }|d | S) permissiverXrs r.rz*permissiveRecords.list..s""^"^"^aP\o"^1"^"^"^r0rz %-25s zBuiltin Permissive TypeszCustomized Permissive Types)rinfoTYPEr|rr r)r-rrrrrs r.rzpermissiveRecords.lists__"^"^hmHM.J.J"^"^"^___ s88q=  F  A +#=!>!>? @ @ @\\^^   A " a z??a   F  D +#@!A!AB C C C  A !HHHH  r0cd|z}d|z}t|j|t||d}|dkr||dkrt t d|zdS)N permissive_%sz(typepermissive %s)cilrz?Could not set permissive domain %s (module installation failed))semanage_module_installrr|rRrr )r-rr=modtxtrs r.rzpermissiveRecords.adds%&- $TWfc&kk4 O O 7  KKMMM 6 jQ`aadhhii i j jr0c|D]?}t|jd|z}|dkrtt d|z@|dS)Nr'rz5Could not remove permissive domain %s (remove failed))rrrrr rR)r-r=nrs r.rzpermissiveRecords.deletest d dA'11DEEBAv d #Z![![^b!bccc d r0c|}t|dkr,d|}||dSdS)Nrr\)rr|joinr)r-rrs r.rzpermissiveRecords.deleteall sR LLNN q66A: ((1++C KK       r0r&r) rUrVrWr/rrrrrrrXr0r.rrs----   ===( j j jr0rc`eZdZddZdZdZddZddZdZd Z d Z d Z dd Z dZ ddZdS) loginRecordsNctt||d|_d|_d|_d|_dSr&)rr/r@rBr3r?rs r.r/zloginRecords.__init__s8  t,,,  r0cBtj|\}|_|_|dkrd}t |j}||j\}\}}||\}\}} tdkr|dkrt|}n|}t|j |\}} |dkrttd|zt|j | \}} |dkrttd|z| rttd|z|ddkrJ tj|ddnf#ttd |ddzxYw t!j|n$#ttd |zxYwt%|j \}} |dkrttd |zt'|j | |}|dkrttd |ztdkrA|dkr;t)|j | |}|dkrttd |zt+|j | |}|dkrttd|zt-|j | | }|dkrttd|zt/| t1| dS)Nr user_urbrCould not create a key for %s2Could not check if login mapping for %s is definedz'Login mapping for %s is already defined%zLinux Group %s does not existzLinux User %s does not existz%Could not create login mapping for %sCould not set name for %sCould not set MLS range for %sz!Could not set SELinux user for %sz"Could not add login mapping for %s)rzgetseuserbynamer@rBseluserRecordsrgetrrsemanage_seuser_key_createrrr semanage_seuser_existsgrpgetgrnampwdgetpwnamsemanage_seuser_createsemanage_seuser_set_namesemanage_seuser_set_mlsrangesemanage_seuser_set_senamesemanage_seuser_modify_localsemanage_seuser_key_freesemanage_seuser_free r-r=r3r?recuserrecr6rrAr>krus r.__addzloginRecords.__addsI/6/Ft/L/L,T^T_ R< F ++!(T^!??$FGG G-dgq99 V 6 ]QSTTW[[\\ \  RQHIIDPQQ Q 7c> K P T!""X&&&& P #B!C!Cd122h!NOOO K T"""" K #A!B!BT!IJJJ(11Q 6 PQFGG$NOO O %dgq$ 7 7 6 DQ:;;dBCC C a  Mgm M-dgq'BBBAv M #C!D!Dt!KLLL 'F ; ; 6 LQBCCdJKK K )$'1a 8 8 6 MQCDDtKLL L ###QsE"")F F$$!Gc ||||||dS#t$r}|d}~wwxYwr&)r_loginRecords__addrRrr-r=r3r?errors r.rzloginRecords.addXs_  JJLLL JJtVW - - - KKMMMMM   K ?A A AAr ctj|\}|_|_|dkr"|dkrt t dt |j}||j\}\}}|dkr||\}\}} n|} |dkr||_ n||_ t|j |\}} |dkrt t d|zt|j | \}} |dkrt t d|z| st t d|zt|j | \}} |dkrt t d|zt| |_t| |_t dkr)|dkr#t#|j | t%||dkrt'|j | |||_n |j|_t+|j | | }|dkrt t d |zt-| t/| dS) Nr zRequires seuser or serangerr4r5#Login mapping for %s is not definedzCould not query seuser for %srbz%Could not modify login mapping for %s)rzr9r@rBrr r:rr;r?r<rr=semanage_seuser_querysemanage_seuser_get_mlsrangesemanage_seuser_get_senamerrDrrEr3rFrGrHrIs r.__modifyzloginRecords.__modify`s/6/Ft/L/L,T^T_ R< >GrM >Q;<<== = ++!(T^!??$FGG G-dgq99 V 6 ]QSTTW[[\\ \ NQDEELMM M'33Q 6 HQ>??$FGG G6q993A66 a  Kgm K (![5I5I J J J R< ) &tw6 : : : DKK.DK )$'1a 8 8 6 PQFGG$NOO O ###Qr0c ||||||dS#t$r}|d}~wwxYwr&)r_loginRecords__modifyrRrrQs r.modifyzloginRecords.modifys_  JJLLL MM$ 0 0 0 KKMMMMM   K rSctj|\}|_|_t |j}||j\}\}}t|j|\}}|dkrttd|zt|j|\}}|dkrttd|z|sttd|zt|j|\}}|dkrttd|z|sttd|zt|j|}|dkrttd|zt|tjd\}|_|_||j\}\}} dS)Nrr4r5rUzs r.__deletezloginRecords.__deletes/6/Ft/L/L,T^T_ ++!(T^!??$FGG G-dgq99 V 6 ]QSTTW[[\\ \ NQDEELMM M3DGQ?? V 6 ]QSTTW[[\\ \ gQ]^^aeeff f &tw 2 2 6 PQFGG$NOO O ###)0)@)O)O&T[$,%kk$+66|FFFr0c ||||dS#t$r}|d}~wwxYwr&)r_loginRecords__deleterRrr-r=rRs r.rzloginRecords.deletes[  JJLLL MM$    KKMMMMM   K s=A A A  Ac@t|j\}}|dkrttd ||D]$}|t |%|dS#t$r}|d}~wwxYwNrCould not list login mappings)semanage_seuser_list_localrrr rrcsemanage_seuser_get_namerRr-rulistrMrRs r.rzloginRecords.deletealls099 U 6 AQ>??@@ @  JJLLL ; ; 6q99:::: KKMMMMM   K sAB BBBci}tjdz|_tj|jD]\}}}||jkr|D]} t |dz|z}|d}| |d|d|df||<#t$rYwxYw|S)Nz/logins/:rbrr) rzselinux_policy_root logins_pathrwalkopenreadrstriprclose IndexError)r-ddictrdirsfilesr=fdrJs r.get_all_loginszloginRecords.get_all_loginss"6889D!#)9!:!:   D$t'' !D!$*t"344 ggii..0066s;; '*1vs1vs1v&>d % s A??@@ @ ` `A+A..D5a88:VWX:Y:Y[^_E$KK r0c Tg}|d}t|D]n}||dr7|d||dd||dd|G|d||dd|o|S)NTrbz-a -s r -r '' r\rrkeysr7r-rrwrLs r.rzloginRecords.customized  T"" %% ; ;AQx{ ;%(1+++uQx{{{AANOOOO%(1+++qq9::::r0rbc ||}|}t|}t|}t |dkrt |dkrdSt dkr|rSt dtdddtdddtdddtd d |D]F}||}t |dd|dddt|ddd|d Gt |rt d |j z|D]F}||}t |dd|dddt|ddd|d GdS|r2t dtdd dtdd d|D]$}t |d d||dd %dS) Nrrbrz Login Name20r\ SELinux Userz MLS/MCS RangeServicerz Local customization in %sr) rr{rrr|rrr rrp) r-rrrwldictlkeysrrLrMs r.rzloginRecords.listsI Y''##%%uzz||$$ejjll## t99> c%jjAo  F Q  8 {AlOOOOOQ~EVEVEVEVEVXYZiXjXjXjXjXjlmnwlxlxlxlxyzzz Q Q!H1Q44441Q4!A$$OPPPP5zz H3d6FFGGG Q Q!H1Q44441Q4!A$$OPPPP Q Q P1\?????Ans r.r;zseluserRecords.gets*47D99Q 6 HQ>??$FGG G+DGQ77 V 6 XQNOORVVWW W%dgq11Q 6 FQ<==DEE E,Q//(!44q!!!1r0ctdkr0|dkrd}nt|}|dkrd}nt|}t|dkrtt d|zt |j|\}}|dkrtt d|zt|j|\}}|dkrtt d|z|rtt d|zt|j\}} |dkrtt d |zt|j| |}|dkrtt d |z|D]O} t|j| | }|dkr1tt d  | | Ptdkrvt|j| |}|dkrtt d |zt|j| |}|dkrtt d|zt|j| |}|dkr1tt d | |t|j| \}} |dkrtt d|zt!|j|| }|dkrtt d|zt#|t%| |jd|d||dS)Nrbr s0z%You must add at least one role for %srr4rz"SELinux user %s is already definedz$Could not create SELinux user for %sr7z$Could not add role {role} for {name})r5r=r8zCould not set MLS level for %sz(Could not add prefix {prefix} for {role})r5prefixzCould not extract key for %szCould not add SELinux user %sseuserr4)r3r>r?)rrr|rr rrrsemanage_user_createsemanage_user_set_namesemanage_user_add_roleformatsemanage_user_set_mlsrangesemanage_user_set_mlslevelsemanage_user_set_prefixsemanage_user_key_extractsemanage_user_modify_localrrrrDr.) r-r=rolesselevelr?rrrLrrMrrs r.rNzseluserRecords.__add%s Q  /"} /%g.."} /%g.. u::> PQFGG$NOO O*47D99Q 6 HQ>??$FGG G+DGQ77 V 6 XQNOORVVWW W  MQCDDtKLL L&tw//Q 6 OQEFFMNN N #DGQ 5 5 6 DQ:;;dBCC C f fA'A66BAv f #I!J!J!Q!QWX_c!Q!d!deee f Q  M+DGQ@@BAv M #C!D!Dt!KLLL+DGQ@@BAv M #C!D!Dt!KLLL %dgq& 9 9 6 jQIJJQQWXagQhhii i-dgq99 S 6 GQ=>>EFF F 'A 6 6 6 HQ>??$FGG Gq!!!1 xSXXe__gVVVVVr0c ||||||||dS#t$r!}|jd|d}~wwxYwr)r_seluserRecords__addrRrrr-r=rrr?rrRs r.rzseluserRecords.addbsy  JJLLL JJtUGWf = = = KKMMMMM    J  a K AA A0A++A0r c jd}d}d|}|dkrbt|dkrO|dkrI|dkrCtdkrtt dtt dt |j|\} } | dkrtt d|zt|j| \} } | dkrtt d|z| stt d |zt|j| \} } | dkrtt d |zt| }t|j| \} } | dkrd| }tdkr)|dkr#t|j| t|tdkr)|dkr#t|j| t||dkrt|j| |t|dkr8| D]}||vrt| ||D]}|| vrt!|j| |t#|j| | } | dkrtt d |zt%| t'| d |}d |}|jd ||||||dS)Nr r\rrbz&Requires prefix, roles, level or rangezRequires prefix or rolesr4rSELinux user %s is not definedrz Could not modify SELinux user %sr4r)r3r@r>r?rArB)r.r|rrr rrrrrrrrrrsemanage_user_del_rolerrrrrrrD)r-r=rrr?rrArBnewrolesrrLrrMrlistrr5s r.rYzseluserRecords.__modifyksq  88E?? R< @CJJ!O @2  @'R- @" @ #K!L!LMMM #=!>!>???*47D99Q 6 HQ>??$FGG G+DGQ77 V 6 XQNOORVVWW W IQ?@@4GHH H%dgq11Q 6 FQ<==DEE E/22 -dgq99 U 7 (I a  Igm I &tw;w3G3G H H H a  Igm I &tw;w3G3G H H H R< 9 $TWa 8 8 8 u::? : 1 1E>1*1a000 : :E>:*47Aq999 'A 6 6 6 KQABBTIJJ Jq!!!1xx(())HHY__..//  xTSZfo}G H H H H Hr0c ||||||||dS#t$r!}|jd|d}~wwxYwr)r_seluserRecords__modifyrRrrrs r.r\zseluserRecords.modifysy  JJLLL MM$w @ @ @ KKMMMMM    J  a K rct|j|\}}|dkrttd|zt |j|\}}|dkrttd|z|sttd|zt |j|\}}|dkrttd|z|sttd|zt |j|\}}|dkrttd|zt|}t|j|\}}d |}t|j|}|dkrttd|zt|t||j d ||| dS) Nrr4rrz7SELinux user %s is defined in policy, cannot be deletedrr4z Could not delete SELinux user %sr)r@rBrA)rrrr rsemanage_user_exists_localrrrr.semanage_user_del_localrrrrH) r-r=rrLrrMrBrrAs r.razseluserRecords.__deletes*47D99Q 6 HQ>??$FGG G+DGQ77 V 6 XQNOORVVWW W IQ?@@4GHH H1$'1== V 6 XQNOORVVWW W bQXYY\``aa a%dgq11Q 6 FQ<==DEE E/22 -dgq99 UHHUOO $TWa 0 0 6 KQABBTIJJ Jq!!!1 h$:Ybcccccr0c ||||dS#t$r!}|jd|d}~wwxYwr)r_seluserRecords__deleterRrrrds r.rzseluserRecords.deletesq  JJLLL MM$    KKMMMMM    J  a K s=A A, A''A,ctt|j\}}|dkrttd ||D]$}|t |%|dS#t$r!}|jd|d}~wwxYwrf) semanage_user_list_localrrr rrsemanage_user_get_namerRrrjs r.rzseluserRecords.deletealls.tw77 U 6 AQ>??@@ @  JJLLL 9 9 4Q778888 KKMMMMM    J  a K sAB B7B22B7rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD]}t |}t|j|\}}|dkrt t d|zd|}t|t|t||f|t |<|S)NrzCould not list SELinux usersz Could not list roles for user %sr\) rrrksemanage_user_listrr rrr.semanage_user_get_prefixsemanage_user_get_mlslevelr)r-rrwrrMr=rrs r.rzseluserRecords.get_alls&  ;7@@ R1$':: R 6 @Q=>>?? ? R RA)!,,D1$'1==KRAv O #E!F!F!MNNNHHUOOE0H0K0KMghiMjMjmGHImJmJLQ0RE(++ , , r0c g}|d}t|D]}||ds||drF|d||dd||dd||dd|d|d ||dd||S) NTrbrz-a -L z -r z -R 'rrz-a -R 'rrs r.rzseluserRecords.customizeds  T"" %% = =AQx{ =eAhqk =a U1Xa[[[RWXYRZ[\R]R]R]_`_`abbbbE!HQKKK;<<<<r0rbc ||}t|dkrdSt|}tdkr|rt ddddt dddt d ddt d d t t d ddt d ddt d ddt dd dt dd |D]m}t |dd||dddt||dddt||dd d||d ndS|r0t t d ddt dd|D]#}t |dd||d$dS)Nrrbrr 15r\Labeling10zMLS/30rPrefixz MCS Levelz MCS Rangez SELinux Rolesrr)rr|rrrrr rr-rrrwrrLs r.rzseluserRecords.listsY Y'' u::?  Fejjll## Q  5 MRRRR:& STU[S\S\S\S\]^^^.8I8I8I8I8I1X;;;;;XYZeXfXfXfXfXfhijuhvhvhvhvhvxy{JyKyKyKyKLMMM D Daaaaq!iPUVWPXYZP[F\F\F\F\F\^ghmnohpqrhs^t^t^t^t^tv{|}v~@AwBwBCDDDD D D Na&7&7&7&7&7?9K9K9K9KLMMM 5 5AAAAuQx{{34444 5 5r0r&r r)rUrVrWr/r;rrrr\rrrrrrrXr0r.r:r:s---- ;W;W;Wz$&r2b6H6H6H6Hp"$RBdddB   (555555r0r:cheZdZgZddZdZdZdZdZdZ dZ d Z d Z dd Z dd ZdZddZdS) portRecordsNct|| tttjtjddd|_dS#t$rYdSwxYw)N port_typertypes)rr/rrr$ ATTRIBUTE valid_types RuntimeErrorrs r.r/zportRecords.__init__sx  t,,, #Dx7I;)W)W$X$XYZ$[\c$deeD       DD sA A)) A76A7cttttd}||vr ||}nt t d|dkrt t dt|tr| dd}n|f}t|dkrt|dx}}n*t|d}t|d}|dkrt t d t|j |||\}} |dkr1t t d || | |||fS) N)tcpudpsctpdccpz0Protocol has to be one of udp, tcp, dccp or sctpr zPort is requiredr2rbrz Invalid Portz)Could not create a key for {proto}/{port}protoport)SEMANAGE_PROTO_TCPSEMANAGE_PROTO_UDPSEMANAGE_PROTO_SCTPSEMANAGE_PROTO_DCCPrrr isinstancer;rr|intsemanage_port_key_createrr) r-rr protocolsproto_dportshighlowrrLs r.__genkeyzportRecords.__genkey!sq..0022 INN$$ $ T&GGQQRRSS S 2: 4Q12233 3 dC  JJsA&&EEGE u::? !U1X &D33eAh--CuQx==D %< 0Q~..// /*47CwGGQ 6 lQJKKRRY^eiRjjkk k7C&&r0cPtdkr|dkrd}nt|}|dkrttdt j|}||jvrttd|z|||\}}}}t|j |\} } | dkr1ttd ||| r1ttd  ||t|j \} } | dkr1ttd  ||t| |t| ||t|j \} } | dkr1ttd  ||t|j | d } | dkr1ttd  ||t!|j | d} | dkr1ttd ||t#|j | |} | dkr1ttd ||tdkrS|dkrMt%|j | |} | dkr1ttd ||t'|j | | } | dkr1ttd ||t)|j || } | dkr1ttd ||t+| t-|t/| |jd|dt5j|dd ddd|d| dS)Nrbr rType is required'Type %s is invalid, must be a port typer1Could not check if port {proto}/{port} is definedrz#Port {proto}/{port} already definedz(Could not create port for {proto}/{port}z+Could not create context for {proto}/{port}system_uz5Could not set user in port context for {proto}/{port}object_rz5Could not set role in port context for {proto}/{port}z5Could not set type in port context for {proto}/{port}z;Could not set mls fields in port context for {proto}/{port}z-Could not set port context for {proto}/{port}z!Could not add port {proto}/{port}zresrc=port op=add lport= proto= tcontext=rn)rrrr rget_real_type_namer_portRecords__genkeysemanage_port_existsrrsemanage_port_createsemanage_port_set_protosemanage_port_set_rangesemanage_context_createsemanage_context_set_usersemanage_context_set_rolesemanage_context_set_typesemanage_context_set_mlssemanage_port_set_consemanage_port_modify_localsemanage_context_freesemanage_port_key_freesemanage_port_freerrMrgetprotobyname) r-rrr?rrLrrrrrrcons r.rNzportRecords.__addAs Q  /"} /%g.. 2: 4Q12233 3*400 t' ' RQHIIDPQQ Q"&--e"<"<GS$+DGQ77 V 6 tQRSSZZafmqZrrss s  fQDEELLSX_cLddee e&tw//Q 6 kQIJJQQX]dhQiijj j7+++3---+DG44 S 6 nQLMMTT[`gkTllmm m &twZ @ @ 6 xQVWW^^ejqu^vvww w &twZ @ @ 6 xQVWW^^ejqu^vvww w &twT : : 6 xQVWW^^ejqu^vvww w a  Bgm B)$'3@@BAv B #`!a!a!h!hot{!h"A"ABBB "47As 3 3 6 pQNOOVV]bimVnnoo o 'A 6 6 6 dQBCCJJQV]aJbbcc cc"""q!!!1 \`\`\`bhbwx}b~b~b~b~AKAKAKMWMWMWY]Y]Y]_f_fg h h h h hr0c|||||||dSr&)r_portRecords__addrR)r-rrr?rs r.rzportRecords.adds8  4... r0c|dkrI|dkrCtdkrttdttdtj|}|r(||jvrttd|z|||\}}}}t|j|\} } | dkr1ttd ||| s1ttd  ||t|j|\} } | dkr1ttd  ||t| } tdkr,|dkrd }n#t|j| t||dkrt|j| |t|j|| } | dkr1ttd  ||t!|t#| |jd |dt)j|ddddd|d| dS)Nr rbRequires setype or serangeRequires setyperrrr"Port {proto}/{port} is not definedz#Could not query port {proto}/{port}rz$Could not modify port {proto}/{port}zresrc=port op=modify lport=rrrrnr)rrr rrrrrrrsemanage_port_querysemanage_port_get_conrrrrrrrrMrr) r-rrr?setyperLrrrrrrrs r.rYzportRecords.__modifys  b= 7Vr\ 7" 7 #?!@!@AAA #4!5!5666,V44  TfD$44 TQHIIFRSS S"&--e"<"<GS$+DGQ77 V 6 tQRSSZZafmqZrrss s eQCDDKKRW^bKccdd d%dgq11Q 6 fQDEELLSX_cLddee e#A&& Q  M"} M(#{77K7KLLL R< < %dgsF ; ; ; 'A 6 6 6 gQEFFMMTY`dMeeff fq!!!1 _c_c_cekez|AfBfBfBfBDNDNDNPZPZPZ\b\b\bdkdkl m m m m mr0c|||||||dSr&)r_portRecords__modifyrR)r-rrr?rs r.r\zportRecords.modifys8  dE7F333 r0c t|j\}}|dkrttd||D] }t |}t |}t|}t|}|d|}| ||\} } }}|dkrttd|zt|j| }|dkrttd|zt| ||kr|}|j d|dtj| |dS)NrzCould not list the portsr2r4zCould not delete the port %sresrc=port op=delete lport=r)semanage_port_list_localrrr rsemanage_port_get_protosemanage_port_get_proto_strsemanage_port_get_lowsemanage_port_get_highrsemanage_port_del_localrrrMrrrR) r-rplistrr proto_strrrport_strrLrs r.rzportRecords.deletealls~.tw77 U 6 <Q9::;; ;  { {D+D11E3E::I'--C)$//D"%##tt,H&*mmHi&H&H #QdAv P #B!C!Ch!NOOO(!44BAv O #A!B!BX!MNNN "1 % % %d{  J ! ! !hhhX^XmnwXxXxXx"y z z z z r0c^|||\}}}}t|j|\}}|dkr1tt d|||s1tt d||t |j|\}}|dkr1tt d|||s1tt d||t|j|}|dkr1tt d||t||j d|dtj |dS) Nrrrrz;Port {proto}/{port} is defined in policy, cannot be deletedz$Could not delete port {proto}/{port}r r) rrrrr rsemanage_port_exists_localrrrrMrr) r-rrrLrrrrrs r.razportRecords.__deletes"&--e"<"<GS$+DGQ77 V 6 tQRSSZZafmqZrrss s eQCDDKKRW^bKccdd d1$'1== V 6 tQRSSZZafmqZrrss s ~Q\]]ddkpw{d||}} } $TWa 0 0 6 gQEFFMMTY`dMeeff fq!!! $$$PVPefkPlPlPlmnnnnnr0c|||||dSr&)r_portRecords__deleterR)r-rrs r.rzportRecords.deletes4  dE""" r0rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD]u}t |}t|}t|}t|}t|} t|} t|} ||f|| | | f<v|S)NrCould not list ports) r rrsemanage_port_listrr rsemanage_context_get_typesemanage_context_get_mlsr r rr) r-rrwrrrctypelevelrrrrs r.rzportRecords.get_alls  ;7@@ R1$':: R 6 8Q56677 7J ; ;D'--C-c22E,S11E+D11E3E::I'--C)$//D-2ENE3i( ) ) r0c\i}|rt|j\}|_nt|j\}|_|dkrt t d|jD]}t |}t|}t|}t|}t|} t|} ||f| vrg|||f<| | kr!|||f d| z|||f d| | fz|S)Nrrz%dz%d-%d)r rrrrr rrr r rrrr7) r-rrwrrrrrrrrs r.get_all_by_typezportRecords.get_all_by_typesK  ;7@@ R1$':: R 6 8Q56677 7J H HD'--C-c22E+D11E3E::I'--C)$//Dy!5 /,.ui()d{ Hui()00<<<<ui()00C;1FGGGG r0c g}|d}t|D]}|d|dkr|dn|dd|d}||dr@|d||dd||dd|dd |}|d||dd |dd ||S) NTrrbr2-a -t rz' -p rr\ -p rr-rrwrLrs r.rzportRecords.customizeds  T"" %% J JAQ41Q4<C1Q44!add-CDQx{ Ja U1Xa[[[RSTURVRVRVX\X\]^^^^a QqTTT44HIIIIr0rbc ||}t|dkrdSt|}|rAt t dddt dddt dd|D]E}d |z}|d ||dzz }||d dD] }|d |zz } t |FdS) NrzSELinux Port Typerr\Proto8 Port Numberrz %-30s %-8s %srb, %s)r r|rrrr r-rrrwrrrJrs r.rzportRecords.list%s$$Y// u::?  Fejjll##  ^ q)<'='='='='=qzzzzz1]K[K[K[K[\ ] ] ]  A!#C 4%(1+% %C1Xabb\ " "vz! #JJJJ   r0r&r r)rUrVrWrr/rrrrr\rrrrr rrrXr0r.rrsK'''@>h>h>h@ (m(m(mT <ooo, (0         r0rcheZdZgZddZdZdZdZdZdZ dZ d Z d Z dd Z dd ZdZddZdS) ibpkeyRecordsNct|| ttt j|jdg}td|D|_ dS#YdSxYw)N ibpkey_typeattrsc34K|]}t|VdSr&r;rs r. z)ibpkeyRecords.__init__..<s(%B%Bc!ff%B%B%B%B%B%Br0) rr/rrrget_store_policyrrresultsrr-rqs r.r/zibpkeyRecords.__init__8s  t,,, -(A$*(M(MNNWdVefffA%%B%Baiikk%B%B%BBBD     DD A&BB c|dkrttd|d}t|dkrt |ddx}}n,t |dd}t |dd}|dkrttdt |j|||\}}|dkr1ttd|| ||||fS) Nr zSubnet Prefix is requiredr2rbrrz Invalid Pkeyz1Could not create a key for {subnet_prefix}/{pkey} subnet_prefixpkey)rr rr|rsemanage_ibpkey_key_createrr)r-r=r<pkeysrrrrLs r.rzibpkeyRecords.__genkey@s B  =Q:;;<< < 3 u::? $U1Xq)) )D33eAh""CuQx##D %< 0Q~..// /,TWmS$OOQ 6 DQRSSZZiv~BZCCDD D=#t,,r0ctdkr|dkrd}nt|}|dkrttdt j|}||jvrttd|z|||\}}}}t|j |\}} |dkr1ttd ||| r1ttd  ||t|j \}} |dkr1ttd  ||t|j | |t| ||t|j \}} |dkr1ttd  ||t!|j | d }|dkr1ttd  ||t#|j | d}|dkr1ttd ||t%|j | |}|dkr1ttd ||tdkrS|dkrMt'|j | |}|dkr1ttd ||t)|j | | }|dkr1ttd ||t+|j || }|dkr1ttd ||t-| t/|t1| dS)Nrbr rr)Type %s is invalid, must be a ibpkey typer;Could not check if ibpkey {subnet_prefix}/{pkey} is definedr;z-ibpkey {subnet_prefix}/{pkey} already definedz2Could not create ibpkey for {subnet_prefix}/{pkey}z3Could not create context for {subnet_prefix}/{pkey}rz?Could not set user in ibpkey context for {subnet_prefix}/{pkey}rz?Could not set role in ibpkey context for {subnet_prefix}/{pkey}z?Could not set type in ibpkey context for {subnet_prefix}/{pkey}zECould not set mls fields in ibpkey context for {subnet_prefix}/{pkey}z7Could not set ibpkey context for {subnet_prefix}/{pkey}z+Could not add ibpkey {subnet_prefix}/{pkey})rrrr rrr_ibpkeyRecords__genkeysemanage_ibpkey_existsrformnatrsemanage_ibpkey_create!semanage_ibpkey_set_subnet_prefixsemanage_ibpkey_set_rangerrrrrsemanage_ibpkey_set_consemanage_ibpkey_modify_localrsemanage_ibpkey_key_freesemanage_ibpkey_free) r-r=r<r?rrLrrrrrrs r.rNzibpkeyRecords.__addSs Q  /"} /%g.. 2: 4Q12233 3*400 t' ' TQJKKdRSS S(, dM(J(J%M3-dgq99 V 6 OQ\]]eeuBIMeNNOO O  @QNOOVVery}V~~ (11Q 6 EQSTT[[jwC[DDEE E)$'1mDDD!!S$///+DG44 S 6 FQTUU\\kx@D\EEFF F &twZ @ @ 6 RQ`aahhxELPhQQRR R &twZ @ @ 6 RQ`aahhxELPhQQRR R &twT : : 6 RQ`aahhxELPhQQRR R a  \gm \)$'3@@BAv \ #j!k!k!r!rBOVZ!r"["[\\\ $TWa 5 5 6 JQXYY``o|DH`IIJJ J )$'1a 8 8 6 ~QLMMTTcpw{T||}} }c""" ###Qr0c|||||||dSr&)r_ibpkeyRecords__addrR)r-r=r<r?rs r.rzibpkeyRecords.adds8  4666 r0c|dkrI|dkrCtdkrttdttdtj|}|r(||jvrttd|z|||\}}}}t|j|\}} |dkr1ttd ||| s1ttd  ||t|j|\}} |dkr1ttd  ||t| } tdkr)|dkr#t|j| t||dkrt|j| |t|j|| }|dkr1ttd  ||t!|t#| dS) Nr rbrrrArrBr;,ibpkey {subnet_prefix}/{pkey} is not definedz-Could not query ibpkey {subnet_prefix}/{pkey}z.Could not modify ibpkey {subnet_prefix}/{pkey})rrr rrrrCrDrrsemanage_ibpkey_querysemanage_ibpkey_get_conrrrrJrKrL) r-r=r<r?rrLrrrrrrs r.rYzibpkeyRecords.__modifysw b= 7Vr\ 7" 7 #?!@!@AAA #4!5!5666,V44  VfD$44 VQJKKfTUU U(, dM(J(J%M3-dgq99 V 6 NQ\]]ddtAHLdMMNN N QMNNUUdqx|U}}~~ ~'33Q 6 @QNOOVVery}V~~ %a(( a  Igm I $TWc;w3G3G H H H R< < %dgsF ; ; ; )$'1a 8 8 6 AQOPPWWfsz~WAA A ###Qr0c|||||||dSr&)r_ibpkeyRecords__modifyrR)r-r=r<r?rs r.r\zibpkeyRecords.modifys8  dM7F;;; r0c^t|j\}}|dkrttd||D]}t |j|\}}t |}t|}|d|}|||\}}}}|dkrttd|zt|j|}|dkrttd|zt|| dS)NrzCould not list the ibpkeysr2r4zCould not delete the ibpkey %s) semanage_ibpkey_list_localrrr r!semanage_ibpkey_get_subnet_prefixsemanage_ibpkey_get_lowsemanage_ibpkey_get_highrCsemanage_ibpkey_del_localrKrR) r-rribpkeyr<rrpkey_strrLs r.rzibpkeyRecords.deletealls5099 U 6 >Q;<<== =  ( (F"CDGV"T"T R)&11C+F33D"%##tt,H,0MM(M,R,R )Q sDAv P #B!C!Ch!NOOO*47A66BAv Q #C!D!Dx!OPPP $Q ' ' ' ' r0c|||\}}}}t|j|\}}|dkr1tt d|||s1tt d||t |j|\}}|dkr1tt d|||s1tt d||t|j|}|dkr1tt d||t|dS)NrrBr;rPzEibpkey {subnet_prefix}/{pkey} is defined in policy, cannot be deletedz.Could not delete ibpkey {subnet_prefix}/{pkey}) rCrDrrr rsemanage_ibpkey_exists_localrZrK)r-r=r<rLrrrrs r.razibpkeyRecords.__deletes(, dM(J(J%M3-dgq99 V 6 NQ\]]ddtAHLdMMNN N QMNNUUdqx|U}}~~ ~3DGQ?? V 6 NQ\]]ddtAHLdMMNN N XQfggnn~KRVnWWXX X &tw 2 2 6 AQOPPWWfsz~WAA A #####r0c|||||dSr&)r_ibpkeyRecords__deleterR)r-r=r<s r.rzibpkeyRecords.deletes4  dM*** r0rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD]v}t |}t|}|dkr't|}t|j|\}}t|} t|} ||f|| | |f<w|S)NrCould not list ibpkeysreserved_ibpkey_t) rVrrsemanage_ibpkey_listrr rRrrrWrXrY) r-rrwrr[rrrr<rrs r.rzibpkeyRecords.get_alls  =9$'BB R3DG<< R 6 :Q78899 9j ? ?F)&11C-c22E++ ,S11E"CDGV"T"T R)&11C+F33D16E3m, - - r0cPi}|rt|j\}|_nt|j\}|_|dkrt t d|jD]}t |}t|}t|j|\}}t|}t|} ||f| vrg|||f<|| kr!|||f d|z|||f d|| fz|S)Nrrb0x%xz 0x%x-0x%x) rVrrrdrr rRrrWrXrYrr7) r-rrwrr[rrr<rrs r.r zibpkeyRecords.get_all_by_typesG  =9$'BB R3DG<< R 6 :Q78899 9j P PF)&11C-c22E"CDGV"T"T R)&11C+F33D}%UZZ\\9 302um,-d{ Pum,-44Vc\BBBBum,-44[C;5NOOOO r0c g}|d}t|D]}|d|dkr|dn|dd|d}||dr@|d||dd||dd|dd |}|d||dd |dd ||S) NTrrbr2r"rz' -x rr\z -x rr$s r.rzibpkeyRecords.customizeds  T"" %% J JAQ41Q4<C1Q44!add-CDQx{ Ja U1Xa[[[RSTURVRVRVX\X\]^^^^a QqTTT44HIIIIr0rbc ||}|}t|dkrdS|rAtt dddt dddt ddt |D]E}d |z}|d ||dzz }||d dD] }|d |zz } t|FdS) NrzSELinux IB Pkey Typerr\ Subnet_Prefix18z Pkey Numberr %-30s %-18s r)rbr*r rr|rr rr+s r.rzibpkeyRecords.list)s$$Y//zz|| t99>  F  j *@(A(A(A(A(A1_CUCUCUCUCUWXYfWgWgWgWgh i i i  A 1$C 4%(1+% %C1Xabb\ " "vz! #JJJJ   r0r&r r)rUrVrWrr/rCrNrrTr\rr`rrr rrrXr0r.r-r-4sK---&< < < | $ $ $ L .$$$( *.         r0r-cheZdZgZddZdZdZdZdZdZ dZ d Z d Z dd Z dd ZdZddZdS)ibendportRecordsNct|| ttt j|jdg}td|D|_ dS#YdSxYw)Nibendport_typer0c34K|]}t|VdSr&r3rs r.r4z,ibendportRecords.__init__..@s("?"?a3q66"?"?"?"?"?"?r0) rr/rrrr5rsetr6rr7s r.r/zibendportRecords.__init__<s  t,,, -(A$*(M(MNNWgVhiiiA""?"?199;;"?"?"???D     DDr9c^|dkrttdt|}|dks|dkrttdt|j||\}}|dkr1ttd|||||fS) Nr zIB device name is requiredrbzInvalid Port Numberrz=Could not create a key for ibendport {ibdev_name}/{ibendport} ibdev_name ibendport)rr rsemanage_ibendport_key_createrr)r-rwrvrrrLs r.rzibendportRecords.__genkeyDs   >Q;<<== =9~~ #: 7 7Q45566 6/TJJQ 6 TQ^__ffr|IRfSSTT T:t$$r0ctdkr|dkrd}nt|}|dkrttdt j|}||jvrttd|z|||\}}}t|j |\}}|dkr1ttd |||r1ttd  ||t|j \}} |dkr1ttd  ||t|j | |t| |t|j \}} |dkr1ttd  ||t|j | d }|dkr1ttd  ||t!|j | d}|dkr1ttd ||t#|j | |}|dkr1ttd ||tdkrS|dkrMt%|j | |}|dkr1ttd ||t'|j | | }|dkr1ttd ||t)|j || }|dkr1ttd ||t+| t-|t/| dS)Nrbr rr-Type %s is invalid, must be an ibendport typerz;Could not check if ibendport {ibdev_name}/{port} is definedrvrz-ibendport {ibdev_name}/{port} already definedz2Could not create ibendport for {ibdev_name}/{port}z/Could not create context for {ibendport}/{port}rz?Could not set user in ibendport context for {ibdev_name}/{port}rz?Could not set role in ibendport context for {ibdev_name}/{port}z?Could not set type in ibendport context for {ibdev_name}/{port}zECould not set mls fields in ibendport context for {ibdev_name}/{port}z7Could not set ibendport context for {ibdev_name}/{port}z+Could not add ibendport {ibdev_name}/{port})rrrr rrr_ibendportRecords__genkeysemanage_ibendport_existsrrsemanage_ibendport_create!semanage_ibendport_set_ibdev_namesemanage_ibendport_set_portrrrrrsemanage_ibendport_set_consemanage_ibendport_modify_localrsemanage_ibendport_key_freesemanage_ibendport_free) r-rwrvr?rrLrrrrrs r.rNzibendportRecords.__addRsq Q  /"} /%g.. 2: 4Q12233 3*400 t' ' XQNOORVVWW W#}}Y CCIt0!<< V 6 HQ\]]ddpzBFdGGHH H  zQNOOVVblswVxxyy y+DG44Q 6 QSTT[[gqx|[}}~~ ~)$'1jAAA#At,,,+DG44 S 6 |QPQQXXdnuyXzz{{ { &twZ @ @ 6 LQ`aahht~FJhKKLL L &twZ @ @ 6 LQ`aahht~FJhKKLL L &twT : : 6 LQ`aahht~FJhKKLL L a  Vgm V)$'3@@BAv V #j!k!k!r!rIPT!r"U"UVVV 'C 8 8 6 DQXYY``lv~B`CCDD D ,TWa ; ; 6 xQLMMTT`jquTvvww wc"""#A&&&"""""r0c|||||||dSr&)r_ibendportRecords__addrR)r-rwrvr?rs r.rzibendportRecords.adds8  9j'4888 r0c|dkrI|dkrCtdkrttdttdtj|}|r(||jvrttd|z|||\}}}t|j|\}}|dkr1ttd |||s1ttd  ||t|j|\}} |dkr1ttd  ||t| } tdkr)|dkr#t|j| t||dkrt|j| |t|j|| }|dkr1ttd  ||t!|t#| dS) Nr rbrrrzr@Could not check if ibendport {ibdev_name}/{ibendport} is definedru1ibendport {ibdev_name}/{ibendport} is not definedz2Could not query ibendport {ibdev_name}/{ibendport}z3Could not modify ibendport {ibdev_name}/{ibendport})rrr rrrr|r}rrsemanage_ibendport_querysemanage_ibendport_get_conrrrrrr) r-rwrvr?rrLrrrrrs r.rYzibendportRecords.__modifys b= 7Vr\ 7" 7 #?!@!@AAA #4!5!5666,V44  ZfD$44 ZQNOORXXYY Y $ i D DJ0!<< V 6 WQabbiiuLUiVVWW W HQRSSZZfp}FZGGHH H*47A66Q 6 IQSTT[[gq~G[HHII I(++ a  Igm I $TWc;w3G3G H H H R< < %dgsF ; ; ; ,TWa ; ; 6 JQTUU\\hrH\IIJJ J#A&&&"""""r0c|||||||dSr&)r_ibendportRecords__modifyrR)r-rwrvr?rs r.r\zibendportRecords.modifys8  iWf=== r0ct|j\}}|dkrttd||D]}t |j|\}}t |}|t||\}}}|dkr1ttd ||t|j|}|dkr1ttd ||t|| dS)NrzCould not list the ibendportsz.Could not create a key for {ibdev_name}/{port}r{z2Could not delete the ibendport {ibdev_name}/{port}) semanage_ibendport_list_localrrr r!semanage_ibendport_get_ibdev_namesemanage_ibendport_get_portr|r;rsemanage_ibendport_del_localrrR)r-rrrwrvrrLs r.rzibendportRecords.deleteallsP3DG<< U 6 AQ>??@@ @  + +I@)TT R.y99D$(MM#d))Z$H$H !Q DAv  #S!T!T![![gqx|![!}!}~~~-dgq99BAv C #W!X!X!_!_ku}A!_"B"BCCC ' * * * * r0c|||\}}}t|j|\}}|dkr1tt d|||s1tt d||t |j|\}}|dkr1tt d|||s1tt d||t|j|}|dkr1tt d||t|dS)NrrrurzJibendport {ibdev_name}/{ibendport} is defined in policy, cannot be deletedz3Could not delete ibendport {ibdev_name}/{ibendport}) r|r}rrr rsemanage_ibendport_exists_localrr)r-rwrvrLrrrs r.razibendportRecords.__deletes $ i D DJ0!<< V 6 WQabbiiuLUiVVWW W HQRSSZZfp}FZGGHH H6twBB V 6 WQabbiiuLUiVVWW W aQkllss@JV_s``aa a )$'1 5 5 6 JQTUU\\hrH\IIJJ J#A&&&&&r0c|||||dSr&)r_ibendportRecords__deleterR)r-rwrvs r.rzibendportRecords.deletes4  i,,, r0rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD]f}t |}t|}|dkr't|}t|j|\}}t|} ||f|| |f<g|S)NrCould not list ibendportsreserved_ibendport_t) rrrsemanage_ibendport_listrr rrrrr) r-rrwrrwrrrrvrs r.rzibendportRecords.get_alls  @  F  o *D(E(E(E(E(EqIYGZGZGZGZGZ\]^k\l\l\l\lm n n n  A 1$C 4%(1+% %C1Xabb\ " "vz! #JJJJ   r0r&r r)rUrVrWrr/r|rrrr\rrrrr rrrXr0r.rnrn8sK % % %;#;#;#z $#$#$#L *'''( (&         r0rnc`eZdZgZddZdZdZdZdZdZ dZ d Z d Z dd Z d ZddZdS) nodeRecordsNct||ddg|_ ttt jtjddd|_dS#t$rYdSwxYw)Nipv4ipv6 node_typerr) rr/protocolrrr$rrrrs r.r/znodeRecords.__init__2s  t,,,(  #Dx7I;)W)W$X$XYZ$[\c$deeD       DD sA A22 B?Bc@|}|}d}|dkrttdt|dks |ddkrItj||z}t |j}t |j}d|jz} |j |}n!#ttdxYw tj |}n6#|dkr tj }nttdYnxYw||||fS)Nr zNode Address is requiredrrmzipv%dzUnknown or missing protocolr)rr r| ipaddress ip_networkr;network_addressnetmaskversionrindexrr IPPROTO_IPIP) r-addrmaskrnewaddrnewmask newprotocolraudit_protocols r.validateznodeRecords.validate:s; 2: <Q9::;; ; t99> +T!W^ +$TD[11A!+,,G!)nnG*H ?---h77KK ?Q<==>> > C#28<??@@ @+E22 ( ( SQHIIEQRR R*47D$FFQ 6 FQ<==DEE E+DGQ77 V 6 PQFGG$NOO O  BQ899D@AA A)$'22 T 6 GQ=>>EFF Fe,,, #DGT5$ ? ?+DG44 S 6 JQ@AADHII I #DGT5$ ? ? 6 DQ:;;dBCC C &twZ @ @ 6 TQJKKdRSS S &twZ @ @ 6 TQJKKdRSS S &twU ; ; 6 TQJKKdRSS S a  ^gm ^)$'3@@BAv ^ #T!U!UX\!\]]] "47D# 6 6 6 LQBCCdJKK K 'D 9 9 6 @Q677$>?? ?c"""q!!!4    gkgkgkmqmqmqs~s~s~AKAKAKMWMWMWY^Y^Y^`g`gh i i i i ir0c||||||||dSr&)r_nodeRecords__addrR)r-rrrr?rs r.rznodeRecords.adds:  4ugu555 r0c||||\}}}}|dkr"|dkrttdtj|}|r(||jvrttd|zt |j|||\}}|dkrttd|zt|j|\}} |dkrttd|z| sttd|zt|j|\}} |dkrttd|zt| } td kr)|dkr#t|j| t||dkrt|j| |t|j|| }|dkrttd |zt!|t#| |jd |d |d |ddddd|d|dS)Nr rrrrrAddr %s is not definedzCould not query addr %srbzCould not modify addr %szresrc=node op=modify laddr=rrrrrnr)rrr rrrrrrsemanage_node_querysemanage_node_get_conrrrrrrrrrM) r-rrrr?rrrrLrrrs r.rYznodeRecords.__modifys)-tT5)I)I&dE; b= >Vr\ >Q;<<== =,V44  TfD$44 TQHIIFRSS S*47D$FFQ 6 FQ<==DEE E+DGQ77 V 6 PQFGG$NOO O AQ7884?@@ @(!44 T 6 BQ899D@AA A#D)) a  Igm I $TWc;w3G3G H H H R< < %dgsF ; ; ; 'D 9 9 6 CQ9::TABB Bq!!!4    jnjnjnptptptwBwBwBDNDNDNPZPZPZ\b\b\bdkdkl m m m m mr0c||||||||dSr&)r_nodeRecords__modifyrR)r-rrrr?rs r.r\znodeRecords.modifys:  dD%&999 r0c ||||\}}}}t|j|||\}}|dkrtt d|zt |j|\}}|dkrtt d|z|stt d|zt |j|\}}|dkrtt d|z|stt d|zt|j|}|dkrtt d|zt||j d|d|d |dS) Nrrrrz/Addr %s is defined in policy, cannot be deletedzCould not delete addr %szresrc=node op=delete laddr=rr) rrrrr rsemanage_node_exists_localsemanage_node_del_localrrrM)r-rrrrrrLrs r.raznodeRecords.__deletes)-tT5)I)I&dE;*47D$FFQ 6 FQ<==DEE E+DGQ77 V 6 PQFGG$NOO O AQ7884?@@ @1$'1== V 6 PQFGG$NOO O ZQPQQTXXYY Y $TWa 0 0 6 CQ9::TABB Bq!!! UYUYUY[_[_[_alalmnnnnnr0c||||||dSr&)r_nodeRecords__deleterR)r-rrrs r.rznodeRecords.deletes6  dD%((( r0c t|j\}}|dkrttd||D]c}|t |j|dt|j|d|jt|d| dS)Nrz!Could not deleteall node mappingsrb) semanage_node_list_localrrr rrsemanage_node_get_addrsemanage_node_get_maskrsemanage_node_get_protorR)r-rnlistrs r.rznodeRecords.deletealls.tw77 U 6 EQBCCDD D  \ \D MM0$??BDZ[_[bdhDiDijkDlnrn{}TUY}Z}Zo[ \ \ \ \ r0rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD]}t |}t|j|}t|j|}|j t|}t|t|t|t|f||d|d|f<|S)NrzCould not list addrsrb)rrilistsemanage_node_listrr rrrrrsemanage_context_get_usersemanage_context_get_rolerr) r-rrwrrrrrrs r.rznodeRecords.get_alls*  ;7@@ R1$':: R 6 8Q56677 7J o oD'--C)$'488D)$'488DM"9$"?"?@E0I#0N0NPijmPnPnqJKNqOqOQijmQnQn0oE47DGU+ , , r0cg}|d}t|D]}||drO|d|dd|dd||dd||dd |d  _|d|dd|dd||dd |d |S) NTrz-a -M rbr#r -t rrrr\rrs r.rznodeRecords.customizeds  T"" %% V VAQx{ VadddAaDDD%PQ(ST+++W\]^W_`aWbWbWbdefgdhdhijjjjadddAaDDD%(1+++qQRttTUUUUr0rbc||}t|dkrdSt|}|rt ddzt r|D]}d}|D]}|dzt |z}t |ddd|ddd|d d d||dd ||dd ||d d t||d d ddS|D]\}t |ddd|ddd|d d d||dd ||dd ||d d ]dS)Nrz%-18s %-18s %-5s %-5s )z IP AddressNetmaskProtocolContextr  rjr\rbrrrnrF)rr|rrrrr;r)r-rrrwrrLvalfieldss r.rznodeRecords.lists Y'' u::?  Fejjll##  ` +.^^ _ _ _  p R R33F*s6{{2CC1qttttQqTTTT5QR8TU;;;X]^_X`abXcXcXcejklemnoepepepr{}BCD}EFG}HJOsPsPsPsPQRRRR  R R  p paddddAaDDDD!A$$$$aQR UZ[\U]^_U`U`U`bghibjklbmbmbmnoooo p pr0r&r r)rUrVrWrr/rrrrr\rrrrrrrXr0r.rr.sK = = =DFiFiFiP &m&m&mP ooo6 $ppppppr0rcVeZdZddZdZdZdZdZdZdZ d Z dd Z d Z ddZ dS)interfaceRecordsNc<t||dSr&rrs r.r/zinterfaceRecords.__init__1rr0c tdkr|dkrd}nt|}|dkrttdt |j|\}}|dkrttd|zt |j|\}}|dkrttd|z|rttd|zt|j\}}|dkrttd |zt|j||}t|j\}}|dkrttd |zt|j|d }|dkrttd |zt|j|d }|dkrttd|zt|j||}|dkrttd|ztdkrA|dkr;t|j||}|dkrttd|zt|j||}|dkrttd|zt|j||}|dkrttd|zt!|j||}|dkrttd|zt#|t%|t'||jd|dd dd d|d| dS)Nrbr rSELinux Type is requiredrr*Could not check if interface %s is definedzInterface %s already definedz!Could not create interface for %srrz.Could not set user in interface context for %srz.Could not set role in interface context for %sz.Could not set type in interface context for %sz4Could not set mls fields in interface context for %sz&Could not set interface context for %sz$Could not set message context for %szCould not add interface %szresrc=interface op=add netif=rrn)rrrr semanage_iface_key_creatersemanage_iface_existssemanage_iface_createsemanage_iface_set_namerrrrrsemanage_iface_set_ifconsemanage_iface_set_msgconsemanage_iface_modify_localrsemanage_iface_key_freesemanage_iface_freerrM) r- interfacer?rrrLrifacers r.rNzinterfaceRecords.__add4s Q  /"} /%g.. B; <Q9::;; ;+DGY??Q 6 KQ<== IJJ J,TWa88 V 6 ZQKLLyXYY Y  LQ=>>JKK K+DG44 U 6 QQBCCiOPP P $TWeY ? ?+DG44 S 6 OQ@AAIMNN N &twZ @ @ 6 ^QOPPS\\]] ] &twZ @ @ 6 ^QOPPS\\]] ] &twU ; ; 6 ^QOPPS\\]] ] a  hgm h)$'3@@BAv h #Y!Z!Z]f!fggg %dguc : : 6 VQGHH9TUU U &tws ; ; 6 TQEFFRSS S (!U ; ; 6 JQ;<Vr\ >Q;<<== =+DGY??Q 6 KQ<== IJJ J,TWa88 V 6 ZQKLLyXYY Y KQ<== IJJ J*47A66 U 6 LQ=>>JKK K&u-- a  Igm I $TWc;w3G3G H H H R< < %dgsF ; ; ; (!U ; ; 6 MQ>??)KLL L"""E""" [d[d[dfpfpfpr|r|r|EEEGNGNO P P P P Pr0c||||||dSr&)r_interfaceRecords__modifyrR)r-rr?rs r.r\zinterfaceRecords.modifys6  i&111 r0ct|j|\}}|dkrttd|zt |j|\}}|dkrttd|z|sttd|zt |j|\}}|dkrttd|z|sttd|zt |j|}|dkrttd|zt||j d|zdS)Nrrrrz4Interface %s is defined in policy, cannot be deletedzCould not delete interface %sz"resrc=interface op=delete netif=%s) rrrr rsemanage_iface_exists_localsemanage_iface_del_localrrrM)r-rrrLrs r.razinterfaceRecords.__deletesq+DGY??Q 6 KQ<== IJJ J,TWa88 V 6 ZQKLLyXYY Y KQ<== IJJ J247A>> V 6 ZQKLLyXYY Y dQUVVYbbcc c %dgq 1 1 6 MQ>??)KLL L""" BYNOOOOOr0c||||dSr&)r_interfaceRecords__deleterR)r-rs r.rzinterfaceRecords.deletes2  i    r0ct|j\}}|dkrttd||D]$}|t |%|dS)Nrz(Could not delete all interface mappings)semanage_iface_list_localrrr rrsemanage_iface_get_namerR)r-rrkrs r.rzinterfaceRecords.deletealls/88 U 6 LQIJJKK K  6 6A MM1!44 5 5 5 5 r0rci}|rt|j\}|_nt|j\}|_|dkrt t d|jD][}t |}t|t|t|t|f|t|<\|S)NrzCould not list interfaces) rrrsemanage_iface_listrr rrrrrr)r-rrwrrrs r.rzinterfaceRecords.get_alls  <8AA R247;; R 6 =Q:;;<< < x xI*955C9RSV9W9WYrsvYwYwzSTWzXzXZrsvZwZw9xE))44 5 5 r0c Tg}|d}t|D]n}||dr7|d||dd||dd|G|d||dd|o|S)NTrr"rrrr\rrs r.rzinterfaceRecords.customizedrr0rbc`||}t|dkrdSt|}|r0t t dddt ddt rd|D]_}t |dd||dd||dd||d dt||d d d `dS|D]B}t |dd||dd||dd||d dCdS) NrzSELinux Interfacerr\rrrnrbrrF)rr|rrrr rrrs r.rzinterfaceRecords.listsh Y'' u::?  Fejjll##  I !$7"8"8"8"8"8!I,,,,G H H H  V x xaaaaq!eAhqkkk5QR8TU;;;XabghibjklbmotXuXuXuXuvwwww x x V V1111eAhqkkk58A;;;aQR TUUUU V Vr0r&r r)rUrVrWr/rrrr\rrrrrrrXr0r.rr/s---->L>L>L@ P P PD PPP2      V V V V V Vr0rc~eZdZgZddZdZdZdZddZdZ dd Z dd Z d Z d Z dZdZdZddZdZddZdS)fcontextRecordsNc t|| tttjtjddd|_|xjtttjtjdddz c_n#t$rYnwxYwi|_i|_ d|_ ttj d}|D]a}|}t!|dkr*|dr@|\}}||j|<b|n#t($rYnwxYw ttjd}|D]a}|}t!|dkr*|dr@|\}}||j |<b|dS#t($rYdSwxYw)N file_typerr device_nodeFr#)rr/rrr$rrrequiv equiv_dist equal_indrrrzselinux_file_context_subs_path readlinesstripr|rrruIOError#selinux_file_context_subs_dist_path)r-rrzrtarget substitutes r.r/zfcontextRecords.__init__sG  t,,, #Dx7I;)W)W$X$XYZ$[\c$deeD    T(-8JM*Z*Z%[%[\]%^_f%g h h h       D   g<>>DDB\\^^ 0 0GGIIq66Q;<<$$%&WWYY" %/ 6"" HHJJJJ    D  gACCSIIB\\^^ 5 5GGIIq66Q;<<$$%&WWYY" *4'' HHJJJJJ    DD s8BB;; CC!B+F FFB+I IIc|jrtj}d|z}t|d}|jD](}||d|j|d)| tj |tj |tj n#YnxYwtj ||d|_t|dS)Nz%s.tmpwr\rF)rrzrrrrrwriterurchmodstatST_MODErenamerrR)r- subs_filetmpfilerzrs r.rRzfcontextRecords.commit s > #>@@I*Ggs##B*//++ C Cfffdj.@.@.@ABBBB HHJJJ "')"4"4T\"BCCCC  Igy ) ) )"DNt$$$$$s 7B??Cc ||dkr+|ddkrttd|z|dkr+|ddkrttd|z||jvrttd|z|||j|jfD]G}|D]B}||dzr(ttd||||fzCH|j dtj d|d d tj d |d ||j|<d |_ | dS) Nrmz=Target %s is not valid. Target is not allowed to end with '/'zESubstitute %s is not valid. Substitute is not allowed to end with '/'z'Equivalence class for %s already existsz4File spec %s conflicts with equivalency rule '%s %s'zresrc=fcontext op=add-equal sglobrr\tglobT)rrr rrrrrrrMr'audit_encode_nv_stringrrR)r-rrfdictrs r. add_equalzfcontextRecords.add_equal+ s S= jVBZ3. jQ^__bhhii i   vB3!6 vQfggjttuu u TZ__&& & TQHIIFRSS S fj$/2 x xE x x<< --x$Q']%^%^bhjkmrstmuav%vwwwx x UEabikqstEuEuEuEuw|xTU\^hjkxlxlxlm n n n' 6 r0c ||||jvrtt d|z||j|<d|_|jdtj d|ddtj d|d| dS)Nz'Equivalence class for %s does not existTzresrc=fcontext op=modify-equal r'rr\r() rrrrr rrrMr'r)rR)r-rrs r. modify_equalzfcontextRecords.modify_equalB s ** * TQHIIFRSS S' 6 HdelntvwHxHxHxHxz{WX_akmn{o{o{op q q q r0rct|j\}}|dkrttd|z|dkrd}t |j||}|dkrttd|zt |j|d}|dkrttd|zt dkr;t|j|d }|dkrttd |z|S) Nrrr rz)Could not set user in file context for %srz)Could not set role in file context for %srbr/Could not set mls fields in file context for %s)rrrr rrrr)r-rrrrs r. createconzfcontextRecords.createconM s+DG44 S 6 LQ@AAFJKK K R< F &twV < < 6 VQJKKfTUU U &twZ @ @ 6 VQJKKfTUU U Q  `)$'3==BAv ` #T!U!UX^!^___ r0c |dks|ddkrttd|ddkrttd|j|jfD]d}|D]_}||dzrEt j||||}ttd |||||fz`edS) Nr rrzInvalid file specificationr\r&z)File specification can not include spacesrmzMFile spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead)findrr rrrrosub)r-rr*rrs r.rzfcontextRecords.validatec s: R< >6;;t,,1 >Q;<<== = ;;s  r ! MQJKKLL Lj$/2 T TE T T$$QW--Tq%(F33A$Q'v%w%w|BDEGLMNGOQR{S&STTTT T T Tr0r c||tdkrt|}|dkrtt d|dkr>1Type %s is invalid, must be a file or device typerr1Could not check if file context for %s is definedz#File context for %s already definedz$Could not create file context for %sz)Could not set type in file context for %sr/!Could not set file context for %sz!Could not add file context for %srzresrc=fcontext op=add r( ftype=rrnr)rrrrr rrrsemanage_fcontext_key_creater file_typessemanage_fcontext_existssemanage_fcontext_exists_localsemanage_fcontext_createsemanage_fcontext_set_exprr0rrsemanage_fcontext_set_consemanage_fcontext_set_typesemanage_fcontext_modify_localrsemanage_fcontext_key_freesemanage_fcontext_freerrMr'r)ftype_to_audit) r-rrftyper?rrrLrfcontextrs r.rNzfcontextRecords.__addn s8 f Q  +!'**G 2: <Q9::;; ; :  `.t44D4++ ` #V!W!WZ^!^___.tw 5@QRRQ 6 HQ<==FGG G/;; V 6 ^QRSSV\\]] ] b9$'1EELRAv b #V!W!WZ`!`aaa  PQDEENOO O1$'::X 6 QQEFFOPP P '6 B B :  R..00C*47C>>BAv Z #N!O!ORX!XYYY!# d'R- d-dgsGDD6d$Q'X%Y%Y\b%bccc*47HcBBBAv R #F!G!G&!PQQQ"8Z->??? +DGQ A A 6 NQBCCfLMM M :  ' !# & & &"1%%%x((( F Z_Zvw~AGIJ[K[K[K[KM[\aMbMbMbdjdjdjlvlvlvx|x|x|~E~EF G G G G Gr0c||||||||dSr&)r_fcontextRecords__addrR)r-rrrFr?rs r.rzfcontextRecords.add s:  64888 r0cb|dkr(|dkr"|dkrttd|dvr??&HII I/;; V 6 ^QRSSV\\]] ]  T T!8!!D!DXX T T T #H!I!IF!RSSS T:$'1EELRAv b #V!W!WZ`!`aaa S #G!H!H6!QRRR T!>tw!J!JXX T T T #H!I!IF!RSSS T Z  R+H55C -nnV,,!# M'R- M(#{77K7KLLL| @)$'3???| @)$'3???*47HcBBBAv R #F!G!G&!PQQQ R+47HdCCBAv R #F!G!G&!PQQQ +DGQ A A 6 QQEFFOPP P"1%%%x((( F ]b]y{BDJLM^N^N^N^NP^_dPePePegmgmgmoyoyoy{A{A{ACJCJK L L L L Ls D&&*E2G *G5c||||||||dSr&)r_fcontextRecords__modifyrR)r-rrrFr?rs r.r\zfcontextRecords.modify s:  ffeWf=== r0c t|j\}}|dkrttd||D] }t |}t |}t|}t|j|t|\}}|dkrttd|zt|j|}|dkrttd|zt||j dtjd|ddt t"|i|_d|_|dS) Nrz Could not list the file contextsr4z$Could not delete the file context %sresrc=fcontext op=delete r(r9T)semanage_fcontext_list_localrrr rsemanage_fcontext_get_exprsemanage_fcontext_get_typesemanage_fcontext_get_type_strr:r;semanage_fcontext_del_localrCrrMr'r)rEfile_type_str_to_optionrrrR)r-rflistrGrrF ftype_strrLs r.rzfcontextRecords.deleteall s247;; U 6 DQABBCC C  s sH/99F.x88E6u==I247FJyDYZZGRAv N #B!C!Cf!LMMM,TWa88BAv U #I!J!JV!STTT &q ) ) ) J ! ! !ELhiprxz{L|L|L|L|MNefoNpqq#r s s s s  r0c||jvrT|j|d|_|jdt jd|dzdSt|j |t|\}}|dkrttd|zt|j |\}}|dkrttd|z|s}t|j |\}}|dkrttd|z|rttd|zttd|zt|j |}|dkrttd |zt!||jd t jd|dd t"|dS) NTz!resrc=fcontext op=delete-equal %sr(rr4r7z;File context for %s is defined in policy, cannot be deletedrKz$Could not delete file context for %srSr9)rrpoprrrMr'r)r:rr;rr r=r<rXrCrE)r-rrFrrLrs r.razfcontextRecords.__delete s' TZ__&& &  JNN6 " " "!DN J ! !"EIefmouwxIyIy"z { { { F.tw 5@QRRQ 6 JQ>??&HII I5dgqAA V 6 ^QRSSV\\]] ] S3DGQ??LRAv b #V!W!WZ`!`aaa S #`!a!adj!jkkk #G!H!H6!QRRR (! 4 4 6 QQEFFOPP P"1%%% HdelntvwHxHxHxHx{IJO{P{PQ R R R R Rr0c|||||dSr&)r_fcontextRecords__deleterR)r-rrFs r.rzfcontextRecords.delete8 s4  fe$$$ r0rc|rt|j\}|_nt|j\}|_|dkrt t dt |j\}}|dkrt t dt|j\}}|dkrt t d|xj|z c_|xj|z c_i}|jD]}t|}t|}t|} t|} | r@t| t| t| t| f||| f<| ||| f<|S)NrzCould not list file contextsz1Could not list file contexts for home directoriesz"Could not list local file contexts)rTrrZsemanage_fcontext_listrr semanage_fcontext_list_homedirsrUrVrWrOrrrr) r-rr fchomedirsfclocalrwrGexprrFr[rs r.rzfcontextRecords.get_all= s  ";DGDD R5dg>> RAv D #A!B!BCCC>twGG RAv Y #V!W!WXXX8AAMRAv J #G!H!HIII JJ* $JJ JJ' !JJ  / /H-h77D.x88E6u==I+H55C /,Ec,J,JLefiLjLjmFGJmKmKMefiMjMj,ktY'((+.tY'(( r0c |g}|d}t|D]}||r||drR|dt|dd||dd||dd|d d j|dt|dd||dd |d d t |jrB|jD](}|d |j|d |)|S)NTrz-a -f rbrrrz' 'r'z 'z-a -e r\)rrrr7rYr|r)r-r fcon_dictrLrs r.rzfcontextRecords.customized] s LL&&  (()) m mA| mQ<?mHHH>UVWXYVZ>[>[>[]fgh]ijk]l]l]lnwxynz{|n}n}n}@ABC@D@D@DEFFFFHHH6MaPQd6S6S6SU^_`UabcUdUdUdfghifjfjfjklll tz?? G*//++ G G$*V*<*<*>z, SELinux Distribution fcontext Equivalence z = z% SELinux Local fcontext Equivalence ) rr|rr rrrrrr)r-rrrhrLrs r.rzfcontextRecords.listl sLL++ y>>Q  A ]A.@,A,A,A,A,A1V99999aPYllll[\\\INN,,-- A AQ<A%yAaDDDD!A$$$$ RS UVYbcdYefgYhYhYhjstujvwxjyjyjy|EFOPQFRSTFUW\|]|]|]|]^____1qttttYq\RS___V_`aVbcdVeVeVegpqrgstugvgvgvwxxxxAaDDDD!A$$$$?@@@@ t   I IO!LMMNNN"o2244IIFvvvtv/F/FGHHHH tz?? @ DaABBCCC*//++ @ @6664:f+=+=>????  @ @ @ @r0r&)r)r r rr r)rUrVrWrr/rRr+r-r0rrIrrQr\rr_rrrrrXr0r.r r sFK$$$$L%%% .   , T T T@G@G@G@GD ALALALF 4RRRB @   @@@@@@r0r cXeZdZddZdZddZdZdZdZdd Z d Z d Z d Z ddZ dS)booleanRecordsNct||i|_d|jd<d|jd<d|jd<d|jd<d|jd<d|jd< tj\}|_tj\}}n#g|_d}YnxYw|jd ks |j|kr d |_dSd |_dS) NrbTRUErFALSEONOFF10r TF) rr/dictrzsecurity_get_boolean_namescurrent_booleansrr modify_local)r-rrptypes r.r/zbooleanRecords.__init__ s  t,,,  & ' $ % # # (/(J(L(L %B%577IB $&D !EEE :  &tzU2 & $D    %D   s 1B BcJtj|}t|j|\}}|dkrt t d|zt |j|\}}|dkrt t d|z|st t d|zt|j|\}}|dkrt t d|z||j vr.t||j |nIt t dd |j z|j rD||jvr;t|j||}|dkrt t d|zt!|j||}|dkrt t d |zt#|t%|dS) Nrr4(Could not check if boolean %s is definedBoolean %s is not definedzCould not query file context %sz0You must specify one of the following values: %sz, z(Could not set active value of boolean %szCould not modify boolean %s)rzselinux_boolean_subsemanage_bool_key_createrrr semanage_bool_existssemanage_bool_queryupperrtsemanage_bool_set_valuer.rrwrvsemanage_bool_set_activesemanage_bool_modify_localsemanage_bool_key_freesemanage_bool_free)r-r=valuerrLrrs r.__modzbooleanRecords.__mod s*400*47D99Q 6 HQ>??$FGG G+DGQ77 V 6 SQIJJTQRR R DQ:;;dBCC C%dgq11Q 6 JQ@AADHII I ;;==DI % r #Aty'? @ @ @ @QQRRUYU^U^_c_h_m_m_o_oUpUppqq q   W)>!> W)$'1a88BAv W #M!N!NQU!UVVV 'A 6 6 6 FQ<==DEE Eq!!!1r0Fc||r t|}|dD]}|}t |dkr* |d\}}n?#t $r2t td||wxYw| ||| n| ||| dS)Nrr=z&Bad format {filename}: Record {record})filenamerecord) rrrrsrrr|rr r_booleanRecords__modrurR)r-r=ruse_filerzrboolnamers r.r\zbooleanRecords.modify s*  $dBWWYY__T** : :GGIIq66Q;r$%GGCLLMHcc!rrr$Q'O%P%P%W%Waeno%W%p%pqqqr 8>>++SYY[[9999 HHJJJJ JJtU # # # s 9B??$FGG G+DGQ77 V 6 SQIJJTQRR R DQ:;;dBCC C1$'1== V 6 SQIJJTQRR R ]QSTTW[[\\ \ $TWa 0 0 6 FQ<==DEE Eq!!!!!r0c||||dSr&)r_booleanRecords__deleterRr-r=s r.rzbooleanRecords.delete s2  d r0c.t|j\}|_|dkrtt d||jD]&}t |}||'|dSNrzCould not list booleans) semanage_bool_list_localrblistrr rsemanage_bool_get_namerrR)r-rbooleanr=s r.rzbooleanRecords.deleteall s3DG<<TZ 6 ;Q899:: : z  G)'22D MM$     r0rcri}|rt|j\}|_nt|j\}|_|dkrt t d|jD]}g}t |}|t||j rX||j vrO|tj ||tj |n6||d||d|||<|Sr)rrrsemanage_bool_listrr rr7semanage_bool_get_valuerwrvrzsecurity_get_boolean_pendingsecurity_get_boolean_active)r-rrwrrrr=s r.rzbooleanRecords.get_all s1  ;7@@ R1$':: R 6 ;Q899:: :z GE)'22D LL099 : : :  'TT-B%B ' WA$GGHHH W@FFGGGG U1X&&& U1X&&&E$KK r0cRtj|}tj|Sr&)rzr|r boolean_descrs r.get_desczbooleanRecords.get_desc s#*400$T***r0cRtj|}tj|Sr&)rzr|rboolean_categoryrs r. get_categoryzbooleanRecords.get_category s#*400(...r0cg}|d}t|D]1}||r'|d||dd|2|S)NTz-m -rr\rrs r.rzbooleanRecords.customized sp  T"" %% 9 9AQx 9a QQ7888r0Tc tdtdf}|rc||}t|D]*}||r t |d||d+dS||}t |dkrdS|rPt tdddtd d td dtd d t|D]^}||rTt |dd|||ddd|||ddd||_dS)NrrrrrzSELinux booleanrr\Statez Default Descriptionrz (rr4z>5z) )r rrrrr|r)r-rrron_offrwrLs r.rzbooleanRecords.list$ sE((AdGG$  LL++EEJJLL)) 6 686QQQa 4555 F Y'' u::?  F  l +<)=)=)=)=)=qzzzz1Y<<<("""0   .+++///ppppppr0rl)rb)>r@r>rzrror9r rrJPROGNAMErsetools.policyreprsetools.typequeryrrgettextkwargs version_info translationrr builtinsr;__dict__ ImportError __builtin__rrcr;SEMANAGE_FCONTEXT_ALLSEMANAGE_FCONTEXT_REGSEMANAGE_FCONTEXT_DIRSEMANAGE_FCONTEXT_CHARSEMANAGE_FCONTEXT_BLOCKSEMANAGE_FCONTEXT_SOCKSEMANAGE_FCONTEXT_LINKSEMANAGE_FCONTEXT_PIPErYrEr' audit_closer(r$rMrfrwrrrrr rr0r:rr-rnrrr rlrXr0r.rs.   ++++++'''''',NNN F $! yH # #1 # # #" # # #A AA,,!$# ,,,$+ S!!!,  & 2/ ;' 32 >( 4' 3( 4/ ;' 3) 4!7 ( 3* 44 >) 3) 4- 8( 3) 4( 34 ?( 3) 41 <(++.(+/2+.%(,/),.. !!K<LLLE&e&(()))#&#&#&#&#&#&#&#&#&H "<"<"<!<!<!<!<!<!<!<!<!<!<"