403WebShell

403Webshell
Server IP : 80.87.202.40 / Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON
Directory : /lib/python3.9/site-packages/sepolicy/__pycache__/
Upload File :
[ Back ]
Current File : /lib/python3.9/site-packages/sepolicy/__pycache__/__init__.cpython-39.pyc
a

��yeē�@stddlZddlZddlZddlmZddlmZddlZddlZddl	Z	ddl
Z
ddlmZddl
mZddlmZddlmZddlmZddlmZddlmZdd	lmZdd
lmZddlmZdZzFddl Z iZ!ej"d
kr�de!d<e j#efddie!�ddi��Z$e$j Z%WnJzddl&Z&e'e&j(d<Wn&e)�yVddl*Z*e+e*j(d<Yn0Yn0dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5dZ6dZ7d Z8d!Z9d"Z:d#Z;d$Z<iZ=d%e=d&<d'e=d(<d)e=d*<d)e=d+<d)e=d,<d-e=d.<d/e=d0<d1e=d2<d3e=d4<d3e=d5<d6e=d7<d6e=d8<d9e=d:<d;e=d<<iZ>e%d=�e>d><e%d?�e>d@<e%dA�e>dB<e%dC�e>dD<e%dE�e>dF<e%dG�e>dH<e%dI�e>dJ<e%dK�e>dL<iZ?d>e?dM<d@e?dN<dBe?dO<dDe?dP<dFe?dQ<dHe?dR<dJe?dS<dLe?dT<da@daAdaBdaCdaDgaEdaFdaGdaHdaIdaJdaKdaLdaMdaNdaOdaPdaQdaRdaSdaTdaUdaVdaWdaXdUdV�ZYd�dXdY�ZZdZd[�Z[d\d]�Z\d^d_�Z]d`da�Z^d�dbdc�Z_ddde�Z`d�dfdg�Zadhdi�Zbdjdk�Zcdldm�Zddndo�Zedpdq�Zfdrds�Zgdtdu�Zhgfdvdw�Zigfdxdy�Zjdzd{�Zke�l�fd|d}�Zme�l�fd~d�Zne�l�fd�d��Zoe�l�fd�d��Zpd�d��Zqd�d��Zrd�d��Zsd�d��Ztd�d��Zud�d��Zvd�d��Zwd�d��Zxd�d��Zyd�d��Zzd�d��Z{d�d��Z|d�d��Z}d�d��Z~d�d��Zd�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�e�fd�d��Z�d�d��Z�d�dÄZ�d�dńZ�d�dǄZ�d�dɄZ�d�d˄Z�d�d̈́Z�d�dτZ�d�d�d҄Z�d�d�dԄZ�d�dքZ�d�d؄Z�d�dڄZ�d�d܄Z�dS)��N)�	BoolQuery)�PortconQuery)�
SELinuxPolicy)�
ObjClassQuery)�
RBACRuleQuery)�	RoleQuery)�TERuleQuery)�TypeAttributeQuery)�	TypeQuery)�	UserQueryzselinux-python)�T�unicode�	localedirz/usr/share/locale�fallback�_��r�����allowZ
auditallowZ
neverallowZ	dontaudit�source�target�permlist�classZ
transitionZ
role_allowZetc_tz/etcZtmp_tz/tmpZunit_file_tz/usr/lib/systemd/systemz/lib/systemd/systemz/etc/systemd/systemZvar_cache_tz
/var/cacheZ	var_lib_tz/var/libZlog_tz/var/logZ	var_run_tz/var/runz/runZ
var_lock_tz	/run/lockz
/var/run/lockZvar_spool_tz
/var/spoolZ	content_tz/var/wwwz	all files�azregular file�fZ	directory�dzcharacter device�czblock device�bzsocket file�sz
symbolic link�lz
named pipe�p�z--z-dz-cz-bz-sz-lz-pcCs>|�dd�d}zt|�|fWSty8d|fYS0dS)Nz/policy.rr)�rsplit�int�
ValueError)Zpolicy_path�	extension�r)�5/usr/lib/python3.9/site-packages/sepolicy/__init__.py�policy_sortkey�s
r+�/cCsNz0|t��}t�d|�}|jtd�|dWSYn0ttd���dS)Nz%s.*��key���zNo SELinux Policy installed)�selinuxZselinux_binary_policy_path�glob�sortr+r'r)�root�path�policiesr)r)r*�get_installed_policy�s
r6cCs2t�dt��|f�}|sdS|jtd�|dS)z?Get the path to the policy file located in the given store namez%s%s/policy/policy.*Nr-r/)r1r0Zselinux_pathr2r+)�storer5r)r)r*�get_store_policy�s
�r8cCsRdadadadadadadadadazt	|�a
Wnttd�|��Yn0dS)NzFailed to read %s policy file)
�all_domains�all_attributes�bools�	all_types�role_allowsZusers�roles�
file_types�
port_typesr�_polr'r��policy_filer)r)r*�policy�s
rDcCst|�}|sdSt|�dS�N)r8rD)r7rCr)r)r*�load_store_policy�srFcCst�}t|�dSrE)r6rDrBr)r)r*�init_policy�srGcCs�ts
t�|tkrbtt�}||_t|���}|rTt|�dkrTd|_||_t|���}dd�|D�S|t	kr�t
t�}|r|||_dd�|��D�S|tkr�tt�}|r�||_dd�|��D�S|t
k�rHtt�}|�rdd�|�d�D�}t|�d	k�r�||_n t|�dk�r|d
|d
f|_tj�r6dd�|��D�Sdd�|��D�S|tk�r�tt�}|�rf||_tj�r�d
d�|��D�Sdd�|��D�S|tk�r�tt�}|�r�||_dd�|��D�S|tk�r�tt�}|�r�||_dd�|��D�Std��dS)Nrc	ssB|]:}ttt|����t|�t|j�ttt|����d�VqdS))�aliases�nameZ
permissive�
attributesN)�list�map�strrH�boolZispermissiverJ��.0�xr)r)r*�	<genexpr>�s��zinfo.<locals>.<genexpr>css:|]2}t|�ttt|����ttt|����d�VqdS))rIr>�typesN)rMrKrL�expandrSrOr)r)r*rR�s
��css*|]"}t|�ttt|����d�VqdS))rIrSN)rMrKrLrTrOr)r)r*rR�s��cSsg|]}t|��qSr))r&)rP�ir)r)r*�
<listcomp>��zinfo.<locals>.<listcomp>�-rrcss<|]4}|jjt|j�t|jj�t|jj�|jjd�VqdS))�high�protocol�range�type�lowN)�portsrYrMrZ�contextZrange_�type_r]rOr)r)r*rR�s�

�css2|]*}|jjt|j�t|jj�|jjd�VqdS))rYrZr\r]N)r^rYrMrZr_r`r]rOr)r)r*rRs�
�css8|]0}t|j�t|�ttt|j��t|j�d�VqdS))r[rIr>�levelN)rMZ	mls_rangerKrLr>Z	mls_levelrOr)r)r*rRs��css(|] }t|�ttt|j��d�VqdS))rIr>N)rMrKrLr>rOr)r)r*rRs��css|]}t|�|jd�VqdS))rI�stateN�rMrbrOr)r)r*rRs��css"|]}t|�t|j�d�VqdS))rIrN)rMrK�permsrOr)r)r*rR)s��zInvalid type)rArG�TYPEr
rIrK�results�len�alias�ROLEr�	ATTRIBUTEr	�PORTr�splitr^�mls�USERr�BOOLEANr�TCLASSrr')�setyperI�qrfr^r)r)r*�info�s����
��
��
�
�rscCsTt|j�t|j�t|j�t|j�d�}z<i}|jjD]}|j|t|�<q4|jjfi|��|j	k}Wnt
yxd}Yn0||d<zttt|j
��|d<Wnt
y�Yn0zt|j�|d<Wnt
y�Yn0zdd�|jjD�|d<Wnt
�yYn0zt|j�|d	<Wnt
�y*Yn0z|j|d
<Wnt
�yNYn0|S)N)r\rrrT�enabledr�	transtypecSsg|]}t|�|jf�qSr)rc)rPr r)r)r*rVSrWz)_setools_rule_to_dict.<locals>.<listcomp>�booleans�conditional�filename)rM�ruletyperr�tclassrwrvrbZevaluateZconditional_block�AttributeErrorrKrLrd�defaultrx)ZrulerZ	boolstate�booleanrtr)r)r*�_setools_rule_to_dict2sD�
r~c
Cs�ts
t�|si}tttttttg�}|D]}||vr*t	dd�
|���q*d}t|vrbt|t�}d}t
|vrzt|t
�}d}t|vr�t|t��d�}g}g}t|vr�|�t�t|vr�|�t�t|vr�|�t�t|vr�|�t�t|�dk�r2tt||||d�}	t|v�r|t|	_|dd�|	��D�7}t|v�r�gd�}
tt|
|||d�}	t|v�rj|t|	_|d	d�|	��D�7}t|v�r�d
g}tt||||d�}	|	��D]"}|�t|j�t|j�d���q�|S)NzType has to be in %s� �,r)ryrrrzcSsg|]}t|��qSr)�r~rOr)r)r*rV�rWzsearch.<locals>.<listcomp>)�type_transitionZtype_changeZtype_membercSsg|]}t|��qSr)r�rOr)r)r*rV�rWr)rr)rArG�set�ALLOW�
AUDITALLOW�
NEVERALLOW�	DONTAUDIT�
TRANSITION�
ROLE_ALLOWr'�join�SOURCErM�TARGET�CLASSrl�appendrgr�PERMSrdrfrrr)
rSZseinfoZvalid_typesrqrrrzZtoretZtertypesrrZrtypesZratypes�rr)r)r*�searchdsz



�


�


��r�csi}g}�g��g�z(�tt�fdd�t���dd7�WnYn0z(�tt�fdd�t���dd7�WnYn0tdd�t���fdd�t���}zD|D]:}|�|d|d	|d
fd��||vr�|�|�i}q�Wnt�y�|YS0|S)Ncs|d�kS�NrIr)�rQ)�srcr)r*�<lambda>�rWz"get_conditionals.<locals>.<lambda>rrJcs|d�kSr�r)r�)�destr)r*r��rWcSs|SrEr))�yr)r)r*r��rWcs2|d�vo0|d�vo0t���|t�o0d|vS)Nrrrw)r��issubsetr�r�)�	dest_list�perm�src_listr)r*r��s
��rrwrt)rrw)rK�filter�get_all_types_inforL�get_all_allow_rules�updater��KeyError)r�r�rzr�ZtdictZtlistZallowsrUr))r�r�r�r�r�r*�get_conditionals�s0((� 


r�cCsFd}|D]}|ddrd}q"qtd�|d�ttdd�|���fS)	NFrwrTz-- Allowed %s [ %s ]z || cSsd|dd|ddfS)Nz%s=%drwrrr)r�r)r)r*r��rWz.get_conditionals_format_text.<locals>.<lambda>)rr�r�rL)ZcondrtrQr)r)r*�get_conditionals_format_text�sr�cCsttt|��ddS)NrrS)rKrsrj)Z	attributer)r)r*�get_types_from_attribute�sr�c	Cs�g}i}t�D]}|�t|��r|�|�qt�}|D]D}z$||dt||df||<Wq6tyxg||<Yq60q6|S�N�regex�ftype)�get_all_file_types�
startswith�gen_short_namer��
get_fcdict�
file_type_strr�)rq�flist�mpathsr�fcdictr)r)r*�get_file_types�s
$r�c	Cs<|s|Szttt|��dWSttfy6|YS0dS)z�Return the real name of a type

    * If 'name' refers to a type alias, return the corresponding type name.
    * Otherwise return the original name (even if the type does not exist).
    rIN)�nextrsre�RuntimeError�
StopIteration�rIr)r)r*�get_real_type_name�sr�c
	Cs.t�}g}i}ttg|ddgdd��}|dus:t|�dkr>|St�}ddg}|D]�}|d|vrbqPd	|vrt|d	stqP|d�d
�r�|d|vr�qP|d|vr�|d|kr�|�|d�qPt|d�D]}||vr�|�|�q�qP|D]F}	z$||	dt||	df||	<Wq�t	�y&g||	<Yq�0q�|S)
N�open�write�file)rrrrZ	proc_typeZsysctl_typerrt�_tr�r�)
r�r�r�rgr��endswithr�r�r�r�)
rqr?Z
all_writesr�rr�rJrU�trr)r)r*�get_writable_files�s:$r�cs�tj�|�r|gSzt�d|��Wntd|�gYS0|}|�d�r^|dd�d}tj�|��z�ddkr��d7�Wnty�td�Yn0z6t�d|���fdd	�t	�fd
d�t�
���D�WSgYS0dS)Nz%s$zbad reg:z(/.*)?i����r,r/ztry failed got an IndexErrorcsg|]}��|�r|�qSr))�matchrO)�patr)r*rV5rWzfind_file.<locals>.<listcomp>cs�|SrEr)r�)r4r)r*r�5rWzfind_file.<locals>.<lambda>)�osr4�exists�re�compile�printr��dirname�
IndexErrorrL�listdir)Zregr#r))r�r4r*�	find_files*


(r�cCsVt|�}|��D]@}|�d�r||vr||D] }t|�D]}|Sq.qdS)N�_exec_t)�get_entrypoints�keysr�r�)�domain�exclude_listZexecutable_files�exer4rr)r)r*�find_all_files:sr�cCs`t�}zB|�d�rF||vrF||dD]}t|�D]}|WSq&WntyZYn0dS)Nr�r�)r�r�r�r�)r�r�r�r4rr)r)r*�find_entrypoint_pathDsr�c
Cs�zht|d��J}|D]4}|��}|r|d�d�s|d|d�||d<qWd�n1s\0YWn2ty�}z|jtjkr��WYd}~n
d}~00|S)Nr�r�#r)Zequiv�modify)r�rlr��OSError�errno�ENOENT)Zedict�fc_pathr��fd�err)r)r*�read_file_equivPs:r�cCs"trtSiatt|ddd�atS)Nz.subsT�r�)�file_equiv_modifiedr��r�r)r)r*�get_file_equiv_modified]s
r�cCs&trtSt|�att|ddd�atS)Nz
.subs_distFr�)�
file_equivr�r�r�r)r)r*�get_file_equivfs
r�c
Cs�trtSgaz:t|dd��}|��}Wd�n1s:0YWn6ty|}z|jtjkrd�gWYd}~Sd}~00|D]b}|��}t|�dkr�q�z4t|�dkr�t|d}nd}t�	|d|f�Wq�t
y�Yq�0q�tS)N�.localr�rrrr)�local_filesr��	readlinesr�r�r�rlrg�trans_file_type_strr�r�)r�r��fcr�rU�recr�r)r)r*�get_local_file_pathsos,*r�c
Cs�trtSt|d�}|��}|��t|dd�}||��7}|��iaz>t|dd��}||��7}Wd�n1sz0YWn2ty�}z|jtjkr��WYd}~n
d}~00|D]�}|��}zjt|�dkr�t	|d}nd}|d�d�d}|tv�rt|d	�
|d
�n|d
g|d�t|<Wq�Yq�0q�d	dgitd
<d	dgitd<d	dgitd<d	dgitd<d	dgitd<d	dgitd<d	dgitd<d	dgitd<d	dgitd<tS)Nr�z	.homedirsr�rrrr/�:r�r)r�r�z
all log filesZlogfilezall user tmp filesZ
user_tmp_typezall user home filesZuser_home_typezall virtual image filesZvirt_image_typezBall files on file systems which do not support extended attributesZ	noxattrfsz)all sandbox content in tmpfs file systemsZsandbox_tmpfs_typez&all user content in tmpfs file systemsZuser_tmpfs_typezall files on the system�	file_typezAuse this label for random content that will be shared using sambaZ
samba_share_t)r�r�r��closer�r�r�rlrgr�r�)r�r�r�r�rUr�r�r�r)r)r*r��sJ
.
r�c	s<z �fdd�ttgddi�D�WSttfy6Yn0dS)Ncsg|]}|d�kr|�qS)rur)rO�rqr)r*rV�rWz(get_transitions_into.<locals>.<listcomp>r�process�r�r��	TypeErrorr{r�r)r�r*�get_transitions_into�s
 r�c	Cs0zttg|dd��WSttfy*Yn0dS)Nr��rrr�r�r)r)r*�get_transitions�s
r�c	Cs8zdd�ttgd|i�D�WSttfy2Yn0dS)NcSsg|]}|ddkr|�qS)rr�r)rOr)r)r*rV�rWz(get_file_transitions.<locals>.<listcomp>rr�r�r)r)r*�get_file_transitions�s
r�cCs\g}ttgd|i�}|D]>}d|vrz$|dD]}||vr.|�|�q.WqYq0q|S)Nrrv)r�r�r�)rqr}Zboollistrr#r r)r)r*�get_boolean_rules�sr�cCstd�S)NZ
entry_type)r�r)r)r)r*�get_all_entrypoints�sr�cs.tttg�dgdgd�}�fdd�|��D�S)Nr��
entrypoint)ryrrzrdcs g|]}|j�krt|j��qSr))rrMrrOr�r)r*rV�rWz(get_entrypoint_types.<locals>.<listcomp>)rrAr�rf)rqrrr)r�r*�get_entrypoint_types�s�r�c
sht�|�d�d�d�z2tt�fdd�ttgddd����}|d	d
WSttt	fybYn0dS)Nrr�rcs|d�kS)Nrr)r��r�r)r*r��rWz$get_init_transtype.<locals>.<lambda>�init_tr�r�rru)
r0Z
getfileconrlrKr�r�r�r�r{r�)r4�entrypointsr)r�r*�get_init_transtype�s$r�c	Cs\ttdgddgd�}g}|��D]6}z|j|kr<|�|j�Wq tyTYq Yq 0q |S�Nr�r�r�)ryrrz)rrArfr|r�rr{)rurrr�rUr)r)r*�get_init_entrypoint�s�
r�c	Cs~ttdgddgd�}i}|��D]X}z<t|j�}||vrN||�t|j��nt|j�g||<Wq tyvYq Yq 0q |Sr�)rrArfrMr|r�rr{)rrr�rUrur)r)r*�get_init_entrypoints_strs�
r�c	CsHz,tdd�ttgd|dd���}t|�dWSttfyBYn0dS)NcSs|dS)Nrur)r�r)r)r*r�rWz,get_init_entrypoint_target.<locals>.<lambda>r�r�)rrrr)rLr�r�rKr�r�)r�r�r)r)r*�get_init_entrypoint_targetsr�c	Cs\t�}i}t|�D]D}z$||dt||df||<WqtyTg||<Yq0q|Sr�)r�r�r�r�)rqr�r�rr)r)r*r� s$r�cCs�tt�dkrtSt�t��}z4t|�}t��}|�|�t	|j�
��a|��Wn&tj
�d|�t�d�Yn0t��tS)Nrz#could not open interface info [%s]
r)rg�methods�gen_interfaces�defaults�interface_infor��
interfacesZInterfaceSetZ	from_filerKr�r��sys�stderrr��exitr2)�fnr��ifsr)r)r*�get_methods+s
rcCstdurdd�tt�D�atS)NcSsg|]}|d�qSr�r)rOr)r)r*rVCrWz!get_all_types.<locals>.<listcomp>)r<rsrer)r)r)r*�
get_all_types@srcCstdurttt��atSrE)�all_types_inforKrsrer)r)r)r*r�Fsr�cCs&tdur"ttttd��dd�atS)NZ
userdomainrrS)�
user_typesrKrsrjr)r)r)r*�get_user_typesLsr
cCsttrtSiatttgd�}|��D]L}t|j�}t|j�}|dks"|dkrLq"|tvrdt|�|�q"|gt|<q"tS)N)ryZsystem_r)	r=rrAr�rfrMrrr�)rrr�r�Ztgtr)r)r*�get_all_role_allowsSs

rcCsvddl}g}tt��}|D]V}|�dd|�}t|�dkrt|�dd|d��dkr|d|vr|�|d�q|S)Nrz(.*)%sz_exec_t$z_initrc$)r��sortedr�findallrgr�)r�r9rSrU�mr)r)r*�get_all_entrypoint_domainsgs
(rcCs�zddlm}Wnty.ddlm}Yn0t��}t��}z"t�|�j	t�|�j	kr`WdSWnt
ytYn0t��dkr�tt
d���t|d�d�dS)Nr)�getstatusoutputzEYou must regenerate interface info by running /usr/bin/sepolgen-ifgenz/usr/bin/sepolgen-ifgenr)Zcommandsr�ImportError�
subprocessr�r��headersr��stat�st_mtimer��getuidr'rr�)rZifilerr)r)r*r�ss
r�cCs�trttfSiaiatt�D]�}|d|dkr>t|d�}ndt|d�t|d�f}|d|dftvr�t|d|df�|�n|gt|d|df<d|vr�|d|dft|d|d|df<q|dt|d|d|df<qttfS)Nr]rYz%s-%sr\rZr[)�portrecs�
portrecsbynumrsrkrMr�)rU�portr)r)r*�
gen_port_dict�s( rcCs"tsttttd��dd�atS)Nr�rrS)r9rKrsrjr)r)r)r*�get_all_domains�srcCs0trtStst�tt�}dd�|��D�atS)NcSs g|]}t|�dkrt|��qS)Zobject_r)rMrOr)r)r*rV�rWz!get_all_roles.<locals>.<listcomp>)r>rArGrrf�rrr)r)r*�
get_all_roles�srcCs<ts8ttt��atjr8tD]}d�|d�d��|d<qtS)Nr$r[r)�selinux_user_listrKrsrnrArmr�rlr�r)r)r*�get_selinux_users�src
Cs�trtStt��d�}|��}|��ga|�d�D]V}|��}t|�dks4|�	d�rXq4|�d�}t�
|d|dd�|dd��d��q4tS)	Nr��
rr�r�rr)rIZseuserrm)�login_mappingsr�r0Zselinux_usersconf_path�readr�rl�striprgr�r�r�)r��bufr rQr)r)r*�get_login_mappings�s
*r%cCsttdd�t���S)NcSs|dSr�r)r�r)r)r*r��rWzget_all_users.<locals>.<lambda>)rrLrr)r)r)r*�
get_all_users�sr&cCs&trtSttttd��dd�atS)Nr�rrS)r?rKrrsrjr)r)r)r*r��sr�cCs&trtSttttd��dd�atS)NZ	port_typerrS)r@rKrrsrjr)r)r)r*�get_all_port_types�sr'cCststtt��atSrE)r;rKrsror)r)r)r*�
get_all_bools�sr(cCsd�|dt|���d��S)Nrr)r�rgrl)rZtrimr)r)r*�prettyprint�sr)cCs|SrEr))rr)r)r*�markup�sr*cCsVd||�}|�d�r(|dt|d�S|�d�rD|dt|d�S|�d�r`|dt|d�S|�d�r||d	t|d�S|�d
�r�|dt|d�S|�d�r�|dt|d�S|�d
�s�|�d�r�|dS|�d�r�|dS|�d�r�|dt|d�S|�d��r|dt|d�S|�d��r:|dt|d�S|�d��rX|dt|d�S|�d��r~|d|dtd��S|�d��r�|dt|d�S|�d��r�|dt|d�S|�d��r�|dt|d�S|�d ��r�|dt|d �S|�d!��r|d"t|d!�S|�d#��r2|d$t|d#�S|�d%��rP|d&t|d%�S|�d'��rn|d(t|d'�S|�d)��r�|d*t|d)�S|�d+��r�|d$t|d+�S|�d,��r�|d-t|d,�S|�d.��r�|d/t|d.�S|�d0��r|d1t|d0�S|�d2��r"|d3t|d2�S|�d4��r@|d1t|d4�S|�d5��r^|d1t|d5�S|�d6��r||d1t|d6�S|�d5��r�|d7t|d5�S|�d8��r�|d9t|d8�S|�d:��r�|d;t|d:�S|�d<��r�|d=t|d<�S|�d>��r|d?t|d>�S|�d@��r&|dAS|�dB��rD|dCt|dB�S|dDt|dE�S)FNz+Set files with the %s type, if you want to Z
_var_run_tz8store the %s files under the /run or /var/run directory.Z_pid_tz,store the %s files under the /run directory.Z
_var_lib_tz0store the %s files under the /var/lib directory.Z_var_tz,store the %s files under the /var directory.Z_var_spool_tz2store the %s files under the /var/spool directory.Z_spool_tZ_cache_tZ_var_cache_tz/store the files under the /var/cache directory.Z	_keytab_tz)treat the files as kerberos keytab files.Z_lock_tzEtreat the files as %s lock data, stored under the /var/lock directoryZ_log_tzKtreat the data as %s log data, usually stored under the /var/log directory.Z	_config_tzRtreat the files as %s configuration data, usually stored under the /etc directory.Z_conf_tr�z,transition an executable to the %s_t domain.Z_cgi_content_tz"treat the files as %s cgi content.Z
_rw_content_tz)treat the files as %s read/write content.Z_rw_tZ_write_tZ_db_tz'treat the files as %s database content.Z
_ra_content_tz*treat the files as %s read/append content.Z_cert_tz'treat the files as %s certificate data.Z_key_tztreat the files as %s key data.Z	_secret_tz"treat the files as %s secret data.Z_ra_tZ_ro_tz(treat the files as %s read/only content.Z
_modules_tztreat the files as %s modules.Z
_content_tztreat the files as %s content.Z_state_tz!treat the files as %s state data.Z_files_tZ_file_tZ_data_tztreat the data as %s content.Z_tmp_tz1store %s temporary files in the /tmp directories.Z_etc_tz'store %s files in the /etc directories.Z_home_tz+store %s files in the users home directory.Z_tmpfs_tz&store %s files on a tmpfs file system.Z_unit_file_tz#treat files as a systemd unit file.Z_htaccess_tz#treat the file as a %s access file.ztreat the files as %s data.r�)r�r)rg)rr*Ztxtr)r)r*�get_description�s�







r+cCs"tstttdd�tt����atS)NcSs|dSr�r)r�r)r)r*r�SrWz$get_all_attributes.<locals>.<lambda>)r:rKrrLrsrjr)r)r)r*�get_all_attributesPsr,cCs |D]}||tvrdSqdS)NFT)r�)�dictrdr�r)r)r*�_dict_has_permsWsr.cCspt�}|�d�r&t|�}|dd�}n|}|d|vrBtd|��|ddkr`|dd�d}n|d}||fS)Nr����zdomain %s_t does not existr/rr)rr�r�r')rqr9�
domainname�
short_namer)r)r*r�^s
r�cCststtg�atSrE)�all_allow_rulesr�r�r)r)r)r*r�ns
r�cCs.ts*ttddttgd�}dd�|��D�atS)Nz.*T)r}Z
boolean_regexrycSsg|]}t|��qSr)r�rOr)r)r*rVyrWz&get_all_bool_rules.<locals>.<listcomp>)�all_bool_rulesrrAr�r�rfrr)r)r*�get_all_bool_rulests�r4cCststttg��atSrE)�all_transitionsrKr�r�r)r)r)r*�get_all_transitions|sr6c
s
g}g}t��\}}tdd�t�fdd�t���D]�}|D]�}t|t�sJq:zt�|d�}Wntyv|d}Yn0|d�	|�s�|d�	|�r�|d|f|vr�|d|f|vr�|�
|d|f�q:|d|f|vr:|d|f|vr:|�
|d|f�q:q2||fS)NcSs|dS)Nrvr)r�r)r)r*r��rWzget_bools.<locals>.<lambda>csd|vo|d�kS)Nrvrr)r�r�r)r*r��rWrr)r�rLr�r4�
isinstance�tupler0Zsecurity_get_boolean_activer�r�r�)rqr;Zdomainboolsr0r1rUr rtr)r�r*�	get_bools�s""
""r9cCstst��datS)Nr)rvr0Zsecurity_get_boolean_namesr)r)r)r*�get_all_booleans�sr:�#/usr/share/selinux/devel/policy.xmlcCsNzt�|�}|��}|��Wn*tyHt|�}|��}|��Yn0|SrE)�gzipr�r"r��IOError)r4r�r$r)r)r*�
policy_xml�s
r>cCs�trtSddl}ia�z�|jj�t|��}|�d�D�]}|�d�D]�}|�d�D]J}|�d��d�j�	d�}t
�dd|�}|�d	�|�d
�|ft|�d	�<qR|�d�D]J}|�d��d�j�	d�}t
�dd|�}|�d	�|�d
�|ft|�d	�<q�qD|�d�D]F}|�d��d�j�	d�}t
�dd|�}d|�d
�|ft|�d	�<�qq4|�d�D]F}|�d��d�j�	d�}t
�dd|�}d|�d
�|ft|�d	�<�qTWnt
�y�Yn0tS)
NrZlayer�moduleZtunable�descr#r rrIZdftvalrN�global)�
booleans_dictZxml.etree.ElementTreeZetreeZElementTreeZ
fromstringr>r
�find�textr#r��sub�getr=)r4ZxmlZtreer"rr r@rUr)r)r*�
gen_bool_dict�s6"$ "rGcCs*t�}||vrt||d�Std�SdS)Nr�unknown)rGr)r}rBr)r)r*�boolean_category�srIcCsPt�}||vrt||d�S|�d�}td�j|dd�|dd��d�SdS)NrrzAllow {subject} to {rest}rrr)Zsubject�rest)rGrrl�formatr�)r}rBr@r)r)r*�boolean_desc�s

rLcCsLddl}d}zddl}|jdd�}Wn"tttt|jfyFd}Yn0|S)Nrr$T)ZprettyZMisc)r�distrorI�ModuleNotFoundErrorr�r=�UnicodeErrorZCalledProcessError)rZsystem_releaserMr)r)r*�get_os_version�s
rPcCsPdadadadadadadadadada	da	da
dadada
dadadadadSrE)r:r9r<rvrBr;r�r?r�r�rrr@r=r>r	r!rr)r)r)r*�reinit�s&rQ)r,)N)N)r;)r;)�r�r0r1Zsepolgen.defaultsr�Zsepolgen.interfacesrrr�r�r<Zsetools.boolqueryrZsetools.portconqueryrZsetools.policyreprZsetools.objclassqueryrZsetools.rbacrulequeryrZsetools.rolequeryrZsetools.terulequeryrZsetools.typeattrqueryr	Zsetools.typequeryr
Zsetools.userqueryrZPROGNAME�gettext�kwargs�version_info�translationr�r�builtinsrM�__dict__rZ__builtin__r
rerirjrkrnrorpr�r�r�r�r�r�r�r�r�r�ZDEFAULT_DIRSr�r�rAr�r�r�r�r�r<rr	r=rrr9r>rr!r?r@r;r:rvrBr2r3r5r+r6r8rDrFrGrsr~r�r�r�r�r�r�r�r�r�r�r�Zselinux_file_context_pathr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrr�r
rrr�rrrrr%r&r�r'r(r)r*r+r,r.r�r�r4r6r9r:r>rGrIrLrPrQr)r)r)r*�<module>sj

���
	



m2
K!
$

		.	
	
]
Youez - 2016 - github.com/yon3zu
LinuXploit