HEX
Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1k
System: Linux ns565604.ip-54-39-133.net 4.18.0-553.50.1.el8_10.x86_64 #1 SMP Tue Apr 15 08:09:22 EDT 2025 x86_64
User: greer489 (1034)
PHP: 8.3.19
Disabled: NONE
$ pwd: /usr/lib/python3.6/site-packages/setroubleshoot/__pycache__/
Upload Files
File: //usr/lib/python3.6/site-packages/setroubleshoot/__pycache__/audit_data.cpython-36.pyc
3

��n`ǝ�@sdddlmZddlZddlmZddlZdddddd	d
dgZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlTddljZddlTddlTddlTddlTd
Zdd�Ze�Zdd�Zdd�Zejd�Zdd�Zejd�Zdd�Zddl Z dd�Z!Gdd�de"�Z#Gdd�de"�Z$Gdd
�d
e"�Z%Gdd�d�Z&Gdd	�d	e"�Z'Gdd�d�Z(dS) �)�absolute_importN)�range�derive_record_format�parse_audit_record_text�
AvcContext�AVC�AuditEventID�
AuditEvent�AuditRecord�AuditRecordReader)�*�cCs||k||kS)N�)�x�yrr� /usr/lib/python3.6/audit_data.py�<lambda>6srcCs t|�\}}}}t|||�}|S)N)rr
)�text�parse_succeeded�record_type�event_id�	body_text�audit_recordrrr�audit_record_from_text@srcCs*tjd|�rtjStjd|�r$tjStjS)Nz/audispd_events$z/audit_events$)�re�searchr�TEXT_FORMAT�
BINARY_FORMAT)Zsocket_pathrrrrHs
zL(node=(\S+)\s+)?(type=(\S+)\s+)?(msg=)?audit\(((\d+)\.(\d+):(\d+))\):\s*(.*)c
Cs�d}d}d}d}d}tj|�}|dk	r�d}|jd�r>|jd�}|jd�rR|jd�}|jd�r�t|jd��}t|jd��}t|jd��}	t|||	|�}|jd	�}||||fS)
NFT������	�
)�audit_input_rer�group�intr)
�inputr�hostrrr�match�seconds�milli�serialrrrras&






z%audit\(((\d+)\.(\d+):(\d+))\):\s*(.*)cCsvd}d}d}tj|�}|dk	rld}|jd�rbt|jd��}t|jd��}t|jd��}t|||�}|jd�}|||fS)NFT�rr
r�)�audit_binary_input_rerr&r'r)r(rrrr*r+r,r-rrr�parse_audit_binary_texts


r1cCs"|rdd�|D�}||krdSdS)NcSsg|]}|tjkr|�qSr)�string�	printable)�.0rrrr�
<listcomp>�szprintable.<locals>.<listcomp>TFr)�sZ
filtered_pathrrrr3�s
r3csZeZdZddiddiddiddid�Z�fdd�Zdd�Zdd	�Zd
d�Zdd
�Z�Z	S)r�XMLForm�	attribute)�user�role�type�mlscsztt|�j�t|tj�rv|jd�}t|�dkrv|d|_|d|_	|d|_
t|�dkrpdj|dd��|_nd|_dS)N�:r
rr.rZs0)
�superr�__init__�
isinstance�sixZstring_types�split�lenr9r:r;�joinr<)�self�data�fields)�	__class__rrr?�s



zAvcContext.__init__cCsd|j|j|j|jfS)Nz%s:%s:%s:%s)r9r:r;r<)rErrr�__str__�szAvcContext.__str__cCstjt|��\}}|S)N)�selinuxZselinux_raw_to_trans_context�str)rEZrcZtransrrr�format�szAvcContext.formatcCs|j|�S)N)�__eq__)rE�otherrrr�__ne__�szAvcContext.__ne__cCs4x.t|jj��D]}t||�t||�krdSqWdS)NFT)�list�	_xml_info�keys�getattr)rErN�namerrrrM�szAvcContext.__eq__)
�__name__�
__module__�__qualname__rQr?rIrLrOrM�
__classcell__rr)rHrr�s
csveZdZded�ded�ded�ddid�Zd�fdd�	Zdd	�Zd
d�Zdd
�Ze	dd��Z
dd�Zdd�Z�Z
S)rr8)r7�import_typecastr7)r+r,r-r)Ncs2tt|�j�||_||_||_|dk	r.||_dS)N)r>rr?r+r,r-r))rEr+r,r-r))rHrrr?�szAuditEventID.__init__cCsD|j|jkrdS|j|jkr dS|j|jkr0dS|j|jkr@dSdS)NFT)r)r+r,r-)rErNrrrrM�szAuditEventID.__eq__cCsb|j|jkr&td|jj|j|jf��|j|jkr>|j|jkS|j|jkrV|j|jkS|j|jkS)Nz?cannot compare two %s objects whose host values differ (%s!=%s))r)�
ValueErrorrHrUr+r,r-)rErNrrr�__lt__�szAuditEventID.__lt__cCsddl}|j|�S)Nr)�copy)rEr\rrrr\�szAuditEventID.copycCst|j�|jdS)Ng@�@)�floatZsecr,)rErrrr�szAuditEventID.<lambda>cCsd|j|j|jfS)Nzaudit(%d.%d:%d))r+r,r-)rErrrrI�szAuditEventID.__str__cCs.|jdkrdS|jdkrdS|jdkr*dSdS)NFT)r+r,r-)rErrr�is_valid�s


zAuditEventID.is_valid)N)rUrVrWr'rQr?rMr[r\�propertyZtimerIr^rXrr)rHrr�scs�eZdZddided�ddided�d�ZdZdZej	e�Z
ejd�Z
ejd	�Zejd
�Zd(�fdd
�	Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Z�ZS))r
r7r8�element)r7rY)rrr�line_numberrZiiiiz([^ \t]+)\s*=\s*([^ \t]+)z$avc:\s+([^\s]+)\s+{([^}]+)}\s+for\s+z^a\d+$Ncs8tt|�j�||_||_||_||_||_|j�dS)N)	r>r
r?rrrrGra�_init_postprocess)rErrrrGra)rHrrr?szAuditRecord.__init__cCsrt|dd�dkr|j|j�|jd
krnd|jkrntjj|j�}|rn|jd�}||jd<|jd�}|j	�|jd	<dS)NrGr�USER_AVC�1400�1107�seresultr.r�seperms)rrcrdre)
rS�set_fields_from_textrrrGr
�avc_rerr&rB)rEr*rfrgrrrrbs




zAuditRecord._init_postprocesscCs|j�S)N)�to_host_text)rErrrrI+szAuditRecord.__str__cCs d|_|jjdkrt�|j_dS)N)rarr)Zget_hostname)rErrr�audispd_rectify.szAuditRecord.audispd_rectifycCs.|jj�sdS|jdkrdS|jdkr*dSdS)NFT)rr^r�message)rErrrr^3s


zAuditRecord.is_validcCs�ddddddddd	d
ddd
dddg}xF|D]>}||jkr*|jdkrL|dkrLq*|j|}t|�}||j|<q*W|jdkr�xBt|jj��D]0\}}|jj|�r�|j|}t|�}||j|<q�WdS)NZacct�cmd�comm�cwdrF�dir�exe�filer)�key�msgrT�newZocommold�pathZwatchrZsaddrZEXECVE)rGrZaudit_msg_decoderP�items�exec_arg_rer)rEZencoded_fieldsZfield�valueZ
decoded_valuerrr�
decode_fields<s 




zAuditRecord.decode_fieldsc	Cs<y,tjddkr|jd�Stj|�jd�SWn
|SdS)Nrr
�hexzutf-8)�sys�version_info�decode�	bytearray�fromhex)rErvrrr�
translate_hexPs
zAuditRecord.translate_hexcCs
g|_i|_�x�tjj|�D]�}|jd�}|jd�}|jd�}y�|dkrbtjt	|d��}tj
|�}|dkr�|jd�jd�s�|j|�}|dkr�yt
jtt	|��}WnYnX|d
kr�tjt	|�tj��}|r�|}Wntk
r�YnX||j|<|jj|�qWdS)Nr.r�"�arch�rTrvrnrmrqro�exit�syscall)rTrvrnrmrqro)�
fields_ordrGr
�key_value_pair_re�finditerr&�strip�auditZaudit_elf_to_machiner'Zaudit_machine_to_name�
startswithr��errno�	errorcode�absZaudit_syscall_to_nameZaudit_detect_machinerZ�append)rErr*rsry�iZsyscall_namerrrrh_s4





z AuditRecord.set_fields_from_textcCs|jj|�S)N)rG�get)rErTrrr�	get_field�szAuditRecord.get_fieldcCs"t|�}tjtjtjtj|j|�S)N)rC�struct�packr
�binary_header_format�binary_version�binary_header_sizer)rErt�
msg_lengthrrr�get_binary_header�szAuditRecord.get_binary_headercsj�jdkrdS�jdkr4d�j�jdj�j�f}nd�j�jf}|dj�fdd��jD��d7}|S)	N�rz#type=%s msg=%s: avc: denied { %s } � ztype=%s msg=%s: csg|]}d|�j|f�qS)z%s=%s)rG)r4�k)rErrr5�sz.AuditRecord.fields_to_text.<locals>.<listcomp>�
)rGrrrD�accessr�)rEZbufr)rEr�fields_to_text�s

"zAuditRecord.fields_to_textcCsd|j|j|jfS)Nztype=%s msg=%s: %s
)rrr)rErrr�to_text�szAuditRecord.to_textcCs2|jjdk	r&d|jj|j|j|jfS|j�SdS)Nznode=%s type=%s msg=%s: %s
)rr)rrr�)rErrrrj�szAuditRecord.to_host_textcCsd|j|jf}|j|�|S)Nz%s: %s)rrr�)rE�recordrrr�	to_binary�szAuditRecord.to_binary)NN)rUrVrWrr'rQr�r�r��calcsizer�r�compiler�rirxr?rbrIrkr^rzr�rhr�r�r�r�rjr�rXrr)rHrr
s0




	"
c@s,eZdZdZdZdd�Zdd�Zdd�Zd	S)
rr.rcCsV||_d|_d|_|j|jkr(|j|_n*|j|jkr>|j|_ntd||j	j
f��dS)Nr�rz unknown record format (%s) in %s)�
record_format�
_input_bufferrar�	feed_textZfeedr�feed_binaryrZrHrU)rEr�rrrr?�s

zAuditRecordReader.__init__ccs�t|�dkrdS|j|7_x�t|j�tjkr4dStjtj|jdtj��\}}}}tj|}t|j�|krrdS|jtj|�}t|�\}}	}
|j|d�|_|r tj	|�|	|
ddfVq WdS)Nr)
rCr�r
r�r��unpackr�r1r�Zaudit_msg_type_to_name)rE�new_datar�r�rr�Z	total_lenrrrrrrrr��s"
zAuditRecordReader.feed_binaryc	cs�t|�dkrdS|j|7_d}|jjd|�}xh|dkr�|jd7_|d7}|j||�}t|�\}}}}|r�|||d|jfV|}|jjd|�}q2W|j|d�|_dS)Nrr�r.)rCr��findrar)	rEr��start�end�linerrrrrrrr��s 
zAuditRecordReader.feed_textN)rUrVrWrrr?r�r�rrrrr�s
!cs�eZdZdded�ded�d�Z�fdd�Zdd	�Zd
d�Zd$d
d�Z	dd�Z
edd��Zdd�Z
dd�Zd%dd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Z�ZS)&r	r`r)r7rPrY)r7rY)�recordsrcs*tt|�j�d|_g|_i|_d|_dS)N)r>r	r?rr��record_types�	timestamp)rE)rHrrr?�s
zAuditEvent.__init__cCs4t|dd�dkri|_x|jD]}|j|�qWdS)Nr�)rSr�r��process_record)rEr�rrrrb�szAuditEvent._init_postprocesscCsL|j}|j�d|j|j�|j�djdd�|D��djdd�|jD��fS)Nz2%s: is_avc=%s, is_granted=%s: line_numbers=[%s]
%s�,cSsg|]}t|��qSr)rK)r4rrrrr5
sz&AuditEvent.__str__.<locals>.<listcomp>r�cSsg|]}d|�qS)z    %sr)r4r�rrrr5s)�line_numbers�sortr�is_avc�
is_grantedrDr�)rEr�rrrrIszAuditEvent.__str__r�cCs|jdd�|jD��S)NcSsg|]}t|��qSr)rK)r4r�rrrr5sz%AuditEvent.format.<locals>.<listcomp>)rDr�)rEZ	separatorrrrrL
szAuditEvent.formatcCs
t|j�S)N)rCr�)rErrr�num_recordsszAuditEvent.num_recordscCsdd�|jD�S)NcSsg|]}|jr|j�qSr)ra)r4r�rrrr5sz'AuditEvent.<lambda>.<locals>.<listcomp>)r�)rErrrrszAuditEvent.<lambda>cCs|jj|�|j|�dS)N)r�r�r�)rEr�rrr�
add_recordszAuditEvent.add_recordcCsp|jdkr2|jj�|_t|jj�|jjd|_n |j|jksRtd|j|jf��|jj|j	g�}|j
|�dS)Ng@�@zBcannot add audit record to audit event, event_id mismatch %s != %s)rr\r]r+r,r�rZr��
setdefaultrr�)rEr�Zrecord_listrrrr�s
zAuditEvent.process_recordNcCsVg}|dkr|j}n
|j|�}x2|D]*}|jj|�}|dkr>q$|j||jf�q$W|S)aNReturn list of (value, record_type) tuples.
        In other words return the value matching name for every record_type.
        If record_type is not specified then all records are searched.
        Note: it is possible to have more than one record of a given type
        thus it is always possible to have multiple values returned.N)r��get_records_of_typerGr�r�r;)rErTrrwr�r�ryrrrr�%s

zAuditEvent.get_fieldcCs d}|jj|�}|r|d}|S)Nr)r�r�)rEr;r�r�rrr�get_record_of_type9s
zAuditEvent.get_record_of_typecCs|jj|g�S)N)r�r�)rEr;rrrr�@szAuditEvent.get_records_of_typecCs$xdD]}|j|�}|r|SqWdS)Nrrcrdre)rrcrdre)r�)rErr�rrr�get_avc_recordCs

zAuditEvent.get_avc_recordcCs|j�dk	S)N)r�)rErrrr�IszAuditEvent.is_avccCsH|j�}|dkrdS|jd}|dkr*dS|dkr6dStjjd|�dS)NFrfZdeniedZgrantedTz!unknown value for seresult ('%s'))r�rG�logZavc�warn)rE�
avc_recordrfrrrr�Ls
zAuditEvent.is_granted)r�)N)rUrVrWr
rrQr?rbrIrLr�r_r�r�r�r�r�r�r�r�r�rXrr)rHrr	�s 


c@s|eZdZdgZddgZdddddgZddddddgZddddddgZddd	d
gZdddddd	d
gZ	ddddddd
dddd	d
gZ
ddddddgZddddddddd
g	Zdddddddd
gZ
ddddddddd	d
ddddd
dgZddddgZddgZdgZdgZddddddgZdddddd
dgZdddddd
dgZdddddd
dd	d
dddddddgZdgZdgZdddddgZdddddgZddd
dddgZdddd
dddgZdd	gZdddddd
dd
dd	ddgZej d�Z!ej d�Z"dBdd�Z#dd�Z$dd�Z%dd �Z&d!d"�Z'd#d$�Z(d%d&�Z)d'd(�Z*d)d*�Z+d+d,�Z,d-d.�Z-d/d0�Z.d1d2�Z/d3d4�Z0d5d6�Z1d7d8�Z2d9d:�Z3d;d<�Z4d=d>�Z5d?d@�Z6dAS)CrrSZexecute�open�read�lockZioctlr��link�unlink�renameZcreate�setattr�writerZadd_nameZremove_nameZreparent�rmdirZmountZremountZunmountz^(\w+):\[([^\]]*)\]z^(/proc/)(\d+)(.*)TcCs�||_||_i|_d|_d|_d|_d|_d|_d|_d|_	d|_
d|_g|_g|_
d|_d|_d|_d|_d|_g|_|j�dS)N)�audit_event�query_environment�template_substitutions�tpath�spath�source�
source_pkgr��scontext�tcontext�tclass�port�src_rpms�tgt_rpmsr)�pid�kmodr��why�bools� derive_avc_info_from_audit_event)rEr�r�rrrr?�s*zAVC.__init__cCs|j�S)N)�
format_avc)rErrrrI�szAVC.__str__cCsNd}|d|j7}|d|j7}|d|j7}|d|j7}|d|j7}|S)Nr�zscontext=%s ztcontext=%s z
access=%s z
tclass=%s z	tpath=%s )r�r�r�r�r�)rErrrrr��szAVC.format_avccCs.|jdkrdSx|jD]}||krdSqWdS)zMReturns true if the AVC contains _any_ of the permissions in the access list.NFT)r�)rE�access_list�arrr�has_any_access_in�s
zAVC.has_any_access_incCs.|jdkrdSx|jD]}||krdSqWdS)zmReturns true if _every_ access in the AVC matches at
        least one of the permissions in the access list.NFT)r�)rEr�r�rrr�all_accesses_are_in�s
zAVC.all_accesses_are_inc
Cs�t�t�}|j�t�}|j�g}dd�dd�ttgt|jjt	|j
t|ji�D�D�}|}x,|D]$}||krd|j
ttt|��d�qdWx&|D]}||kr�||kr�|j|�q�W|j�|S)NcSsg|]}|t�qSr)ZTARGET)r4rrrrr5�sz,AVC.allowed_target_types.<locals>.<listcomp>cSsg|]}|dr|�qS)Zenabledr)r4rrrrr5�s�types)Zget_all_file_typesZget_all_port_typesr�Zget_all_attributesr�ALLOW�SOURCEr�r;ZCLASSr�ZPERMSr��extend�next�infoZ	ATTRIBUTEr�)rEZ	all_typesZall_attributesZ
allowed_typesZwtypesr��trrr�allowed_target_types�s 4

zAVC.allowed_target_typesc	Cs@|jdg�r<y"|jr,t|j�t@tjkr,dSWnYnXdS)Nr�TF)r��a1r'�	O_ACCMODE�os�O_RDONLY)rErrr�open_with_write�szAVC.open_with_writecCs$x|D]}tj||j�rdSqWdS)NTF)rr*r;)rE�context�	type_listr;rrrZ__typeMatch�s
zAVC.__typeMatchcCs|jdkrdS|j|j|�S)zReturns true if the type in the source context of the
        avc regular expression matches any of the types in the type list.NF)r��_AVC__typeMatch)rEr�rrr�matches_source_types�s
zAVC.matches_source_typescCs|jdkrdS|j|j|�S)zReturns true if the type in the target context of the
        avc regular expression matches any of the types in the type list.NF)r�r�)rEr�rrr�matches_target_types�s
zAVC.matches_target_typescCs|jdkrdS|j|kS)NF)r�)rEZtclass_listrrr�
has_tclass_in�s
zAVC.has_tclass_incCs|j�|j�dS)N)�derive_environmental_info�%update_derived_template_substitutions)rErrr�update�sz
AVC.updatecCs|jdkrdS|jtkS)NT)r��standard_directories)rErrr�path_is_not_standard_directory�s
z"AVC.path_is_not_standard_directorycCs4d}|jjd�}|jjd�}|jjd�}|dkr�|jjd�}xJ|D]B}|jd�}|r^|dkr^qB|jd�}|rB|rB|dkrB|j|�rBPqBW|dkr�|jjd�}|dk	r�|jjd�}|d	kr�d
|}n$|dkr�|dkr�|}q�d
|}n|}|dk	�r||dko�|�r�g}�y�d
}	|jjd�}
tjjd|
��r8tjd|
�j	}	t
|�}tdd�}x�|j�j
d�D]�}
|
j
�}t|��rZ|dd
dk�rZyP|	d
k�s�tj|d
�j	|	k�r�t
tj|d�j�|k�r�|j|dd��Wntk
�r��wZYnX�qZW|j�t|�dk�r|d
d}n�t|�dk�r�x�|D]x}
|
d
d|
k�sP|
d|
k�r\|
d}PnFy.|	d
k�r�tj|
d
�j	|	k�r�|
d}PWntk
�r�YnX�q,WWn2tk
�r�d}Yntk
�r�d}YnXn�|jd�dk�r||�r|d
dl}ddd|g}yb|j||jdd�}t
|�}xB|j
d�D]4}y t
tj|�j�|k�rV|}PWnYnX�q4WWnYnX|dk	�r�|jd��r�|jjd|�}n4|jj|�}|�r�|j}|d
dk�r�d |jd�}||_|jdk�r0|jd!k�r�d"|_n4|jd#k�s|jd$k�r&t d%�|j!|_n
t d&�|_dS)'a�Derive the target path.

        If path information is available the avc record will have a path field
        and no name field because the path field is more specific and supercedes
        name. The name field is typically the directory entry.

        For some special files the kernel embeds instance information
        into the file name. For example 'pipe:[1234]' or 'socket:[1234]'
        where the number inside the brackets is the inode number. The proc
        pseudo file system has the process pid embedded in the name, for
        example '/proc/1234/mem'. These numbers are ephemeral and do not
        contribute meaningful information for our reports. Plus we may use
        the path information to decide if an alert is identical to a
        previous alert, we coalesce them if they are. The presence of an
        instance specific number in the path confuses this comparison.
        For these reasons we strip any instance information out of the
        path,

        Example input and output:

        pipe:[1234]    --> pipe
        socket:[1234]  --> socket
        /proc/1234/fd  --> /proc/<pid>/fd
        ./foo          --> ./foo
        /etc/sysconfig --> /etc/sysconfig
        NrTrv�ino�PATHZnametypeZPARENTr�rrz%srp�/r�devz/dev/z/proc/mounts�rr�r.r
z/dev/%srzunknown mountpointFZlocatez-bz\%sT)�stderrZuniversal_newlinesz	\1<pid>\3��@Z
filesystemr�Z
udp_socketZ
tcp_socketzport %sZUnknown)"r�r�r�r��endswithr�rv�exists�lstat�st_rdevr'r�r�rBrC�stat�st_inor��OSError�close�	TypeErrorr��
subprocessZcheck_outputZSTDOUT�proc_pid_instance_re�sub�pipe_instance_path_rerr�r�r��_r�)rErvrTZinodestrZavc_path_recordsZavc_path_recordrr�ZmatchesZdev_rdevr�r��fdr�rrZcommand�outputrrr*rrr�
_set_tpaths�






:
  
zAVC._set_tpathcCsxd|_d|_d|_d|_d|_g|_d}}}}|jj�|_|jj	d�}|jj
d�|_t|j
t�sxt|jj
d��|_
t|jt�s�t|jj
d��|_|jj
d�|_|jj
d�dkr�|jj
d�|_n|jj
d�|_|j�|jj
d	�|_|jj
d
�|_|�r8|j
d�}|j
d�}|j
d
�|_|j
d�dk|_|j
d�|_|dk�rN|jj
d�}|dk�rd|jj
d�}||_|�rx||_n|�r�|j|_|j�s�|j|_|j�s�|j
j|_|jj	d�}|�r�|j
d�}nd}|jjd�}xR|D]J}	|	j
d�}
tjj|
��s|�r|jj|
�n|jjtjj||
���q�Wg|_g|_|jjj |_ t!j"t#|j
�t#|j�t#|j�|j�\|_$}|j$t!j%k�r�t&t'd�|j��|j$t!j(k�r�t&t'd�|j��|j$t!j)k�r�t&t'd���|j$t!j*k�r�t&t'd�|j��|j$t!j+k�rt&t'd�|j��|j$t!j,k�r&t&t'd�|j��|j$t!j-k�rFt&t'd�|j��|j$t!j.k�r`t&t'd���|j$t!j/k�rt||_0dS)NFZSYSCALLrgr�r�r��dest�srcr�r�rqrnr��success�yesr�ZCWDror�rTz8%s 
**** Recorded AVC is allowed in current policy ****
zh%s 
**** Recorded AVC is dontaudited in current policy. 'semodule -B' will turn on dontaudit rules ****
zMust call policy_init firstz.%s 
**** Invalid AVC: bad target context ****
z.%s 
**** Invalid AVC: bad source context ****
z*%s 
**** Invalid AVC: bad type class ****
z*%s 
**** Invalid AVC: bad permission ****
z&Error during access vector computation)1r�r�r�r�rZ
syscall_pathsr�r�r�r�r�r�r@r�rr�r�r�rr�r�r�r;r�r�rv�isabsr�rDr�r�rr)�	audit2whyZanalyzerKr�r�rZrZ	DONTAUDITZNOPOLICYZBADTCONZBADSCONZ	BADTCLASSZBADPERMZ
BADCOMPUTEZBOOLEANr�)rErqrnr�r�Zsyscall_recordZ
cwd_recordroZpath_recordsZpath_recordrvr�rrrr��s�






*z$AVC.derive_avc_info_from_audit_eventcCsP|jrL|jr,t|j�|_|jr,|jj|j�|jrLt|j�}|rL|jj|�dS)N)r�r�Zget_package_nvr_by_file_pathr�r�r�r�r�)rEZrpmrrrr�s
zAVC.derive_environmental_infocCs|jdkr||_dS)N)r�)rErvrrr�set_alt_path
s
zAVC.set_alt_pathcKs,x&t|j��D]\}}|r||j|<qWdS)N)rPrwr�)rE�kwdsrsryrrr�set_template_substitutionsszAVC.set_template_substitutionscCsVt|jj�|jd<t|jj�|jd<t|j�|jd<t|j�|jd<|jrdtjddt|j��|jd<t|j	�|jd<|j	r�tjddt|j	��|jd	<|j	dkr�d|jd
<nJ|j
dkr�t|j	�|jd
<n.|j
dkr�ttjj
|j	��|jd
<n
d|jd
<t|j
�|jd
<|jdk�rd|jd<ntdj|j��|jd<t|j�|jd<t|j�|jd<dS)NZSOURCE_TYPEZTARGET_TYPEr�ZSOURCE_PATHr��.ZFIX_SOURCE_PATHZTARGET_PATHZFIX_TARGET_PATHZ
TARGET_DIRrprrZTARGET_CLASSZACCESSZSOURCE_PACKAGEZPORT_NUMBER)�escape_htmlr�r;r�r�r�r�rr
r�r�r�rv�dirnamer�rDr�r�)rErrrr�s,



z)AVC.update_derived_template_substitutionscCs:x4t|jj��D]"\}}|dkrtt|��|j|<qWdS)N)rPr�rwrZdefault_text)rErsryrrr�validate_template_substitutions5sz#AVC.validate_template_substitutionsN)T)7rUrVrWZstat_file_permsZx_file_permsZr_file_permsZ
rx_file_permsZ
ra_file_permsZlink_file_permsZcreate_lnk_permsZcreate_file_permsZr_dir_permsZrw_dir_permsZra_dir_permsZcreate_dir_permsZmount_fs_permsZsearch_dir_permsZgetattr_dir_permsZsetattr_dir_permsZlist_dir_permsZadd_entry_dir_permsZdel_entry_dir_permsZmanage_dir_permsZgetattr_file_permsZsetattr_file_permsZread_file_permsZappend_file_permsZwrite_file_permsZ
rw_file_permsZdelete_file_permsZmanage_file_permsrr�rrr?rIr�r�r�r�r�r�r�r�r�r�r�rr�r�rrr�rrrrrr[sn





	 b))Z
__future__rrAZ	six.movesrr|�__all__r�r�r�r�rrJ�base64r�Zselinux.audit2whyrZsetroubleshoot.utilZsetroubleshoot.html_utilZsetroubleshoot.xml_serializeZsepolicyr�ZcmpZget_standard_directoriesr�rrr�r%rr0r1r2r3ZXmlSerializerrr
rr	rrrrr�<module>sV


)<!Mj
@ Telegram