PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/lib64/python2.7/site-packages/sepolgen/
Upload File :
Current File : //lib64/python2.7/site-packages/sepolgen/audit.pyc
�
��^c@sLddlZddlZddlmZddlmZddlmZd�Zd�Zd�Zd	fd
��YZ	de	fd��YZ
d
e	fd��YZddlj
Z
iZde	fd��YZde	fd��YZde	fd��YZde	fd��YZdfd��YZdfd��YZdfd��YZdS(i����Ni(t	refpolicy(taccess(tutilcCs�ddl}ddl}tdd�}t|j�j�d�}|j|j|j�|�}|jd|�}|jd|�}|j	dd	d
d||gd|j
�j�d}tj
r�tj|�}n|S(
s
Obtain all of the avc and policy load messages from the audit
    log. This function uses ausearch and requires that the current
    process have sufficient rights to run ausearch.

    Returns:
       string contain all of the audit messages returned by ausearch.
    i����Ns/proc/uptimetris%xs%Xs/sbin/ausearchs-ms5AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERRs-tststdout(t
subprocessttimetopentfloattreadtsplittcloset	localtimetstrftimetPopentPIPEtcommunicateRtPY3tdecode_input(RRtfdtofftstbootdatetboottimetoutput((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_audit_boot_msgss	cCsVddl}|jdddgd|j�j�d}tjrRtj|�}n|S(s
Obtain all of the avc and policy load messages from the audit
    log. This function uses ausearch and requires that the current
    process have sufficient rights to run ausearch.

    Returns:
       string contain all of the audit messages returned by ausearch.
    i����Ns/sbin/ausearchs-ms5AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERRRi(RRRRRRR(RR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_audit_msgs2s	cCsPddl}|jdgd|j�j�d}tjrLtj|�}n|S(s�Obtain all of the avc and policy load messages from /bin/dmesg.

    Returns:
       string contain all of the audit messages returned by dmesg.
    i����Ns
/bin/dmesgRi(RRRRRRR(RR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytget_dmesg_msgsAs	tAuditMessagecBs eZdZd�Zd�ZRS(s�Base class for all objects representing audit messages.

    AuditMessage is a base class for all audit messages and only
    provides storage for the raw message (as a string) and a
    parsing function that does nothing.
    cCs||_d|_dS(Nt(tmessagetheader(tselfR((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__init__Ws	cCszxs|D]k}|jd�}t|�dkrQ|d dkr||_dSqn|ddkr|d|_dSqWdS(	s�Parse a string that has been split into records by space into
        an audit message.

        This method should be overridden by subclasses. Error reporting
        should be done by raise ValueError exceptions.
        t=iisaudit(Nitmsgi(R
tlenR(R trecsR#tfields((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytfrom_split_string[s
	
(t__name__t
__module__t__doc__R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRPs	tInvalidMessagecBseZdZd�ZRS(s�Class representing invalid audit messages. This is used to differentiate
    between audit messages that aren't recognized (that should return None from
    the audit message parser) and a message that is recognized but is malformed
    in some way.
    cCstj||�dS(N(RR!(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!vs(R(R)R*R!(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR+pstPathMessagecBs eZdZd�Zd�ZRS(s!Class representing a path messagecCstj||�d|_dS(NR(RR!tpath(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!{scCsttj||�x]|D]U}|jd�}t|�dkrDqn|ddkr|ddd!|_dSqWdS(NR"iiR-ii����(RR'R
R$R-(R R%R#R&((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR's
(R(R)R*R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR,ys	t
AVCMessagecBs2eZdZd�Zd�Zd�Zd�ZRS(skAVC message representing an access denial or granted message.

    This is a very basic class and does not represent all possible fields
    in an avc message. Currently the fields are:
       scontext - context for the source (process) that generated the message
       tcontext - context for the target
       tclass - object class for the target (only one)
       comm - the process name
       exe - the on-disc binary
       path - the path of the target
       access - list of accesses that were allowed or denied
       denial - boolean indicating whether this was a denial (True) or granted
          (False) message.

    An example audit message generated from the audit daemon looks like (line breaks
    added):
       'type=AVC msg=audit(1155568085.407:10877): avc:  denied  { search } for
       pid=677 comm="python" name="modules" dev=dm-0 ino=13716388
       scontext=user_u:system_r:setroubleshootd_t:s0
       tcontext=system_u:object_r:modules_object_t:s0 tclass=dir'

    An example audit message stored in syslog (not processed by the audit daemon - line
    breaks added):
       'Sep 12 08:26:43 dhcp83-5 kernel: audit(1158064002.046:4): avc:  denied  { read }
       for  pid=2 496 comm="bluez-pin" name=".gdm1K3IFT" dev=dm-0 ino=3601333
       scontext=user_u:system_r:bluetooth_helper_t:s0-s0:c0
       tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
    cCs�tj||�tj�|_tj�|_d|_d|_d|_d|_	d|_
d|_g|_t
|_tj|_dS(NR(RR!RtSecurityContexttscontextttcontextttclasstcommtexeR-tnametinotaccessestTruetdenialt	audit2whytTERULEttype(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!�s								cCs�t}|}|t|�dkr8td|j��nxN|t|�kr�||dkrgt}Pn|jj||�|d}q;W|s�td|j��n|dS(Nis#AVC message in invalid format [%s]
t}(tFalseR$t
ValueErrorRR8R7tappend(R R%tstarttfound_closeti((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__parse_access�scCs>tj||�t}t}t}t}x�tt|��D]�}||dkrs|j||d�}t}q;n||dkr�t|_n||jd�}t|�dkr�q;n|ddkr�t	j
|d�|_t}q;|ddkrt	j
|d�|_t}q;|dd	kr>|d|_
t}q;|dd
kre|ddd!|_q;|ddkr�|ddd!|_q;|dd
kr�|ddd!|_q;|ddkr�|ddd!|_q;|ddkr;|d|_q;q;W|s|s|s|r0td|j��n|j�dS(Nt{itgrantedR"iiR0R1R2R3i����R4R5R-R6s#AVC message in invalid format [%s]
(RR'R>trangeR$t_AVCMessage__parse_accessR8R9R
RR/R0R1R2R3R4R5R-R6R?Rtanalyze(R R%t	found_srct	found_tgttfound_classtfound_accessRCR&((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR'�sJ		
	cCs�|jj�}|jj�}t|j�}g|_|||j|ftj�krt|||j|f\|_	|_n9t
j|||j|j�\|_	|_|j	t
jkr�t
j
|_	n|j	t
jkr�td|��n|j	t
jkrtd|��n|j	t
jkr<td|j��n|j	t
jkrmtddj|j���n|j	t
jkr�td��n|j	t
jkr�|jg|_|jj|jjkr�|jjd|jjd|jjf�n|jj|jjkrK|jjdkrK|jjd	|jjd	|jjf�n|jj|jjkr�|jjd
|jjd
|jjf�q�n|j	|jft|||j|f<dS(NsInvalid Target Context %s
sInvalid Source Context %s
sInvalid Type Class %s
sInvalid permission %s
t s&Error during access vector computations	user (%s)tobject_rs	role (%s)s
level (%s)(R1t	to_stringR0ttupleR7tdataR2tavcdicttkeysR<R:RItNOPOLICYR;tBADTCONR?tBADSCONtBADPERMtjoint
BADCOMPUTEt
CONSTRAINTtuserR@troletlevel(R R1R0taccess_tuple((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRI�s8	!(*-*-0(R(R)R*R!RHR'RI(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR.�s
			,tPolicyLoadMessagecBseZdZd�ZRS(s6Audit message indicating that the policy was reloaded.cCstj||�dS(N(RR!(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!s(R(R)R*R!(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR`stDaemonStartMessagecBs eZdZd�Zd�ZRS(s3Audit message indicating that a daemon was started.cCstj||�t|_dS(N(RR!R>tauditd(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!#scCs,tj||�d|kr(t|_ndS(NRb(RR'R8Rb(R R%((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR''s(R(R)R*R!R'(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRa!s	tComputeSidMessagecBs)eZdZd�Zd�Zd�ZRS(s�Audit message indicating that a sid was not valid.

    Compute sid messages are generated on attempting to create a security
    context that is not valid. Security contexts are invalid if the role is
    not authorized for the user or the type is not authorized for the role.

    This class does not store all of the fields from the compute sid message -
    just the type and role.
    cCsJtj||�tj�|_tj�|_tj�|_d|_dS(NR(RR!RR/tinvalid_contextR0R1R2(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!7s
cCs�tj||�t|�dkr1td��nyztj|d�|_tj|djd�d�|_tj|djd�d�|_	|djd�d|_
Wntd��nXdS(	Ni
s;Split string does not represent a valid compute sid messageiiR"iii	(RR'R$R?RR/RdR
R0R1R2(R R%((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR'>s##cCsd|j|jfS(Nsrole %s types %s;
(R]R<(R ((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRJs(R(R)R*R!R'R(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyRc-s			tAuditParsercBs�eZdZed�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d
d�Zd	�Z
d
�Zd�Zd
ed�ZRS(s�Parser for audit messages.

    This class parses audit messages and stores them according to their message
    type. This is not a general purpose audit message parser - it only extracts
    selinux related messages.

    Each audit messages are stored in one of four lists:
       avc_msgs - avc denial or granted messages. Messages are stored in
          AVCMessage objects.
       comput_sid_messages - invalid sid messages. Messages are stored in
          ComputSidMessage objects.
       invalid_msgs - selinux related messages that are not valid. Messages
          are stored in InvalidMessageObjects.
       policy_load_messages - policy load messages. Messages are stored in
          PolicyLoadMessage objects.

    These lists will be reset when a policy load message is seen if
    AuditParser.last_load_only is set to true. It is assumed that messages
    are fed to the parser in chronological order - time stamps are not
    parsed.
    cCs|j�||_dS(N(t_AuditParser__initializetlast_load_only(R Rg((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!es
cCsVg|_g|_g|_g|_g|_i|_t|_i|_|j	�dS(N(
tavc_msgstcompute_sid_msgstinvalid_msgstpolicy_load_msgst	path_msgst	by_headerR>tcheck_input_filet
inode_dictt_AuditParser__store_base_types(R ((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__initializeis								c	CsPg|j�D]}|jd�^q
}x!|D]}t}|dks_|dks_|dkrtt|�}t}n�|dkr�t|�}t}no|dks�|dkr�t|�}t}nB|dkr�t|�}t}n!|d	krtt	�}t}n|r/t|_
y|j|�Wntk
rCt
|�}nX|Sq/WdS(
Ns�savc:smessage=avc:s	msg='avc:ssecurity_compute_sid:stype=MAC_POLICY_LOADs	type=1403s
type=AVC_PATHstype=DAEMON_START(R
tstripR>R.R8RcR`R,RatlistRnR'R?R+tNone(R tlinetxtrecRCtfoundR#((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__parse_line�s4(
$						
cCse|j|�}|dkrdSt|t�rG|jr|j�qn�t|t�r�|jru|jru|j�n|jj	|�n�t|t
�r�|jj	|�nft|t�r�|j
j	|�nDt|t�r�|jj	|�n"t|t�r|jj	|�n|jdkra|j|jkrK|j|jj	|�qa|g|j|j<ndS(NR(t_AuditParser__parse_lineRtt
isinstanceR`RgRfRaRbRkR@R.RhRcRiR+RjR,RlRRm(R RuR#((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__parse�s,	
cCs�x�|jj�D]�}g}d}xE|D]=}t|t�rG|}q)t|t�r)|j|�q)q)Wt|�dkr|rx|D]}|j|_q�WqqWdS(Ni(	RmtvaluesRtR{R,R.R@R$R-(R tvaluetavcR-R#ta((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__post_process�s
	
cCsi|j�}x#|r1|j|�|j�}qW|js[tjjd�tjd�n|j�dS(spParse the contents of a file object. This method can be called
        multiple times (along with parse_string).sNothing to do
iN(treadlinet_AuditParser__parseRntsyststderrtwritetexitt_AuditParser__post_process(R tinputRu((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt
parse_file�s	
	cCs;|jd�}x|D]}|j|�qW|j�dS(s�Parse a string containing audit messages - messages should
        be separated by new lines. This method can be called multiple
        times (along with parse_file).s
N(R
R�R�(R R�tlinestl((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytparse_string�s
cCsYtj�}xF|jD];}|s2|j|�r|j|jj|jj�qqW|S(soReturn RoleAllowSet statements matching the specified filter

        Filter out types that match the filer, or all roles

        Params:
           role_filter - [optional] Filter object used to filter the
              output.
        Returns:
           Access vector set representing the denied access in the
           audit logs parsed by this object.
        (RtRoleTypeSetRitfiltertaddRdR]R<(R trole_filtert
role_typestcs((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pytto_role�s
#c	Cs�ddl}ddl}d}|dks6|dkr:|Sx^|jD]S}||krm|j||krm|S||krD|j||krD|j|SqDW||jj�kr�||j|<nd|}y�|j|d|jdtdt�}yt|�}	Wntk
rnXxX|j	d�D]G}
y7t|j
|
�j�|	kra|
|j|<}|SWq%q%Xq%WWn|jk
r�}nX|S(Ni����Rslocate -b '\%s'R�tshelltuniversal_newliness
(
RtosRoRTtcheck_outputtSTDOUTR8tintR?R
tlstattst_inotCalledProcessError(R R5tinodeRR�R-tdtcommandRR6tfilete((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__restore_path�s@
		
cCs"ddl}|jd�|_dS(Ni����tbase_file_type(tsepolicytget_types_from_attributet
base_types(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__store_base_types#scCs�ddl}|j|kr.|j|kr.dS||_||_xf|jD][}||krJxB|j|�D]1}|j|�rl|j|jd��rl|SqlWdSqJWdS(Ni����t_ti(R�told_scontexttold_tcontextR�tget_writable_filestendswitht
startswithtrstrip(R R1R0R�tbtypetwritable((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt__get_base_type's		'cCsCtj�}d|_d|_x|jD]}|jtkrI|rIq(n|j|jj	|j
j	�}|jdkr�|j|j
|j�|_n|r�|j|�r;|j|j
j	|jj	|j|j|j||d|j	d|j�q;q(|j|j
j	|jj	|j|j|j||d|j	d|j�q(W|S(s�Convert the audit logs access into a an access vector set.

        Convert the audit logs into an access vector set, optionally
        filtering the restults with the passed in filter object.

        Filter objects are object instances with a .filter method
        that takes and access vector and returns True if the message
        should be included in the final output and False otherwise.

        Params:
           avc_filter - [optional] Filter object used to filter the
              output.
        Returns:
           Access vector set representing the denied access in the
           audit logs parsed by this object.
        Rtavc_typeRR(RtAccessVectorSetR�R�RhR9R8t_AuditParser__get_base_typeR1R<R0R-t_AuditParser__restore_pathR5R6R�R�R2R7RR(R t
avc_filtertonly_denialstav_setRt	base_type((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt	to_access6s$		N(R(R)R*R>R!RfRzR�R�R�R�RtR�R�RpR�R8R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyReOs		$	%	
				$		t
AVCTypeFiltercBseZd�Zd�ZRS(cCstj|�|_dS(N(tretcompiletregex(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!\scCs<|jj|jj�rtS|jj|jj�r8tStS(N(R�tmatchR0R<R8R1R>(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�_s
(R(R)R!R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�[s	tComputeSidTypeFiltercBseZd�Zd�ZRS(cCstj|�|_dS(N(R�R�R�(R R�((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR!gscCsX|jj|jj�rtS|jj|jj�r8tS|jj|jj�rTtStS(N(R�R�RdR<R8R0R1R>(R R((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�js(R(R)R!R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyR�fs	(R�R�RRRRRRRRR+R,tselinux.audit2whyR:RSR.R`RaRcReR�R�(((s4/usr/lib64/python2.7/site-packages/sepolgen/audit.pyt<module>s(			 	�"�