0
��
�������
�355��c������
404 Not Found
Not Found
The requested URL was not found on this server.
Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
��#�����!lY>�T�����5q)F�
�d��1V�����!# Authors: Karl MacMillan
#
# Copyright (C) 2006 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
"""
Classes representing basic access.
SELinux - at the most basic level - represents access as
the 4-tuple subject (type or context), target (type or context),
object class, permission. The policy language elaborates this basic
access to faciliate more concise rules (e.g., allow rules can have multiple
source or target types - see refpolicy for more information).
This module has objects for representing the most basic access (AccessVector)
and sets of that access (AccessVectorSet). These objects are used in Madison
in a variety of ways, but they are the fundamental representation of access.
"""
from . import refpolicy
from . import util
from selinux import audit2why
def is_idparam(id):
"""Determine if an id is a paramater in the form $N, where N is
an integer.
Returns:
True if the id is a paramater
False if the id is not a paramater
"""
if len(id) > 1 and id[0] == '$':
try:
int(id[1:])
except ValueError:
return False
return True
else:
return False
class AccessVector(util.Comparison):
"""
An access vector is the basic unit of access in SELinux.
Access vectors are the most basic representation of access within
SELinux. It represents the access a source type has to a target
type in terms of an object class and a set of permissions.
Access vectors are distinct from AVRules in that they can only
store a single source type, target type, and object class. The
simplicity of AccessVectors makes them useful for storing access
in a form that is easy to search and compare.
The source, target, and object are stored as string. No checking
done to verify that the strings are valid SELinux identifiers.
Identifiers in the form $N (where N is an integer) are reserved as
interface parameters and are treated as wild cards in many
circumstances.
Properties:
.src_type - The source type allowed access. [String or None]
.tgt_type - The target type to which access is allowed. [String or None]
.obj_class - The object class to which access is allowed. [String or None]
.perms - The permissions allowed to the object class. [IdSet]
.audit_msgs - The audit messages that generated this access vector [List of strings]
"""
def __init__(self, init_list=None):
if init_list:
self.from_list(init_list)
else:
self.src_type = None
self.tgt_type = None
self.obj_class = None
self.perms = refpolicy.IdSet()
self.audit_msgs = []
self.type = audit2why.TERULE
self.data = []
self.obj_path = None
self.base_type = None
# when implementing __eq__ also __hash__ is needed on py2
# if object is muttable __hash__ should be None