shell bypass 403
3
�^l$������������������@���s����d�dl�Z�d�dlZddlmZmZ�ddlmZmZ�ddlm Z m
Z
�ddl
m
Z
m
Z
�ddlmZmZmZ�G�dd ��d ejejej�ZdS�)
�����N����)�mixins�query)�CriteriaDescriptor�CriteriaSetDescriptor)�
RuleUseError�RuleNotConditional)�IoctlSet�
TERuletype)�
match_regex�match_indirect_regex�match_regex_or_setc�������������������s����e�Zd�ZdZeed�Zedd�ZdZ dZ
edd�Z
dZ
dZ
edd�ZdZed d
�ZdZdZd
ZdZed
d
���Zejdd
���Z��fdd�Zdd��Z���ZS�)�
TERuleQueryae
��
Query the Type Enforcement rules.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
source The name of the source type/attribute to match.
source_indirect If true, members of an attribute will be
matched rather than the attribute itself.
Default is true.
source_regex If true, regular expression matching will
be used on the source type/attribute.
Obeys the source_indirect option.
Default is false.
target The name of the target type/attribute to match.
target_indirect If true, members of an attribute will be
matched rather than the attribute itself.
Default is true.
target_regex If true, regular expression matching will
be used on the target type/attribute.
Obeys target_indirect option.
Default is false.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
Default is false.
perms The set of permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
Default is false.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
Default is false.
perms_subset If true, the rule matches if the permissions criteria
is a subset of the rule's permission set.
Default is false.
default The name of the default type to match.
default_regex If true, regular expression matching will be
used on the default type.
Default is false.
boolean The set of boolean(s) to match.
boolean_regex If true, regular expression matching will be
used on the booleans.
Default is false.
boolean_equal If true, the booleans in the conditional
expression of the rule must exactly match the
criteria. If false, any set intersection
will match. Default is false.
)�
enum_class�
source_regexZlookup_type_or_attrFT�
target_regex�
default_regex�
boolean_regexZlookup_booleanNc�������������C���s���|�j�S�)N)�_xperms)�self��r����#/usr/lib64/python3.6/terulequery.py�xpermsd���s����zTERuleQuery.xpermsc�������������C���s����|r�t���}x�|D�]�\}}d|��ko*dkn��s>tdj|���d|��koPdkn��sdtdj|���||k�rv||�}}|jdd��t||d��D����qW�t|�|�_nd�|�_d�S�)Nr���i����z
{0:#07x} is not a valid ioctl.c�������������s���s���|�]
}|V��qd�S�)Nr���)�.0�ir���r���r���� <genexpr>w���s����z%TERuleQuery.xperms.<locals>.<genexpr>r���)�set�
ValueError�format�update�ranger ���r���)r����valueZpending_xpermsZlowZhighr���r���r���r���h���s����
"
c�������������
���s$���t�t|��j|f|��tjt�|�_d�S�)N)�superr����__init__�loggingZ getLogger�__name__�log)r����policy�kwargs)� __class__r���r���r#���}���s����zTERuleQuery.__init__c����������$���c���sB��|�j�jdj|����|�j�jdj|����|�j�jdj|����|�j�jdj|����|�j|�j���|�j|�j���|�j�jdj|����|�j�jdj|����|�j�jdj|�����x�|�jj��D��]�}|�jr�|j|�jkr�q�|�j r�t
|j |�j |�j
|�j
�
�r�q�|�j
r�t
|j
|�j
|�j|�j�
�r�q�|�j|��s
q�yN|�j�rJ|j�rJ|�j�r8t|�j�dk�r8w�|j|�jk�rXw�n|�j|��sXw�W�n�tk
�rr���w�Y�nX�y&|�j�r�t|j|�j|�jd �
��r�w�W�n�tk
�r����w�Y�nX�|�j�r�y
t
|j|�jd
|�j
��s�w�W�n�tk
�r����w�Y�nX�|�j
�r4y t|j
j |�j
|�j |�j!��sw�W�n�t"k
�r2���w�Y�nX�|V��q�W�d
S�)
z-Generator which yields all matching TE rules.z*Generating TE rule results from {0.policy}zRuletypes: {0.ruletype}zLSource: {0.source!r}, indirect: {0.source_indirect}, regex: {0.source_regex}zLTarget: {0.target!r}, indirect: {0.target_indirect}, regex: {0.target_regex}z*Xperms: {0.xperms!r}, eq: {0.xperms_equal}z0Default: {0.default!r}, regex: {0.default_regex}zGBoolean: {0.boolean!r}, eq: {0.boolean_equal}, regex: {0.boolean_regex}r���FTN)#r&����infor
����debugZ_match_object_class_debugZ_match_perms_debugr'���Zterules�ruletype�sourcer
����source_indirectr����target�target_indirectr���Z_match_object_classZpermsZextendedZ
perms_equal�lenZ
xperm_typeZ
_match_permsr���r���r
����
xperms_equal�defaultr����booleanZ
conditionalZbooleans�
boolean_equalr���r���)r���Zruler���r���r����results����s�����
zTERuleQuery.results)r%����
__module__�
__qualname__�__doc__r���r
���r,���r���r-���r���r.���r/���r���r0���r3���r���r4���r���r5���r���r2����propertyr����setterr#���r6����
__classcell__r���r���)r)���r���r���
���s&���6
r���)r$����re��r���r���Z
descriptorsr���r���Z exceptionr���r���Z policyrepr ���r
����utilr
���r
���r
���Z
MatchObjClassZMatchPermissionZ
PolicyQueryr���r���r���r���r����<module>���s���