ó qâÉXc@s2ddlZddlZddlZddlZddlZddlZddlZddlZdefd„ƒYZ e a de d„Z d„Zejd„Zd„Zd „Zd „Zd „Zd „Zd „Zd„Zd„Zd„Zddd„ƒYZd„Zd„Zdd„Zd„ZdS(iÿÿÿÿNtAppArmorExceptioncBs eZdZd„Zd„ZRS(s)This class represents AppArmor exceptionscCs ||_dS(N(tvalue(tselfR((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt__init__scCs t|jƒS(N(treprR(R((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt__str__s(t__name__t __module__t__doc__RR(((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyRs icCsCytjd|IJWntk r(nX|r?tj|ƒndS(sPrint error message and exits ERROR: %sN(tsyststderrtIOErrortexit(toutt exit_codetdo_exit((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyterror(s  cCs-ytjd|IJWntk r(nXdS(sPrint warning messagesWARN: %sN(R R R (R ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytwarn3s cCs*y|d|IJWntk r%nXdS(s Print messages%sN(R (R toutput((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytmsg;s cCsot|ƒy%tj|dtjdtjƒ}Wn tk rQ}dt|ƒgSX|jƒd}|j|gS(s!Try to execute the given command.tstdoutR ii( tdebugt subprocesstPopentPIPEtSTDOUTtOSErrortstrt communicatet returncode(tcommandtsptexR ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytcmdCs cCsty4tj|dtjƒ}tj|d|jƒ}Wn tk rV}dt|ƒgSX|jƒd}|j|gS(s#Try to pipe command1 into command2.Rtstdinii(RRRRRRRR(tcommand1tcommand2tsp1tsp2R R ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytcmd_pipePscCs6tr2ytjd|IJWq2tk r.q2XndS(sPrint debug messages DEBUG: %sN(t DEBUGGINGR R R (R ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyR\s  cCs•ytjj|ƒ}Wntk r4tdƒtSX||krOtdƒtStjj|ƒsetStjj|ƒ}||kr‘tdƒtStS(s Validate names'Could not find absolute path for binarys,Binary should use a normalized absolute pathsBinary should not be a symlink( tostpathtabspatht ExceptionRtFalsetexiststTruetrealpath(R*ta_pathtr_path((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytvalid_binary_pathes      cCstjd|ƒrtStS(sValidate variable names[a-zA-Z0-9_]+$(tretsearchR/R-(tvar((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytvalid_variable_name|scCsfd|}|jdƒs+td|ƒtSytjj|ƒWn tk ratd|ƒtSXtS(s Valid pathsInvalid path: %st/s %s (relative)s%s (could not normalize)(t startswithRR-R)R*tnormpathR,R/(R*tm((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt valid_pathƒs  cCsOt|ƒsdSg}x(tj|dƒD]}|j|ƒq*W|jƒ|S(s$Find contents of the given directorys/*N(R<tNonetglobtappendtsort(R*tfilestf((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytget_directory_contents“s  cCs4ytj|ddƒ}Wntk r/‚nX|S(sOpen specified file read-onlytrsUTF-8(tcodecstopenR,(R*torig((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytopen_file_readŸs  cCsñd}tjj|ƒsMtddgƒ\}}|dkrMtdƒtSnd}t|jƒƒdkr€t|ƒr€|}n5t j dd ƒ\}}tj ||ƒtj |ƒt|d |gƒ\}}tj |ƒ|dkrítStS( sVerify policy compiless/sbin/apparmor_parsertwhichtapparmor_parseris/Could not find apparmor_parser. Skipping verifytitprefixs aa-easyprofs-p(R)R*R.R!RR/tlent splitlinesR<ttempfiletmkstemptwritetclosetunlinkR-(tpolicytexetrctfnRBR ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt verify_policy©s"  $    tAppArmorEasyProfilec Bs›eZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zgddggdddd „ZRS(sEasy profile classcCsGd|_|jr-tjj|jƒ|_ntƒ|_tjj|jƒr[|jƒn|jr˜tjj |jƒr˜tjj|jƒ|jd(R)R*RzRgR.R(Rt abstractionR}((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytgen_abstraction_rule>scCs)tjd|ƒs%td|ƒ‚n|S(sGenerate a variable declarations^@\{[a-zA-Z_]+\}=.+s!Invalid variable declaration '%s'(R4R5R(Rtdec((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytgen_variable_declarationEscCs%g}|jdƒ r9|jdƒ r9td|ƒ‚nd}|jdƒs]|jdƒrfd}n|jdƒr©|jd||fƒ|jd |||fƒnx|jd ƒsÇ|jd ƒr|jdtjj|ƒ|fƒ|jd |||fƒn|jd |||fƒ|S( NR8t@s '%s' should not be relative pathRKs/home/s@{HOMEsowner s%s %s,s %s%s** %s,s/**s/*s%s%s %s,(R9RtendswithR?R)R*Rd(RR*taccesstruletowner((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt gen_path_ruleKs  #c CsRd„} |jƒ} d| krt} d}xF| jƒD]8}| sd|jdƒr:t} q:q:n||d7}q:W|} ntjd|| ƒ} tjd|| ƒ} | dkrÑtjdd| | ƒ} n|dkrùtjd d || ƒ} n| dkr!tjd d | | ƒ} nd }| | |ƒ}d|}|dkrd|}x7|jdƒD]#}|d||j |ƒf7}qfWntjd||| ƒ} d}| | |ƒ}d|}|dkrUd|}xt|jdƒD]`}x1|j |ƒjƒD]}|d||f7}q W||jdƒdkrî|d7}qîqîWntjd||| ƒ} d}| | |ƒ}d|}t |ƒdkrÚd|}x.|D]#}|d||j |ƒf7}q°Wntjd||| ƒ} d}| | |ƒ}d|}t |ƒdkrsd|}xB|D]7}x.|j |dƒD]}|d||f7}qNWq5Wntjd||| ƒ} d}| | |ƒ}d |}t |ƒdkr d!|}xB|D]7}x.|j |d"ƒD]}|d||f7}qçWqÎWntjd||| ƒ} t| ƒsNtd| ƒtd#ƒ‚n| S($NcSsgtjd|ƒ}d}xG|jƒD]9}|j|ƒr&dt|ƒt|jƒƒ}Pq&q&W|S(s9Calculate whitespace prefix based on occurrence of s in ts^ *%sRKt (R4RpRNtmatchRMtlstrip(tttsRtR}Ru((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt find_prefixas s###ENDUSAGE###RKs s ###NAME###s ###BINARY###s ###COMMENT###s Comment: %ss ###AUTHOR###s Author: %ss###COPYRIGHT###s Copyright: %ss###ABSTRACTIONS###s%s# No abstractions specifieds%s# Specified abstractionsRs %s%ss *%ss###POLICYGROUPS###s%s# No policy groups specifieds%%s# Rules specified via policy groupsiÿÿÿÿs ###VAR###s#%s# No template variables specifiedis%s# Specified profile variabless ###READS###s%s# No read paths specifieds%s# Specified read permissionsRDs ###WRITES###s%s# No write paths specifieds%s# Specified write permissionstrwksInvalid policy(RyR-RNR9R/R4tsubR=RqRƒR~RMR…R‹RXRR(RRlRht template_varRRkt read_patht write_pathtauthortcommentt copyrightR‘RTtfoundttmpRuR5RLRtiRD((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt gen_policy`sŠ          $      $       N(RRRRR`RmRyRiR{R~RjR€RƒR…R‹R=R(((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyRYÆs ,         cCs*x#|D]}dtjj|ƒGHqWdS(Ns%s(R)R*tbasename(RARœ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pytprint_basefilenames¾s cCs&x|D]}t|ƒjƒGHqWdS(N(RFRx(RARœ((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt print_filesÂs c Cstjƒ}|jddddddddƒ|jd d dd d d dtƒ|jddddddddddƒ|jdddd d dtƒ|jdddddddƒ|jdddd d dtƒ|jddddddƒ|jd dd!d d dtƒ|jd"dd#dd$ddƒ|jd%dd&d d dtƒ|jd'd(dd)dd*dd+ƒ|jd,dd-dd.dd/d d0ƒ|jd1dd2dd3dd/d d0ƒ|jd4d5dd6dd7dd8ƒ|jd9dd:dd;dd<ƒ|jd=dd>dd?dd<ƒ|jd@ddAddBdd<ƒ|jdCddDddEddFd d0ƒ|j|ƒ\}}|jr…tan||fS(GsParse argumentss-cs --config-filetdestR\thelps Use alternate configuration filetmetavartFILEs-ds--debugsShow debugging outputtactiont store_truetdefaults-ts --templateRcsUse non-default policy templatetTEMPLATEs--list-templatessList available templatess--templates-dirRas#Use non-default templates directorytDIRs--show-templatesShow specified templates-ps--policy-groupss%Comma-separated list of policy groupst POLICYGROUPSs--list-policy-groupssList available policy groupss--policy-groups-dirRes'Use non-default policy-groups directorys--show-policy-groupsShow specified policy groupss-as--abstractionsRs$Comma-separated list of abstractionst ABSTRACTIONSs --read-pathR•sPath allowing owner readstPATHR?s --write-pathR–sPath allowing owner writess-ns--nameRlsName of policytNAMEs --commentR˜sComment for policytCOMMENTs--authorR—sAuthor of policys --copyrightR™sCopyright for policys--template-varR”sDeclare AppArmor variables@{VARIABLE}=VALUE(toptparset OptionParsert add_optionR-t parse_argsRR/R((targstparsertmy_opttmy_args((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyR²Æs                cCs#td|ƒ}|jr(|j|dR¯R)R4RR ROR,RR-R(R/RRRRR!R'RR3R7R<RCRHRXRYRŸR R=R²R¸(((s5/usr/lib/python2.7/dist-packages/apparmor/easyprof.pyt s4              ø   V