Current File : //usr/lib/python3.6/site-packages/__pycache__/seobject.cpython-36.pyc
3

�](dś�@s2ddlZddlZddlZddlZddlZddlZddlZddlZddlTdZ	ddl
Z
ddlZddlZy:ddl
Z
iZejdRkr�ded<e
je	fddd	�e��WnJyddlZeejd
<Wn&ek
r�ddlZeejd
<YnXYnXddlZiZeed<eed<eed
<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<eed<e ed <e ed!<e ed"<d
ddddddd d#�Z!d$d$d%d&d'd(d)d*dd+�	Z"y(ddl#Z#e#j$e#j%��Gd,d-�d-�Z&Wn(e'efk
�r4Gd.d-�d-�Z&YnXGd/d0�d0�Z(d1d2�Z)dSd4d5�Z*dTd6d7�Z+Gd8d9�d9�Z,Gd:d;�d;e,�Z-Gd<d=�d=e,�Z.Gd>d?�d?e,�Z/Gd@dA�dAe,�Z0GdBdC�dCe,�Z1GdDdE�dEe,�Z2GdFdG�dGe,�Z3GdHdI�dIe,�Z4GdJdK�dKe,�Z5GdLdM�dMe,�Z6GdNdO�dOe,�Z7GdPdQ�dQe,�Z8dS)U�N)�*zselinux-python�T�unicodez/usr/share/localezutf-8)Z	localedirZcodeset�_�z	all files�azregular filez--�fz-d�	directory�dz-czcharacter device�cz-bzblock device�bz-s�socket�sz-l�lz
symbolic link�pz-pz
named pipe)z	all fileszregular filer	zcharacter devicezblock devicer
z
symbolic linkz
named pipe�any�block�char�dir�file�symlink�pipe)	rrrrr
rrrrc@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)�loggercCstj�|_g|_g|_dS)N)�audit�
audit_open�audit_fd�log_list�log_change_list)�self�r�/usr/lib/python3.6/seobject.py�__init__ls
zlogger.__init__rc	
Cs�d}	||kr||	d7}d}	||kr4||	d7}d}	||krL||	d7}d}	|jj|jtjtjdt|�|d||||||dddg�dS)N�-�sename�,�role�rangerr)r�appendrrZAUDIT_ROLE_ASSIGN�sys�argv�str)
r�msg�namer#�serole�serange�	oldsename�	oldserole�
oldserange�seprrr �logqsz
logger.logc		Cs<|jj|jtjtjdt|�|d||||||dddg�dS)Nrr)rr'rrZAUDIT_ROLE_REMOVEr(r)r*)	rr+r,r#r-r.r/r0r1rrr �
log_remove�szlogger.log_removecCs&|jj|jtjt|�ddddg�dS)N�semanager)rr'rrZAUDIT_USER_MAC_CONFIG_CHANGEr*)rr+rrr �
log_change�szlogger.log_changecCsPx|jD]}tj||g�qWx|jD]}tj||g�q(Wg|_g|_dS)N)rrZaudit_log_semanage_messagerZaudit_log_user_comm_message)r�successrrrr �commit�sz
logger.commitN)rrrrrrr)rrrrrrr)�__name__�
__module__�__qualname__r!r3r4r6r8rrrr rjs


rc@s8eZdZdd�Zd
dd�Zddd�Zdd	�Zd
d�ZdS)rcCs
g|_dS)N)r)rrrr r!�szlogger.__init__rc	
Cs�d||f}	|dkr |	d|7}	|dkr4|	d|7}	|dkrH|	d|7}	|dkr\|	d|7}	|dkrx|dk	rx|	d|7}	|dkr�|dk	r�|	d|7}	|jj|	�dS)	Nz %s name=%srz sename=z oldsename=z role=z
 old_role=z
 MLSRange=z old_MLSRange=)rr')
rr+r,r#r-r.r/r0r1�messagerrr r3�sz
logger.logc			Cs|j||||||||�dS)N)r3)	rr+r,r#r-r.r/r0r1rrr r4�szlogger.log_removecCs|jjd|�dS)Nz %s)rr')rr+rrr r6�szlogger.log_changecCs8|dkrd}nd}x |jD]}tjtj||�qWdS)N�zSuccessful: zFailed: )r�syslogZLOG_INFO)rr7r<rrrr r8�s
z
logger.commitN)rrrrrrr)rrrrrrr)r9r:r;r!r3r4r6r8rrrr r�s


c@s0eZdZddd�Zddd�Zdd�Zdd	�Zd
S)
�
nullloggerrc		CsdS)Nr)	rr+r,r#r-r.r/r0r1rrr r3�sznulllogger.logc		CsdS)Nr)	rr+r,r#r-r.r/r0r1rrr r4�sznulllogger.log_removecCsdS)Nr)rr+rrr r6�sznulllogger.log_changecCsdS)Nr)rr7rrr r8�sznulllogger.commitN)rrrrrrr)rrrrrrr)r9r:r;r3r4r6r8rrrr r?�s

r?cCsXd}d}|d|d}|d|d}|d|dd|d}tjd	|d
|�S)Nzs[0-9]*zc[0-9]*z(\.z)?z(\,z)*z(-z(:�^�$)�re�search)�rawZsensitivity�categoryZ	cat_rangeZ
categoriesZregrrr �validate_level�srFr=cCs`d}|dkrd||f}n|}tj|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdS)Nza:b:c:r=z%s%srr)�selinuxZselinux_raw_to_trans_context�len)rD�prepend�filler�context�rc�transrrr �	translate�srNcCs`d}|dkrd||f}n|}tj|�\}}|dkr8|S|rL|t|�d�}|dkrX|S|SdS)Nza:b:c:r=z%s%srr)rGZselinux_trans_to_raw_contextrH)rMrIrJrKrLrDrrr �untranslate�srOc@sfeZdZdZdZdZdZddd�Zdd�Zdd�Z	d	d
�Z
dd�Zd
d�Zdd�Z
dd�Zdd�ZdS)�semanageRecordsFNcCs�|rt|�tkr||_n||_t|dd�|_|js@t|dd�|_|j|j�|_tj	�\}}|jdksn|j|krxt
�|_n,tj
|j�tjdtj�|jf�t�|_dS)N�noreloadF�storerz%s%s)�typer*rR�args�getattrrQ�
get_handle�shrG�selinux_getpolicytyper�mylog�sepolicyZload_store_policyZselinux_set_policy_rootZselinux_pathr?)rrTrLZ
localstorerrr r!�s
zsemanageRecords.__init__cCs||_dS)N)rQ)r�loadrrr �
set_reload
szsemanageRecords.set_reloadcCs�tjrtjSt�}|s"ttd���tjrD|dkrDt||t�|t_t	|�s`t
|�ttd���t|�}|tkr�t
|�ttd���t
|�}|dkr�t
|�ttd���t|�atdkr�t
|�ttd���|t_tjS)Nz Could not create semanage handlerz:SELinux policy is not managed or store cannot be accessed.zCannot read policy store.rz'Could not establish semanage connectionz!Could not test MLS enabled status)rP�handleZsemanage_handle_create�
ValueErrorr�transactionZsemanage_select_storeZSEMANAGE_CON_DIRECTrRZsemanage_is_managedZsemanage_handle_destroyZsemanage_access_checkZSEMANAGE_CAN_READZsemanage_connectZsemanage_mls_enabled�is_mls_enabled)rrRr]rLrrr rV
s2zsemanageRecords.get_handlecCsttd���dS)NzNot yet implemented)r^r)rrrr �	deleteall1szsemanageRecords.deleteallcCs$tjrttd���|j�dt_dS)Nz(Semanage transaction already in progressT)rPr_r^r�begin)rrrr �start4szsemanageRecords.startcCs,tjr
dSt|j�}|dkr(ttd���dS)Nrz$Could not start semanage transaction)rPr_Zsemanage_begin_transactionrWr^r)rrLrrr rb:s

zsemanageRecords.begincCsttd���dS)NzNot yet implemented)r^r)rrrr �
customizedAszsemanageRecords.customizedcCsVtjr
dS|jrt|jd�t|j�}|dkrF|jjd�tt	d���|jjd�dS)Nrz%Could not commit semanage transactionr=)
rPr_rQZsemanage_set_reloadrWZsemanage_commitrYr8r^r)rrLrrr r8Ds
zsemanageRecords.commitcCs$tjsttd���dt_|j�dS)Nz$Semanage transaction not in progressF)rPr_r^rr8)rrrr �finishPszsemanageRecords.finish)N)r9r:r;r_r]rRrTr!r\rVrarcrbrdr8rerrrr rP�s
$rPc@sPeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dd�Z
dS)�
moduleRecordsNcCstj||�dS)N)rPr!)rrTrrr r!YszmoduleRecords.__init__cCsg}t|j�\}}}|dkr(ttd���x�t|�D]�}t||�}t|j|�\}}|dkrdttd���t|j|�\}}|dkr�ttd���t|j|�\}}	|dkr�ttd���t	|j|�\}}
|dkr�ttd���|j
|||	|
f�q2W|jdd�d	d
�|jdd�d�|S)
NrzCould not list SELinux moduleszCould not get module namezCould not get module enabledzCould not get module priorityzCould not get module lang_extcSs|dS)Nrr)�trrr �<lambda>xsz'moduleRecords.get_all.<locals>.<lambda>T)�key�reversecSs|dS)Nrr)rgrrr rhys)ri)Zsemanage_module_list_allrWr^rr&�semanage_module_list_nthZsemanage_module_info_get_nameZ semanage_module_info_get_enabledZ!semanage_module_info_get_priorityZ!semanage_module_info_get_lang_extr'�sort)rrrL�mlist�number�i�modr,Zenabled�priorityZlang_extrrr �get_all\s,
zmoduleRecords.get_allcCs0|j�}t|�dkrgSdd�dd�|D�D�S)NrcSsg|]}d|d�qS)z-d %srr)�.0�xrrr �
<listcomp>�sz,moduleRecords.customized.<locals>.<listcomp>cSsg|]}|ddkr|�qS)r=rr)rsrgrrr ru�s)rrrH)r�allrrr rd|szmoduleRecords.customizedr=rcCs�|j�}t|�dkrdS|r:tdtd�td�td�f�xL|D]D}|ddkrZtd�}n
|r`q@d}td	|d|d
|d|f�q@WdS)Nrz
%-25s %-9s %s
zModule NameZPriorityZLanguager=ZDisabledrz%-25s %-9s %-5s %s�r)rrrH�printr)r�heading�	locallistrvrgZdisabledrrr �list�s

zmoduleRecords.listcCs`tjj|�sttd�|��t|j|�}|dkr@ttd�|��t|j|�}|dkr\|j�dS)NzModule does not exist: %s rz3Invalid priority %d (needs to be between 1 and 999))	�os�path�existsr^r�semanage_set_default_priorityrWZsemanage_module_install_filer8)rrrqrLrrr �add�szmoduleRecords.addcCs�x�|j�D]�}t|j�\}}|dkr0ttd���t|j||�}|dkrRttd���t|j||�}|dkr
|r~ttd�|��q
ttd�|��q
W|j�dS)NrzCould not create module keyzCould not set module key namezCould not enable module %szCould not disable module %s)�splitZsemanage_module_key_createrWr^rZsemanage_module_key_set_nameZsemanage_module_set_enabledr8)r�module�enable�mrLrirrr �set_enabled�szmoduleRecords.set_enabledcCsnt|j|�}|dkr$ttd�|��x<|j�D]0}t|j|�}|dkr.|dkr.ttd�|��q.W|j�dS)Nrz3Invalid priority %d (needs to be between 1 and 999)rwz*Could not remove module %s (remove failed)���)rrWr^rr��semanage_module_remover8)rr�rqrLr�rrr �delete�szmoduleRecords.deletecCs:dd�dd�|j�D�D�}x|D]}|j|d�q"WdS)NcSsg|]}|d�qS)rr)rsrtrrr ru�sz+moduleRecords.deleteall.<locals>.<listcomp>cSsg|]}|ddkr|�qS)r=rr)rsrgrrr ru�sT)rrr�)rrr�rrr ra�s
zmoduleRecords.deleteall)N)r=r)r9r:r;r!rrrdr{r�r�r�rarrrr rfWs
 
rfc@seZdZddd�Zdd�ZdS)�dontauditClassNcCstj||�dS)N)rPr!)rrTrrr r!�szdontauditClass.__init__cCs8|dkrttd���|j�t|j|dk�|j�dS)N�on�offz'dontaudit requires either 'on' or 'off')r�r�)r^rrbZsemanage_set_disable_dontauditrWr8)rZ	dontauditrrr �toggle�s
zdontauditClass.toggle)N)r9r:r;r!r�rrrr r��s
r�c@sHeZdZddd�Zdd�Zdd�Zdd
d�Zdd
�Zdd�Zdd�Z	dS)�permissiveRecordsNcCstj||�dS)N)rPr!)rrTrrr r!�szpermissiveRecords.__init__cCsrg}t|j�\}}}|dkr(ttd���xDt|�D]8}t||�}t|�}|r2|jd�r2|j|j	d�d�q2W|S)NrzCould not list SELinux modulesZpermissive_r=)
Zsemanage_module_listrWr^rr&rkZsemanage_module_get_name�
startswithr'r�)rrrLrmrnrorpr,rrr rr�s
zpermissiveRecords.get_allcCsdd�t|j��D�S)NcSsg|]}d|�qS)z-a %sr)rsrtrrr ru�sz0permissiveRecords.customized.<locals>.<listcomp>)�sortedrr)rrrr rd�szpermissiveRecords.customizedr=rcCs�dd�dd�tjtj�D�D�}t|�dkr0dS|rDtdtd��|j�}x|D]}||krRt|�qRWt|�dkrzdS|r�tdtd��x|D]}t|�q�WdS)NcSsg|]}|d�qS)r,r)rs�yrrr ru�sz*permissiveRecords.list.<locals>.<listcomp>cSsg|]}|dr|�qS)Z
permissiver)rsrtrrr ru�srz
%-25s
zBuiltin Permissive TypeszCustomized Permissive Types)rZ�infoZTYPErHrxrrr)rryrzrvrdrgrrr r{�s 

zpermissiveRecords.listcCs�yddlj}Wn tk
r.ttd���YnXd|}d|}t|j|t|�|d�}|dkrf|j�|dkr~ttd�|��dS)Nrz�The sepolgen python module is required to setup permissive domains.
In some distributions it is included in the policycoreutils-devel package.
# yum install policycoreutils-devel
Or similar for your distro.z
permissive_%sz(typepermissive %s)Zcilz?Could not set permissive domain %s (module installation failed))	Zsepolgen.moduler��ImportErrorr^rZsemanage_module_installrWrHr8)rrSr�r,ZmodtxtrLrrr r��szpermissiveRecords.addcCsFx8|j�D],}t|jd|�}|dkr
ttd�|��q
W|j�dS)Nz
permissive_%srz5Could not remove permissive domain %s (remove failed))r�r�rWr^rr8)rr,�nrLrrr r�s
zpermissiveRecords.deletecCs,|j�}t|�dkr(dj|�}|j|�dS)Nr� )rrrH�joinr�)rrrvrrr ras
zpermissiveRecords.deleteall)N)r=r)
r9r:r;r!rrrdr{r�r�rarrrr r��s


r�c@sveZdZddd�Zdd�Zdd�Zdd	d
�Zddd�Zd
d�Zdd�Z	dd�Z
dd�Zd dd�Zdd�Z
d!dd�ZdS)"�loginRecordsNcCs(tj||�d|_d|_d|_d|_dS)N)rPr!r/r1r#r.)rrTrrr r!s
zloginRecords.__init__c
Cs:tj|�\}|_|_|dkr d}t|j�}|j|j�\}\}}|j|�\}\}}	tdkrn|dkrjt|�}n|}t	|j
|�\}}
|dkr�ttd�|��t
|j
|
�\}}|dkr�ttd�|��|r�ttd�|��|ddk�rytj|dd��Wn$ttd	�|dd���YnXn,ytj|�Wnttd
�|��YnXt|j
�\}}|dk�rrttd�|��t|j
||�}|dk�r�ttd�|��tdk�r�|dk�r�t|j
||�}|dk�r�ttd
�|��t|j
||�}|dk�r�ttd�|��t|j
|
|�}|dk�r&ttd�|��t|
�t|�dS)NrZuser_ur=rzCould not create a key for %sz2Could not check if login mapping for %s is definedz'Login mapping for %s is already defined�%zLinux Group %s does not existzLinux User %s does not existz%Could not create login mapping for %szCould not set name for %szCould not set MLS range for %sz!Could not set SELinux user for %sz"Could not add login mapping for %s)rG�getseuserbynamer/r1�seluserRecordsrT�getr`rO�semanage_seuser_key_createrWr^r�semanage_seuser_exists�grpZgetgrnam�pwd�getpwnamZsemanage_seuser_createZsemanage_seuser_set_name�semanage_seuser_set_mlsrange�semanage_seuser_set_sename�semanage_seuser_modify_local�semanage_seuser_key_free�semanage_seuser_free)
rr,r#r.�rec�userrecr&rLr0r-�kr~�urrr �__add sZ

 




zloginRecords.__addcCsNy"|j�|j|||�|j�Wn&tk
rH}z
|�WYdd}~XnXdS)N)rb�_loginRecords__addr8r^)rr,r#r.�errorrrr r�[szloginRecords.addrc
Cs�tj|�\}|_|_|dkr0|dkr0ttd���t|j�}|j|j�\}\}}|dkrj|j|�\}\}}	n|}	|dkr~||_	n||_	t
|j|�\}}
|dkr�ttd�|��t|j|
�\}}|dkr�ttd�|��|s�ttd�|��t
|j|
�\}}|dk�rttd�|��t|�|_t|�|_tdk�rL|dk�rLt|j|t|��|dk�rlt|j||�||_n|j|_t|j|
|�}|dk�r�ttd	�|��t|
�t|�dS)
NrzRequires seuser or serangerzCould not create a key for %sz2Could not check if login mapping for %s is definedz#Login mapping for %s is not definedzCould not query seuser for %sr=z%Could not modify login mapping for %s)rGr�r/r1r^rr�rTr�r.r�rWr�Zsemanage_seuser_query�semanage_seuser_get_mlsrange�semanage_seuser_get_senamer`r�rOr�r#r�r�r�)
rr,r#r.r�r�r&rLr0r-r�r~r�rrr �__modifycsF





zloginRecords.__modifycCsNy"|j�|j|||�|j�Wn&tk
rH}z
|�WYdd}~XnXdS)N)rb�_loginRecords__modifyr8r^)rr,r#r.r�rrr �modify�szloginRecords.modifyc
Cs*tj|�\}|_|_t|j�}|j|j�\}\}}t|j|�\}}|dkrZt	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t|j|�\}}|dkr�t	t
d�|��|s�t	t
d�|��t
|j|�}|dkr�t	t
d�|��t|�tjd�\}|_|_|j|j�\}\}}	dS)NrzCould not create a key for %sz2Could not check if login mapping for %s is definedz#Login mapping for %s is not definedz<Login mapping for %s is defined in policy, cannot be deletedz%Could not delete login mapping for %sZ__default__)rGr�r/r1r�rTr�r�rWr^rr�Zsemanage_seuser_exists_localZsemanage_seuser_del_localr�r#r.)
rr,r�r�r&rLr0r�r~r-rrr �__delete�s,
zloginRecords.__deletecCsJy|j�|j|�|j�Wn&tk
rD}z
|�WYdd}~XnXdS)N)rb�_loginRecords__deleter8r^)rr,r�rrr r��s
zloginRecords.deletecCs~t|j�\}}|dkr"ttd���y0|j�x|D]}|jt|��q2W|j�Wn&tk
rx}z
|�WYdd}~XnXdS)NrzCould not list login mappings)�semanage_seuser_list_localrWr^rrbr��semanage_seuser_get_namer8)rrL�ulistr�r�rrr ra�s
zloginRecords.deleteallc
Cs�i}tj�d|_x�tj|j�D]�\}}}||jkr xj|D]b}yHt|d|�}|j�j�jd�}|j	�|d|d|df||<Wq:t
k
r�Yq:Xq:Wq W|S)Nz/logins�/�:r=rwr)rGZselinux_policy_root�logins_pathr|�walk�open�read�rstripr��close�
IndexError)r�ddictr}�dirs�filesr,�fdr�rrr �get_all_logins�s

zloginRecords.get_all_loginsrcCspi}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x,|jD]"}t|�}t|�t|�df||<qFW|S)NrzCould not list login mappingsr)	r�rWr�Zsemanage_seuser_listr^rr�r�r�)rrzr�rLr�r,rrr rr�szloginRecords.get_allcCstg}|jd�}x`t|j��D]P}||drR|jd||d||d|f�q|jd||d|f�qW|S)NTr=z-a -s %s -r '%s' %srz-a -s %s %s)rrr��keysr')rrr�r�rrr rd�s
&zloginRecords.customizedr=c	CsN|j|�}|j�}t|j��}t|j��}t|�dkrFt|�dkrFdStdk�r|rxtdtd�td�td�td�f�x8|D]0}||}td||dt|d�|d	f�q~Wt|�r�td
|j	�x�|D]0}||}td||dt|d�|d	f�q�WnF|�r"tdtd�td�f�x&|D]}td|||df��q(WdS)
Nrr=z
%-20s %-20s %-20s %s
z
Login NamezSELinux Userz
MLS/MCS RangeZServicez%-20s %-20s %-20s %srwz
Local customization in %sz
%-25s %-25s
z%-25s %-25s)
rrr�r�r�rHr`rxrrNr�)	rryrzr�ZldictZlkeysr�r�r�rrr r{�s*

$
(
*
zloginRecords.list)N)rr)rr)r)r=r)r9r:r;r!r�r�r�r�r�r�rar�rrrdr{rrrr r�s
;
2
	


r�c@s�eZdZddd�Zdd�Zdd�Zdd	�Zgd
d
d
fdd�Zgd
d
d
fd
d�Zdd�Z	dd�Z
dd�Zddd�Zdd�Z
ddd�ZdS) r�NcCstj||�dS)N)rPr!)rrTrrr r!szseluserRecords.__init__cCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��t|j|�\}}|dkrxttd�|��t|�}t|j|�}t|�t	|�||fS)NrzCould not create a key for %sz-Could not check if SELinux user %s is definedzCould not query user for %s)
�semanage_user_key_createrWr^r�semanage_user_exists�semanage_user_query�semanage_user_get_mlsrange�semanage_user_get_roles�semanage_user_key_free�semanage_user_free)rr,rLr�r~r�r.r-rrr r�szseluserRecords.getcCsDtdkr4|dkrd}nt|�}|dkr,d}nt|�}t|�dkrPttd�|��t|j|�\}}|dkrxttd�|��t|j|�\}}|dkr�ttd�|��|r�ttd�|��t|j�\}}	|dkr�ttd	�|��t	|j|	|�}|dk�rttd
�|��x:|D]2}
t
|j|	|
�}|dk�rttd�|
|f���qWtdk�r�t|j|	|�}|dk�rpttd�|��t|j|	|�}|dk�r�ttd
�|��t
|j|	|�}|dk�r�ttd�|
|f��t|j|	�\}}|dk�r�ttd�|��t|j||	�}|dk�rttd�|��t|�t|	�|jjd|dj|�|d�dS)Nr=r�s0z%You must add at least one role for %srzCould not create a key for %sz-Could not check if SELinux user %s is definedz"SELinux user %s is already definedz$Could not create SELinux user for %szCould not set name for %szCould not add role %s for %szCould not set MLS range for %szCould not set MLS level for %szCould not add prefix %s for %szCould not extract key for %szCould not add SELinux user %s�seuserr$)r#r-r.)r`rOrHr^rr�rWr�Zsemanage_user_createZsemanage_user_set_name�semanage_user_add_role�semanage_user_set_mlsrange�semanage_user_set_mlslevel�semanage_user_set_prefixZsemanage_user_key_extract�semanage_user_modify_localr�r�rYr3r�)rr,�roles�selevelr.�prefixrLr�r~r��rrirrr r�(s\








zseluserRecords.__addcCs^y&|j�|j|||||�|j�Wn2tk
rX}z|jjd�|�WYdd}~XnXdS)Nr)rb�_seluserRecords__addr8r^rY)rr,r�r�r.r�r�rrr r�eszseluserRecords.addrc	Cs@d}d}dj|�}|dkrXt|�dkrX|dkrX|dkrXtdkrLttd���nttd���t|j|�\}	}
|	dkr�ttd�|��t|j|
�\}	}|	dkr�ttd�|��|s�ttd	�|��t|j|
�\}	}|	dkr�ttd
�|��t	|�}t
|j|�\}	}
|	dk�rdj|
�}tdk�r6|dk�r6t|j|t|��tdk�r\|dk�r\t
|j|t|��|dk�rtt|j||�t|�dk�r�x"|
D]}||k�r�t||��q�Wx&|D]}||
k�r�t|j||��q�Wt|j|
|�}	|	dk�r�ttd�|��t|
�t|�dj|j��}dj|j��}|jjd
||||||d�dS)Nrr�rr=z&Requires prefix, roles, level or rangezRequires prefix or roleszCould not create a key for %sz-Could not check if SELinux user %s is definedzSELinux user %s is not definedzCould not query user for %sz Could not modify SELinux user %sr$r�)r#r/r-r.r0r1)r�rHr`r^rr�rWr�r�r�r�r�rOr�r�Zsemanage_user_del_roler�r�r�r�r�rYr3)rr,r�r�r.r�r0r1ZnewrolesrLr�r~r��rlistr�r%rrr r�nsV
$







zseluserRecords.__modifycCs^y&|j�|j|||||�|j�Wn2tk
rX}z|jjd�|�WYdd}~XnXdS)Nr)rb�_seluserRecords__modifyr8r^rY)rr,r�r�r.r�r�rrr r��szseluserRecords.modifyc	Cs8t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}t|j|�\}}dj	|�}t
|j|�}|dk�rttd�|��t|�t|�|j
jd	|||d
�dS)NrzCould not create a key for %sz-Could not check if SELinux user %s is definedzSELinux user %s is not definedz7SELinux user %s is defined in policy, cannot be deletedzCould not query user for %sr$z Could not delete SELinux user %sr�)r/r1r0)r�rWr^rr�Zsemanage_user_exists_localr�r�r�r�Zsemanage_user_del_localr�r�rYr4)	rr,rLr�r~r�r1r�r0rrr r��s2

zseluserRecords.__deletecCsVy|j�|j|�|j�Wn2tk
rP}z|jjd�|�WYdd}~XnXdS)Nr)rb�_seluserRecords__deleter8r^rY)rr,r�rrr r��s
zseluserRecords.deletecCs�t|j�\}}|dkr"ttd���y0|j�x|D]}|jt|��q2W|j�Wn2tk
r�}z|jjd�|�WYdd}~XnXdS)NrzCould not list login mappings)	�semanage_user_list_localrWr^rrbr��semanage_user_get_namer8rY)rrLr�r�r�rrr ra�s
zseluserRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xh|jD]^}t|�}t|j|�\}}|dkrzttd�|��dj|�}t	|�t
|�t|�|f|t|�<qFW|S)NrzCould not list SELinux usersz Could not list roles for user %sr�)r�rWr�Zsemanage_user_listr^rr�r�r�Zsemanage_user_get_prefixZsemanage_user_get_mlslevelr�)rrzr�rLr�r,r�r�rrr rr�s
$zseluserRecords.get_allcCs�g}|jd�}xvt|j��D]f}||ds8||drh|jd||d||d||d|f�q|jd||d|f�qW|S)NTr=rwz-a -L %s -r %s -R '%s' %srz
-a -R '%s' %s)rrr�r�r')rrr�r�rrr rd�s
0zseluserRecords.customizedr=c	Cs|j|�}t|�dkrdSt|j��}tdkr�|r|tddtd�td�td�f�tdtd�td	�td
�td�td�f�x�|D]B}td
|||dt||d�t||d�||df�q�WnB|r�tdtd�td�f�x$|D]}td|||df�q�WdS)Nrr=z
%-15s %-10s %-10s %-30srZLabelingzMLS/z%-15s %-10s %-10s %-30s %s
zSELinux UserZPrefixz	MCS Levelz	MCS Rangez
SELinux Rolesz%-15s %-10s %-10s %-30s %srwrz	%-15s %s
z%-15s %s)rrrHr�r�r`rxrrN)rryrzr�r�r�rrr r{s
 *
D
zseluserRecords.list)N)r)r=r)r9r:r;r!r�r�r�r�r�r�r�rarrrdr{rrrr r�s
=	8	!


r�c@s�eZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zddd�Z
d dd�Zdd�Zd!dd�ZdS)"�portRecordsNcCsJtj||�y$tttjtjd��dd�|_Wntk
rDYnXdS)NZ	port_typer�types)rPr!r{rZr��	ATTRIBUTE�valid_types�RuntimeError)rrTrrr r!s
$zportRecords.__init__c
Cs�ttttd�}||j�kr$||}nttd���|dkrDttd���|jd�}t|�dkrlt	|d�}}nt	|d�}t	|d�}|dkr�ttd	���t
|j|||�\}}	|dkr�ttd
�||f��|	|||fS)N)ZtcpZudpZsctpZdccpz0Protocol has to be one of udp, tcp, dccp or sctprzPort is requiredr"r=ri��zInvalid Portz Could not create a key for %s/%s)ZSEMANAGE_PROTO_TCPZSEMANAGE_PROTO_UDPZSEMANAGE_PROTO_SCTPZSEMANAGE_PROTO_DCCPr�r^rr�rH�intZsemanage_port_key_createrW)
r�port�protoZ	protocols�proto_dZports�high�lowrLr�rrr �__genkey$s(

zportRecords.__genkeyc
Csttdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}}t|j	|�\}	}
|	dkr�ttd�||f��|
r�ttd�||f��t
|j	�\}	}|	dkr�ttd	�||f��t||�t|||�t
|j	�\}	}|	dk�rttd
�||f��t|j	|d�}	|	dk�rFttd�||f��t|j	|d
�}	|	dk�rrttd�||f��t|j	||�}	|	dk�r�ttd�||f��tdk�r�|dk�r�t|j	||�}	|	dk�r�ttd�||f��t|j	||�}	|	dk�r
ttd�||f��t|j	||�}	|	dk�r6ttd�||f��t|�t|�t|�|jjd|tj|�dd
||f�dS)Nr=rr�zType is requiredz'Type %s is invalid, must be a port typerz(Could not check if port %s/%s is definedzPort %s/%s already definedzCould not create port for %s/%sz"Could not create context for %s/%s�system_uz,Could not set user in port context for %s/%s�object_rz,Could not set role in port context for %s/%sz,Could not set type in port context for %s/%sz2Could not set mls fields in port context for %s/%sz$Could not set port context for %s/%szCould not add port %s/%sz8resrc=port op=add lport=%s proto=%s tcontext=%s:%s:%s:%s)r`rOr^rrZ�get_real_type_namer��_portRecords__genkey�semanage_port_existsrWZsemanage_port_createZsemanage_port_set_protoZsemanage_port_set_range�semanage_context_create�semanage_context_set_user�semanage_context_set_role�semanage_context_set_type�semanage_context_set_mlsZsemanage_port_set_con�semanage_port_modify_local�semanage_context_free�semanage_port_key_free�semanage_port_freerYr6r
�getprotobyname)
rr�r�r.rSr�r�r�r�rLr~r�conrrr r�@s\









zportRecords.__addcCs$|j�|j||||�|j�dS)N)rb�_portRecords__addr8)rr�r�r.rSrrr r��szportRecords.addc
Cs�|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}}t|j|�\}	}
|	dkr�ttd�||f��|
s�ttd�||f��t	|j|�\}	}|	dkr�ttd	�||f��t
|�}tdk�r|dk�rd
}nt|j|t|��|dk�r*t
|j||�t|j||�}	|	dk�rVttd�||f��t|�t|�|jjd|tj|�d
d||f�dS)Nrr=zRequires setype or serangezRequires setypez'Type %s is invalid, must be a port typerz(Could not check if port %s/%s is definedzPort %s/%s is not definedzCould not query port %s/%sr�zCould not modify port %s/%sz;resrc=port op=modify lport=%s proto=%s tcontext=%s:%s:%s:%sr�r�)r`r^rrZr�r�r�r�rWZsemanage_port_query�semanage_port_get_conr�rOr�r�r�r�rYr6r
r�)
rr�r�r.�setyper�r�r�r�rLr~rr�rrr r��s:




zportRecords.__modifycCs$|j�|j||||�|j�dS)N)rb�_portRecords__modifyr8)rr�r�r.r�rrr r��szportRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|�}t|�}t|�}t|�}d||f}|j	||�\}	}
}}|dkr�ttd�|��t
|j|	�}|dkr�ttd�|��t|	�||kr�|}|jj
d|tj|�f�q0W|j�dS)NrzCould not list the portsz%s-%szCould not create a key for %szCould not delete the port %sz&resrc=port op=delete lport=%s proto=%s)�semanage_port_list_localrWr^rrb�semanage_port_get_proto�semanage_port_get_proto_str�semanage_port_get_low�semanage_port_get_highr��semanage_port_del_localr�rYr6r
r�r8)rrL�plistr�r��	proto_strr�r�Zport_strr�r�rrr ra�s*
zportRecords.deleteallc	Cs�|j||�\}}}}t|j|�\}}|dkr@ttd�||f��|sXttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�|jj	d|t
j|�f�dS)Nrz(Could not check if port %s/%s is definedzPort %s/%s is not definedz2Port %s/%s is defined in policy, cannot be deletedzCould not delete port %s/%sz&resrc=port op=delete lport=%s proto=%s)r�r�rWr^rZsemanage_port_exists_localrr�rYr6r
r�)	rr�r�r�r�r�r�rLr~rrr r��s zportRecords.__deletecCs |j�|j||�|j�dS)N)rb�_portRecords__deleter8)rr�r�rrr r��szportRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xX|jD]N}t|�}t|�}t|�}t	|�}t
|�}	t|�}
t|�}||f||
||	f<qFW|S)NrzCould not list ports)
r�rWr�semanage_port_listr^rr��semanage_context_get_type�semanage_context_get_mlsr�r�rr)rrzr�rLr�r��ctype�levelr�rr�r�rrr rr�s zportRecords.get_allcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x�|jD]�}t|�}t|�}t|�}t	|�}t
|�}	t|�}
||f|j�kr�g|||f<|	|
kr�|||fj
d|	�qF|||fj
d|	|
f�qFW|S)NrzCould not list portsz%dz%d-%d)r�rWrrr^rr�rr�r�rrr�r')rrzr�rLr�r�r	r�rr�r�rrr �get_all_by_types&zportRecords.get_all_by_typecCs�g}|jd�}x�t|j��D]�}|d|dkr8|dnd|d|df}||dr�|jd||d||d|d|f�q|jd||d|d|f�qW|S)NTrr=z%s-%sz-a -t %s -r '%s' -p %s %srwz-a -t %s -p %s %s)rrr�r�r')rrr�r�r�rrr rds
,,$zportRecords.customizedr=cCs�|j|�}t|�dkrdSt|j��}|rHtdtd�td�td�f�xV|D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-8s %s
zSELinux Port TypeZProtozPort Numberz%-30s %-8s z%sr=z, %s)rrHr�r�rxr)rryrzr�r�ror�rrrr r{$s

zportRecords.list)N)r)r)r=r)r9r:r;r�r!r�r�r�r�r�rarr�rrrrdr{rrrr r�s
@*

r�c@s�eZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zddd�Z
d dd�Zdd�Zd!dd�ZdS)"�
ibpkeyRecordsNc
CsXtj||�y:tjtjtj|j��dgd�}tdd�|j	�D��|_
WnYnXdS)NZibpkey_type)�attrscss|]}t|�VqdS)N)r*)rsrgrrr �	<genexpr>;sz)ibpkeyRecords.__init__.<locals>.<genexpr>)rPr!�setools�	TypeQuery�
SELinuxPolicyrZ�get_store_policyrRr��resultsr�)rrT�qrrr r!7szibpkeyRecords.__init__cCs�|dkrttd���|jd�}t|�dkr>t|dd�}}nt|dd�}t|dd�}|dkrnttd���t|j|||�\}}|dkr�ttd�||f��||||fS)	NrzSubnet Prefix is requiredr"r=ri��zInvalid Pkeyz Could not create a key for %s/%s)r^rr�rHr�Zsemanage_ibpkey_key_createrW)r�pkey�
subnet_prefixZpkeysr�r�rLr�rrr r�?s
zibpkeyRecords.__genkeycCsVtdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}}t|j	|�\}}	|dkr�ttd�||f��|	r�ttd�||f��t
|j	�\}}
|dkr�ttd	�||f��t|j	|
|�t|
||�t
|j	�\}}|dk�rttd
�||f��t|j	|d�}|dk�rJttd�||f��t|j	|d
�}|dk�rvttd�||f��t|j	||�}|dk�r�ttd�||f��tdk�r�|dk�r�t|j	||�}|dk�r�ttd�||f��t|j	|
|�}|dk�rttd�||f��t|j	||
�}|dk�r:ttd�||f��t|�t|�t|
�dS)Nr=rr�zType is requiredz)Type %s is invalid, must be a ibpkey typerz*Could not check if ibpkey %s/%s is definedzibpkey %s/%s already definedz!Could not create ibpkey for %s/%sz"Could not create context for %s/%sr�z.Could not set user in ibpkey context for %s/%sr�z.Could not set role in ibpkey context for %s/%sz.Could not set type in ibpkey context for %s/%sz4Could not set mls fields in ibpkey context for %s/%sz&Could not set ibpkey context for %s/%szCould not add ibpkey %s/%s)r`rOr^rrZr�r��_ibpkeyRecords__genkey�semanage_ibpkey_existsrWZsemanage_ibpkey_createZ!semanage_ibpkey_set_subnet_prefixZsemanage_ibpkey_set_ranger�r�r�r�r�Zsemanage_ibpkey_set_con�semanage_ibpkey_modify_localr��semanage_ibpkey_key_free�semanage_ibpkey_free)rrrr.rSr�r�r�rLr~rr�rrr r�RsZ








zibpkeyRecords.__addcCs$|j�|j||||�|j�dS)N)rb�_ibpkeyRecords__addr8)rrrr.rSrrr r��szibpkeyRecords.addcCsb|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}}t|j|�\}}	|dkr�ttd�||f��|	s�ttd�||f��t	|j|�\}}
|dkr�ttd	�||f��t
|
�}tdko�|dk�r
t|j|t|��|dk�r"t
|j||�t|j||
�}|dk�rNttd
�||f��t|�t|
�dS)Nrr=zRequires setype or serangezRequires setypez)Type %s is invalid, must be a ibpkey typerz*Could not check if ibpkey %s/%s is definedzibpkey %s/%s is not definedzCould not query ibpkey %s/%szCould not modify ibpkey %s/%s)r`r^rrZr�r�rrrWZsemanage_ibpkey_query�semanage_ibpkey_get_conr�rOr�rrr)rrrr.r�r�r�r�rLr~rr�rrr r��s4


zibpkeyRecords.__modifycCs$|j�|j||||�|j�dS)N)rb�_ibpkeyRecords__modifyr8)rrrr.r�rrr r��szibpkeyRecords.modifyc	Cs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|j|�\}}t|�}t|�}d||f}|j||�\}}}}|dkr�ttd�|��t	|j|�}|dkr�ttd�|��t
|�q0W|j�dS)NrzCould not list the ibpkeysz%s-%szCould not create a key for %szCould not delete the ibpkey %s)�semanage_ibpkey_list_localrWr^rrb�!semanage_ibpkey_get_subnet_prefix�semanage_ibpkey_get_low�semanage_ibpkey_get_highr�semanage_ibpkey_del_localrr8)	rrLr�ibpkeyrr�r�Zpkey_strr�rrr ra�s"
zibpkeyRecords.deleteallcCs�|j||�\}}}}t|j|�\}}|dkr@ttd�||f��|sXttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�dS)Nrz*Could not check if ibpkey %s/%s is definedzibpkey %s/%s is not definedz4ibpkey %s/%s is defined in policy, cannot be deletedzCould not delete ibpkey %s/%s)rrrWr^rZsemanage_ibpkey_exists_localr#r)rrrr�r�r�rLr~rrr r��szibpkeyRecords.__deletecCs |j�|j||�|j�dS)N)rb�_ibpkeyRecords__deleter8)rrrrrr r��szibpkeyRecords.deletercCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xb|jD]X}t|�}t|�}|dkrdqFt|�}t	|j|�\}}t
|�}	t|�}
||f||	|
|f<qFW|S)NrzCould not list ibpkeysZreserved_ibpkey_t)rrWr�semanage_ibpkey_listr^rrrrr r!r")rrzr�rLr$r�r	r
rr�r�rrr rr�s"zibpkeyRecords.get_allc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x�|jD]�}t|�}t|�}t|j|�\}}t	|�}t
|�}	||f|j�kr�g|||f<||	kr�|||fjd|�qF|||fjd||	f�qFW|S)NrzCould not list ibpkeysz0x%xz	0x%x-0x%x)
rrWrr&r^rrrr r!r"r�r')
rrzr�rLr$r�r	rr�r�rrr rs$zibpkeyRecords.get_all_by_typecCs�g}|jd�}x�t|j��D]�}|d|dkr8|dnd|d|df}||dr�|jd||d||d|d|f�q|jd||d|d|f�qW|S)NTrr=z%s-%sz-a -t %s -r '%s' -x %s %srwz-a -t %s -x %s %s)rrr�r�r')rrr�r�r�rrr rds
,,$zibpkeyRecords.customizedr=cCs�|j|�}|j�}t|�dkr"dS|rDtdtd�td�td�f�xZt|�D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-18s %s
zSELinux IB Pkey TypeZ
Subnet_PrefixzPkey Numberz%-30s %-18s z%sr=z, %s)rr�rHrxrr�)rryrzr�r�ror�rrrr r{(s
zibpkeyRecords.list)N)r)r)r=r)r9r:r;r�r!rrr�rr�rar%r�rrrrdr{rrrr r3s
>&

rc@s�eZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zddd�Z
d dd�Zdd�Zd!dd�ZdS)"�ibendportRecordsNc
CsXtj||�y:tjtjtj|j��dgd�}tdd�|j	�D��|_
WnYnXdS)NZibendport_type)r
css|]}t|�VqdS)N)r*)rsrgrrr r?sz,ibendportRecords.__init__.<locals>.<genexpr>)rPr!rrrrZrrR�setrr�)rrTrrrr r!;szibendportRecords.__init__cCsp|dkrttd���t|�}|dks,|dkr8ttd���t|j||�\}}|dkrfttd�||f��|||fS)NrzIB device name is required�r=zInvalid Port Numberrz*Could not create a key for ibendport %s/%s)r^rr�Zsemanage_ibendport_key_createrW)r�	ibendport�
ibdev_namer�rLr�rrr r�CszibendportRecords.__genkeycCsRtdkr|dkrd}nt|�}|dkr2ttd���tj|�}||jkrVttd�|��|j||�\}}}t|j	|�\}}|dkr�ttd�||f��|r�ttd�||f��t
|j	�\}}	|dkr�ttd	�||f��t|j	|	|�t|	|�t
|j	�\}}
|dk�rttd
�||f��t|j	|
d�}|dk�rFttd�||f��t|j	|
d
�}|dk�rrttd�||f��t|j	|
|�}|dk�r�ttd�||f��tdk�r�|dk�r�t|j	|
|�}|dk�r�ttd�||f��t|j	|	|
�}|dk�r
ttd�||f��t|j	||	�}|dk�r6ttd�||f��t|
�t|�t|	�dS)Nr=rr�zType is requiredz-Type %s is invalid, must be an ibendport typerz-Could not check if ibendport %s/%s is definedzibendport %s/%s already definedz$Could not create ibendport for %s/%sz"Could not create context for %s/%sr�z1Could not set user in ibendport context for %s/%sr�z1Could not set role in ibendport context for %s/%sz1Could not set type in ibendport context for %s/%sz7Could not set mls fields in ibendport context for %s/%sz)Could not set ibendport context for %s/%szCould not add ibendport %s/%s)r`rOr^rrZr�r��_ibendportRecords__genkey�semanage_ibendport_existsrWZsemanage_ibendport_createZ!semanage_ibendport_set_ibdev_nameZsemanage_ibendport_set_portr�r�r�r�r�Zsemanage_ibendport_set_con�semanage_ibendport_modify_localr��semanage_ibendport_key_free�semanage_ibendport_free)rr*r+r.rSr�r�rLr~rr�rrr r�QsZ









zibendportRecords.__addcCs$|j�|j||||�|j�dS)N)rb�_ibendportRecords__addr8)rr*r+r.rSrrr r��szibendportRecords.addcCs`|dkr2|dkr2tdkr&ttd���nttd���tj|�}|rZ||jkrZttd�|��|j||�\}}}t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t	|j|�\}}	|dkr�ttd	�||f��t
|	�}
tdko�|dk�rt|j|
t|��|dk�r t
|j|
|�t|j||	�}|dk�rLttd
�||f��t|�t|	�dS)Nrr=zRequires setype or serangezRequires setypez-Type %s is invalid, must be an ibendport typerz-Could not check if ibendport %s/%s is definedzibendport %s/%s is not definedzCould not query ibendport %s/%sz Could not modify ibendport %s/%s)r`r^rrZr�r�r,r-rWZsemanage_ibendport_query�semanage_ibendport_get_conr�rOr�r.r/r0)rr*r+r.r�r�r�rLr~rr�rrr r��s4


zibendportRecords.__modifycCs$|j�|j||||�|j�dS)N)rb�_ibendportRecords__modifyr8)rr*r+r.r�rrr r��szibendportRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]~}t|j|�\}}t|�}|jt|�|�\}}}|dkr~ttd�t	|f��t
|j|�}|dkr�ttd�||f��t|�q0W|j�dS)NrzCould not list the ibendportsz Could not create a key for %s/%dz$Could not delete the ibendport %s/%d)
�semanage_ibendport_list_localrWr^rrb�!semanage_ibendport_get_ibdev_name�semanage_ibendport_get_portr,r*Z	ibdevname�semanage_ibendport_del_localr/r8)rrLrr*r+r�r�rrr ra�s
zibendportRecords.deleteallcCs�|j||�\}}}t|j|�\}}|dkr>ttd�||f��|sVttd�||f��t|j|�\}}|dkr�ttd�||f��|s�ttd�||f��t|j|�}|dkr�ttd�||f��t|�dS)Nrz-Could not check if ibendport %s/%s is definedzibendport %s/%s is not definedz7ibendport %s/%s is defined in policy, cannot be deletedz Could not delete ibendport %s/%s)r,r-rWr^rZsemanage_ibendport_exists_localr7r/)rr*r+r�r�rLr~rrr r��szibendportRecords.__deletecCs |j�|j||�|j�dS)N)rb�_ibendportRecords__deleter8)rr*r+rrr r��szibendportRecords.deleterc
Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xX|jD]N}t|�}t|�}|dkrdqFt|�}t	|j|�\}}t
|�}	||f||	|f<qFW|S)NrzCould not list ibendportsZreserved_ibendport_t)r4rWr�semanage_ibendport_listr^rr2rrr5r6)
rrzr�rLr*r�r	r
r+r�rrr rr�s zibendportRecords.get_allc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xh|jD]^}t|�}t|�}t|j|�\}}t	|�}||f|j
�kr�g|||f<|||fjd|�qFW|S)NrzCould not list ibendportsz0x%x)r4rWrr9r^rr2rr5r6r�r')	rrzr�rLr*r�r	r+r�rrr rsz ibendportRecords.get_all_by_typecCs�g}|jd�}xtt|j��D]d}||dr\|jd||d||d|d|df�q|jd||d|d|df�qW|S)NTr=z-a -t %s -r '%s' -z %s %srz-a -t %s -z %s %s)rrr�r�r')rrr�r�rrr rds
0(zibendportRecords.customizedr=cCs�|j|�}|j�}t|�dkr"dS|rDtdtd�td�td�f�xZt|�D]N}d|}|d||d7}x$||dd�D]}|d	|7}q�Wt|�qNWdS)
Nrz%-30s %-18s %s
zSELinux IB End Port TypezIB Device NamezPort Numberz%-30s %-18s z%sr=z, %s)rr�rHrxrr�)rryrzr�r�ror�rrrr r{s
zibendportRecords.list)N)r)r)r=r)r9r:r;r�r!r,r1r�r3r�rar8r�rrrrdr{rrrr r'7s
=&

r'c@sveZdZgZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zddd�Z
dd�Zddd�ZdS)�nodeRecordsNcCsTtj||�ddg|_y$tttjtjd��dd�|_Wntk
rNYnXdS)NZipv4Zipv6Z	node_typerr�)	rPr!�protocolr{rZr�r�r�r�)rrTrrr r!1s
$znodeRecords.__init__c	Cs�|}|}d}|dkr ttd���t|�dks8|ddkrztj||�}t|j�}t|j�}|dkrp|jdkrpd}d|j}y|j	j
|�}Wnttd	���YnX|||fS)
NrzNode Address is requiredrr�z0.0.0.0�z::zipv%dzUnknown or missing protocol)r^rrH�	ipaddressZ
ip_networkr*Znetwork_addressZnetmask�versionr;�index)r�addr�maskr;ZnewaddrZnewmaskZnewprotocolrorrr �validate9s"


znodeRecords.validatec	Cs�|j|||�\}}}tdkr2|dkr*d}nt|�}|dkrFttd���tj|�}||jkrjttd�|��t|j	|||�\}}|dkr�ttd�|��|dkr�ttd�|��t
|j	|�\}}|r�ttd	�|��t|j	�\}}	|dkr�ttd
�|��t|	|�t
|j	|	||�}t|j	�\}}
|dk�r:ttd�|��t|j	|	||�}|dk�rdttd�|��t|j	|
d
�}|dk�r�ttd�|��t|j	|
d�}|dk�r�ttd�|��t|j	|
|�}|dk�r�ttd�|��tdk�r|dk�rt|j	|
|�}|dk�rttd�|��t|j	|	|
�}|dk�r@ttd�|��t|j	||	�}|dk�rhttd�|��t|
�t|�t|	�|jjd||tj|j|�d
d||f�dS)Nr=rr�zSELinux node type is requiredz'Type %s is invalid, must be a node typerzCould not create key for %sz%Could not check if addr %s is definedzAddr %s already definedzCould not create addr for %szCould not create context for %szCould not set mask for %sr�z)Could not set user in addr context for %sr�z)Could not set role in addr context for %sz)Could not set type in addr context for %sz/Could not set mls fields in addr context for %sz!Could not set addr context for %szCould not add addr %szCresrc=node op=add laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%s)rBr`rOr^rrZr�r��semanage_node_key_createrW�semanage_node_existsZsemanage_node_createZsemanage_node_set_protoZsemanage_node_set_addrr�Zsemanage_node_set_maskr�r�r�r�Zsemanage_node_set_con�semanage_node_modify_localr��semanage_node_key_free�semanage_node_freerYr6r
r�r;)rr@rAr�r.r	rLr�r~�noder�rrr r�Rsh










znodeRecords.__addcCs&|j�|j|||||�|j�dS)N)rb�_nodeRecords__addr8)rr@rAr�r.r	rrr r��sznodeRecords.addc	Cs�|j|||�\}}}|dkr0|dkr0ttd���tj|�}|rX||jkrXttd�|��t|j|||�\}}|dkr�ttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t	|j|�\}}	|dkr�ttd�|��t
|	�}
td	k�r|dk�rt|j|
t
|��|dk�r.t|j|
|�t|j||	�}|dk�rVttd
�|��t|�t|	�|jjd||tj|j|�dd
||f�dS)NrzRequires setype or serangez'Type %s is invalid, must be a node typerzCould not create key for %sz%Could not check if addr %s is definedzAddr %s is not definedzCould not query addr %sr=zCould not modify addr %szFresrc=node op=modify laddr=%s netmask=%s proto=%s tcontext=%s:%s:%s:%sr�r�)rBr^rrZr�r�rCrWrDZsemanage_node_query�semanage_node_get_conr`r�rOr�rErFrGrYr6r
r�r;)rr@rAr�r.r�rLr�r~rHr�rrr r��s8


znodeRecords.__modifycCs&|j�|j|||||�|j�dS)N)rb�_nodeRecords__modifyr8)rr@rAr�r.r�rrr r��sznodeRecords.modifycCs
|j|||�\}}}t|j|||�\}}|dkr@ttd�|��t|j|�\}}|dkrhttd�|��|s|ttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|j	j
d||tj|j
|�f�dS)NrzCould not create key for %sz%Could not check if addr %s is definedzAddr %s is not definedz/Addr %s is defined in policy, cannot be deletedzCould not delete addr %sz1resrc=node op=delete laddr=%s netmask=%s proto=%s)rBrCrWr^rrDZsemanage_node_exists_localZsemanage_node_del_localrFrYr6r
r�r;)rr@rAr�rLr�r~rrr r��s&znodeRecords.__deletecCs"|j�|j|||�|j�dS)N)rb�_nodeRecords__deleter8)rr@rAr�rrr r��sznodeRecords.deletecCstt|j�\}}|dkr"ttd���|j�x<|D]4}|jt|j|�dt|j|�d|jt	|��q0W|j
�dS)Nrz!Could not deleteall node mappingsr=)�semanage_node_list_localrWr^rrbrL�semanage_node_get_addr�semanage_node_get_maskr;�semanage_node_get_protor8)rrLZnlistrHrrr ra�s
4znodeRecords.deleteallrc	Cs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���xj|jD]`}t|�}t|j|�}t|j|�}|j	t
|�}t|�t|�t
|�t|�f||d|d|f<qFW|S)NrzCould not list addrsr=)rMrW�ilistZsemanage_node_listr^rrJrNrOr;rP�semanage_context_get_user�semanage_context_get_rolerr)	rrzr�rLrHr�r@rAr�rrr rr�s2znodeRecords.get_allc	Cs�g}|jd�}x�t|j��D]p}||drb|jd|d|d||d||d|df�q|jd|d|d||d|df�qW|S)NTrz-a -M %s -p %s -t %s -r '%s' %sr=rwrz-a -M %s -p %s -t %s %s)rrr�r�r')rrr�r�rrr rd	s
6.znodeRecords.customizedr=cCs|j|�}t|�dkrdSt|j��}|r6tdd�tr�x�|D]r}d}x|D]}|dt|�}qNWtd	|d|d
|d||d||d
||dt||dd
�f�q@WnJxH|D]@}td|d|d
|d||d||d
||df�q�WdS)Nrz%-18s %-18s %-5s %-5s
�
IP Address�Netmask�Protocol�Contextr�	z%-18s %-18s %-5s %s:%s:%s:%s r=rwrFz%-18s %-18s %-5s %s:%s:%s )rTrUrVrW)rrrHr�r�rxr`r*rN)rryrzr�r�r��valZfieldsrrr r{s


R
znodeRecords.list)N)r)r=r)r9r:r;r�r!rBrIr�rKr�rLr�rarrrdr{rrrr r:-s
H(


r:c@sjeZdZddd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Zdd�Z	dd�Z
ddd�Zdd�Zddd�Z
dS)�interfaceRecordsNcCstj||�dS)N)rPr!)rrTrrr r!(szinterfaceRecords.__init__c	CsRtdkr|dkrd}nt|�}|dkr2ttd���t|j|�\}}|dkrZttd�|��t|j|�\}}|dkr�ttd�|��|r�ttd�|��t|j�\}}|dkr�ttd	�|��t|j||�}t	|j�\}}|dkr�ttd
�|��t
|j|d�}|dk�rttd�|��t|j|d
�}|dk�r@ttd�|��t|j||�}|dk�rhttd�|��tdk�r�|dk�r�t
|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|j||�}|dk�r�ttd�|��t|j||�}|dk�rttd�|��t|�t|�t|�|jjd|dd
||f�dS)Nr=rr�zSELinux Type is requiredrzCould not create key for %sz*Could not check if interface %s is definedzInterface %s already definedz!Could not create interface for %szCould not create context for %sr�z.Could not set user in interface context for %sr�z.Could not set role in interface context for %sz.Could not set type in interface context for %sz4Could not set mls fields in interface context for %sz&Could not set interface context for %sz$Could not set message context for %szCould not add interface %sz4resrc=interface op=add netif=%s tcontext=%s:%s:%s:%s)r`rOr^r�semanage_iface_key_createrW�semanage_iface_existsZsemanage_iface_createZsemanage_iface_set_namer�r�r�r�r�Zsemanage_iface_set_ifconZsemanage_iface_set_msgcon�semanage_iface_modify_localr��semanage_iface_key_free�semanage_iface_freerYr6)	r�	interfacer.r	rLr�r~�ifacer�rrr r�+s^






zinterfaceRecords.__addcCs"|j�|j|||�|j�dS)N)rb�_interfaceRecords__addr8)rr`r.r	rrr r�kszinterfaceRecords.addc	Cs>|dkr|dkrttd���t|j|�\}}|dkrDttd�|��t|j|�\}}|dkrlttd�|��|s�ttd�|��t|j|�\}}|dkr�ttd�|��t|�}tdkr�|dkr�t|j|t	|��|dkr�t
|j||�t|j||�}|dk�rttd	�|��t|�t
|�|jjd
|dd||f�dS)
NrzRequires setype or serangerzCould not create key for %sz*Could not check if interface %s is definedzInterface %s is not definedzCould not query interface %sr=zCould not modify interface %sz7resrc=interface op=modify netif=%s tcontext=%s:%s:%s:%sr�r�)r^rr[rWr\Zsemanage_iface_query�semanage_iface_get_ifconr`r�rOr�r]r^r_rYr6)	rr`r.r�rLr�r~rar�rrr r�ps0
zinterfaceRecords.__modifycCs"|j�|j|||�|j�dS)N)rb�_interfaceRecords__modifyr8)rr`r.r�rrr r��szinterfaceRecords.modifycCs�t|j|�\}}|dkr(ttd�|��t|j|�\}}|dkrPttd�|��|sdttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t|�|jj	d|�dS)NrzCould not create key for %sz*Could not check if interface %s is definedzInterface %s is not definedz4Interface %s is defined in policy, cannot be deletedzCould not delete interface %sz"resrc=interface op=delete netif=%s)
r[rWr^rr\Zsemanage_iface_exists_localZsemanage_iface_del_localr^rYr6)rr`rLr�r~rrr r��s$zinterfaceRecords.__deletecCs|j�|j|�|j�dS)N)rb�_interfaceRecords__deleter8)rr`rrr r��s
zinterfaceRecords.deletecCsRt|j�\}}|dkr"ttd���|j�x|D]}|jt|��q0W|j�dS)Nrz(Could not delete all interface  mappings)�semanage_iface_list_localrWr^rrbre�semanage_iface_get_namer8)rrLr�rorrr ra�s
zinterfaceRecords.deleteallrcCs~i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x:|jD]0}t|�}t|�t|�t	|�t
|�f|t|�<qFW|S)NrzCould not list interfaces)rfrWrQZsemanage_iface_listr^rrcrRrSrrrg)rrzr�rLr`r�rrr rr�s(zinterfaceRecords.get_allcCstg}|jd�}x`t|j��D]P}||drR|jd||d||d|f�q|jd||d|f�qW|S)NTrz-a -t %s -r '%s' %srwz-a -t %s %s)rrr�r�r')rrr�r�rrr rd�s
&zinterfaceRecords.customizedr=c
Cs�|j|�}t|�dkrdSt|j��}|rBtdtd�td�f�tr�x�|D]@}td|||d||d||dt||dd	�f�qLWn:x8|D]0}td
|||d||d||df�q�WdS)Nrz	%-30s %s
zSELinux InterfacerWz%-30s %s:%s:%s:%s r=rwrFz%-30s %s:%s:%s )rrrHr�r�rxrr`rN)rryrzr�r�r�rrr r{�s

B
zinterfaceRecords.list)N)r)r=r)r9r:r;r!rbr�rdr�rer�rarrrdr{rrrr rZ&s
@"


rZc@s�eZdZgZd&dd�Zdd�Zdd�Zdd	�Zd'dd�Zd
d�Z	d(dd�Z
d)dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zd*dd �Zd!d"�Zd+d$d%�ZdS),�fcontextRecordsNcCs�tj||�yLtttjtjd��dd�|_|jtttjtjd��dd�7_Wntk
rlYnXi|_i|_	d|_
ydttj
�d�}xH|j�D]<}|j�}t|�dkr�q�|jd�r�q�|j�\}}||j|<q�W|j�Wntk
r�YnXynttj�d�}xR|j�D]F}|j�}t|�dk�r2�q|jd��rB�q|j�\}}||j	|<�qW|j�Wntk
�r~YnXdS)NZ	file_typerr�Zdevice_nodeFr��#)rPr!r{rZr�r�r�r��equiv�
equiv_dist�	equal_indr�rG�selinux_file_context_subs_path�	readlines�striprHr�r�r��IOErrorZ#selinux_file_context_subs_dist_path)rrTr�ro�target�
substituterrr r!�sF ,
zfcontextRecords.__init__c
Cs�|jr�tj�}d|}t|d�}x*|jj�D]}|jd||j|f�q,W|j�ytj	|tj
|�t
j�WnYnXtj||�d|_t
j|�dS)Nz%s.tmp�wz%s %s
F)rlrGrmr�rjr��writer�r|�chmod�stat�ST_MODE�renamerPr8)rZ	subs_fileZtmpfiler�rqrrr r8	s
zfcontextRecords.commitcCs|j�|dkr,|ddkr,ttd�|��|dkrP|d
dkrPttd�|��||jj�krnttd�|��|j|�xJ|j|jfD]:}x4|D],}|j|d�r�ttd�||||f��q�Wq�W|jj	dt
jd|d	�t
jd
|d	�f�||j|<d|_|j
�dS)Nr�r=z=Target %s is not valid. Target is not allowed to end with '/'zESubstitute %s is not valid. Substitute is not allowed to end with '/'z'Equivalence class for %s already existsz4File spec %s conflicts with equivalency rule '%s %s'z!resrc=fcontext op=add-equal %s %s�sglobr�tglobT���r{)rbr^rrjr�rBrkr�rYr6r�audit_encode_nv_stringrlr8)rrqrr�fdictrorrr �	add_equal"	s 

"(
zfcontextRecords.add_equalcCsj|j�||jj�kr&ttd�|��||j|<d|_|jjdtj	d|d�tj	d|d�f�|j
�dS)Nz'Equivalence class for %s does not existTz$resrc=fcontext op=modify-equal %s %sryrrz)rbrjr�r^rrlrYr6rr|r8)rrqrrrrr �modify_equal9	s
(zfcontextRecords.modify_equalr�cCs�t|j�\}}|dkr&ttd�|��|dkr2d}t|j||�}|dkrXttd�|��t|j|d�}|dkr~ttd�|��tdkr�t|j|d	�}|dkr�ttd
�|��|S)NrzCould not create context for %srr�z)Could not set user in file context for %sr�z)Could not set role in file context for %sr=r�z/Could not set mls fields in file context for %s)r�rWr^rr�r�r`r�)rrqr�rLr�rrr �	createconD	s zfcontextRecords.createconcCs�|dks|jd�dkr"ttd���|jd�d
kr<ttd���x^|j|jfD]N}xH|D]@}|j|d�rTtj||||�}ttd	�|||||f��qTWqJWdS)Nr�
rzInvalid file specificationr�r=z)File specification can not include spacesr�zMFile spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' insteadr{)�findr^rrjrkr�rB�sub)rrqr}rorgrrr rBZ	s
zfcontextRecords.validatercCsX|j|�tdkrt|�}|dkr.ttd���|dkrZtj|�}||jkrZttd�|��t|j	|t
|�\}}|dkr�ttd�|��t|j	|�\}}|dkr�ttd�|��|s�t|j	|�\}}|dkr�ttd�|��|r�ttd	�|��t
|j	�\}}	|dk�rttd
�|��t|j	|	|�}|dk�r�|j||�}
t|j	|
|�}|dk�rdttd�|��tdk�r�|dk�r�t|j	|
|�}|dk�r�ttd�|��t|j	|	|
�}|dk�r�ttd
�|��t|	t
|�t|j	||	�}|dk�r�ttd�|��|dk�rt|
�t|�t|	�|�s*d}|jjdtjd|d�t||d||f�dS)Nr=rzSELinux Type is requiredz<<none>>z1Type %s is invalid, must be a file or device typerzCould not create key for %sz1Could not check if file context for %s is definedz#File context for %s already definedz$Could not create file context for %sz)Could not set type in file context for %sz/Could not set mls fields in file context for %sz!Could not set file context for %sz!Could not add file context for %sr�z6resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%srzr�)rBr`rOr^rrZr�r��semanage_fcontext_key_createrW�
file_types�semanage_fcontext_exists�semanage_fcontext_exists_localZsemanage_fcontext_createZsemanage_fcontext_set_exprr�r�r��semanage_fcontext_set_conZsemanage_fcontext_set_type�semanage_fcontext_modify_localr��semanage_fcontext_key_free�semanage_fcontext_freerYr6rr|�ftype_to_audit)rrqrS�ftyper.r�rLr�r~�fcontextr�rrr r�e	s`









zfcontextRecords.__addcCs&|j�|j|||||�|j�dS)N)rb�_fcontextRecords__addr8)rrqrSr�r.r�rrr r��	szfcontextRecords.addcCs�|dkr$|dkr$|dkr$ttd���|dkrPtj|�}||jkrPttd�|��|j|�t|j|t|�\}}|dkr�ttd�|��t	|j|�\}}|dkr�ttd�|��|r�yt
|j|�\}}	Wn$tk
r�ttd�|��YnXn|t|j|�\}}|dk�rttd�|��|�s0ttd	�|��yt
|j|�\}}	Wn&tk
�rjttd�|��YnX|dk�rt|	�}
|
dk�r�|j|�}
td
k�r�|dk�r�t|j|
t|��|dk�r�t|j|
|�|dk�r�t|j|
|�t|j|	|
�}|dk�r:ttd�|��n(t|j|	d�}|dk�r:ttd�|��t|j||	�}|dk�rbttd�|��t|�t|	�|�s|d
}|jjdtjd|d�t||d||f�dS)Nrz"Requires setype, serange or seuser�<<none>>z1Type %s is invalid, must be a file or device typerzCould not create a key for %sz1Could not check if file context for %s is definedz#Could not query file context for %sz"File context for %s is not definedr=z!Could not set file context for %sz$Could not modify file context for %sr�z9resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%srzr�)rr�)r^rrZr�r�rBr�rWr�r�Zsemanage_fcontext_query�OSErrorr�Zsemanage_fcontext_query_local�semanage_fcontext_get_conr�r`r�rOr�r�r�r�r�r�rYr6rr|r�)rrqr�r�r.r�rLr�r~r�r�rrr r��	sf











zfcontextRecords.__modifycCs&|j�|j|||||�|j�dS)N)rb�_fcontextRecords__modifyr8)rrqr�r�r.r�rrr r��	szfcontextRecords.modifycCs�t|j�\}}|dkr"ttd���|j�x�|D]�}t|�}t|�}t|�}t|j|t	|�\}}|dkrzttd�|��t
|j|�}|dkr�ttd�|��t|�|jj
dtjd|d�tt|f�q0Wi|_d|_|j�dS)Nrz Could not list the file contextszCould not create a key for %sz$Could not delete the file context %sz$resrc=fcontext op=delete %s ftype=%srzT)�semanage_fcontext_list_localrWr^rrb�semanage_fcontext_get_expr�semanage_fcontext_get_type�semanage_fcontext_get_type_strr�r��semanage_fcontext_del_localr�rYr6rr|r��file_type_str_to_optionrjrlr8)rrL�flistr�rqr��	ftype_strr�rrr ra�	s&
*zfcontextRecords.deleteallcCs:||jj�kr>|jj|�d|_|jjdtjd|d��dSt|j	|t
|�\}}|dkrlttd�|��t
|j	|�\}}|dkr�ttd�|��|s�t|j	|�\}}|dkr�ttd�|��|r�ttd�|��nttd�|��t|j	|�}|dk�rttd	�|��t|�|jjd
tjd|d�t|f�dS)NTz!resrc=fcontext op=delete-equal %srzrzCould not create a key for %sz1Could not check if file context for %s is definedz;File context for %s is defined in policy, cannot be deletedz"File context for %s is not definedz$Could not delete file context for %sz$resrc=fcontext op=delete %s ftype=%s)rjr��poprlrYr6rr|r�rWr�r^rr�r�r�r�r�)rrqr�rLr�r~rrr r�
s.
zfcontextRecords.__deletecCs |j�|j||�|j�dS)N)rb�_fcontextRecords__deleter8)rrqr�rrr r�/
szfcontextRecords.deletercCs|rt|j�\}|_n�t|j�\}|_|dkr:ttd���t|j�\}}|dkr\ttd���t|j�\}}|dkr~ttd���|j|7_|j|7_i}xd|jD]Z}t|�}t|�}t	|�}	t
|�}
|
r�t|
�t|
�t
|
�t|
�f|||	f<q�|
|||	f<q�W|S)NrzCould not list file contextsz1Could not list file contexts for home directoriesz"Could not list local file contexts)r�rWr�Zsemanage_fcontext_listr^rZsemanage_fcontext_list_homedirsr�r�r�r�rRrSrr)rrzrLZ
fchomedirsZfclocalr�r��exprr�r�r�rrr rr4
s.&zfcontextRecords.get_allcCs�g}|jd�}x�t|j��D]t}||r||drh|jdt|d||d||d|df�q|jdt|d||d|df�qWt|j�r�x*|jj�D]}|jd|j||f�q�W|S)	NTrz-a -f %s -t %s -r '%s' '%s'r=rwrz-a -f %s -t %s '%s'z-a -e %s %s)rrr�r�r'r�rHrj)rr�	fcon_dictr�rqrrr rdT
s
4,
zfcontextRecords.customizedr=cCs�|j|�}t|�dkr�|r8tdtd�td�td�f�x�t|j��D]�}||r�tr�td|d|d||d||d||dt||d	d
�f�q�td|d|d||d||d||df�qFtd|d|df�qFWt|j��rB|�sB|�rttd
��x*|jj�D]}td||j|f��q"Wt|j	��r�|�r`ttd��x*|j	j�D]}td||j	|f��qlWdS)Nrz%-50s %-18s %s
zSELinux fcontextrSrWz%-50s %-18s %s:%s:%s:%s r=rwrFz%-50s %-18s %s:%s:%s z%-50s %-18s <<None>>z,
SELinux Distribution fcontext Equivalence 
z%s = %sz%
SELinux Local fcontext Equivalence 
)
rrrHrxrr�r�r`rNrkrj)rryrzr�r�rqrrr r{c
s*
H8zfcontextRecords.list)N)r�)rrr�)rrr�)r)r=r)r9r:r;r�r!r8r~rr�rBr�r�r�r�rar�r�rrrdr{rrrr rh�s"
&

B
C!
 rhc@sleZdZddd�Zdd�Zddd�Zd	d
�Zdd�Zd
d�Zddd�Z	dd�Z
dd�Zdd�Zddd�Z
dS)�booleanRecordsNc	Cs�tj||�i|_d|jd<d|jd<d|jd<d|jd<d|jd<d|jd<ytj�\}|_tj�\}}Wng|_d}YnX|jd	ks�|j|kr�d
|_nd|_dS)Nr=ZTRUErZFALSEZONZOFF�1�0rTF)	rPr!�dictrGZsecurity_get_boolean_names�current_booleansrXrR�modify_local)rrTrLZptyperrr r!�
s"






zbooleanRecords.__init__cCsLtj|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|j�|j	kr�t
||j	|j��nttd�dj|j	j����|j
o�||jk�rt|j||�}|dk�rttd�|��t|j||�}|dk�r8ttd	�|��t|�t|�dS)
NrzCould not create a key for %sz(Could not check if boolean %s is definedzBoolean %s is not definedzCould not query file context %sz0You must specify one of the following values: %sz, z(Could not set active value of boolean %szCould not modify boolean %s)rG�selinux_boolean_sub�semanage_bool_key_createrWr^r�semanage_bool_existsZsemanage_bool_query�upperr�Zsemanage_bool_set_valuer�r�r�r�Zsemanage_bool_set_activeZsemanage_bool_modify_local�semanage_bool_key_freeZsemanage_bool_free)rr,�valuerLr�r~rrrr Z__mod�
s0


zbooleanRecords.__modFcCs�|j�|r�t|�}x||j�jd�D]j}|j�}t|�dkr>q$y|jd�\}}Wn(tk
rxttd||f���YnX|j|j�|j��q$W|j	�n|j||�|j
�dS)Nr�r�=zBad format %s: Record %s)rbr�r�r�rorHr^r�_booleanRecords__modr�r8)rr,r��use_filer�rZboolnamerYrrr r��
s
zbooleanRecords.modifycCs�tj|�}t|j|�\}}|dkr2ttd�|��t|j|�\}}|dkrZttd�|��|snttd�|��t|j|�\}}|dkr�ttd�|��|s�ttd�|��t|j|�}|dkr�ttd�|��t	|�dS)NrzCould not create a key for %sz(Could not check if boolean %s is definedzBoolean %s is not definedz2Boolean %s is defined in policy, cannot be deletedzCould not delete boolean %s)
rGr�r�rWr^rr�Zsemanage_bool_exists_localZsemanage_bool_del_localr�)rr,rLr�r~rrr r��
s$
zbooleanRecords.__deletecCs|j�|j|�|j�dS)N)rb�_booleanRecords__deleter8)rr,rrr r��
s
zbooleanRecords.deletecCsZt|j�\}|_|dkr$ttd���|j�x |jD]}t|�}|j|�q4W|j�dS)NrzCould not list booleans)	�semanage_bool_list_localrW�blistr^rrb�semanage_bool_get_namer�r8)rrL�booleanr,rrr ra�
szbooleanRecords.deleteallrcCs�i}|rt|j�\}|_nt|j�\}|_|dkr>ttd���x~|jD]t}g}t|�}|jt|��|j	r�||j
kr�|jtj|��|jtj
|��n|j|d�|j|d�|||<qFW|S)NrzCould not list booleans)r�rWr�Zsemanage_bool_listr^rr�r'Zsemanage_bool_get_valuer�r�rGZsecurity_get_boolean_pendingZsecurity_get_boolean_active)rrzr�rLr�r�r,rrr rr�
s"zbooleanRecords.get_allcCstj|�}tj|�S)N)rGr�rZZboolean_desc)rr,rrr �get_descs
zbooleanRecords.get_desccCstj|�}tj|�S)N)rGr�rZZboolean_category)rr,rrr �get_categorys
zbooleanRecords.get_categorycCsJg}|jd�}x6t|j��D]&}||r|jd||d|f�qW|S)NTz	-m -%s %srw)rrr�r�r')rrr�r�rrr rds
zbooleanRecords.customizedTcCs�td�td�f}|rX|j|�}x4t|j��D]$}||r,td|||df�q,WdS|j|�}t|�dkrrdS|r�tdtd�td�td	�td
�f�xNt|j��D]>}||r�td||||d|||d|j|�f�q�WdS)Nr�r�z%s=%srwrz%-30s %s  %s %s
zSELinux booleanZStateZDefaultZDescriptionz%-30s (%-5s,%5s)  %s)rrrr�r�rxrHr�)rryrzr�Zon_offr�r�rrr r{s

$zbooleanRecords.list)N)NF)r)TFF)r9r:r;r!r�r�r�r�rarrr�r�rdr{rrrr r�
s


r�)r)r=)r=)9r�r�rGr|rBr(rvr
r5ZPROGNAMErZrr=�gettext�kwargs�version_infoZinstall�builtinsr*�__dict__r�Z__builtin__rr>r�ZSEMANAGE_FCONTEXT_ALLZSEMANAGE_FCONTEXT_REGZSEMANAGE_FCONTEXT_DIRZSEMANAGE_FCONTEXT_CHARZSEMANAGE_FCONTEXT_BLOCKZSEMANAGE_FCONTEXT_SOCKZSEMANAGE_FCONTEXT_LINKZSEMANAGE_FCONTEXT_PIPEr�r�rZaudit_closerrr�r?rFrNrOrPrfr�r�r�r�r�rr'r:rZrhr�rrrr �<module>s�
$$	

ik
H}wzC
No se encontró la página – Alquiler de Limusinas, Autos Clásicos y Microbuses

Alquiler de Autos Clásicos para Sesiones Fotográficas: Estilo y Elegancia en Cada Toma

Si buscas darle un toque auténtico, elegante o retro a tus fotos, el alquiler de autos clásicos para sesiones fotográficas es la opción ideal. Este tipo de vehículos no solo son íconos del diseño automotriz, sino que se convierten en un elemento visual impactante que transforma cualquier sesión en una experiencia única.

¿Por Qué Usar Autos Clásicos en Sesiones Fotográficas?

1. Estética Visual Única

Un auto clásico aporta personalidad, historia y carácter a tus imágenes. Desde tomas urbanas hasta escenarios naturales, estos vehículos se adaptan a diferentes estilos visuales.

2. Ideal para Diversos Usos

  • Sesiones de boda y pre-boda
  • Campañas publicitarias
  • Editoriales de moda
  • Proyectos cinematográficos
  • Contenido para redes sociales

3. Variedad de Modelos

Desde convertibles vintage hasta muscle cars de los años 60 y 70, puedes elegir el modelo que mejor se ajuste a la estética de tu sesión.

Beneficios del Alquiler Profesional

  • Vehículos en excelente estado estético y mecánico
  • Choferes disponibles si se requiere movilidad
  • Asesoría para elegir el modelo adecuado
  • Posibilidad de ambientación adicional (flores, letreros, decoración retro)

Conclusión: Captura Momentos con Estilo

Un auto clásico puede transformar tu sesión fotográfica en una obra de arte visual. No importa el propósito: el estilo, la elegancia y el impacto están garantizados.

📸 ¡Reserva tu auto clásico y crea fotos memorables!

Consulta disponibilidad y haz de tu sesión algo realmente especial. ¡Llama la atención con cada toma!

Not Found

404

Sorry, the page you’re looking for doesn’t exist.