HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /lib/python3/dist-packages/apparmor/rule/__pycache__/
Upload Files
File: //lib/python3/dist-packages/apparmor/rule/__pycache__/dbus.cpython-310.pyc
o

%`bb?�@s�ddlZddlmZmZmZmZddlmZmZddl	m
Z
mZmZm
Z
mZmZddlmZe�Zgd�ZddgeZd	d
�e�ddZed
d
dedddeddZdZe�deddedddedddedddeddd ed!dd"ddd#dd$d%ed&dd$d'ed(dd$d%ed)d*d'ed+dd$d'ed,d*d%ed-dd.�ZGd/d0�d0e
�ZGd1d2�d2e�ZdS)3�N)�RE_PROFILE_DBUS�RE_PROFILE_NAME�strip_parenthesis�strip_quotes)�AppArmorBug�AppArmorException)�BaseRule�BaseRuleset�check_and_split_list�logprof_value_or_all�parse_modifiers�quote_if_needed)�init_translation)�send�receive�r�read�w�write�rw�bind�	eavesdropz	((\s|,)*(�|z)(\s|,)*�)z\(z(\s|,)*�?�(z(\s|,)+z)*z\)z5(?P<%s>(\S+|"[^"]+"|\(\s*\S+\s*\)|\(\s*"[^"]+"\)\s*))z^(\s+(?P<access>z))?z((\s+(bus\s*=\s*�busz))?|z(\s+(path\s*=\s*�pathz(\s+(name\s*=\s*�namez(\s+(interface\s*=\s*�	interfacez(\s+(member\s*=\s*�memberz(\s+(peer\s*=\s*\((,|\s)*z(,|\s)*z|(zname\s*=\s*�	peername1zlabel\s*=\s*�
peerlabel1�	peername2z(,|\s)+�
peerlabel2�
peerlabel3�	peername3z)(,|\s)*\)))?){0,6}\s*$cs~eZdZdZGdd�de�ZeZdZ	d�fdd	�	Ze	d
d��Z
e	dd
��Zddd�Zdd�Z
dd�Zdd�Zdd�Z�ZS)�DbusRulez,Class to handle and store a single dbus rulec@seZdZdS)zDbusRule.__DbusAllN)�__name__�
__module__�__qualname__�r+r+�4/usr/lib/python3/dist-packages/apparmor/rule/dbus.py�	__DbusAllGsr-�dbusF�Ncs�tt|�j|	|
|||
d�t|ttjdd�\|_|_}|r(tt	d�d�
|���|�|dd|
�\|_|_
|�|dd	|
�\|_|_|�|d
d|
�\|_|_|�|dd|
�\|_|_|�|dd|
�\|_|_|�|d
d|
�\|_|_|�|dd|
�\|_|_|jr�d|jvr�|js�|js�|js�|js�|jr�tt	d���|jr�d|jvr�|js�|js�|js�|js�|js�|jr�tt	d���|jr�|jr�tD]}||jvr�tt	d�d�
|j���q�dSdSdS)N)�audit�deny�
allow_keyword�comment�	log_eventr'�accessz-Passed unknown access keyword to DbusRule: %s� rFrTrrr z	peer namez
peer labelrzNdbus bind rules must not contain a path, interface, member or peer conditionalrzYdbus eavesdrop rules must not contain a name, path, interface, member or peer conditionalz1dbus %s rules must not contain a name conditional�/)�superr'�__init__r
�access_keywords�ALLr5�
all_accessr�_�join�_aare_or_allr�	all_busesr�	all_pathsr�	all_namesr�all_interfacesr �all_members�peername�
all_peernames�	peerlabel�all_peerlabels�message_keywords)�selfr5rrrrr rErGr0r1r2r3r4�
unknown_items�msg��	__class__r+r,r9Ns4�.4
��zDbusRule.__init__cCs
t�|�S)N)r�search)�cls�raw_ruler+r+r,�_matchms
zDbusRule._matchcCsp|�|�}|sttd�|��t|�\}}}}d}|�d�r#|�d�}|�rt�|�}|s5ttd|���|�d�rQt|�d��}	|	�dd��	�}	|	gkrPt
j}	nt
j}	|�d�rctt|�d���}
nt
j}
|�d	�rutt|�d	���}nt
j}|�d
�r�tt|�d
���}nt
j}|�d�r�tt|�d���}
nt
j}
|�d�r�tt|�d���}nt
j}|�d
�r�tt|�d
���}n!|�d�r�tt|�d���}n|�d�r�tt|�d���}nt
j}|�d�r�tt|�d���}n;|�d�r�tt|�d���}n,|�d��rtt|�d���}nt
j}nt
j}	t
j}
t
j}t
j}t
j}
t
j}t
j}t
j}t
|	|
|||
|||||||d�S)z"parse raw_rule and return DbusRulezInvalid dbus rule '%s'r/�detailsz'Invalid or unknown keywords in 'dbus %sr5�,r6rrrrr r!r#r&r"r$r%)r0r1r2r3)
rRrr=r�group�RE_DBUS_DETAILSrOr�replace�splitr'r;r)rPrQ�matchesr0r1r2r3�rule_detailsrSr5rrrrr rErGr+r+r,�_parseqst




�









�zDbusRule._parsercCsd|}|jr
d}n"t|j�dkrdd�|j�}n|jr(dd�t|j��}ntd��|�d|j|j�}|�d	|j	|j
�}|�d
|j|j�}|�d|j
|j�}|�d|j|j�}|�d
|j|j�}	|�d
|j|j�}
|	|
}|rwd|��}d||��||||||||jf
S)z)return rule (in clean/default formatting)z  r/�z %sr6z (%s)zEmpty access in dbus rulerrrrr �labelz
 peer=(%s)z%s%sdbus%s%s%s%s%s%s%s,%s)r<�lenr5r>�sortedr�_get_aare_rule_partrr@rrArrBrrCr rDrErFrGrH�strip�
modifiers_strr3)rJ�depth�spacer5rrrrr rErG�peerr+r+r,�	get_clean�s&"zDbusRule.get_cleancCs4|rdS|rd|t|j�d�Std||jd���)zNhelper function to write a rule part
           value is expected to be a AAREr/z %(prefix)s=%(value)s)�prefix�valuez+Empty %(prefix_name)s in %(rule_name)s rule)�prefix_name�	rule_name)r
�regexrrj)rJrgrh�
all_valuesr+r+r,r`�s
zDbusRule._get_aare_rule_partcCs�|�|j|j|j|jd�sdS|�|j|j|j|jd�sdS|�|j|j|j|jd�s-dS|�|j|j	|j|j	d�s<dS|�|j
|j|j
|jd�sKdS|�|j|j
|j|j
d�sZdS|�|j|j|j|jd�sidS|�|j|j|j|jd	�sxdSd
S)z2check if other_rule is covered by this rule objectr5Frrrrr rErGT)�_is_covered_listr5r<�_is_covered_aarerr@rrArrBrrCr rDrErFrGrH)rJ�
other_ruler+r+r,�is_covered_localvars�s"zDbusRule.is_covered_localvarscCst|�tkstdt|���|j|jks|j|jkrdS|�|j|j|j|jd�s+dS|�|j	|j
|j	|j
d�s:dS|�|j|j|j|jd�sIdS|�|j
|j|j
|jd�sXdS|�|j|j|j|jd�sgdS|�|j|j|j|jd�svdS|�|j|j|j|jd	�s�dSd
S)z,compare if rule-specific variables are equalzPassed non-dbus rule: %sFrrrrr rErGT)�typer'r�strr5r<�_is_equal_aarerr@rrArrBrrCr rDrErFrGrH)rJ�rule_obj�strictr+r+r,�is_equal_localvarss(zDbusRule.is_equal_localvarsc	Cs�t|j|j�}t|j|j�}t|j|j�}t|j|j�}t|j	|j
�}t|j|j�}t|j
|j�}t|j|j�}td�|td�|td�|td�|td�|td�|td�|td�|gS)	NzAccess mode�Bus�Path�Name�	Interface�Memberz	Peer namez
Peer label)rr5r<rr@rrArrBrrCr rDrErFrGrHr=)	rJr5rrrrr rErGr+r+r,�logprof_header_localvars-s"�z!DbusRule.logprof_header_localvars)FFFr/N)r)r(r)r*�__doc__�object�_DbusRule__DbusAllr;rjr9�classmethodrRr[rfr`rprvr|�
__classcell__r+r+rMr,r'Bs �


S!r'c@seZdZdZdd�ZdS)�DbusRulesetz4Class to handle and store a collection of dbus rulescCsdS)zbReturn the next possible glob. For dbus rules, that means removing access or removing/globbing buszdbus,r+)rJ�path_or_ruler+r+r,�get_globFszDbusRuleset.get_globN)r(r)r*r}r�r+r+r+r,r�Csr�)�re�apparmor.regexrrrr�apparmor.commonrr�
apparmor.rulerr	r
rrr
�apparmor.translationsrr=rIr:r>�joint_access_keyword�RE_ACCESS_KEYWORDS�RE_FLAG�compilerVr'r�r+r+r+r,�<module>s �����������������������������	�	�	�
�����
�
�
�����������������
@ Telegram