o

%`b��@s�dd
lZddl
mZ
ddlmZmZmZ
ddlmZm	Z	m
Z
mZ
ddlm
Z

e
�Zgd�
Zgd�
Zgd�
Zd	d
�e�
dZd	d
�e�
dZd	d
�e�
dZe�ded
ded
edd�
ZGdd�de�ZGdd�de	�Zd
S)�N)
�RE_PROFILE_NETWORK)�AppArmorBug�AppArmorException�type_is_str)�BaseRule�BaseRuleset�logprof_value_or_all�parse_modifiers)
�init_translation)-�unspec�unix�inet�ax25�ipx�	appletalk�netrom�bridge�atmpvc�x25�inet6�rose�netbeui�security�key�netlink�packet�ash�econet�atmsvc�rds�sna�irda�pppox�wanpipe�llc�ib�mpls�can�tipc�	bluetooth�iucv�rxrpc�isdn�phonet�
ieee802154�caif�alg�nfc�vsock�kcm�qipcrtr�smc�xdp�mctp)�stream�dgram�	seqpacket�rdm�rawr)�tcp�udp�icmp�
(�
|�
)z^\s*(?P<domain>z)?z(\s+(?P<type_or_protocol>z))?z\s*$csxeZ
dZd
ZGdd�de�ZeZdZ		d�f
dd	�	Ze	d
d��
Z
e	dd
��
Zddd�
Zdd�Z
dd�Zdd�Z�ZS)�NetworkRulez/Class to handle and store a single network rulec
@seZ
dZd
S)zNetworkRule.__NetworkAllN)�__name__�
__module__�__qualname__�rGrG�7/usr/lib/python3/dist-packages/apparmor/rule/network.py�__NetworkAll4s
rI�networkF�Ncs�tt
|�j|||||d
�
d|_d|_|
t
jkrd|_nt|
�
r.|
tvr(|
|_ntd|
�
�
tdt	|
�
�
�
d|_
d|_|t
jkrFd|_dSt|�
rb|tvrS||_
dS|t
vr\||_
dStd|�
�
tdt	|�
�
�
)N)�audit�deny�
allow_keyword�comment�	log_eventFTz(Passed unknown domain to NetworkRule: %sz(Passed unknown object to NetworkRule: %sz2Passed unknown type_or_protocol to NetworkRule: %s)�superrC�__init__�domain�all_domains�ALLr�network_domain_keywordsr�str�type_or_protocol�all_type_or_protocols�network_protocol_keywords�network_type_keywords)�selfrSrXrLrMrNrOrP�
�	__class__rGrHrR;s2


�


















zNetworkRule.__init__cCs
t�
|
�
S)
N)r�search)�cls�raw_rulerGrGrH�_match]s
zNetworkRule._matchcCs�|�|
�
}|st
td
�
|
�
�
t|�
\}}}}d}|�d�
r#|�d�
}|rQt�|�
}|s4t
td|�
�
�
|�d�
r?|�d�
}	ntj}	|�d�
rM|�d�
}
n
tj}
ntj}	tj}
t|	|
||||d�S)z%parse raw_rule and return NetworkRulezInvalid network rule '%s'rK�detailsz*Invalid or unknown keywords in 'network %srSrX)rLrMrNrO)	rbr�
_r	�group�RE_NETWORK_DETAILSr_rCrU)r`ra�matchesrLrMrNrO�rule_detailsrcrSrXrGrGrH�_parseas,
















�zNetworkRule._parser
cCsld
|
}|jr
d}n
|j
rd|j
}ntd�
�
|jrd}n
|jr&d|j}ntd�
�
d||��|||jfS)z)return rule (in clean/default formatting)z  rKz %szEmpty domain in network rulez&Empty type or protocol in network rulez%s%snetwork%s%s,%s)rTrSrrYrX�
modifiers_strrO)r\�depth�spacerSrXrGrGrH�	get_clean�s





zNetworkRule.get_cleancCs@|�|j
|j|
j
|
jd
�sdS|�|j|j|
j|
jd�sdSdS)z2check if other_rule is covered by this rule objectrSFztype or protocolT)�_is_covered_plainrSrTrXrY)r\�
other_rulerGrGrH�is_covered_localvars�s


z NetworkRule.is_covered_localvarscCsXt|
�
t
kstd
t|
�
�
�
|j|
jks|j|
jkrdS|j|
jks(|j|
jkr*dSdS)z,compare if rule-specific variables are equalzPassed non-network rule: %sFT)�typerCrrWrSrTrXrY)r\�rule_obj�strictrGrGrH�is_equal_localvars�s




zNetworkRule.is_equal_localvarsc
Cs0t|j
|j�}
t|j|j�}td
�
|
td�
|gS)NzNetwork FamilyzSocket Type)rrSrTrXrYrd)r\�family�	sock_typerGrGrH�logprof_header_localvars�s



�z$NetworkRule.logprof_header_localvars)FFFrKN)
r
)rDrErF�__doc__�object�_NetworkRule__NetworkAllrU�	rule_namerR�classmethodrbrirmrprtrw�
__classcell__rGrGr]rHrC/s 

�"




"rCc@seZ
dZd
Zdd�ZdS)�NetworkRulesetz7Class to handle and store a collection of network rulesc
Csd
S)zfReturn the next possible glob. For network rules, that's "network DOMAIN," or "network," (all network)znetwork,rG)r\�path_or_rulerGrGrH�get_glob�szNetworkRuleset.get_globN)rDrErFrxr�rGrGrGrHr~�s
r~)�re�apparmor.regexr�apparmor.commonrrr�
apparmor.rulerrrr	�apparmor.translationsr
rdrVr[rZ�join�RE_NETWORK_DOMAIN�RE_NETWORK_TYPE�RE_NETWORK_PROTOCOL�compilerfrCr~rGrGrGrH�<module>
sD







�
��������