HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /lib/python3/dist-packages/apparmor/__pycache__/
Upload Files
File: //lib/python3/dist-packages/apparmor/__pycache__/logparser.cpython-310.pyc
o

T��ej6�@slddlZddlZddlZddlZddlZddlmZmZmZm	Z	m
Z
mZddlm
Z
e
�ZGdd�d�ZdS)�N)�AppArmorException�AppArmorBug�hasher�open_file_read�
split_name�DebugLogger)�init_translationc@sfeZdZe�d�Zdd�Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�Zdd�Zhd�Z
dd�Zdd�ZdS)�ReadLogzapparmor=|operation=|type=AVCcCsF||_||_||_iiid�|_td�|_d|_d|_d|_d|_	dS)N)�
PERMITTING�	REJECTING�AUDITr	�)
�filename�profile_dir�active_profiles�hashlogr�debug_logger�LOG�logmark�seenmark�next_log_entry)�selfrrr�r�4/usr/lib/python3/dist-packages/apparmor/logparser.py�__init__s

zReadLog.__init__cCsN||j|��vrdS|iiit�t�t�t�t�t�t�d�|j||<dS)z< initialize self.hashlog[aamode][profile] for all rule typesN)�
final_name�
capability�
change_hat�change_profile�dbus�exec�network�path�ptrace�signal�mqueue)r�keysr)r�aamode�profilerrr�init_hashlog*s�zReadLog.init_hashlogcCs�|jrtj�d|j�|j��|_|j�|j�s?|jr"|j|jvsA|j��|_|js-dS|j�|j�sC|jr"|j|jvr"dSdSdSdS)NzA log entry already present: %s)	r�sys�stderr�outr�readline�
RE_LOG_ALL�searchr)rrrr�prefetch_next_log_entry>s 0�zReadLog.prefetch_next_log_entrycCs|js|��|j}d|_|S)N)rr0)r�	log_entryrrr�get_next_log_entryGs
zReadLog.get_next_log_entrycCsl|��}|j�d|�tjdkrt|�}t�|�}t�}|j|d<|j	|d<|j
|d<|j|d<|j|d<|j
|d<|j|d	<|j|d
<|j|d<|j|d<|j|d
<|j|d<|j|d<|j|d<|j|d<|j|d<|j|d<|j|d<|j|d<|j|d<|j|d<|jt�d�jkr�|j |d<|j|d<|dr�|ddkr�|j!|d<|j"|d<n4|dr�|ddkr�|j"|d<n$|dr�|d�#d�r�|j$|d<|j%|d <|j&|d!<|j'|d"<|j(|d#<t�)|�|ds�t*t+�+��|d<|d�rd$d%d&d'd(d)d*d+�}z
||d|d<Wnt,�yd,|d<Ynw|dd-k�r-|dd.k�r-d%|d<|d�r4|Sd,S)/z-Parse the event from log into key value pairszparse_event: %s)�r�resource�
active_hatr'�time�	operationr(�name�name2�attr�parent�pid�task�info�
error_code�denied_mask�request_mask�magic_token�family�protocol�	sock_type�class����fsuid�ouidr$�peerr#�dbus_�peer_profile�busr"�	interface�member�UNKNOWN�ERRORrr
r�HINT�STATUS)r��r3���N�
z&Failed name lookup - disconnected path)-�striprr>r*�version_info�str�LibAppArmor�parse_record�dictr5�event�epochr7r(r8r9�	attributer;r<r=r?r@�requested_maskrB�
net_family�net_protocol�
net_sock_type�_classrI�ctypes�c_ulong�valuerHr$rJ�
startswithrL�dbus_bus�	dbus_path�dbus_interface�dbus_member�free_record�intr6�KeyError)r�msgr`�ev�mode_convertorrrr�parse_eventOs~
































��
zReadLog.parse_eventcCs|�dd�}|dkrtd|d��|dvrdS|�dd�s dS|d}|�||�d|dvr4d	|d<t|d�\}}|d	krG|�|�sGdS|d
dkrp|dsUtd
��|ds]d|d<d|j||d|d|d<dS|dr�|d�d�r�|d�d�d}d|j||d|d||d<dS|�	|�dk�r|d}|�
dd�}|�
dd�}d}d|vr�|�d�\}	}
|	r�|
r�td��|	r�|	}d}n|
}|�d�dur�|d|dkr�d}|D]}|dvr�d|j||d|d||<q�ttd �|��dS|d
d!k�rd|j||d"|d<dS|�	|�d#k�r9d|j||d$|d%|d&|d'<dS|d
d(k�r_|d)d*k�rP|d+d,k�rPdSd|j||d(|d<dS|d
d-k�rud|j||d-|d<dS|d
d.k�r�|d/�s�|j
�d0�dS|d�s�|j
�d1�dSd|j||d.|d/|d<dS|d
d2k�r�d|j||d2|d/|d|d2<dS|d
�d3��r�d|j||d4|d|d5|d|d|d6|d7|d8<dS|j
�d9|�dS):Nr'rPzaamode is UNKNOWN - %s�type)rrSrQr(Fz//null-znull-complain-profiler7r r8zexec without executed binaryr9r
TrFr%�_rr@�file�c�w�dz::zOFound log event with both owner and other permissions. Please open a bugreport!rIrH�mrwalkr"zLog contains unknown mode %s�capabler�netr!rCrErDrr?rTr>zunconfined can not change_hatrr#rJz,ignored garbage ptrace event with empty peerz3ignored garbage ptrace event with empty denied_maskr$rKrrMrNrOrLz
UNHANDLED: %s)�getrr)r�profile_existsrr�endswith�	partition�op_type�replace�splitrxr�debugrk)r�er'�full_profiler(�hat�mqueue_type�dmask�owner�owner_d�other_d�permrrr�parse_event_for_tree�s�"&$*

"*JzReadLog.parse_event_for_treec
Cs�||_d}|jr
d}zt|j�|_Wnty td|j��wd}|rs|��}|s,nG|��}|j�	d|�|j|vr?d}|j�	d|�|sJq#|�
|�}|rqz|�|�Wntyp}zd|j|d�}t
|��d}~ww|s%|j��d|_|jS)	NTFzCan not read AppArmor logfile: zread_log: %szread_log: seenmark = %sz;%(msg)s

This error was caused by the log line:
%(logline)s)rs�logliner
)rrrr�IOErrorrr2rZrr�rvr�rjr�closer)rrr�liner`r��ex_msgrrr�read_logsH�


����
zReadLog.read_log>�bind�link�open�chmod�chown�mkdir�mknod�rmdir�xattr�accept�create�listen�sysctl�unlink�connect�getattr�recvmsg�sendmsg�setattr�symlink�truncate�
getsockopt�
rename_src�
setsockopt�getpeername�getsockname�post_create�rename_dest�
sock_shutdown�
socket_create�symlink_createcCs^|d�d�s|d�d�s|d|jvr-|dr#|dr#|dr#dS|dr)d	Std
��dS)z5Returns the operation type if known, unkown otherwiser7�file_�inode_rCrDrErr@ryz"unknown file or network event type�unknown)rk�OP_TYPE_FILE_OR_NETr)rr`rrrr�Ws*zReadLog.op_typecCs|j�|�rdSdS)z/Returns True if profile exists, False otherwiseTF)r�filename_from_profile_name)r�programrrrr�gszReadLog.profile_existsN)�__name__�
__module__�__qualname__�re�compiler.rr)r0r2rvr�r�r�r�r�rrrrr	s
	Mo)#r	)rhr�r*r6r]�apparmor.commonrrrrrr�apparmor.translationsrrxr	rrrr�<module>s 
@ Telegram