HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /lib/python3/dist-packages/apparmor/rule/__pycache__/
Upload Files
File: //lib/python3/dist-packages/apparmor/rule/__pycache__/capability.cpython-310.pyc
o

%`b��@svddlZddlmZddlmZmZmZddlmZm	Z	m
Z
mZddlm
Z
e
�ZGdd�de�ZGdd	�d	e	�ZdS)
�N)�RE_PROFILE_CAP)�AppArmorBug�AppArmorException�type_is_str)�BaseRule�BaseRuleset�logprof_value_or_all�parse_modifiers)�init_translationcs�eZdZdZGdd�de�ZeZdZ		d�fdd	�	Ze	d
d��Z
e	dd
��Zddd�Zdd�Z
dd�Zdd�Zdd�Z�ZS)�CapabilityRulez2Class to handle and store a single capability rulec@seZdZdS)zCapabilityRule.__CapabilityAllN)�__name__�
__module__�__qualname__�rr�:/usr/lib/python3/dist-packages/apparmor/rule/capability.py�__CapabilityAll sr�
capabilityF�Ncs�tt|�j|||||d�d|_|tjkrd|_t�|_dSt|�r'|h|_nt|�t	kr9t
|�dkr9t|�|_ntdt|���|jD]}t
|�
��dkrVtdt|���qDdS)N)�audit�deny�
allow_keyword�comment�	log_eventFTrz+Passed unknown object to CapabilityRule: %sz-Passed empty capability to CapabilityRule: %s)�superr�__init__�all_caps�ALL�setrr�type�list�lenr�str�strip)�self�cap_listrrrrr�cap��	__class__rrr's&�


��zCapabilityRule.__init__cCs
t�|�S)N)r�search)�cls�raw_rulerrr�_matchAs
zCapabilityRule._matchcCsp|�|�}|sttd�|��t|�\}}}}g}|�d�r,|�d���}t�d|�}ntj	}t|||||d�S)z(parse raw_rule and return CapabilityRulezInvalid capability rule '%s'rz[ 	]+)rrrr)
r+r�_r	�groupr"�re�splitrr)r)r*�matchesrrrrrrrr�_parseEs

�zCapabilityRule._parsercCs`d|}|jrd||��|jfSd�|j���}|r,d||��d�t|j��|jfStd��)z)return rule (in clean/default formatting)z  z%s%scapability,%s� z%s%scapability %s,%szEmpty capability rule)r�
modifiers_strr�joinrr"�sortedr)r#�depth�space�capsrrr�	get_clean[s"zCapabilityRule.get_cleancCs"|�|j|j|j|jd�sdSdS)z2check if other_rule is covered by this rule objectrFT)�_is_covered_listrr)r#�
other_rulerrr�is_covered_localvarshsz#CapabilityRule.is_covered_localvarscCs<t|�tkstdt|���|j|jks|j|jkrdSdS)z,compare if rule-specific variables are equalzPassed non-capability rule: %sFT)rrrr!rr)r#�rule_obj�strictrrr�is_equal_localvarsqsz!CapabilityRule.is_equal_localvarscCsP|jr	|�d�}nd}|jD]}|�|�}t|t�rt||�}q|dkr&|}|S)N�__ALL__���)r�rank_capabilityr�
isinstance�int�max)r#�sev_db�severityr%�sevrrrrG}s



�zCapabilityRule.severitycCst|j|j�}td�|gS)N�
Capability)rrrr,)r#�cap_txtrrr�logprof_header_localvars�s�z'CapabilityRule.logprof_header_localvars)FFFrN)r)rr
r�__doc__�object�_CapabilityRule__CapabilityAllr�	rule_namer�classmethodr+r1r9r<r?rGrK�
__classcell__rrr&rrs"�



	rc@seZdZdZdd�ZdS)�CapabilityRulesetz:Class to handle and store a collection of capability rulescCsdS)zcReturn the next possible glob. For capability rules, that's always "capability," (all capabilities)zcapability,r)r#�path_or_rulerrr�get_glob�szCapabilityRuleset.get_globN)rr
rrLrTrrrrrR�srR)r.�apparmor.regexr�apparmor.commonrrr�
apparmor.rulerrrr	�apparmor.translationsr
r,rrRrrrr�<module>sy
@ Telegram