o

%`b�%�@sx
dd
lZddl
mZmZ
ddlmZmZ
ddlmZm	Z	m
Z
mZmZm
Z

ddlmZ
e�Zgd�
Zgd�
Zdd	gZeeeZgd
�
Ze�d�
Zdd
�e�
dZed
deddeddZdZded
deddeddZe�dedddedddeddd�
Ze�d �
Ze�d!�
Ze�d"�
Z e�d#�
Z!Gd$d%�d%e�Z"Gd&d'�d'e	�Z#d
S)(�N)�RE_PROFILE_SIGNAL�RE_PROFILE_NAME)�AppArmorBug�AppArmorException)�BaseRule�BaseRuleset�check_and_split_list�logprof_value_or_all�parse_modifiers�quote_if_needed)
�init_translation)�receive�
r�read)�send�
w�write�rw�wr)!�hup�int�quit�ill�trap�abrt�bus�fpe�kill�usr1�segv�usr2�pipe�alrm�term�stkflt�chld�cont�stop�stp�ttin�ttou�urg�xcpu�xfsz�vtalrm�prof�winch�io�pwr�sys�emt�existsz#^rtmin\+0*([0-9]|[12][0-9]|3[0-2])$z\s*(�
|z)\s*z\(�
(z(\s|,)+z)*z\)z\s*([a-z0-9+]+|"[a-z0-9+]+")\s*z
set\s*=\s*zset\s*=\s*\(z^(\s+(?P<access>z))?z(?P<signal>z(\s+(z))+z)?z
(\s+(peer=�peerz\s*$zset\s*=\s*\(([^)]*)\)zset\s*=z\((.*)\)z
"([a-z0-9]+)"csxeZ
dZd
ZGdd�de�ZeZdZ		d�f
dd	�	Ze	d
d��
Z
e	dd
��
Zddd�
Zdd�Z
dd�Zdd�Z�ZS)�
SignalRulez.Class to handle and store a single signal rulec
@seZ
dZd
S)zSignalRule.__SignalAllN)�__name__�
__module__�__qualname__�r=r=�6/usr/lib/python3/dist-packages/apparmor/rule/signal.py�__SignalAllEs
r?�signalF�Nc	s�tt
|�j|||||d
�
t|
tt
jdd�\|_|_}	|	r(tt	d�
d�
|	�
�
�
t|tt
jdd�\|_|_
}	|	rP|	D]}
t�|
�
rH|j�|
�

q:tt	d�
|
�
�
|j|dd	|d
�\|_|_dS)N)�audit�deny�
allow_keyword�comment�	log_eventr9�accessz/Passed unknown access keyword to SignalRule: %s�
 r@z/Passed unknown signal keyword to SignalRule: %sr8F)�is_pathrF)�superr9�__init__r�access_keywords�ALLrG�
all_accessr�
_�join�signal_keywordsr@�all_signals�RE_SIGNAL_REALTIME�match�add�_aare_or_allr8�	all_peers)�selfrGr@r8rBrCrDrErF�
unknown_items�item�
�	__class__r=r>rKLs


�






zSignalRule.__init__cCs
t�
|
�
S)
N)r�search)�cls�raw_ruler=r=r>�_matchbs
zSignalRule._matchc	CsJ
|�|
�
}|st
td
�
|
�
�
t|�
\}}}}d}|�d�
r#|�d�
}|r�t�|�
}|s4t
td|�
�
�
|�d�
rW|�d�
}	|	�d�
rN|	�d�
rN|	dd	�}	|	�	d
d��
�}	ntj}	|�d�
r|�d�
}
t
�d
|
�}
t�d|
�}
t�d|
�}
|
�	d
d��
�}
ntj}
|�d�
r�|�d�
}n
tj}n	tj}	tj}
tj}t|	|
|||||d�S)z$parse raw_rule and return SignalRulezInvalid signal rule '%s'rA�detailsz)Invalid or unknown keywords in 'signal %srGr7�
)�
����
,rHr@z\1z \1 r8)rBrCrDrE)r`rrOr
�group�RE_SIGNAL_DETAILSr]�
startswith�endswith�replace�splitr9rM�RE_FILTER_SET_1�sub�RE_FILTER_SET_2�RE_FILTER_QUOTES)r^r_�matchesrBrCrDrE�rule_detailsrarGr@r8r=r=r>�_parsefsB




























�zSignalRule._parser
cCs�d
|
}|jr
d}n"t
|j�
dkrdd�|j�
}n|jr(dd�t|j�
�
}ntd�
�
|jr2d}n"t
|j�
dkrBdd�|j�
}n|jrPd	d�t|j�
�
}ntd
�
�
|jrZd}n|j	rfdt
|j	j�
}ntd�
�
d
||��||||j
fS)z)return rule (in clean/default formatting)z  rArcz %srHz (%s)zEmpty access in signal rulez set=%sz	 set=(%s)zEmpty signal in signal rulez peer=%szEmpty peer in signal rulez%s%ssignal%s%s%s,%s)rN�lenrGrP�sortedrrRr@rWr8r�regex�
modifiers_strrE)rX�depth�spacerGr@r8r=r=r>�	get_clean�s*












zSignalRule.get_cleancCs^|�|j
|j|
j
|
jd
�sdS|�|j|j|
j|
jd�sdS|�|j|j|
j|
jd�s-dSdS)z2check if other_rule is covered by this rule objectrGFr@r8T)�_is_covered_listrGrNr@rR�_is_covered_aarer8rW)rX�
other_ruler=r=r>�is_covered_localvars�s


zSignalRule.is_covered_localvarscCsvt|
�
t
kstd
t|
�
�
�
|j|
jks|j|
jkrdS|j|
jks(|j|
jkr*dS|�|j	|j
|
j	|
j
d�s9dSdS)z,compare if rule-specific variables are equalzPassed non-signal rule: %sFr8T)�typer9r�strrGrNr@rR�_is_equal_aarer8rW)rX�rule_obj�strictr=r=r>�is_equal_localvars�s





zSignalRule.is_equal_localvarsc
CsFt|j
|j�}
t|j|j�}t|j|j�}td
�
|
td�
|td�
|gS)NzAccess mode�Signal�Peer)r	rGrNr@rRr8rWrO)rXrGr@r8r=r=r>�logprof_header_localvars�s




�z#SignalRule.logprof_header_localvars)FFFrAN)
r
)r:r;r<�__doc__�object�_SignalRule__SignalAllrM�	rule_namerK�classmethodr`rrryr}r�r��
__classcell__r=r=r[r>r9@s 

�




/ r9c@seZ
dZd
Zdd�ZdS)�
SignalRulesetz6Class to handle and store a collection of signal rulesc
Csd
S)z[Return the next possible glob. For signal rules, that means removing access, signal or peerzsignal,r=)rX�path_or_ruler=r=r>�get_glob�szSignalRuleset.get_globN)r:r;r<r�r�r=r=r=r>r��s
r�)$�re�apparmor.regexrr�apparmor.commonrr�
apparmor.rulerrrr	r
r�apparmor.translationsrrO�access_keywords_read�access_keywords_write�access_keywords_rwrLrQ�compilerSrP�joint_access_keyword�RE_ACCESS_KEYWORDS�signal_keyword�RE_SIGNAL_KEYWORDSrgrlrn�RE_FILTER_PARENTHESISror9r�r=r=r=r>�<module>
s�
 







��������
���������

�
�����������






%