o

%`b�)�@s\dd
lZdd
l
Z
dd
lmZ
dd
lmZ
ddlm	Z	m
Z

ddlmZ
e�Z
Gdd�d�Zd
S)�N)�	user_perm�cmd)
�init_translationc@s|eZ
dZd
d�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�ZdS)�aa_toolscCs|tj
|jd
�

|
|_|j|_|��
d|_|j|_|
dvr#|j	|_	dS|
dkr2|j
|_
t��|_dS|
dkr<|j|_dSdS)N)
�
profiledir)
�audit�autodep�	cleanprof)
�apparmor�init_aa�dir�name�program�	profiling�check_profile_dir�silent�	do_reload�remove�force�check_for_apparmor�
aa_mountpoint)�self�	tool_name�args�r�0/usr/lib/python3/dist-packages/apparmor/tools.py�__init__s










�zaa_tools.__init__c

Cstt
j�
s
t
�d
t
j�
�
dS)Nz%Cannot write to profile directory: %s)rr
�profile_dir�AppArmorException)
rrrrr,s


�zaa_tools.check_profile_dirc
cs
�|jD]�}
|
s	qd
}d
}t
j�|
�
s|
�d�
r9t�|
�
��}t
j�tj	|g�
tj	kr0d
}|}nT|}t�
|d�}nKt�|
�
}|d
u
rNt�|�
}t�
|d�}n6t
j�t
j�tj	|
��
rjd
}t�t
j�tj	|
��
��}nd|
v
rzt
�td�
d|
i
�

n	t
�td�
|
�

q||fV
qd
S)z6Iterator function to walk the list of arguments passedN�
/T��Can't find %(program)s in the system path list. If the name of the application
is correct, please run 'which %(program)s' as a user with correct PATH
environment set up in order to find the fully-qualified path and
use the full path as parameter.r�0%s does not exist, please double-check the path.)r�os�path�exists�
startswithr
�
get_full_path�strip�commonprefixr�$get_profile_filename_from_attachment�which�join�aaui�UI_Info�
_)r�
pr�profile�fq_pathr*rrr�get_next_to_profile0s4�



















�zaa_tools.get_next_to_profilec
Cs�t�
�
|��D]`\}
}|
dur|}
|
rtj�|
�
s=t�|
�
s=|
r/|
�d
�
s/t�	t
d�
d�}
nt�t
d�
|
�

t�
d�

|
rJt�|
�
rJ|�|
�

qd
|
v
rZt�t
d�
d|
i
�

qt�t
d�
|
�

t�
d�

qdS)NrzaThe given program cannot be found, please try with the fully qualified path name of the program: �r!�
r r)r
�
read_profilesr2r"r#r$�profile_existsr%r,�UI_GetStringr.r-�sys�exit�
clean_profile�rrr0rrr�
cleanprof_actRs 








�zaa_tools.cleanprof_actc
Cs~t�
�
|��D]4\}
}|
dur|n
|
}tj�|�
rt�|�
r)t�t	d
�
|�

qt�t	d�
|�

|�
|�

|�|�

qdS)N�"Profile for %s not found, skippingz
Disabling %s.)r
r5r2r"r#�isfile�is_skippable_filer,r-r.�disable_profile�unload_profile�rrr0�output_namerrr�cmd_disableks




�zaa_tools.cmd_disablec
C�nt�
�
|��D],\}
}|
dur|n
|
}tj�|�
rt�|�
r)t�t	d
�
|�

qt�
||
�
|�|�

qdS�Nr=)r
r5r2r"r#r>r?r,r-r.�set_enforce�reload_profilerBrrr�cmd_enforce{�


�zaa_tools.cmd_enforcec
CrErF)r
r5r2r"r#r>r?r,r-r.�set_complainrHrBrrr�cmd_complain�rJzaa_tools.cmd_complainc
Cs�t�
�
|��D]d\}
}|
dur|n
|
}tj�|�
rt�|�
r)t�t	d
�
|�

q|j
s6t�t	d�
|�

n	t�t	d�
|�

t�||
d|j
�
dtjtj�
|�
f}tj�|�
rgt�t	d�
tj�
|�
�

|�|�

qdS)Nr=zSetting %s to audit mode.zRemoving audit mode from %s.rz
%s/disable/%szQ
Warning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.)r
r5r2r"r#r>r?r,r-r.r�change_profile_flagsr�basenamer$rH)rrr0rC�disable_linkrrr�	cmd_audit�s





�zaa_tools.cmd_auditc
Cs�t�
�
t��
|��D]9\}
}|
st�td
�
|�

qt�|
�

tj	�
t�|
d��
r8|js8t�td�
|
�

qt�
|
�

|jrEt�|
�

qdS)NzYPlease pass an application to generate a profile for, not a profile itself - skipping %s.Tz)Profile for %s already exists - skipping.)r
r5�loadincludesr2r,r-r.�check_qualifiersr"r#r$r)rrr�reloadr;rrr�cmd_autodep�s










��zaa_tools.cmd_autodepcCsF
t�
|
d
�}ddlm}
|�|�
}|�d
||�}|�|
�
}t�t	d�
|�

d
tj
|
<|r�|js�t��}d|_
t	d�
|
|d�|_gd�
|_d|_g|_d|_d	}d}	|d
kr�|��\}}	|d
krmt�|
d
�
|�|�

n|dkr�t�tj|
|
dd
i
�}
tj||
d
d�
|d
ksWdSdSt�|
d
�
|�|�

dSt�t	d
�
|
�
�
)NTr
z
Deleted %s rules.zChanged Local ProfileszZThe local profile for %(program)s in file %(file)s was changed. Would you like to save it?)r�file)�CMD_SAVE_CHANGES�CMD_VIEW_CHANGES�	CMD_ABORTrWr3rV�
is_attachment)
�commentsz5The profile for %s does not exists. Nothing to clean.)r
r)�apparmor.cleanprofile�cleanprofile�Prof�	CleanProf�remove_duplicate_rulesr,r-r.�changedr�PromptQuestion�title�explanation�	functions�default�options�selected�
promptUser�write_profile_ui_feedbackrH�serialize_profile�aa�
UI_Changesr)rr�filenamer\�profr	�deleted�
q�ans�arg�
newprofilerrrr:�s<



























�

zaa_tools.clean_profilecC�t�
d
|
�
dS�N�disable)r
�delete_symlink�rrmrrr�enable_profile��
zaa_tools.enable_profilecCrtru)r
�create_symlinkrxrrrr@�rzzaa_tools.disable_profilecC�F|jsdSt
tjd
tjdtjd|
g�
}|ddkr!t�|d�
�
dS)N�-I%s�--basez-Rr
r4�rrr
�parserrr�rr0�cmd_inforrrrA�s


�zaa_tools.unload_profilecCr|)Nr}r~z-rr
r4rr�rrrrH�s


�zaa_tools.reload_profileN)�__name__�
__module__�__qualname__rrr2r<rDrIrLrPrTr:ryr@rArHrrrrrs
"#
r)r"r8�apparmor.aarkr
�apparmor.ui�uir,�apparmor.commonrr�apparmor.translationsrr.rrrrr�<module>
s