1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2006 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
"""
This module provides knowledge object classes and permissions. It should
be used to keep this knowledge from leaking into the more generic parts of
the policy generation.
"""
# Objects that can be implicitly typed - these objects do
# not _have_ to be implicitly typed (e.g., sockets can be
# explicitly labeled), but they often are.
#
# File is in this list for /proc/self
#
# This list is useful when dealing with rules that have a
# type (or param) used as both a subject and object. For
# example:
#
# allow httpd_t httpd_t : socket read;
#
# This rule makes sense because the socket was (presumably) created
# by a process with the type httpd_t.
implicitly_typed_objects = ["socket", "fd", "process", "file", "lnk_file", "fifo_file",
"dbus", "capability", "unix_stream_socket"]
#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
#
#Information Flow
#
# All of the permissions in SELinux can be described in terms of
# information flow. For example, a read of a file is a flow of
# information from that file to the process reading. Viewing
# permissions in these terms can be used to model a varity of
# security properties.
#
# Here we have some infrastructure for understanding permissions
# in terms of information flow
#
#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
# Information flow deals with information either flowing from a subject
# to and object ("write") or to a subject from an object ("read"). Read
# or write is described from the subject point-of-view. It is also possible
# for a permission to represent both a read and write (though the flow is
# typical asymettric in terms of bandwidth). It is also possible for
# permission to not flow information (meaning that the result is pure
# side-effect).
#
# The following constants are for representing the directionality
# of information flow.
FLOW_NONE = 0
FLOW_READ = 1
FLOW_WRITE = 2
FLOW_BOTH = FLOW_READ | FLOW_WRITE
# These are used by the parser and for nice disply of the directions
str_to_dir = { "n" : FLOW_NONE, "r" : FLOW_READ, "w" : FLOW_WRITE, "b" : FLOW_BOTH }
dir_to_str = { FLOW_NONE : "n", FLOW_READ : "r", FLOW_WRITE : "w", FLOW_BOTH : "b" }
class PermMap:
"""A mapping between a permission and its information flow properties.
PermMap represents the information flow properties of a single permission
including the direction (read, write, etc.) and an abstract representation
of the bandwidth of the flow (weight).
"""
def __init__(self, perm, dir, weight):
self.perm = perm
self.dir = dir
self.weight = weight
def __repr__(self):
return "<sepolgen.objectmodel.PermMap %s %s %d>" % (self.perm,
dir_to_str[self.dir],
self.weight)
class PermMappings:
"""The information flow properties of a set of object classes and permissions.
PermMappings maps one or more classes and permissions to their PermMap objects
describing their information flow charecteristics.
"""
def __init__(self):
self.classes = { }
self.default_weight = 5
self.default_dir = FLOW_BOTH
def from_file(self, fd):
"""Read the permission mappings from a file. This reads the format used
by Apol in the setools suite.
"""
# This parsing is deliberitely picky and bails at the least error. It
# is assumed that the permission map file will be shipped as part
# of sepolgen and not user modified, so this is a reasonable design
# choice. If user supplied permission mappings are needed the parser
# should be made a little more robust and give better error messages.
cur = None
for line in fd:
fields = line.split()
if len(fields) == 0 or len(fields) == 1 or fields[0] == "#":
continue
if fields[0] == "class":
c = fields[1]
if c in self.classes:
raise ValueError("duplicate class in perm map")
self.classes[c] = { }
cur = self.classes[c]
else:
if len(fields) != 3:
raise ValueError("error in object classs permissions")
if cur is None:
raise ValueError("permission outside of class")
pm = PermMap(fields[0], str_to_dir[fields[1]], int(fields[2]))
cur[pm.perm] = pm
def get(self, obj, perm):
"""Get the permission map for the object permission.
Returns:
PermMap representing the permission
Raises:
KeyError if the object or permission is not defined
"""
return self.classes[obj][perm]
def getdefault(self, obj, perm):
"""Get the permission map for the object permission or a default.
getdefault is the same as get except that a default PermMap is
returned if the object class or permission is not defined. The
default is FLOW_BOTH with a weight of 5.
"""
try:
pm = self.classes[obj][perm]
except KeyError:
return PermMap(perm, self.default_dir, self.default_weight)
return pm
def getdefault_direction(self, obj, perms):
dir = FLOW_NONE
for perm in perms:
pm = self.getdefault(obj, perm)
dir = dir | pm.dir
return dir
def getdefault_distance(self, obj, perms):
total = 0
for perm in perms:
pm = self.getdefault(obj, perm)
total += pm.weight
return total
|
