PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 131
# Authors: Karl MacMillan # # Copyright (C) 2006 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # """ This module provides knowledge object classes and permissions. It should be used to keep this knowledge from leaking into the more generic parts of the policy generation. """ # Objects that can be implicitly typed - these objects do # not _have_ to be implicitly typed (e.g., sockets can be # explicitly labeled), but they often are. # # File is in this list for /proc/self # # This list is useful when dealing with rules that have a # type (or param) used as both a subject and object. For # example: # # allow httpd_t httpd_t : socket read; # # This rule makes sense because the socket was (presumably) created # by a process with the type httpd_t. implicitly_typed_objects = ["socket", "fd", "process", "file", "lnk_file", "fifo_file", "dbus", "capability", "unix_stream_socket"] #:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: # #Information Flow # # All of the permissions in SELinux can be described in terms of # information flow. For example, a read of a file is a flow of # information from that file to the process reading. Viewing # permissions in these terms can be used to model a variety of # security properties. # # Here we have some infrastructure for understanding permissions # in terms of information flow # #:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: # Information flow deals with information either flowing from a subject # to and object ("write") or to a subject from an object ("read"). Read # or write is described from the subject point-of-view. It is also possible # for a permission to represent both a read and write (though the flow is # typical asymettric in terms of bandwidth). It is also possible for # permission to not flow information (meaning that the result is pure # side-effect). # # The following constants are for representing the directionality # of information flow. FLOW_NONE = 0 FLOW_READ = 1 FLOW_WRITE = 2 FLOW_BOTH = FLOW_READ | FLOW_WRITE # These are used by the parser and for nice display of the directions str_to_dir = { "n" : FLOW_NONE, "r" : FLOW_READ, "w" : FLOW_WRITE, "b" : FLOW_BOTH } dir_to_str = { FLOW_NONE : "n", FLOW_READ : "r", FLOW_WRITE : "w", FLOW_BOTH : "b" } class PermMap: """A mapping between a permission and its information flow properties. PermMap represents the information flow properties of a single permission including the direction (read, write, etc.) and an abstract representation of the bandwidth of the flow (weight). """ def __init__(self, perm, dir, weight): self.perm = perm self.dir = dir self.weight = weight def __repr__(self): return "" % (self.perm, dir_to_str[self.dir], self.weight) class PermMappings: """The information flow properties of a set of object classes and permissions. PermMappings maps one or more classes and permissions to their PermMap objects describing their information flow characteristics. """ def __init__(self): self.classes = { } self.default_weight = 5 self.default_dir = FLOW_BOTH def from_file(self, fd): """Read the permission mappings from a file. This reads the format used by Apol in the setools suite. """ # This parsing is deliberately picky and bails at the least error. It # is assumed that the permission map file will be shipped as part # of sepolgen and not user modified, so this is a reasonable design # choice. If user supplied permission mappings are needed the parser # should be made a little more robust and give better error messages. cur = None for line in fd: fields = line.split() if len(fields) == 0 or len(fields) == 1 or fields[0] == "#": continue if fields[0] == "class": c = fields[1] if c in self.classes: raise ValueError("duplicate class in perm map") self.classes[c] = { } cur = self.classes[c] else: if len(fields) != 3: raise ValueError("error in object class permissions") if cur is None: raise ValueError("permission outside of class") pm = PermMap(fields[0], str_to_dir[fields[1]], int(fields[2])) cur[pm.perm] = pm def get(self, obj, perm): """Get the permission map for the object permission. Returns: PermMap representing the permission Raises: KeyError if the object or permission is not defined """ return self.classes[obj][perm] def getdefault(self, obj, perm): """Get the permission map for the object permission or a default. getdefault is the same as get except that a default PermMap is returned if the object class or permission is not defined. The default is FLOW_BOTH with a weight of 5. """ try: pm = self.classes[obj][perm] except KeyError: return PermMap(perm, self.default_dir, self.default_weight) return pm def getdefault_direction(self, obj, perms): dir = FLOW_NONE for perm in perms: pm = self.getdefault(obj, perm) dir = dir | pm.dir return dir def getdefault_distance(self, obj, perms): total = 0 for perm in perms: pm = self.getdefault(obj, perm) total += pm.weight return total