From 8f505a5a5c0855decd5182080769f6398ccc4d06 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Jolliton?= Date: Sun, 29 Oct 2006 12:38:30 +0000 Subject: [PATCH] Added access to effective ACL rights. --- rsbac/acl.py | 2 +- rsbac/objects.py | 40 +++++++++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/rsbac/acl.py b/rsbac/acl.py index 8a5d72b..bf1f467 100644 --- a/rsbac/acl.py +++ b/rsbac/acl.py @@ -437,7 +437,7 @@ class EffectiveAclByName( AclBase ) : def __iter__( self ) : return ( n[ 0 ] for n in self.__list() ) def __getitem__( self , subject ) : - return getEffectiveAclRightsByName( self.target , subject ) , False + return getAclRightsByName( self.target , subject , True ) , False #--[ Group ]------------------------------------------------------------------ diff --git a/rsbac/objects.py b/rsbac/objects.py index 05deb7b..e65ba6b 100644 --- a/rsbac/objects.py +++ b/rsbac/objects.py @@ -339,7 +339,7 @@ class FDBase( ObjectWithAttributes ) : """Base class for FD hierarchy. """ - __slots__ = ( '_id' , 'acl' ) + __slots__ = ( '_id' , 'acl' , 'eff_acl' ) type = headers.T_FD def __new__( cls , id ) : if id is None : @@ -357,6 +357,7 @@ class FDBase( ObjectWithAttributes ) : raise TypeError , 'Invalid id %r' % ( id , ) self._id = id self.acl = acl.AclByName( self ) + self.eff_acl = acl.EffectiveAclByName( self ) def __eq__( self , other ) : return self is other or ( isinstance( other , FDBase ) and self.type == other.type @@ -399,7 +400,7 @@ class DeviceBase( ObjectWithAttributes ) : type = headers.T_DEV # Needed for RcTypeDict class BlockDeviceBase( DeviceBase ) : - __slots__ = ( '_dev' , '_id' , 'acl' ) + __slots__ = ( '_dev' , '_id' , 'acl' , 'eff_acl' ) def __init__( self , major , minor = None ) : super( BlockDeviceBase , self ).__init__() self._dev = ( major , minor ) @@ -413,6 +414,7 @@ class BlockDeviceBase( DeviceBase ) : id.dev.major = major self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __eq__( self , other ) : return self is other or ( isinstance( other , BlockDeviceBase ) and self._dev == other._dev ) @@ -428,7 +430,7 @@ BlockDevice = buildObjectClass( 'BlockDevice' , headers.T_DEV , False ) class CharacterDeviceBase( DeviceBase ) : - __slots__ = ( '_dev' , '_id' , 'acl' ) + __slots__ = ( '_dev' , '_id' , 'acl' , 'eff_acl' ) def __init__( self , major , minor = None ) : super( CharacterDeviceBase , self ).__init__() self._dev = ( major , minor ) @@ -442,6 +444,7 @@ class CharacterDeviceBase( DeviceBase ) : id.dev.major = major self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __eq__( self , other ) : return self is other or ( isinstance( other , CharacterDeviceBase ) and self._dev == other._dev ) @@ -474,7 +477,7 @@ _g_pseudoUsers = { } class UserBase( ObjectWithAttributes ) : - __slots__ = ( 'uid' , '_id' , 'acl' ) + __slots__ = ( 'uid' , '_id' , 'acl' , 'eff_acl' ) def __new__( cls , user ) : user = _nuser( user ) if user < 0 : @@ -501,6 +504,7 @@ class UserBase( ObjectWithAttributes ) : self.uid = uid self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __int__( self ) : return int( self.uid ) def __long__( self ) : @@ -536,7 +540,7 @@ _g_pseudoGroups = { } class GroupBase( ObjectWithAttributes ) : - __slots__ = ( 'gid' , '_id' , 'acl' ) + __slots__ = ( 'gid' , '_id' , 'acl' , 'eff_acl' ) def __new__( cls , group ) : group = _ngroup( group ) if group < 0 : @@ -563,6 +567,7 @@ class GroupBase( ObjectWithAttributes ) : self.gid = gid self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __int__( self ) : return int( self.gid ) def __long__( self ) : @@ -581,7 +586,7 @@ Group = buildObjectClass( 'Group' , ( GroupBase , ) , headers.T_GROUP , False ) #--[ Process ]---------------------------------------------------------------- class ProcessBase( ObjectWithAttributes ) : - __slots__ = ( 'pid' , '_id' , 'acl' ) + __slots__ = ( 'pid' , '_id' , 'acl' , 'eff_acl' ) def __init__( self , process ) : super( ProcessBase , self ).__init__() id = headers.rsbac_target_id_t() @@ -589,6 +594,7 @@ class ProcessBase( ObjectWithAttributes ) : self.pid = process self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __int__( self ) : return int( self.pid ) def __long__( self ) : @@ -607,7 +613,7 @@ Process = buildObjectClass( 'Process' , ( ProcessBase , ) , headers.T_PROCESS , #--[ IPC ]-------------------------------------------------------------------- class IpcBase( ObjectWithAttributes ) : - __slots__ = ( '_id' , 'id' , 'acl' ) + __slots__ = ( '_id' , 'id' , 'acl' , 'eff_acl' ) ipc = headers.I_none def __init__( self , ipcId ) : super( IpcBase , self ).__init__() @@ -617,6 +623,7 @@ class IpcBase( ObjectWithAttributes ) : self._id = byref( id ) self.id = ipcId self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __int__( self ) : return int( self.id ) def __long__( self ) : @@ -658,7 +665,7 @@ class IpcAnonUnix( Ipc ) : g_scd = {} class Scd( Object ) : - __slots__ = ( '_id' , 'id' , 'name' , 'acl' ) + __slots__ = ( '_id' , 'id' , 'name' , 'acl' , 'eff_acl' ) type = headers.T_SCD def __new__( cls , target , *args , **kwargs ) : instance = g_scd.get( target ) @@ -675,6 +682,7 @@ class Scd( Object ) : self.id = target self.name = name self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def getRcType( self ) : return Type( self.type , self.id ) rc_type = property( getRcType ) @@ -689,7 +697,7 @@ class Scd( Object ) : _g_networkObject = None class NetworkObject( Object ) : - __slots__ = ( '_id' , 'acl' ) + __slots__ = ( '_id' , 'acl' , 'eff_acl' ) type = headers.T_NETOBJ def __new__( cls ) : global _g_networkObject @@ -706,6 +714,7 @@ class NetworkObject( Object ) : id.netobj.remote_len = 0 self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __repr__( self ) : return '' @@ -719,7 +728,7 @@ def getAllNetworkDevice() : return sorted( map( byteArrayToString , arr ) ) class NetworkDeviceBase( ObjectWithAttributes ) : - __slots__ = ( '_name' , '_id' , 'acl' ) + __slots__ = ( '_name' , '_id' , 'acl' , 'eff_acl' ) def __init__( self , name ) : super( NetworkDeviceBase , self ).__init__() id = headers.rsbac_target_id_t() @@ -727,6 +736,7 @@ class NetworkDeviceBase( ObjectWithAttributes ) : self._name = name self._id = byref( id ) self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __eq__( self , other ) : return self is other or ( isinstance( other , NetworkDeviceBase ) and self._name == other._name ) @@ -844,7 +854,7 @@ def copyNetworkTemplate( source , dest ) : return NetworkTemplate( dest ) class _NetworkTemplateSelf( object ) : - __slots__ = ( '_id' , 'nt' , 'acl' ) + __slots__ = ( '_id' , 'nt' , 'acl' , 'eff_acl' ) type = headers.T_NETTEMP_NT def __init__( self , nt ) : id = headers.rsbac_target_id_t() @@ -852,11 +862,12 @@ class _NetworkTemplateSelf( object ) : self._id = byref( id ) self.nt = nt self.acl = acl.AclById( self ) + self.eff_acl = acl.EffectiveAclById( self ) def __repr__( self ) : return '' % self.nt class NetworkTemplateBase( ObjectWithAttributes ) : - __slots__ = ( '_id' , 'nt' , 'acl' , 'selfAcl' ) + __slots__ = ( '_id' , 'nt' , 'acl' , 'eff_acl' , 'selfAcl' , 'eff_selfAcl' ) def __init__( self , nt ) : super( NetworkTemplateBase , self ).__init__() id = headers.rsbac_target_id_t() @@ -864,7 +875,10 @@ class NetworkTemplateBase( ObjectWithAttributes ) : self._id = byref( id ) self.nt = nt self.acl = acl.AclById( self ) - self.selfAcl = acl.AclById( _NetworkTemplateSelf( nt ) ) + self.eff_acl = acl.EffectiveAclByName( self ) + ntSelf = _NetworkTemplateSelf( nt ) + self.selfAcl = acl.AclById( ntSelf ) + self.eff_SelfAcl = acl.EffectiveAclById( ntSelf ) def __repr__( self ) : try : name = `self.getName()` -- 2.11.0