RIFFò  WEBPVP8X
      Ç  Ç  ALPH¡  ðÇÿÿz)ñÿÝÏçëœ†NaéØµ¨EÊ.ÖÌ±–²•nìî–ØÀãmwwwHÝ5óŠûçuÎœaëý~Âˆ˜ ~óÿoþÿÍÿÿeW|û×a®øVæƒÀâÕèí_„£:]ñŒ\Ëç i›V­‹Û¦6Ø¿Ã·i]ì65°b%Ã™±ymnûiåòòååU]^^¾|Å‡d±ŽöO®ZV¾¼¼êË—/_ñV_\Ñn’´áP\ŽQòªªu<î_€ñ°ªóÃ +Š£ý*mß®'°OßÊ$Œ‹¾C_ÕÀýóÃ}¥Q¥Ç¹QjEZú;\Q<=×)‰ô©ž?U(QÑcýÒø_ñ¸ªóó,V¤Þ›r^Ë·Û6U„éq¾(Lß¡÷Àþù9º½¾eÃÆÔ;R*7lLÝ°ùóqkcA×«À$OÑ`ÿl‡ö©š^®X¡lÚ©}j‡RŒ¢m*Ã;÷µ—^~ùåW^\ $%ùø…W^~ùå—_½«/ÿ"^¨H¡î¦@G5½ž£ÀKIJõ ¿å˜óAÞÁœ‚ ðÎà‚ p)ÎAx«’9Aà½+ séF+V¨d\º‘kÎ¹ÞUæåz®Î÷#°\ç¼‘×¹*˜§@çÓ¹Î“×æ<:Ÿ/¿gTÊt<…zOÞ/¯¹BúâÉï€æûž{ÑÅCö®Þ
ñÀïú»äÂ‹ïRÎF»³Fij÷zñ%§ïžÁ,Ÿyðö¿ð¢/9b÷ZàÜÎàÐª÷Y#/Y¶G]ðÕE±<üé¡EÛ$iów7uËcŽ’“_²I’âUŸ]ÙãÌ’Vœ
&}»Q’Ö½Xšƒ6£ß_±]’âµßÜÐ|õ9è>áÕ¥•»îûiÍqÿž–s$)ŠÂXÒšóÁ¥˜qè‡’…Q(IÛînDÀþR†ZßjÏ$ÅaKºŒtS.IQ…’´}ú.øê2º>¸E’¢ŠÊÊXÒ‚ø O÷Ÿ•„q¢DI…Ò`€Á)ŽâX’’8
¥‡qÜ­ŠDI¬»~Pe'R‡Ò<àiú¬Eq"II…Ò/½ñÕãØm™…¡$…QT©5ÀítžN‹T™Hq”(Ž¥(ÖH<à˜$…’”DaKŠ´iOx@‘$ÅR…Q¢ÜPwÁá¨ýŽÂX’â0ŒII¥VíŽ¯Ï]ÚF’âMvH‰*ô<ØNfØóª+5–"méŽÇs„IR¬Ü8R¢­ýavš’(‘¤$'‰u:ãNU$’’X’’D’*ôI]\õÌR…´ãÅÉƒ:¶ësÛ6%‰âð;™§L‘¤X¯¸÷‹K¡faŽúß+”¤Xúòå7VHÉ-i	÷ç‰¥¯_ú V"I¡Æy–I‰´äÕW~bI
5_=ý×iþ´½©#”(ÔÍ;›‘}''ÑŽ# öÞ¨X±V´!ÃùŠ$)Ö¼cê@—‹¾‘t)._¢í–Âé[•HŠôIÇ
%%Òµ­ ÑõŠ%Åšß«Œ=7¼÷.C­/Gz!Àv*Ï€J¤PÃyï¹O‘’Dƒñþ¥”X›þHjÝ“&lXž$ÖÅà`¶BI±æ·†®kKŠt;˜Á™JI‰TøÀ9A–Æú¶æv¦€QŠ$Å:›Þ—p¶b)Ô•ÐnµI‘f83ïÉµ|‘¾«O`Ã§,éƒKJ´±33OæE’BÝ„¯\ñFÞ;r~m´“ÓS¤_¿øú«¯¾þb±”3ŽR¢”3	È5x(ä	0<§*IYÜ&+’éZà¸9%ÒsV-Þ€m»uÌÑÇò¢¢X+šãv&ƒ¹yò'I’Tê!’’(9Ÿ’ž/Ô\,§¬ ÛRBÍÁ Fæy¿Wþ8ñÉ/,Sj¢X«ZìlþÙ*åÆš*N©Ü¿¨BG˜™ç/ø´y¾®_-ŽÎs+•›¤H±V6ßÙ˜›gûæ-›·lÞ²yóæÍ›¶ýÚ†§(Ña;M¸)ÏÃXÚÅyÞ/­Ï•Ä’´yÓæM•)-v.Œé)‘¦6ëÒ1µSçÎÝšpŠ’œHg¤˜÷ÞªkjJ¤7k`€ãæ<O9¬h†½ I¬5÷=®SÇÎÍR˜ì|cRBÍ¢pïè]©$e6ÞÈµj:I±¤D«Û€Ã¿“êV<EóôÜ®$Ö¯=I¿çÂ³¥)Öæ>8ïØõŒ!Íð4™§XR¬­À€ìAçîÕÔubI‘n38NJ$Å:™ xG)V¤ñd¼wÞûÅ;Ÿ£ôsE’býxPð­O{h­ô~<3JR¬…‡—@³³Þ‘t.¾Z<)””(šXJŽ/W,)Ò/M±ê8Aqi CçuJªòZQ®ª
žJR¬øËÿþÒjII¤ó)¡×VÅ’KŸþmÎ"I¡~nBÕN+$Ãþ±bI‰4ï¡¿"Å’j<žê8T‰"ÝàAEªÊëE¹&O”Ç¨õ®*%)RjÆI¥îÁ;îSEŽbåÆQkMw˜]•²|íñÆLUJR+7–¤J}VWŽ–‹'Š/ h:K‰rš§lÌy­(W¤HI¿4<¿_¦ŠXREQKŠwèÒœFŸ¨2–¤$Š¢XR¨U]á”(ß©ù:áŒo*Œ$)Ž¢(‘”ThÅx
©H¡îËƒãfU$‰ôìèsî\¤ÜX+[òjNW¥¤X›vÅ¥àé1O
£D©IIóÚàð´þ@
c¥'Q˜è	3îS¥¤
ÍÀg€âDŠ´°OÓç¥(J”šÄ¡´¨/žÂÆ*R¥fRÿ#UF‰ÒxCq¬òæ9=Öå¼YÇ.¿(Œ£H³0òz~7»BREQœHÚúÔn8ÀS÷ŽJIqÅq,)z°9IaIƒð`ÔýZaEú+ðd&®‘”ÄQÅ’*f·ÅS…SG¡&æÃÑöm)‰*Ã(ÖöSUQ¡ŸëbŽVåª¬Ð¸*áÙûGIz´1.zßóM¤ÔÕo\µ'8r=ôŸù­Ò+>¹kpÀèJIÛ&` Ž>ßJÒóÍRðÐþê÷·)5ùvÆÞà)Ü(}RÒ{qyðÔõr·<Ù—=~•t$-ë^Ë¦;Äpêõ:~ÊøÉ—ØÅŽtgÐ¤wÙ´ñ'Û½.àÀ`Ï¦]Ø4Œ'O™pDGªy¨±× I'L9åMÀU5jœtÙÐF:h°ïE“&Ÿ±xÚ™v 4ud'ŒbzR…›wè½‘ß¼£@ïÀ¹ÎH÷¤:ò{OÎUwä:
6O^0r\GqwÎU7ïs>pFUÍ{çœóÞÈï½óžwÎ›÷Î9ç½Q\óÎ;ªjÞ;ç=€óÎ“×;ïøÏÓù÷-ÏŒAË¶mþ½o[+ÇÑúëK–þ;¿dåáx€L×Ýwû7¿.–óŸ ¸ ›-ÉfK2Îè‚lIIÖ;Ÿ×á«ìÌ§‚w¾ÀLI6[’Í–dœ/¢Ãùâº ›Í–d³Ù¬w¾:ÎWÝ8o F~£@Gª‘×—RuOê€&Å4Ò­Ô(®±“Zm£êŽ½:cä:™6fä¹cÆLˆås”–M{ XŠçÈ¬ ÏŸ4ÆŽß´¾ã&yî˜1“b9Xš§÷Û±b8Ú;öü‹ÇN8¯V<Çïßi‰«Š§ó†3ò¾÷²¢û®¹ë88:¼÷ùÜ§æ?Ùç}à†/Ê˜¼÷¬{ýr&æœóÞ§½ëò¢û®¹ûp2Þ;Çn76ÆÌ{ï­Ý8ï½wÞ{ËévË7nøìŠÛ.k@àà¼÷†wÞ{|.×µÇ;ï}Ž÷Þ9Gýw¯ÅÞ`Àá¿Ô!ÕÀÀxúI åì>@–³Ì f€‘k€ƒá‡áTËþôK]òf9d]c¹^Ò,Ç‘k¤À;Éëpl8 Gß¥í Ì0ÒM Ý Ërò¢6Ðe\)œP†u~>™  GfÜ£wv‚?ÿì‚ñ»B¯Ñ§?ü÷ƒÙ}l–Úº¦3ô¶ÛôGŽÀ —åäEmÉRkÜÜ;»rÂ›kæ^]§þÅÞ0²,ÇÑüÖ9ãjRrI÷¡O\Ý,ûñÕdesfôÆ³Û½sF×ð£÷ºà±Ëëã8ð¯Ÿjô_Þö›ýÐ©`œüèÝ‡÷dX2ûÞ;gJmðœ´°¹®ÌygÆýû`d^ørÒã¿îÍ°_h¸á¾¢&wÎ¿ú®…»Ÿ´6Sãµo&?¹´çW>sÕôõ‡àÏ‰‹ZAÍ¿ŸúØòÞ˜¹bÒ±uæ~zí½åqØ²f˜£ã·OOüðAêþôóôI?=†ÿèJ®ŸwÅ}?õç%Mùê†’åî¶ìïpæšW-½‹þË;rÖê;®Yx=L]sãÍ/%e|q'ÍÿûÔïÿVØaó:ÀÌ9ŽFYðí'×ã¼%õà‘—2‡3bÀæîÐ>{ê|ÎYVæ¾ÂYÛºÃó6¬¼<ð6,n@¶-0{.ƒ–5Ã9þ>øn ?> }×wÁ§||%ôYÖ¦Ìåó» V»:ïƒ#Ö¶È.}7wÛcuËÒÅB¿ÝZ­?éXÞ¾Šõ óÂ:´°üõ1ÌpÐvð]åoÚ#s©IÙ’LÙ|,9ÎžÏ”OËÀYóyäQJ9¹œ¡ßÖôL
WÈƒÿE)Ç¯¬qøòŽPcÔ_®ÿáÁOÉ—ïÜ4ýæ­eü4º”÷(èüõ·M¿ñý·Û”@¨·èhè·¬c5Éðó®k÷YÓ	Wë§²Ã—6€†Oã½k`ß{ïxà×zyµ‚Aó;ÀŒÇ0h±þ¨YR“S—•”- áâÃ¡l7|ä|ÆsÖ<{„RNZá‡|[f=Y@k˜ó8µ8neÍAK:Rãåù“Nïá<5ž;läÈ?7­ñÝ¹ÐuÅ^]qÁÅ#Göè¶v %žzÃ€¥íú¬ÎùqD×µú­éˆ/ýñ¬#—44/8w¯§lË_‡]1?Ï‰ó[Â!å­àý‡0Ç.eY Æª£FÌî|³¢NùQpË/œ¸¶9”rÚ<ÆþÜõ!#¾¬ÓŸÈ3x~+5ßÁ-Ÿqøê¦´ÝÑž~„Ã7ÃÁ÷’[úåè²4ß—ÃŸ–×¨»`,P»Þüã¡ßÂÎ¥«NƒŽ{ÿaE‹Æ+N„Îzìº¡/Ôq¼u-=û,®“P¶¾54™÷Ø	wjNNã>ŸxúˆÏÞªQçË½zÕœ·<ËóßŸ2uí‚š¼ðù}Ùý¤µ®Ñ7¯wÃºÃµ°<ø
8m}hüÅÇ_»þ(šÿ0÷°:o½Æ­šË‘››ã=WO|Õ}léÅÐmkÏ<ßß„çáŸÎòæÎ^7íÄgo¬±öØwCw&¯}ÚÿÅÀ-˜´ê‚²o‚K†œÿÊŽøòvÎÞ0þ¢Ï6§8zÝÓ ÏžOxÑù£0uÎ{îõ×'×‡&Óß{vèwk@«û>¾ù¤›j^÷Þ+Cès{	­g¾ûô>pÐ-cèàèyo<-¦¿ûìþxv›óX½æýtüðQt»·>†c¯Çßzú´Læ¶¡é¬v¸®<	O0åÍ×oìG¿þöÍÝ={Ã®Ó[ÂŸ_{{j)íîkg¾ùödŒÿìÙA_œÅe§`CÞ{òÈëRòéæÈu Fº#¿#×Œb:rŒT#ÝQ|#ÕŒÂTéÁï]×õŒÂÍ œáå`ÞaÞÀ9œ3pçÌcœÃy0Ìò˜8‡yÀ9pÎœ3ÌRpç3Àò™æÍ¼ox‡å˜7¼ÞÌ;xâû;o]ô8Ã¼™³<¤`FfFª€€)`C>RÀŒTŒÜ<˜`TT3rÍ  0ƒ4ÌÀh~Ùs/\V#×ŒþÝ6Rÿ]ñ›ÿóÿoþÿ¿. VP8 „  °9 *È È >Q(‘F#¢¡¡$Øèp
	MÜi%’•¼ÒkÃþÁæ½U~£øƒ‹žŽòïäö¿n>óÿ¹{ üûþÜô£ýï÷¾²^`?•ÿeÿÁþ+Ý;üíw¹@çŸã¿û{Qÿ·öþµÿØù'÷¿VŸõ_·?¶ßµ_ÿÏ?¼øö ô ô ìaþÉÛþ=;Šìáý|2‡uî'©ŠJ“¿Ú9å³Â¨Ÿ–_¯ÞbÿÙÅÞ±»Ö7zÆïXÝë½cw¬nõÞ±»Ö!²”\59h'ŠBØÊá·÷¾á|q®ðY:Lš!FÞµÁ“!‘È%Âtà^€/´'£ú}«÷f“´_©¡íX˜Ô…]ñ=óÁS~<€‚¦´g1yb¯í^Féìl€W¤RÑS”õgŸ $ÕËx€’ae	eŸæNŠ—åB.ÙÜÚÏ¶…œò,ûJÓ×ˆÁ„ùµ}u7GË|›ºCôÑÎÏìhf=Vçç¼ð•Ç(¤V½²H4rûg3• [<¡‰@S˜9’Ð´RüH!]èºÐŠÈ…7Q%ÀFn­Ê ëXÅtê¾!Rr6*{äNÝ¥	_a+ì%}„¯°•ö¾ÂWØJû	_a+å  þÿ³´  ‰®¼^&Ö”9Åƒ&t*AwWDD'Î¦%×CÐÓÙc?ùL?¦a¹/[l.ü ÿª(y3Œ›]qhn•éÿ s«ky;A	âŸ£©¯XäÂ¥U§+Á¡¯Þuûø«èó×¡šœÄ†îÿmñã<á®¨”Zã~!¾EùpóÑ«	ýÜ—sbKt¢î.ÃF9˜ZW>æÇ„aËP÷&¹\îq`fÒv—;	—D-žéÈÄûd®ýYt©w%‹BGÍPoÔ}7_¼$|½å¡ëóF¶Œ‘q%ø?„¦Î)t^¿n›5÷+ÒWCð«ªÐXF|CNêäÃO.×÷'{½|Íœ½[žxx˜ÌkG˜DVÓ0í·YÿvBœj<«OàDš¸L$ÈŒYoåHÛÀ³+ûWBoÞÖGƒ»ëfÇ›l¾-Äw5‘éâÐ®UÁ“@¥lÈ¡/;úJPÝôìV 5r£ûfj9¶iéìÌ½o·ØKÊÖ¶ÚKãgÍÜ<ÏIøæ4”×g=¦ Š$é ©ÝµÛ{¨nâß\¹À¡>â€x¹]rªw÷¢Ë±Í|§¯†åöÐ‘ü™Ý€’È7gZ  #‚¹äø6oÖ€Ûˆ/¡ù>ò®UhÜÛ8\d­²¹„ö<•ß­í¶§Ë.‚˜gS±#H+`#Õ’UFŠñß4/7Û³¤´7\‡³:Ræ8f!æ¡äÛÆ*ÌP*
OPü0’ñšL¯Hw°Í¢ßçÂh>q2}Œ+vO “FøÍõ¸ÿxrtŸ×3,â.óÛ|Nˆ¥8œPrˆ£¨ƒK­i#’Í‘SG}%¦+$æ¾‰bËQÈŸã2ÿF_q¼U¶ÍÊ©G’|uÁËZûƒe7~LåÒáÒìK¡».ýÿù®DUž¼ð‘³N'ˆØ..¿M}Ò‘GÿúNö‡«Ý³¸ãiÜþwksàDxåcþÌeß{/¤pk	7«Þƒí	­P*¤P•–ÁÇâ1A ô¡Ö¨Â.I=<b›i¨¨A8)‡íyÙ±×g^NÀ8Å3Ë…g \=ÊØò&Óý¾5åùåNe…þ$Csú÷ÍZºÍ„t¨k™»½¶	jc‡*s›æ%N–/Lº©°‘nÚ\
f£õÇà¯û=AU{Õ·å Õ¥qŸªî¿Û<»ÍA5$ßâ¼X‡}¼§¼ŠN€„7&šì…6ü¬½<!V3ãÂ¸ÿ„ào°—AøbÅúH•­JÍøT^úd×Tñì%á¾„“åî¿âE¤×xQéæk%0§nRÿØ°ÂAÀŒ!“ÚuüãÎ5Á(„¬d6Öð{¤™ÎÌœàÆ¹øHb·#-Ð©Ï
o$Õ¨oW'—±ñþiýZ¶WpÜ£ßÇå0À°Ùõçü¾öÆÑ“Ÿˆ_Yd05»†´&æm_}q‹X@yCw)H÷†?ÊªßK4¡bé¤,ÊJo;Kš”<ËÁ½ºÌðoE‹i†Êëk)/çú6š&b{¬2|…+ø5ö­7æÇ´>Í À#PŠLuVŸ¥1-+$™$•-ƒ?4
At¹ŸÐÁ1ùjS>å²§s}§?«r ÎUµ?Kö>7<D[{u»¸ÆyÚýa©ç-fâÃüGÓ·ámwäÆçPõ >N8ðÙd7Ç=ÏÎI%_B.)tN˜0VUö­à·Ó‡aP'\êˆ±qBŸï˜C!=r°‹_È]ëdô¨a¿‹æ_~ˆ¶¥óÒUu¬4ˆxP²$Äwr)¸Ç®ô&vP-©ÆÔô"•¿A"ËÜzI–þÝÊ¡ŸùÙ¡ÿZ´e<‘ £lþyØ”víÑ¶RWD%6µ‚*¾µvŠú}Uê“ã†^Øë|r5gýúÜ$ÕUÓtÃæœ¹’ÑZdëÖÙ©9Ó¹™¿vÜ’¿-m¡"ôøo¤6íNaZ?ÒÂ¯0ž;¯_„#« $6ÍúB»$n­žÛEyô¿ÊíñCÎ“N‹Ñ}²ÁQi~Í5ÓÒëzÕ“}[foÄQ6Pedñ „z0âé±«¿ýˆ}™’g,ãnÃŸ&aM>œhíj8î9S÷Ío1ãòç¬üMÆxëx]Qe?	F¤Žb–ÑýPB28†eJÈZ•ÓÃÛ^s† jF´¿Yk~4WUj1fx[ÜH“8ª¤™Î £k…ç*­1átÆMÒêæ¥­Ò‡¾¶Ù%Åbo›·¬ZÞl]º;÷’MS®š“ò‹‹Ì0e«ŠBk2LŠÿþù2oÂŠwSÿ@zŽMgÊ”KïÇŠéÖ7=ø<,”ìÌ†UÑd´pg¿œè•\fI9×Z„EE7PW $™Z6â…þ¨¶(ÃÎ0{†kç	ýf‚/@‡â—\¥½7×q'_YgÏÁÐ$Q·±˜II” ë1žf¾ã­jõž»É×¿\Õj¿XìÕì²ñdxiù0}a$¨ßXWæIÑÛIaõÔ¢p¦ß‘°H“I"àHÓM6"—¸d»o‰JoUvíô®síB¢š4
Â)†ZlEá“c•ËØr=Ý¢ì$ï/:ÂyßX†4owôQŽÊ–Þ#ò„
a²xÓ¦7½™?$Wï:+§Gmµ)8µ èûÌÉæ¤Ê0BºÍjÿàÛÅ&"ïr¨_Úp*Õ›ìrá£¤F>>ºïe'“à¶q|H‰‹~•Á2®0÷^pSÈx›ÑÓÖñ=Å––_(üwdì¶õÃªÇá0oBG™]‘¢$µ-#÷|YzWrFëŸ< çV?m^Ð¸/J:òÄ5.7c›Å'’~AL®^ˆ[–'ô¡èåuzíòÚÑÀ(C¨eýIý›Ô}¡©<ÐkM2GP$ðÞÊÈÿ·°! ÊdD;úTFr0¢tèv»Ò~™ÚA„ö¿ö:ÚE[hë#Úƒ	Ã‹èN¨ôß–êsÎ…s5úç%·¬¼ÉyüÆV¡*Q1¹Ó;öC¡Úð’d‡2¦GÄø©Bk¥BÊzô=YAº+ºë×Fë}
WÕÖj2mžæ€b_½â+Ÿ*¶˜šúuh&Ç2^Óçè¼°Ú¼Ð]»œcòè,Î	hüŠK“â˜m8ë¤êj)	Á}÷(iwqVËÆqCÜ1[,ƒB;-IwÐ{‘´r}FS.ä~¹«BKo$‚ª³	3"Ù½ç5íŒÐgÝ© ý!§DšáŸ	ò—ôÅþ‘R	{+Kë¡öXµ	B (òÑa)þ$õz_CX	¡G…hšt”v”Èã>Ëç’ÿMËØîK!×x.ŠË|u²>\Õ•>sÌb–†TÅKB(O£ŠÁG¹›sÿ{h+ý¿ïg©Aà£tW×&¾ß§?‘6·±<«1Ê‹ƒyEÛèŠÙ 2Šq¶|5²÷?À­º*•£¬“¦‹­Ÿ_ÚóFÓ’Ú»–ÕwÈ
ø
åÄ™S:Ì½b¤%¿“‚h,Ñr„Ç*ÑùÓA»Ï&›0¿Ü;  @2j+²Š¿rþtÉe¯Î       EXIFº   Exif  II*                V       ^   (              i‡    f       H      H            0210‘           0100     ÿÿ       È        È       XMP Û   <?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Go XMP SDK 1.0"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"></rdf:RDF></x:xmpmeta>
<?xpacket end="w"?> a
    zf÷;  ã                   @   sÌ   d Z ddlZddlZddlmZ zddlT W n   Y n0 ddlmZ ddlmZ ddlm	Z	 ddlm
Z
 dd	lmZ dd
lmZ dZdZdZG dd„ dƒZdefdd„Zdd„ ZG dd„ dƒZdd„ ZdS )z>
classes and algorithms for the generation of SELinux policy.
é    N)Ú*é   )Ú	refpolicy)Úobjectmodel)Úaccess)Ú
interfaces)Úmatching)Úutilé   c                   @   s„   e Zd ZdZddd„Zd dd„Zd!dd	„Zefd
d„Zdd„ Z	dd„ Z
dd„ Zd"dd„Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ ZdS )#ÚPolicyGeneratoraý  Generate a reference policy module from access vectors.

    PolicyGenerator generates a new reference policy module
    or updates an existing module based on requested access
    in the form of access vectors.

    It generates allow rules and optionally module require
    statements, reference policy interfaces, and extended
    permission access vector rules. By default only allow rules
    are generated. The methods .set_gen_refpol, .set_gen_requires
    and .set_gen_xperms turns on interface generation,
    requires generation, and xperms rules generation respectively.

    PolicyGenerator can also optionally add comments explaining
    why a particular access was allowed based on the audit
    messages that generated the access. The access vectors
    passed in must have the .audit_msgs field set correctly
    and .explain set to SHORT|LONG_EXPLANATION to enable this
    feature.

    The module created by PolicyGenerator can be passed to
    output.ModuleWriter to output a text representation.
    Nc                 C   s>   d| _ t| _d| _|r|| _n
t ¡ | _d| _d| _d| _	dS )zøInitialize a PolicyGenerator with an optional
        existing module.

        If the module parameter is not None then access
        will be added to the passed in module. Otherwise
        a new reference policy module will be created.
        NF)
ÚifgenÚNO_EXPLANATIONÚexplainÚgen_requiresÚmoduler   ZModuleÚ	dontauditÚxpermsÚdomains)Úselfr   © r   ú6/usr/lib/python3.9/site-packages/sepolgen/policygen.pyÚ__init__E   s    
zPolicyGenerator.__init__c                 C   s*   |rt ||ƒ| _d| _nd| _|  ¡  dS )a?  Set whether reference policy interfaces are generated.

        To turn on interface generation pass in an interface set
        to use for interface generation. To turn off interface
        generation pass in None.

        If interface generation is enabled requires generation
        will also be enabled.
        TN)ÚInterfaceGeneratorr   r   Ú"_PolicyGenerator__set_module_style)r   Zif_setÚ	perm_mapsr   r   r   Úset_gen_refpolY   s
    
zPolicyGenerator.set_gen_refpolTc                 C   s
   || _ dS )a&  Set whether module requires are generated.

        Passing in true will turn on requires generation and
        False will disable generation. If requires generation is
        disabled interface generation will also be disabled and
        can only be re-enabled via .set_gen_refpol.
        N)r   )r   Ústatusr   r   r   Úset_gen_requiresk   s    z PolicyGenerator.set_gen_requiresc                 C   s
   || _ dS )z)Set whether access is explained.
        N)r   )r   r   r   r   r   Úset_gen_explainu   s    zPolicyGenerator.set_gen_explainc                 C   s
   || _ d S ©N)r   )r   r   r   r   r   Úset_gen_dontauditz   s    z!PolicyGenerator.set_gen_dontauditc                 C   s
   || _ dS )zSSet whether extended permission access vector rules
        are generated.
        N)r   )r   r   r   r   r   Úset_gen_xperms}   s    zPolicyGenerator.set_gen_xpermsc                 C   s*   | j rd}nd}| j ¡ D ]
}||_qd S )NTF)r   r   Úmodule_declarationsr   )r   r   Úmodr   r   r   Z__set_module_styleƒ   s
    z"PolicyGenerator.__set_module_styleú1.0c                 C   sX   d}| j  ¡ D ]}|}q|s4t ¡ }| j j d|¡ ||_||_| jrNd|_nd|_dS )z?Set the name of the module and optionally the version.
        Nr   TF)	r   r"   r   ZModuleDeclarationÚchildrenÚinsertÚnameÚversionr   )r   r'   r(   Úmr#   r   r   r   Úset_module_name‹   s    zPolicyGenerator.set_module_namec                 C   s   | j rt | jƒ | jS r   )r   r   )r   r   r   r   Ú
get_moduleœ   s    
zPolicyGenerator.get_modulec              	   C   sn  t  |¡}| jr|j|_d|_| jr>tt  t	|| jd¡ƒ|_|j
tjkrl| jd7  _|jrl| jd7  _|j
tjkr†| jd7  _|j
tjkrât|jƒdkrÆ| jdd d	d
„ |jD ƒ¡ 7  _n| jd|jd d  7  _|j
tjkrL| jd7  _| jd7  _| jd|jd  7  _|jdd… D ]}| jd| 7  _q2z |j
tjkrLd|jv rLd|jv s‚d|jv rL| js ttddd d | _g }dd
„ ttgt|jt|jt|jiƒD ƒD ]}|| jvrÌ| |¡ qÌt|ƒdkr| jd|j|jd |¡f 7  _n0t|ƒdkrL| jd|j|jd |¡f 7  _W n   Y n0 | jj  |¡ dS )z Add access vector rule.
        Ú )Ú	verbosityz0
#!!!! This avc is allowed in the current policyzN
#!!!! This av rule may have been overridden by an extended permission av rulez:
#!!!! This avc has a dontaudit rule in the current policyr   zH
#!!!! This avc can be allowed using one of the these booleans:
#     %sz, c                 S   s   g | ]}|d  ‘qS )r   r   ©Ú.0Úxr   r   r   Ú
<listcomp>º   ó    z1PolicyGenerator.__add_av_rule.<locals>.<listcomp>z5
#!!!! This avc can be allowed using the boolean '%s'r   zŽ
#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.z
#Constraint rule: z
#	Nz?
#	Possible cause is the source %s and target %s are different.ÚwriteÚdirÚopenÚdomain)r'   Útypesc                 S   s   g | ]}|t  ‘qS r   )ZTCONTEXTr.   r   r   r   r1   Í   r2   zL
#!!!! The source type '%s' can write to a '%s' of the following type:
# %s
zM
#!!!! The source type '%s' can write to a '%s' of the following types:
# %s
)!r   ZAVRuler   Z	DONTAUDITÚ	rule_typeÚcommentr   ÚstrÚCommentÚexplain_accessÚtypeÚ	audit2whyZALLOWr   ZBOOLEANÚlenÚdataÚjoinZ
CONSTRAINTZTERULEÚpermsÚ	obj_classr   ZseinfoZ	ATTRIBUTEZsesearchZSCONTEXTÚsrc_typeZCLASSZPERMSÚappendr   r%   )r   ÚavZruleÚreasonr7   Úir   r   r   Z__add_av_rule¤   sV    
&ÿþþ,$&zPolicyGenerator.__add_av_rulec                 C   s<   |j  ¡ D ],}t ||¡}| jr(|j|_| jj 	|¡ q
dS )z5Add extended permission access vector rules.
        N)
r   Úkeysr   Z	AVExtRuler   ZDONTAUDITXPERMr8   r   r%   rE   )r   rF   ÚopZextruler   r   r   Z__add_ext_av_rulesÙ   s
    z"PolicyGenerator.__add_ext_av_rulesc                 C   s\   | j r*| j  || j¡\}}| jj |¡ n|}|D ]$}|  |¡ | jr2|jr2|  |¡ q2dS )zJAdd the access from the access vector set to this
        module.
        N)	r   Úgenr   r   r%   ÚextendÚ_PolicyGenerator__add_av_ruler   Ú"_PolicyGenerator__add_ext_av_rules)r   Zav_setZ	raw_allowÚifcallsrF   r   r   r   Ú
add_accessä   s    	
zPolicyGenerator.add_accessc                 C   s   |D ]}| j j |¡ qd S r   )r   r%   rE   )r   Zrole_type_setÚ	role_typer   r   r   Úadd_role_typesù   s    zPolicyGenerator.add_role_types)N)NN)T)r$   )Ú__name__Ú
__module__Ú__qualname__Ú__doc__r   r   r   ÚSHORT_EXPLANATIONr   r    r!   r   r*   r+   rM   rN   rP   rR   r   r   r   r   r   -   s   




5r   c              	      s  g ‰‡ ‡fdd„}|t kr´| jD ]Š}ˆ d|j ¡ ˆ dt|jƒt|jƒf ¡ ˆ d|jt 	|j
¡f ¡ ˆ d|j|j|jf ¡ ˆ tjd|j d d	d
dd¡ q |ƒ  nb|rˆ d| j| j| j| j ¡ f ¡ t| jƒdkr| jd }ˆ d|j|j|jf ¡ |ƒ  ˆS )aª  Explain why a policy statement was generated.

    Return a string containing a text explanation of
    why a policy statement was generated. The string is
    commented and wrapped and can be directly inserted
    into a policy.

    Params:
      av - access vector representing the access. Should
       have .audit_msgs set appropriately.
      verbosity - the amount of explanation provided. Should
       be set to NO_EXPLANATION, SHORT_EXPLANATION, or
       LONG_EXPLANATION.
    Returns:
      list of strings - strings explaining the access or an empty
       string if verbosity=NO_EXPLANATION or there is not sufficient
       information to provide an explanation.
    c                     sJ   ˆ sd S ˆ  d¡ ˆ  ¡ D ]*} t| jˆ jƒ}ˆ  d| ¡ | jf ¡ qd S )Nz Interface options:z   %s # [%d])rE   ÚallÚcall_interfaceÚ	interfacerF   Z	to_stringZdist)ÚmatchÚifcall©ÚmlÚsr   r   Úexplain_interfaces  s    
z*explain_access.<locals>.explain_interfacesz %sz  scontext="%s" tcontext="%s"z  class="%s" perms="%s"z  comm="%s" exe="%s" path="%s"z	message="ú"éP   z  z   )Úinitial_indentÚsubsequent_indentz) src="%s" tgt="%s" class="%s", perms="%s"r   z comm="%s" exe="%s" path="%s")ÚLONG_EXPLANATIONZ
audit_msgsrE   Úheaderr:   ZscontextZtcontextZtclassr   Zlist_to_space_strZaccessesZcommZexeÚpathrL   ÚtextwrapÚwrapÚmessagerD   Útgt_typerC   rB   Zto_space_strr?   )rF   r^   r-   r`   Úmsgr   r]   r   r<   ý   s2    
ÿÿÿ
ÿ
r<   c                 C   sØ   g }g }|  | j ¡ ¡ |jdd„ dd t ¡ }| j|_tt	|ƒƒD ]z}|| j
tjkrj|j |j¡ qF|| j
tjkrŠ|j |j¡ qF|| j
tjkrª|j |j¡ qFt|| j
ƒ dsFJ ‚qFt	|jƒdksÔJ ‚|S )Nc                 S   s   | j S r   ©Únum©Zparamr   r   r   Ú<lambda>9  r2   z call_interface.<locals>.<lambda>T©ÚkeyÚreverser   )rL   ÚparamsÚvaluesÚsortr   ZInterfaceCallr'   ZifnameÚranger?   r=   ÚSRC_TYPEÚargsrE   rD   ÚTGT_TYPErk   Ú	OBJ_CLASSrC   Úprint)rZ   rF   rt   ry   r\   rH   r   r   r   rY   4  s"    
rY   c                   @   s.   e Zd Zd
dd„Zdd„ Zdd„ Zdd	„ ZdS )r   Nc                 C   s&   || _ |  |¡ t |¡| _g | _d S r   )ÚifsÚhack_check_ifsr   ZAccessMatcherÚmatcherÚcalls)r   r}   r   r   r   r   r   N  s    
zInterfaceGenerator.__init__c                 C   sŒ   |j  ¡ D ]|}g }| |j ¡ ¡ |jdd„ dd tt|ƒƒD ]D}|d || jkr`d|_ q
|| j	t
jt
jt
jfvr@d|_ q
q@q
d S )Nc                 S   s   | j S r   rm   ro   r   r   r   rp   \  r2   z3InterfaceGenerator.hack_check_ifs.<locals>.<lambda>Trq   r   F)r   ru   rL   rt   rv   rw   r?   rn   Zenabledr=   r   rx   rz   r{   )r   r}   r0   rt   rH   r   r   r   r~   T  s    ÿz!InterfaceGenerator.hack_check_ifsc                 C   s²   |   |¡}g }| jD ]>}t| ¡ j|jƒ}|rDt t|j||ƒ¡|_	| 
||f¡ qg }|D ]L\}}d}	|D ],}
|
 |¡rl|
j	r”|j	r”|
j	 |j	¡ d}	ql|	s\| 
|¡ q\||fS )NFT)r[   r€   rY   ZbestrZ   rF   r   r;   r<   r9   rE   ÚmatchesÚmerge)r   Úavsr-   Úraw_avrO   r^   r\   Údr}   ÚfoundZo_ifcallr   r   r   rK   k  s$    


zInterfaceGenerator.genc                 C   sL   g }|D ]>}t  ¡ }| j | j||¡ t|ƒr<| j |¡ q| |¡ q|S r   )r   Z	MatchListr   Z
search_ifsr}   r?   r€   rE   )r   rƒ   r„   rF   Zansr   r   r   r[   ‚  s    zInterfaceGenerator.match)N)rS   rT   rU   r   r~   rK   r[   r   r   r   r   r   M  s   
r   c                 C   s"   dd„ }|   ¡ D ]}||ƒ qdS )z*Add require statements to the module.
    c                 S   sº   t  ¡ }|  ¡ D ]:}|j |j¡ |j |j¡ |jD ]}| ||j	¡ q6q|  
¡ D ]}|jD ]}|j |¡ q^qT|  ¡ D ] }|j |j¡ |j |j¡ qz|j d¡ | j d|¡ d S )Nr   r   )r   ZRequireZavrulesr7   ÚupdateZ	src_typesZ	tgt_typesZobj_classesZadd_obj_classrB   Zinterface_callsry   ÚaddZ
role_typesZrolesZroleÚdiscardr%   r&   )ÚnodeÚrZavruleÚobjr\   ÚargrQ   r   r   r   Úcollect_requires’  s    

z&gen_requires.<locals>.collect_requiresN)Znodes)r   rŽ   rŠ   r   r   r   r     s    r   )rV   Ú	itertoolsrh   Zselinux.audit2whyr>   Zsetoolsr,   r   r   r   r   r   r	   r   rW   re   r   r<   rY   r   r   r   r   r   r   Ú<module>   s,    Q7B