a h@sddlZddlmZmZejeddeddddZz ejZWneyVejZYn0ddlTddl Tddl Z ddl Z Gd d d e ZdS) N)parse_config_setting get_configZgeneralZi18n_text_domainZi18n_locale_dirT)domain localedirfallback)*c@seZdZdZdZdZedZdZdZ ddZ ddZ d d Z d d Z d dZddZddZdd Z d ddZddZddZddZddZdS)!Plugina Each plugin object recognizes one or more access denials and presents a description of the denial to the user. Optionally, the plugin can provide a suggestion for allowing the access to the user. There are four user visible strings that are part of each Plugin subclass (some or all of these can be changed by the plugin author): * summary: summary of the denial * problem_description: detailed description of the denial * fix_description: description of how to allow the denied access * fix_cmd: command that can be used to allow the access All of the strings will have a standard set of substitutions performed. Each keyword (proceeded by a '$' will be replace by a string) - see http://docs.python.org/lib/node109.html for more information. The keywords are: * $SOURCE_TYPE - type for the source of the avc (usually the process performing the operation). * $TARGET_TYPE - type for the target of the avc (the type of the object). * $SOURCE_PATH - source of the executable (from the exe or comm field of the exe). A full path is not always available. * $TARGET_PATH - path for the target object. A full path is not always available. * $TARGET_DIR - path of the containing directory for TARGET_PATH. Essentially os.path.dirname($TARGET_PATH) * $TARGET_CLASS - the object class for the target. * $PERMS - the permissions denied. * $SOURCE_PACKAGE - name of the package which contains the executable (from $SOURCE_PATH). * $PORT_NUMBER - the port number for the connection denied. Additional substitutions can be added with set_template_substitutions. You can also optional pass the name for a single boolean which will be used to set the $BOOLEAN substitution into Plugin.__init__. o You can also set the level, of the alert, if the plugin believes discovers a signature of an attack, the level should be set to red * level: Defines the level of the alert ** yellow default ** red Indicates troubleshooter believes machine is being attacked ** green Indicates a configuration issue. Browser will not display Report Bug button ** white Tells the troubleshooter to ignore the AVC zdIf you want to allow $SOURCE_BASE_PATH to have $ACCESS access on the $TARGET_BASE_PATH $TARGET_CLASSz No defaultcCs2tdd||_d|_d|_d|_d|_d|_dS)Nz ^plugins\.r ZyellowF)resub analysis_idprioritylevelZfixableZ button_textZ report_bug)selfnamer9/usr/lib/python3.9/site-packages/setroubleshoot/Plugin.py__init__`s zPlugin.__init__cCsdSNrrargsrrr init_argshszPlugin.init_argscCs|jSr)problem_descriptionravcrrrrget_problem_descriptionkszPlugin.get_problem_descriptioncCs|jSrif_textrrrr get_if_textnszPlugin.get_if_textcCs|jSr) then_textrrrr get_then_textqszPlugin.get_then_textcCs|jSr)do_textrrrr get_do_texttszPlugin.get_do_textcCs|jSr)Zfix_cmdrrrr get_fix_cmdwszPlugin.get_fix_cmdcCs|jSrrrrrrrzsrcCs t|j|S)zC Report a denial and solution to the fault server. )ZSEPluginr rrrrreport}sz Plugin.reportcCsdS)NFr)rrrrranalyzeszPlugin.analyzecCs ||_dSrr)rrrrr set_priorityszPlugin.set_prioritycCs|jSrr')rrrr get_priorityszPlugin.get_prioritycCs*|ddd}tjd|r&|SdS)N_rZ_selinuxz/usr/share/man/man8/%s.8.gzr )splitospathisfile)rrZman_pagerrr check_for_manszPlugin.check_for_manN)r)__name__ __module__ __qualname____doc__Zsummaryrr*rr r"rrrrr!r#r$r%r&r(r)r/rrrrr,s&- r)gettextZsetroubleshoot.configrr translationZugettextr*AttributeErrorZsetroubleshoot.signatureZsetroubleshoot.utilZos.pathr,r objectrrrrrs