diff options
Diffstat (limited to 'rainbow/permissions/permlist.py')
-rw-r--r-- | rainbow/permissions/permlist.py | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/rainbow/permissions/permlist.py b/rainbow/permissions/permlist.py new file mode 100644 index 0000000..897beca --- /dev/null +++ b/rainbow/permissions/permlist.py @@ -0,0 +1,94 @@ +DOMAINS = {'network': ('via', 'to', 'port', 'rate', 'burst', 'connection-rate', + 'transfer-limit', 'bind-port'), + 'constant-uid': (), + 'strace': (), + 'use-audio': (), + 'use-video': (), + 'use-serial': (), + 'play-background-sound': (), + 'quota': ('limit'), + 'lim_nofile': ('@NUM@'), + 'lim_mem': ('@NUM@'), + 'lim_nproc': ('@NUM@'), + 'lim_fsize': ('@NUM@'), + 'document_read_ro': ('type') + } + +class PermissionSet(object): + def __init__(self, fp=None): + self._permissions = {} + self._network_permissions = [] + + for line in fp: + line = line.lower().strip() + if not line or line.startswith('#'): + continue + + fields = line.split() + if not fields[0] in DOMAINS: + print "Unknown permissions domain: [%s]" % fields[0] + continue + + for field in fields[1:]: + if '@NUM@' in DOMAINS[fields[0]]: + try: + float(fields[1]) + except: + print "Expecting numeric value in domain [%s] (%s)" % (fields[0], fields[1]) + continue + else: + key, value = field.split(':') + if not key in DOMAINS[fields[0]]: + print "Unknown flag [%s] in domain [%s]" % (key, fields[0]) + continue + + if fields[0] == 'network': + self._network_permissions.append(fields[1:]) + else: + self._permissions[fields[0]] = fields[1:] or True + + def has_permission(self, domain, key=None, value=None): + "Fails for network, since it doesn't make sense to query those perms" + if domain not in self._permissions: + return False + elif key and value: + for permission in self._permissions[domain]: + this_key, these_values = permission.split(':') + if not key == this_key: + continue + these_values = these_values.split(',') + if value in these_values: + return True + return self._permissions[domain] == True + + def permission_params(self, domain): + if domain not in self._permissions: + return None + return(self._permissions[domain]) + + +if __name__ == '__main__': + import cStringIO as stringio + from pprint import pprint + + perms = """ + network via:ipv4,ipv6 to:pgp.mit.edu,laptop.org port:80 rate:100Kb/s burst:1Mb + network via:ipv4 port:25 connection-rate:10/min transfer-limit:8Mb/hr + network via:ipv6 bind-port:1400 + + # Comment + use-microphone + use-camera + + # Comment, yay + play-background-sound + + document_read_ro type:text/plain + + quota limit:15Mb + """ + + permfp = stringio.StringIO(perms) + permset = PermissionSet(permfp) + pprint(permset._permissions) + pprint(permset._network_permissions) |