| Şuanki Dizin: /lib64/python3.9/site-packages/setools/__pycache__/ |
| Şuanki Dosya : //lib64/python3.9/site-packages/setools/__pycache__/constraintquery.cpython-39.pyc |
a
q�qe��@s�ddlZddlZddlmZmZddlmZmZddlm Z ddl
m
Z
m
Z
ddl
mZmZddlmZdd lmZGd
d
�d
e
e
e�ZdS)
�N)�Iterable�Set�)�CriteriaDescriptor�CriteriaSetDescriptor)�ConstraintUseError)�
MatchObjClass�MatchPermission)�
AnyConstraint�ConstraintRuletype)�
PolicyQuery)�
match_in_setcs�eZdZUdZeed�Zedd�ZdZ e
e
d<edd�Z
dZ
e
e
d<dZe
e
d <ed
d
�ZdZe
e
d
<dZe
e
d
<d
d��fdd�
Zdd�Zeed�dd�Z�ZS)�ConstraintQuerya�
Query constraint rules, (mls)constrain/(mls)validatetrans.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
perms The permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
role The name of the role to match in the
constraint expression.
role_indirect If true, members of an attribute will be
matched rather than the attribute itself.
role_regex If true, regular expression matching will
be used on the role.
type_ The name of the type/attribute to match in the
constraint expression.
type_indirect If true, members of an attribute will be
matched rather than the attribute itself.
type_regex If true, regular expression matching will
be used on the type/attribute.
user The name of the user to match in the
constraint expression.
user_regex If true, regular expression matching will
be used on the user.
)�
enum_class�
user_regexZ
lookup_userF�
role_regexZ
lookup_roleT�
role_indirect�
type_regexZlookup_type_or_attr�
type_indirectN)�returnc
s(tt|�j|fi|��t�t�|_dS)N)�superr�__init__�loggingZ getLogger�__name__�log)�self�policy�kwargs�� __class__��=/usr/lib64/python3.9/site-packages/setools/constraintquery.pyrAszConstraintQuery.__init__cCs4|r$t�}|D]}|�|���qn|}t|||�S)ay
Match roles/types/users in a constraint expression,
optionally by expanding the contents of attributes.
Parameters:
expr The expression to match.
criteria The criteria to match.
indirect If attributes in the expression should be expanded.
regex If regular expression matching should be used.
)�set�update�expandr
)r�exprZcriteriaZindirectZregex�obj�itemr r r!�
_match_exprEs
zConstraintQuery._match_exprc csB|j�d�|��|j�d�|��|�|j�|�|j�|j�d�|��|j�d�|��|j�d�|��|j��D]�}|jr�|j|jvr�q||� |�s�q|z|�
|�s�Wq|Wnt
y�Yq|Yn0|j
r�|�
|jj|j
|j|j�s�q||j�r|�
|jj|j|j|j��sq||j�r6|�
|jj|jd|j��s6q||Vq|dS)z6Generator which yields all matching constraints rules.z-Generating constraint results from {0.policy}zRuletypes: {0.ruletype}z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}FN)r�info�format�debugZ_match_object_class_debugZ_match_perms_debugr
�
constraints�ruletypeZ_match_object_classZ
_match_permsr�roler(Z
expressionZrolesrr�type_�typesrr�userZusersr)r�cr r r!�resultsZsP
�
�
�zConstraintQuery.results)r�
__module__�
__qualname__�__doc__rr
r-rr1r�bool�__annotations__r.rrr/rrrr(rr
r3�
__classcell__r r r
r!rs
$
r)r�re�typingrrZ
descriptorsrr� exceptionrZmixinsrr Z policyrepr
r
�queryr
�utilr
rr r r r!�<module>s
Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4