????
Your IP : 18.222.226.10
a
q�qe��@s�ddlZddlZddlmZmZddlmZmZddlm Z ddl
mZmZddl
mZmZddlmZdd lmZGd
d�deee�ZdS)�N)�Iterable�Set�)�CriteriaDescriptor�CriteriaSetDescriptor)�ConstraintUseError)�
MatchObjClass�MatchPermission)�
AnyConstraint�ConstraintRuletype)�PolicyQuery)�match_in_setcs�eZdZUdZeed�Zedd�ZdZ e
ed<edd�ZdZ
e
ed<dZe
ed <ed
d�ZdZe
ed
<dZe
ed<d
d��fdd�Zdd�Zeed�dd�Z�ZS)�ConstraintQuerya�
Query constraint rules, (mls)constrain/(mls)validatetrans.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
perms The permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
role The name of the role to match in the
constraint expression.
role_indirect If true, members of an attribute will be
matched rather than the attribute itself.
role_regex If true, regular expression matching will
be used on the role.
type_ The name of the type/attribute to match in the
constraint expression.
type_indirect If true, members of an attribute will be
matched rather than the attribute itself.
type_regex If true, regular expression matching will
be used on the type/attribute.
user The name of the user to match in the
constraint expression.
user_regex If true, regular expression matching will
be used on the user.
)�
enum_class�
user_regexZlookup_userF�
role_regexZlookup_roleT�
role_indirect�
type_regexZlookup_type_or_attr�
type_indirectN)�returncs(tt|�j|fi|��t�t�|_dS)N)�superr�__init__�loggingZ getLogger�__name__�log)�self�policy�kwargs�� __class__��=/usr/lib64/python3.9/site-packages/setools/constraintquery.pyrAszConstraintQuery.__init__cCs4|r$t�}|D]}|�|���qn|}t|||�S)ay
Match roles/types/users in a constraint expression,
optionally by expanding the contents of attributes.
Parameters:
expr The expression to match.
criteria The criteria to match.
indirect If attributes in the expression should be expanded.
regex If regular expression matching should be used.
)�set�update�expandr
)r�exprZcriteriaZindirectZregex�obj�itemr r r!�_match_exprEszConstraintQuery._match_exprc csB|j�d�|��|j�d�|��|�|j�|�|j�|j�d�|��|j�d�|��|j�d�|��|j��D]�}|jr�|j|jvr�q||� |�s�q|z|�
|�s�Wq|Wnty�Yq|Yn0|jr�|�
|jj|j|j|j�s�q||j�r|�
|jj|j|j|j��sq||j�r6|�
|jj|jd|j��s6q||Vq|dS)z6Generator which yields all matching constraints rules.z-Generating constraint results from {0.policy}zRuletypes: {0.ruletype}z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}FN)r�info�format�debugZ_match_object_class_debugZ_match_perms_debugr�constraints�ruletypeZ_match_object_classZ_match_permsr�roler(Z
expressionZrolesrr�type_�typesrr�userZusersr)r�cr r r!�resultsZsP
���zConstraintQuery.results)r�
__module__�__qualname__�__doc__rrr-rr1r�bool�__annotations__r.rrr/rrrr(rr
r3�
__classcell__r r rr!rs
$
r)r�re�typingrrZdescriptorsrr� exceptionrZmixinsrr Z policyrepr
r�queryr�utilr
rr r r r!�<module>s