????
Your IP : 18.222.226.10
a
q�qe����@s�dd�lZdd�l�Z�dd�l�m�Z�m�Z��d�d�l�m�Z�m�Z��d�d�l�m Z �d�d�l
m�Z�m�Z��d�d�l
m�Z�m�Z��d�d�l�m�Z��d�d l�m�Z��Gd
d��d�e�e�e���Z�d�S)��N)���Iterable��Set��)���CriteriaDescriptor��CriteriaSetDescriptor)���ConstraintUseError)��
MatchObjClass��MatchPermission)��
AnyConstraint��ConstraintRuletype)���PolicyQuery)���match_in_setc�s�eZ�dZ�Ud�Z�e�e�d���Z�e�d�d���Z�d�Z e
e�d�<e�d�d���Z�d�Z
e
e�d�<d�Z�e
e�d <e�d
d���Z�d�Z�e
e�d
<d�Z�e
e�d�<d
d����f�d�d���Z�d�d��Z�e�e��d���d�d���Z���Z�S)���ConstraintQuerya��
Query constraint rules, (mls)constrain/(mls)validatetrans.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
perms The permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
role The name of the role to match in the
constraint expression.
role_indirect If true, members of an attribute will be
matched rather than the attribute itself.
role_regex If true, regular expression matching will
be used on the role.
type_ The name of the type/attribute to match in the
constraint expression.
type_indirect If true, members of an attribute will be
matched rather than the attribute itself.
type_regex If true, regular expression matching will
be used on the type/attribute.
user The name of the user to match in the
constraint expression.
user_regex If true, regular expression matching will
be used on the user.
)��
enum_class�
user_regexZ�lookup_userF�
role_regexZ�lookup_roleT�
role_indirect�
type_regexZ�lookup_type_or_attr�
type_indirectN)���returnc����s(tt�|��j�|�f�i|������t���t���|_�dS)�N)���superr���__init__��loggingZ getLogger��__name__��log)���self��policy��kwargs��� __class__��=/usr/lib64/python3.9/site-packages/setools/constraintquery.pyr�As����z�ConstraintQuery.__init__c���Cs4|�r$t�}�|�D]�}�|���|�������q�n�|�}�t�|�|�|���S)�ay�
Match roles/types/users in a constraint expression,
optionally by expanding the contents of attributes.
Parameters:
expr The expression to match.
criteria The criteria to match.
indirect If attributes in the expression should be expanded.
regex If regular expression matching should be used.
)���set��update��expandr
)�r���exprZ�criteriaZ�indirectZ�regex��obj��itemr r r!��_match_exprEs������������z�ConstraintQuery._match_exprc�� csB�|j��d���|�����|j��d���|�����|��|j���|��|j���|j��d���|�����|j��d���|�����|j��d���|�����|j����D]�}�|j�r�|�j�|j�v�r�q||� |���s�q|z�|�
|���s�Wq|Wn��t�y����Yq|Yn�0|j�r�|�
|�j�j�|j�|j�|j���s�q||j���r�|�
|�j�j�|j�|j�|j�����s�q||j���r6|�
|�j�j�|j�d�|j�����s6q||�V�q|d�S)�z6Generator which yields all matching constraints rules.z-Generating constraint results from {0.policy}z�Ruletypes: {0.ruletype}z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}FN)�r���info��format��debugZ�_match_object_class_debugZ�_match_perms_debugr���constraints��ruletypeZ�_match_object_classZ�_match_permsr���roler(Z
expressionZ�rolesr�r���type_��typesr�r���userZ�usersr�)�r���cr r r!��resultsZsP�����������������������
�����
�����
�
�����������������������������������������z�ConstraintQuery.results)�r��
__module__��__qualname__��__doc__r�r�r-r�r1r���bool��__annotations__r.r�r�r/r�r�r�r(r�r
r3�
__classcell__r r r�r!r��s�
��$
�
���
�����
���������r�)�r���re��typingr�r�Z�descriptorsr�r�� exceptionr�Z�mixinsr�r Z policyrepr
r���queryr���utilr
r�r r r r!��<module>�s�������������������