????
Your IP : 18.188.195.92
a
����q�qe�������������������������@���s����d�d�l�Z�d�d�l�Z�d�d�l�m�Z�m�Z���d�d�l�m�Z�m�Z���d�d�l�m Z ��d�d�l
m�Z�m�Z���d�d�l
m�Z�m�Z���d�d�l�m�Z���d�d l�m�Z���G�d
d���d�e�e�e���Z�d�S�)������N)���Iterable��Set�����)���CriteriaDescriptor��CriteriaSetDescriptor)���ConstraintUseError)��
MatchObjClass��MatchPermission)��
AnyConstraint��ConstraintRuletype)���PolicyQuery)���match_in_setc������������������������s����e�Z�d�Z�U�d�Z�e�e�d���Z�e�d�d���Z�d�Z e
e�d�<�e�d�d���Z�d�Z
e
e�d�<�d�Z�e
e�d <�e�d
d���Z�d�Z�e
e�d
<�d�Z�e
e�d�<�d
d�����f�d�d���Z�d�d���Z�e�e���d���d�d���Z�����Z�S�)���ConstraintQuerya����
Query constraint rules, (mls)constrain/(mls)validatetrans.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
perms The permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
role The name of the role to match in the
constraint expression.
role_indirect If true, members of an attribute will be
matched rather than the attribute itself.
role_regex If true, regular expression matching will
be used on the role.
type_ The name of the type/attribute to match in the
constraint expression.
type_indirect If true, members of an attribute will be
matched rather than the attribute itself.
type_regex If true, regular expression matching will
be used on the type/attribute.
user The name of the user to match in the
constraint expression.
user_regex If true, regular expression matching will
be used on the user.
)��
enum_class�
user_regexZ�lookup_userF�
role_regexZ�lookup_roleT�
role_indirect�
type_regexZ�lookup_type_or_attr�
type_indirectN)���returnc������������������������s(���t�t�|���j�|�f�i�|�������t���t���|�_�d�S�)�N)���superr������__init__��loggingZ getLogger��__name__��log)���self��policy��kwargs��� __class__���=/usr/lib64/python3.9/site-packages/setools/constraintquery.pyr����A���s��������z�ConstraintQuery.__init__c��������������������C���s4���|�r$t���}�|�D�]�}�|���|���������q�n�|�}�t�|�|�|���S�)�ay���
Match roles/types/users in a constraint expression,
optionally by expanding the contents of attributes.
Parameters:
expr The expression to match.
criteria The criteria to match.
indirect If attributes in the expression should be expanded.
regex If regular expression matching should be used.
)���set��update��expandr
���)�r������exprZ�criteriaZ�indirectZ�regex��obj��itemr ���r ���r!�����_match_exprE���s����������������z�ConstraintQuery._match_exprc���������������� ���c���sB���|�j���d���|�������|�j���d���|�������|���|�j�����|���|�j�����|�j���d���|�������|�j���d���|�������|�j���d���|�������|�j�����D�]�}�|�j�r�|�j�|�j�v�r�q||�� |���s�q|z�|��
|���s�W�q|W�n���t�y�������Y�q|Y�n�0�|�j�r�|��
|�j�j�|�j�|�j�|�j���s�q||�j���r�|��
|�j�j�|�j�|�j�|�j�����s�q||�j���r6|��
|�j�j�|�j�d�|�j�����s6q||�V���q|d�S�)�z6Generator which yields all matching constraints rules.z-Generating constraint results from {0.policy}z�Ruletypes: {0.ruletype}z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}FN)�r������info��format��debugZ�_match_object_class_debugZ�_match_perms_debugr������constraints��ruletypeZ�_match_object_classZ�_match_permsr������roler(���Z
expressionZ�rolesr����r������type_��typesr����r������userZ�usersr����)�r������cr ���r ���r!�����resultsZ���sP���������������������������
�����
�����
�
�����������������������������������������z�ConstraintQuery.results)�r�����
__module__��__qualname__��__doc__r����r����r-���r����r1���r������bool��__annotations__r.���r����r����r/���r����r����r����r(���r����r
���r3����
__classcell__r ���r ���r����r!���r��������s����
��$
�
���
�����
���������r����)�r������re��typingr����r����Z�descriptorsr����r����� exceptionr����Z�mixinsr����r ���Z policyrepr
���r������queryr������utilr
���r����r ���r ���r ���r!�����<module>����s����������������������