1 # Copyright 2014-2015, Tresys Technology, LLC 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 import logging 20 import re 21 22 from . import contextquery 23 from .descriptors import CriteriaDescriptor 24 25 26 class GenfsconQuery(contextquery.ContextQuery): 27 28 """ 29 Query genfscon statements. 30 31 Parameter: 32 policy The policy to query. 33 34 Keyword Parameters/Class attributes: 35 fs The criteria to match the file system type. 36 fs_regex If true, regular expression matching 37 will be used on the file system type. 38 path The criteria to match the path. 39 path_regex If true, regular expression matching 40 will be used on the path. 41 user The criteria to match the context's user. 42 user_regex If true, regular expression matching 43 will be used on the user. 44 role The criteria to match the context's role. 45 role_regex If true, regular expression matching 46 will be used on the role. 47 type_ The criteria to match the context's type. 48 type_regex If true, regular expression matching 49 will be used on the type. 50 range_ The criteria to match the context's range. 51 range_subset If true, the criteria will match if it is a subset 52 of the context's range. 53 range_overlap If true, the criteria will match if it overlaps 54 any of the context's range. 55 range_superset If true, the criteria will match if it is a superset 56 of the context's range. 57 range_proper If true, use proper superset/subset operations. 58 No effect if not using set operations. 59 """ 60 61 filetype = None 62 fs = CriteriaDescriptor("fs_regex") 63 fs_regex = False 64 path = CriteriaDescriptor("path_regex") 65 path_regex = False 66 67 def results(self): 68 """Generator which yields all matching genfscons.""" 69 self.log.info("Generating results from {0.policy}".format(self)) 70 self.log.debug("FS: {0.fs!r}, regex: {0.fs_regex}".format(self)) 71 self.log.debug("Path: {0.path!r}, regex: {0.path_regex}".format(self)) 72 self.log.debug("Filetype: {0.filetype!r}".format(self)) 73 self.log.debug("User: {0.user!r}, regex: {0.user_regex}".format(self)) 74 self.log.debug("Role: {0.role!r}, regex: {0.role_regex}".format(self)) 75 self.log.debug("Type: {0.type_!r}, regex: {0.type_regex}".format(self)) 76 self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, " 77 "superset: {0.range_superset}, proper: {0.range_proper}".format(self)) 78 79 for genfs in self.policy.genfscons(): 80 if self.fs and not self._match_regex( 81 genfs.fs, 82 self.fs, 83 self.fs_regex): 84 continue 85 86 if self.path and not self._match_regex( 87 genfs.path, 88 self.path, 89 self.path_regex): 90 continue 91 92 if self.filetype and not self.filetype == genfs.filetype: 93 continue 94 95 if not self._match_context(genfs.context): 96 continue 97 98 yield genfs 99