Home | History | Annotate | Download | only in policyrep 
      1 # Copyright 2014, Tresys Technology, LLC
      2 #
      3 # This file is part of SETools.
      4 #
      5 # SETools is free software: you can redistribute it and/or modify
      6 # it under the terms of the GNU Lesser General Public License as
      7 # published by the Free Software Foundation, either version 2.1 of
      8 # the License, or (at your option) any later version.
      9 #
     10 # SETools is distributed in the hope that it will be useful,
     11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 # GNU Lesser General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU Lesser General Public
     16 # License along with SETools.  If not, see
     17 # <http://www.gnu.org/licenses/>.
     18 #
     19 from . import exception
     20 from . import qpol
     21 from . import symbol
     22 from . import typeattr
     23 
     24 
     25 def role_factory(qpol_policy, name):
     26     """Factory function for creating Role objects."""
     27 
     28     if isinstance(name, Role):
     29         assert name.policy == qpol_policy
     30         return name
     31     elif isinstance(name, qpol.qpol_role_t):
     32         return Role(qpol_policy, name)
     33 
     34     try:
     35         return Role(qpol_policy, qpol.qpol_role_t(qpol_policy, str(name)))
     36     except ValueError:
     37         raise exception.InvalidRole("{0} is not a valid role".format(name))
     38 
     39 
     40 class BaseRole(symbol.PolicySymbol):
     41 
     42     """Role/role attribute base class."""
     43 
     44     def expand(self):
     45         raise NotImplementedError
     46 
     47     def types(self):
     48         raise NotImplementedError
     49 
     50 
     51 class Role(BaseRole):
     52 
     53     """A role."""
     54 
     55     def expand(self):
     56         """Generator that expands this into its member roles."""
     57         yield self
     58 
     59     def types(self):
     60         """Generator which yields the role's set of types."""
     61 
     62         for type_ in self.qpol_symbol.type_iter(self.policy):
     63             yield typeattr.type_or_attr_factory(self.policy, type_)
     64 
     65     def statement(self):
     66         types = list(str(t) for t in self.types())
     67         stmt = "role {0}".format(self)
     68         if types:
     69             if (len(types) > 1):
     70                 stmt += " types {{ {0} }}".format(' '.join(types))
     71             else:
     72                 stmt += " types {0}".format(types[0])
     73         stmt += ";"
     74         return stmt
     75 
     76 
     77 class RoleAttribute(BaseRole):
     78 
     79     """A role attribute."""
     80 
     81     pass
     82