1 # Copyright 2014-2015, Tresys Technology, LLC 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 import logging 20 21 from . import mixins, query 22 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor 23 24 25 class MLSRuleQuery(mixins.MatchObjClass, query.PolicyQuery): 26 27 """ 28 Query MLS rules. 29 30 Parameter: 31 policy The policy to query. 32 33 Keyword Parameters/Class attributes: 34 ruletype The list of rule type(s) to match. 35 source The name of the source type/attribute to match. 36 source_regex If true, regular expression matching will 37 be used on the source type/attribute. 38 target The name of the target type/attribute to match. 39 target_regex If true, regular expression matching will 40 be used on the target type/attribute. 41 tclass The object class(es) to match. 42 tclass_regex If true, use a regular expression for 43 matching the rule's object class. 44 """ 45 46 ruletype = CriteriaSetDescriptor(lookup_function="validate_mls_ruletype") 47 source = CriteriaDescriptor("source_regex", "lookup_type_or_attr") 48 source_regex = False 49 target = CriteriaDescriptor("target_regex", "lookup_type_or_attr") 50 target_regex = False 51 tclass = CriteriaSetDescriptor("tclass_regex", "lookup_class") 52 tclass_regex = False 53 default = CriteriaDescriptor(lookup_function="lookup_range") 54 default_overlap = False 55 default_subset = False 56 default_superset = False 57 default_proper = False 58 59 def results(self): 60 """Generator which yields all matching MLS rules.""" 61 self.log.info("Generating results from {0.policy}".format(self)) 62 self.log.debug("Ruletypes: {0.ruletype}".format(self)) 63 self.log.debug("Source: {0.source!r}, regex: {0.source_regex}".format(self)) 64 self.log.debug("Target: {0.target!r}, regex: {0.target_regex}".format(self)) 65 self.log.debug("Class: {0.tclass!r}, regex: {0.tclass_regex}".format(self)) 66 self.log.debug("Default: {0.default!r}, overlap: {0.default_overlap}, " 67 "subset: {0.default_subset}, superset: {0.default_superset}, " 68 "proper: {0.default_proper}".format(self)) 69 70 for rule in self.policy.mlsrules(): 71 # 72 # Matching on rule type 73 # 74 if self.ruletype: 75 if rule.ruletype not in self.ruletype: 76 continue 77 78 # 79 # Matching on source type 80 # 81 if self.source and not self._match_regex( 82 rule.source, 83 self.source, 84 self.source_regex): 85 continue 86 87 # 88 # Matching on target type 89 # 90 if self.target and not self._match_regex( 91 rule.target, 92 self.target, 93 self.target_regex): 94 continue 95 96 # 97 # Matching on object class 98 # 99 if not self._match_object_class(rule): 100 continue 101 102 # 103 # Matching on range 104 # 105 if self.default and not self._match_range( 106 rule.default, 107 self.default, 108 self.default_subset, 109 self.default_overlap, 110 self.default_superset, 111 self.default_proper): 112 continue 113 114 # if we get here, we have matched all available criteria 115 yield rule 116
