Home | History | Annotate | Download | only in setools 
      1 # Copyright 2014-2015, Tresys Technology, LLC
      2 #
      3 # This file is part of SETools.
      4 #
      5 # SETools is free software: you can redistribute it and/or modify
      6 # it under the terms of the GNU Lesser General Public License as
      7 # published by the Free Software Foundation, either version 2.1 of
      8 # the License, or (at your option) any later version.
      9 #
     10 # SETools is distributed in the hope that it will be useful,
     11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 # GNU Lesser General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU Lesser General Public
     16 # License along with SETools.  If not, see
     17 # <http://www.gnu.org/licenses/>.
     18 #
     19 import logging
     20 import re
     21 
     22 from .descriptors import CriteriaSetDescriptor
     23 from .mixins import MatchName
     24 from .query import PolicyQuery
     25 from .util import match_regex_or_set
     26 
     27 
     28 class RoleQuery(MatchName, PolicyQuery):
     29 
     30     """
     31     Query SELinux policy roles.
     32 
     33     Parameter:
     34     policy            The policy to query.
     35 
     36     Keyword Parameters/Class attributes:
     37     name         The role name to match.
     38     name_regex   If true, regular expression matching
     39                  will be used on the role names.
     40     types        The type to match.
     41     types_equal  If true, only roles with type sets
     42                  that are equal to the criteria will
     43                  match.  Otherwise, any intersection
     44                  will match.
     45     types_regex  If true, regular expression matching
     46                  will be used on the type names instead
     47                  of set logic.
     48     """
     49 
     50     types = CriteriaSetDescriptor("types_regex", "lookup_type")
     51     types_equal = False
     52     types_regex = False
     53 
     54     def __init__(self, policy, **kwargs):
     55         super(RoleQuery, self).__init__(policy, **kwargs)
     56         self.log = logging.getLogger(__name__)
     57 
     58     def results(self):
     59         """Generator which yields all matching roles."""
     60         self.log.info("Generating role results from {0.policy}".format(self))
     61         self._match_name_debug(self.log)
     62         self.log.debug("Types: {0.types!r}, regex: {0.types_regex}, "
     63                        "eq: {0.types_equal}".format(self))
     64 
     65         for r in self.policy.roles():
     66             if not self._match_name(r):
     67                 continue
     68 
     69             if self.types and not match_regex_or_set(
     70                     set(r.types()),
     71                     self.types,
     72                     self.types_equal,
     73                     self.types_regex):
     74                 continue
     75 
     76             yield r
     77