1 # Copyright 2014-2015, Tresys Technology, LLC 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 import logging 20 import re 21 22 from .descriptors import CriteriaDescriptor 23 from .mixins import MatchContext 24 from .query import PolicyQuery 25 from .util import match_regex 26 27 28 class GenfsconQuery(MatchContext, PolicyQuery): 29 30 """ 31 Query genfscon statements. 32 33 Parameter: 34 policy The policy to query. 35 36 Keyword Parameters/Class attributes: 37 fs The criteria to match the file system type. 38 fs_regex If true, regular expression matching 39 will be used on the file system type. 40 path The criteria to match the path. 41 path_regex If true, regular expression matching 42 will be used on the path. 43 user The criteria to match the context's user. 44 user_regex If true, regular expression matching 45 will be used on the user. 46 role The criteria to match the context's role. 47 role_regex If true, regular expression matching 48 will be used on the role. 49 type_ The criteria to match the context's type. 50 type_regex If true, regular expression matching 51 will be used on the type. 52 range_ The criteria to match the context's range. 53 range_subset If true, the criteria will match if it is a subset 54 of the context's range. 55 range_overlap If true, the criteria will match if it overlaps 56 any of the context's range. 57 range_superset If true, the criteria will match if it is a superset 58 of the context's range. 59 range_proper If true, use proper superset/subset operations. 60 No effect if not using set operations. 61 """ 62 63 filetype = None 64 fs = CriteriaDescriptor("fs_regex") 65 fs_regex = False 66 path = CriteriaDescriptor("path_regex") 67 path_regex = False 68 69 def __init__(self, policy, **kwargs): 70 super(GenfsconQuery, self).__init__(policy, **kwargs) 71 self.log = logging.getLogger(__name__) 72 73 def results(self): 74 """Generator which yields all matching genfscons.""" 75 self.log.info("Generating genfscon results from {0.policy}".format(self)) 76 self.log.debug("FS: {0.fs!r}, regex: {0.fs_regex}".format(self)) 77 self.log.debug("Path: {0.path!r}, regex: {0.path_regex}".format(self)) 78 self.log.debug("Filetype: {0.filetype!r}".format(self)) 79 self._match_context_debug(self.log) 80 81 for genfs in self.policy.genfscons(): 82 if self.fs and not match_regex( 83 genfs.fs, 84 self.fs, 85 self.fs_regex): 86 continue 87 88 if self.path and not match_regex( 89 genfs.path, 90 self.path, 91 self.path_regex): 92 continue 93 94 if self.filetype and not self.filetype == genfs.filetype: 95 continue 96 97 if not self._match_context(genfs.context): 98 continue 99 100 yield genfs 101
