관리-도구

편집 파일: terulequery.cpython-39.pyc

����q�qe�"����������������������@���s����d�dl�Z�d�dlmZmZmZmZmZ�ddlmZm	Z	�ddl
mZmZ�ddl
mZmZ�ddlmZmZmZmZ�ddlmZmZ�G�d	d
��d
ejeje	j�ZdS�)�����N)�cast�Iterable�Optional�Set�Tuple����)�mixins�query)�CriteriaDescriptor�CriteriaSetDescriptor)�RuleUseError�RuleNotConditional)�	AnyTERule�AVRuleXperm�IoctlSet�
TERuletype)�match_indirect_regex�match_regex_or_setc�����������������������s��e�Zd�ZU�dZeed�Zedd�ZdZ	e
ed<�dZe
ed<�edd�Z
dZe
ed<�dZe
ed	<�ed
d�ZdZe
ed
<�edd�ZdZe
ed<�dZe
ed
<�dZee�ed<�dZe
ed<�eee�d�dd��Zejeeeeef���dd�dd��Zdd���fdd�Zee �d�dd�Z!���Z"S�)�TERuleQueryae
��
    Query the Type Enforcement rules.

Parameter:
    policy            The policy to query.

Keyword Parameters/Class attributes:
    ruletype          The list of rule type(s) to match.
    source            The name of the source type/attribute to match.
    source_indirect   If true, members of an attribute will be
                      matched rather than the attribute itself.
                      Default is true.
    source_regex      If true, regular expression matching will
                      be used on the source type/attribute.
                      Obeys the source_indirect option.
                      Default is false.
    target            The name of the target type/attribute to match.
    target_indirect   If true, members of an attribute will be
                      matched rather than the attribute itself.
                      Default is true.
    target_regex      If true, regular expression matching will
                      be used on the target type/attribute.
                      Obeys target_indirect option.
                      Default is false.
    tclass            The object class(es) to match.
    tclass_regex      If true, use a regular expression for
                      matching the rule's object class.
                      Default is false.
    perms             The set of permission(s) to match.
    perms_equal       If true, the permission set of the rule
                      must exactly match the permissions
                      criteria.  If false, any set intersection
                      will match.
                      Default is false.
    perms_regex       If true, regular expression matching will be used
                      on the permission names instead of set logic.
                      Default is false.
    perms_subset      If true, the rule matches if the permissions criteria
                      is a subset of the rule's permission set.
                      Default is false.
    default           The name of the default type to match.
    default_regex     If true, regular expression matching will be
                      used on the default type.
                      Default is false.
    boolean           The set of boolean(s) to match.
    boolean_regex     If true, regular expression matching will be
                      used on the booleans.
                      Default is false.
    boolean_equal     If true, the booleans in the conditional
                      expression of the rule must exactly match the
                      criteria.  If false, any set intersection
                      will match.  Default is false.
    )�
enum_class�source_regexZlookup_type_or_attrFT�source_indirect�target_regex�target_indirect�
default_regex�
boolean_regexZlookup_boolean�
boolean_equalN�_xperms�xperms_equal)�returnc�����������������C���s���|�j�S��N)r���)�self��r"����9/usr/lib64/python3.9/site-packages/setools/terulequery.py�xpermsV���s����zTERuleQuery.xperms)�valuer���c�����������������C���s����|r�t���}|D�]�\}}d|��kr*dks:n�td�|���d|��krNdks^n�td�|���||k�rp||�}}|�dd��t||d��D����qt|�|�_nd�|�_d�S�)Nr���i����z{0:#07x} is not a valid ioctl.c�����������������s���s���|�]
}|V��qd�S�r ���r"���)�.0�ir"���r"���r#����	<genexpr>i��������z%TERuleQuery.xperms.<locals>.<genexpr>r���)�set�
ValueError�format�update�ranger���r���)r!���r%���Zpending_xpermsZlowZhighr"���r"���r#���r$���Z���s����
 c��������������������s(���t�t|��j|fi�|���t�t�|�_d�S�r ���)�superr����__init__�loggingZ	getLogger�__name__�log)r!����policy�kwargs��	__class__r"���r#���r0���o���s����zTERuleQuery.__init__c��������������	���c���sH��|�j��d�|����|�j��d�|����|�j��d�|����|�j��d�|����|��|�j���|��|�j���|�j��d�|����|�j��d�|����|�j��d�|����|�j���D��]�}|�jr�|j|�jvr�q�|�j	r�t
|j	|�j	|�j|�j�s�q�|�j
r�t
|j
|�j
|�j|�j�s�q�|��|��sq�zZ|�j�rL|j�rL|�j�r2t|�j�dk�r2W�q�tt|�j|�jv�r\W�q�n|��|��s\W�q�W�n�t�yv���Y�q�Y�n0�z&|�j�r�t|j|�j|�jd	��s�W�q�W�n�t�y����Y�q�Y�n0�|�j�r�zt
|j|�jd
|�j��s�W�q�W�n�t�y����Y�q�Y�n0�|�j�r<z"t|j j!|�j|�j"|�j#��s W�q�W�n�t$�y:���Y�q�Y�n0�|V��q�dS�)z-Generator which yields all matching TE rules.z*Generating TE rule results from {0.policy}zRuletypes: {0.ruletype}zLSource: {0.source!r}, indirect: {0.source_indirect}, regex: {0.source_regex}zLTarget: {0.target!r}, indirect: {0.target_indirect}, regex: {0.target_regex}z*Xperms: {0.xperms!r}, eq: {0.xperms_equal}z0Default: {0.default!r}, regex: {0.default_regex}zGBoolean: {0.boolean!r}, eq: {0.boolean_equal}, regex: {0.boolean_regex}r���FTN)%r3����infor,����debugZ_match_object_class_debugZ_match_perms_debugr4���Zterules�ruletype�sourcer���r���r����targetr���r���Z_match_object_classZpermsZextendedZperms_equal�lenr���r���Z
xperm_typeZ_match_permsr���r$���r���r����defaultr����booleanZconditionalZbooleansr���r���r
���)r!���Zruler"���r"���r#����resultss���s�����
�
�
���

�
�
�
zTERuleQuery.results)#r2����
__module__�__qualname__�__doc__r���r���r:���r
���r;���r����bool�__annotations__r���r<���r���r���r>���r���r?���r���r���r���r���r���r����propertyr$����setterr���r����intr0���r���r@����
__classcell__r"���r"���r6���r#���r������s*���
6

"r���)r1����typingr���r���r���r���r�����r���r	���Zdescriptorsr
���r����	exceptionr���r
���Z	policyrepr���r���r���r����utilr���r���Z
MatchObjClassZMatchPermissionZPolicyQueryr���r"���r"���r"���r#����<module>���s���