a qéqeë"ã@sšddlZddlmZmZmZmZmZddlmZm Z ddl m Z m Z ddl mZmZddlmZmZmZmZddlmZmZGd d „d ejeje jƒZdS) éN)ÚcastÚIterableÚOptionalÚSetÚTupleé)ÚmixinsÚquery)ÚCriteriaDescriptorÚCriteriaSetDescriptor)Ú RuleUseErrorÚRuleNotConditional)Ú AnyTERuleÚ AVRuleXpermÚIoctlSetÚ TERuletype)Úmatch_indirect_regexÚmatch_regex_or_setcseZdZUdZeedZeddƒZdZ e e d<dZ e e d<eddƒZ dZe e d<dZe e d <ed dƒZdZe e d <ed d ƒZdZe e d <dZe e d <dZeee d<dZe e d<eeedœdd„ƒZejeeeeefddœdd„ƒZddœ‡fdd„ Zee dœdd„Z!‡Z"S)Ú TERuleQueryae Query the Type Enforcement rules. Parameter: policy The policy to query. Keyword Parameters/Class attributes: ruletype The list of rule type(s) to match. source The name of the source type/attribute to match. source_indirect If true, members of an attribute will be matched rather than the attribute itself. Default is true. source_regex If true, regular expression matching will be used on the source type/attribute. Obeys the source_indirect option. Default is false. target The name of the target type/attribute to match. target_indirect If true, members of an attribute will be matched rather than the attribute itself. Default is true. target_regex If true, regular expression matching will be used on the target type/attribute. Obeys target_indirect option. Default is false. tclass The object class(es) to match. tclass_regex If true, use a regular expression for matching the rule's object class. Default is false. perms The set of permission(s) to match. perms_equal If true, the permission set of the rule must exactly match the permissions criteria. If false, any set intersection will match. Default is false. perms_regex If true, regular expression matching will be used on the permission names instead of set logic. Default is false. perms_subset If true, the rule matches if the permissions criteria is a subset of the rule's permission set. Default is false. default The name of the default type to match. default_regex If true, regular expression matching will be used on the default type. Default is false. boolean The set of boolean(s) to match. boolean_regex If true, regular expression matching will be used on the booleans. Default is false. boolean_equal If true, the booleans in the conditional expression of the rule must exactly match the criteria. If false, any set intersection will match. Default is false. )Ú enum_classÚ source_regexZlookup_type_or_attrFTÚsource_indirectÚ target_regexÚtarget_indirectÚ default_regexÚ boolean_regexZlookup_booleanÚ boolean_equalNÚ_xpermsÚ xperms_equal)ÚreturncCs|jS©N)r)Úself©r"ú9/usr/lib64/python3.9/site-packages/setools/terulequery.pyÚxpermsVszTERuleQuery.xperms)ÚvaluercCs¦|rœtƒ}|D]€\}}d|kr*dks:ntd |¡ƒ‚d|krNdks^ntd |¡ƒ‚||krp||}}| dd„t||dƒDƒ¡qt|ƒ|_nd|_dS)Nriÿÿz{0:#07x} is not a valid ioctl.css|] }|VqdSr r")Ú.0Úir"r"r#Ú ióz%TERuleQuery.xperms..r)ÚsetÚ ValueErrorÚformatÚupdateÚrangerr)r!r%Zpending_xpermsZlowZhighr"r"r#r$Zs    c s(tt|ƒj|fi|¤Žt t¡|_dSr )ÚsuperrÚ__init__ÚloggingZ getLoggerÚ__name__Úlog)r!ÚpolicyÚkwargs©Ú __class__r"r#r0oszTERuleQuery.__init__c csH|j d |¡¡|j d |¡¡|j d |¡¡|j d |¡¡| |j¡| |j¡|j d |¡¡|j d |¡¡|j d |¡¡|j ¡D] }|jrº|j|jvrºq |j rØt |j |j |j |j ƒsØq |j röt |j |j |j|jƒsöq | |¡sq zZ|jrL|jrL|jr2t|jƒdkr2Wq tt|ƒj|jvr\Wq n| |¡s\Wq WntyvYq Yn0z&|jrœt|j|j|jd ƒsœWq Wnty¶Yq Yn0|jrøzt |j|jd |jƒsÜWq WntyöYq Yn0|jrrr?rrrrrrÚpropertyr$ÚsetterrrÚintr0rr@Ú __classcell__r"r"r6r#rs* 6             "r)r1ÚtypingrrrrrÚrr Z descriptorsr r Ú exceptionr r Z policyreprrrrÚutilrrZ MatchObjClassZMatchPermissionZ PolicyQueryrr"r"r"r#Ús