a qqe@sddlZddlmZmZddlmZddlmZddlm Z ddl m Z dd l m Z mZmZd Zd Zd Zd ZdZdZdZdZGddde ZdS)N)ListUnion)InvalidCheckValue) AnyTERule) TERuleQuery) CheckerModule)ConfigDescriptorConfigSetDescriptorConfigPermissionSetDescriptorsourcetargettclassperms exempt_source exempt_target expect_source expect_targetc seZdZdZdZeeeee e e e e fZedZedZeddddZeZeddddZeddddZeddddZeddddZdd fd d Zed d d ZZS)AssertTEzKChecker module for asserting a type enforcement allow rule exists (or not).Z assert_teZlookup_type_or_attrZ lookup_classTF)strictexpandN)returncst|||tt|_|t|_|t |_ |t |_ |t |_|t|_|t|_|t|_|t|_t|j|j |j |jfstd|j|j@}|r|jdddd|D|j|j@}|r|jdddd|DdS)NzEAt least one of source, target, tclass, or perms options must be set.z.Overlap in expect_source and exempt_source: {}z, css|] }|jVqdSNname.0ir>/usr/lib64/python3.9/site-packages/setools/checker/assertte.py Az$AssertTE.__init__..z.Overlap in expect_target and exempt_target: {}css|] }|jVqdSrrrrrr r!Fr")super__init__loggingZ getLogger__name__logget SOURCE_OPTr TARGET_OPTr CLASS_OPTr PERMS_OPTrEXEMPT_SRC_OPTrEXEMPT_TGT_OPTrEXPECT_SRC_OPTrEXPECT_TGT_OPTranyrinfoformatjoin)selfpolicyZ checknameZconfigZsource_exempt_expect_overlapZtarget_exempt_expect_overlap __class__rr r$,s0             zAssertTE.__init__c Cs.|jdt|j|j|j|j|jdd}t|j }t|j }g}t | D]x}t|j }t|j }||8}||8}||j |jr||j |jr|t|||qN|t|qN|D]"}d|} || || q|D]"}d|} || || q|jd||S)Nz!Checking TE allow rule assertion.)Zallow)r rrrZruletypez)Expected rule with source "{}" not found.z)Expected rule with target "{}" not found.z {} failure(s))r'r2rr6r rrrsetrrsortedresultsrrrZlog_failstrappendZlog_okr3debug) r5queryZunseen_sourcesZunseen_targetsZfailuresZruleZsrcsZtgtsitemZfailurerrr runHs@          z AssertTE.run)r& __module__ __qualname____doc__Z check_type frozensetr)r*r+r,r-r.r/r0Z check_configr r rr rr rrrrrr$rrA __classcell__rrr7r rs r)r%typingrr exceptionrZ policyreprZ terulequeryrZ checkermoduler Z descriptorsr r r r)r*r+r,r-r.r/r0rrrrr s