a qqe@shddlZddlmZmZddlmZddlmZmZGdddeZ Gdd d eZ Gd d d eZ dS) N)CallableUnion)InvalidCheckValue)CriteriaDescriptorCriteriaPermissionSetDescriptorcs<eZdZdZeeefddfdd ZfddZZ S)ConfigDescriptoraU Single item configuration option descriptor. Parameter: lookup_function The name of the SELinuxPolicy lookup function, e.g. lookup_type or lookup_boolean. Read-only instance attribute use (obj parameter): checkname The name of the check. policy The instance of SELinuxPolicy N)lookup_functionreturncstj|ddS)N)r )super__init__)selfr  __class__A/usr/lib64/python3.9/site-packages/setools/checker/descriptors.pyr szConfigDescriptor.__init__c sh|sd|j|<nTzt||Wn<tyb}z$td|j|j||WYd}~n d}~00dS)N{}: Invalid {} setting: {}) instancesr __set__strip ValueErrorrformat checknamenamer objvalueexrrrrs  zConfigDescriptor.__set__) __name__ __module__ __qualname____doc__rrstrr r __classcell__rrrrr s rcs>eZdZdZd eeefeeddfdd Zdd Z Z S) ConfigSetDescriptora Descriptor for a configuration option set. Parameter: lookup_function The name of the SELinuxPolicy lookup function, e.g. lookup_type or lookup_boolean. Keyword Parameters: strict (Bool) If True, all objects must exist in the policy when setting the value. If False, any objects that fail the policy lookup will be dropped instead of raising an exception. The default is True. expand (Bool) If True, each object will be expanded. Default is False. Read-only instance attribute use (obj parameter): checkname The name of the check. log A logger instance. policy The instance of SELinuxPolicy TFN)r strictexpandr cs"tj|td||_||_dS)N)r default_value)r r frozensetr%r&)r r r%r&rrrr ?szConfigSetDescriptor.__init__c Cs|st|j|<n|j}t|jr,|j}nt|j|j}t}ddt d|DD]}z,||}|j rz| | n | |WqVt y}zd|jr|d|j||jd|dtd|j|j|||d|j|j|WYd}~qVd}~00qVt||j|<dS)Ncss|]}|r|VqdSNr).0irrr Pz.ConfigSetDescriptor.__set__..z\szInvalid {} item: {}z Traceback:)exc_infoz{}: Invalid {} item: {})r(rlogcallabler getattrZpolicysetresplitr&updateaddrr%errorrrdebugrrinfo) r rrr/lookupretitemoerrrrFs4   zConfigSetDescriptor.__set__)TF) rrr r!rrr"boolr rr#rrrrr$(sr$cs2eZdZdZddfdd ZfddZZS)ConfigPermissionSetDescriptoraJ Descriptor for a configuration permissions set. Read-only instance attribute use (obj parameter): checkname The name of the check. policy The instance of SELinuxPolicy tclass If it exists, it will be used to validate the permissions. See validate_perms_any() N)r cstjtddS)N)r')r r r()r rrrr psz&ConfigPermissionSetDescriptor.__init__c sv|st|j|<n`z"t|dd|dDWn<typ}z$td|j|j ||WYd}~n d}~00dS)Ncss|]}|r|VqdSr)r)r*vrrrr,xr-z8ConfigPermissionSetDescriptor.__set__.. r) r(rr rr4rrrrrrrrrrss" z%ConfigPermissionSetDescriptor.__set__)rrr r!r rr#rrrrr@ds r@) r3typingrr exceptionrZ descriptorsrrrr$r@rrrrs  <