a qqeD@sddlZddlmZddlmZddlmZmZmZddl m Z ddl m Z m Z mZmZGdd d ZGd d d ZGd d d ZGdddZGdddZdS)N)Logger)Iterable)CriteriaDescriptorCriteriaSetDescriptorCriteriaPermissionSetDescriptor)Context) match_in_set match_regex match_rangematch_regex_or_setc@s>eZdZUdZedZdZeed<e ddddZ dd Z dS) MatchAliasz'Mixin for matching an object's aliases. alias_regexFNlogreturncCs|d|dS)z+Emit log debugging info for alias matching.z(Alias: {0.alias}, regex: {0.alias_regex}Ndebugformatselfrr4/usr/lib64/python3.9/site-packages/setools/mixins.py_match_alias_debugszMatchAlias._match_alias_debugcCs|js dSt||j|jS)z Match the alias criteria Parameter: obj An object with an alias generator method named "aliases" T)aliasr aliasesrrobjrrr _match_aliasszMatchAlias._match_alias) __name__ __module__ __qualname____doc__rrrbool__annotations__rrrrrrrr s  r c@seZdZUdZeddZdZeed<eddZ dZ eed<eddZ dZ eed<ed d Z dZeed <dZeed <dZeed <dZeed<edddZeedddZdS) MatchContextaL Mixin for matching contexts. Class attributes: user The user to match in the context. user_regex If true, regular expression matching will be used on the user. role The role to match in the context. role_regex If true, regular expression matching will be used on the role. type_ The type to match in the context. type_regex If true, regular expression matching will be used on the type. range_ The range to match in the context. range_subset If true, the criteria will match if it is a subset of the context's range. range_overlap If true, the criteria will match if it overlaps any of the context's range. range_superset If true, the criteria will match if it is a superset of the context's range. range_proper If true, use proper superset/subset on range matching operations. No effect if not using set operations. user_regexZ lookup_userF role_regexZ lookup_role type_regexZ lookup_typeZ lookup_range)Zlookup_function range_overlap range_subsetrange_superset range_properrcCsD|d||d||d||d|dS)z-Emit log debugging info for context matching.z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}zRange: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, superset: {0.range_superset}, proper: {0.range_proper}Nrrrrr_match_context_debugQs z!MatchContext._match_context_debug)contextrcCs|jrt|j|j|jsdS|jr8t|j|j|js8dS|jrTt|j|j|jsTdS|jr|t|j|j|j |j |j |j s|dSdS)z Match the context criteria. Parameter: obj An object with context attributes "user", "role", "type_" and "range_". FT) userr r&roler'type_r(range_r r*r)r+r,)rr/rrr_match_contextYs8 zMatchContext._match_contextN)rr r!r"rr0r&r#r$r1r'r2r(r3r)r*r+r,rr.rr4rrrrr%*s            r%c@sJeZdZUdZedZdZeed<dZ eed<e ddddZ d d Z dS) MatchNamez=Mixin for matching an object's name with alias dereferencing. name_regexF alias_derefNrcCs|d|dS)z)Log debugging messages for name matching.z?Name: {0.name!r}, regex: {0.name_regex}, deref: {0.alias_deref}Nrrrrr_match_name_debugszMatchName._match_name_debugcCsH|js dS|jr4t||j|jp2t||j|jSt||j|jSdS)z&Match the object to the name criteria.TN)namer7r r6r rrrrr _match_nameszMatchName._match_name) rr r!r"rr9r6r#r$r7rr8r:rrrrr5s   r5c@s@eZdZUdZeddZdZeed<e ddddZ d d Z dS) MatchObjClassz%Mixin for matching an object's class. tclass_regexZ lookup_classFNrcCs|d|dS)0Emit log debugging info for permission matching.z,Class: {0.tclass!r}, regex: {0.tclass_regex}Nrrrrr_match_object_class_debugsz'MatchObjClass._match_object_class_debugcCs6|js dS|jr&t|jt|jS|j|jvSdS)z Match the object class criteria Parameter: obj An object with an object class attribute named "tclass" TN)tclassr<r#searchstrrrrr_match_object_classs z!MatchObjClass._match_object_class) rr r!r"rr?r<r#r$rr>rBrrrrr;s   r;c@sVeZdZUdZeddZdZeed<dZ eed<dZ eed<e ddd Z d d Z d S) MatchPermissionz+Mixin for matching an object's permissions. perms_regex)r6F perms_equal perms_subsetr-cCs|d|dS)r=z[Perms: {0.perms!r}, regex: {0.perms_regex}, eq: {0.perms_equal}, subset: {0.perms_subset!r}Nrrrrr_match_perms_debugsz"MatchPermission._match_perms_debugcCs6|js dS|jr|j|jkSt|j|j|j|jSdS)z Match the permission criteria Parameter: obj An object with a permission set class attribute named "perms" TN)permsrFr rErDrrrr _match_permss  zMatchPermission._match_permsN)rr r!r"rrHrEr#r$rDrFrrGrIrrrrrCs     rC)reZloggingrtypingrZ descriptorsrrrZ policyreprutilr r r r r r%r5r;rCrrrrs   V