a qqe@sddlZddlmZmZddlmZddlmZddlm Z ddl m Z dd l m Z mZmZd Zd Zd Zd ZdZdZdZdZGddde ZdS)N)ListUnion)InvalidCheckValue) AnyTERule) TERuleQuery) CheckerModule)ConfigDescriptorConfigSetDescriptorConfigPermissionSetDescriptorsourcetargettclassperms exempt_source exempt_target expect_source expect_targetc seZdZdZdZeeeee e e e e fZedZedZeddddZeZeddddZeddddZeddddZeddddZdd fd d Zed d d ZZS)AssertTEzKChecker module for asserting a type enforcement allow rule exists (or not).Z assert_teZlookup_type_or_attrZ lookup_classTF)strictexpandN)returncst|||tt|_|t|_|t |_ |t |_ |t |_|t|_|t|_|t|_|t|_t|j|j |j |jfstd|j|j@}|r|jdddd|D|j|j@}|r|jdddd|DdS)NzEAt least one of source, target, tclass, or perms options must be set.z.Overlap in expect_source and exempt_source: {}z, css|] }|jVqdSNname.0ir>/usr/lib64/python3.9/site-packages/setools/checker/assertte.py Az$AssertTE.__init__..z.Overlap in expect_target and exempt_target: {}css|] }|jVqdSrrrrrr r!Fr")super__init__loggingZ getLogger__name__logget SOURCE_OPTr TARGET_OPTr CLASS_OPTr PERMS_OPTrEXEMPT_SRC_OPTrEXEMPT_TGT_OPTrEXPECT_SRC_OPTrEXPECT_TGT_OPTranyrinfoformatjoin)selfpolicyZ checknameZconfigZsource_exempt_expect_overlapZtarget_exempt_expect_overlap __class__rr r$,s0             zAssertTE.__init__c CsPt|j|j|j|jfs Jd|jdt|j|j|j|j|jdd}t |j }t |j }g}t | D]x}t |j}t |j}||8}||8}||j |jr||j |jr|t|||qn|t|qn|D]"}d|} || || q|D]$}d|} || || q|jd||S)Nz'AssertTe no options set, this is a bug.z!Checking TE allow rule assertion.)Zallow)r rrrZruletypez)Expected rule with source "{}" not found.z)Expected rule with target "{}" not found.z {} failure(s))r1r rrrr'r2rr6setrrsortedresultsrrrZlog_failstrappendZlog_okr3debug) r5queryZunseen_sourcesZunseen_targetsZfailuresZruleZsrcsZtgtsitemZfailurerrr runHsF         z AssertTE.run)r& __module__ __qualname____doc__Z check_type frozensetr)r*r+r,r-r.r/r0Z check_configr r rr rr rrrrrr$rrA __classcell__rrr7r rs r)r%typingrr exceptionrZ policyreprZ terulequeryrZ checkermoduler Z descriptorsr r r r)r*r+r,r-r.r/r0rrrrr s