Sindbad~EG File Manager
3
�^���������������������@���sx���d�d�l�Z�d�d�l�Z�d�d�l�m�Z�m�Z���d�d�l�m�Z���d�d�l�m�Z�m Z ��d�d�l
m�Z���d�d�l�m
Z
��d�d�l�m�Z���G�d d
��d
e�e e
��Z�d�S�)������N�����)���CriteriaDescriptor��CriteriaSetDescriptor)���ConstraintUseError)��
MatchObjClass��MatchPermission)���ConstraintRuletype)���PolicyQuery)���match_in_setc��������������������sl���e�Z�d�Z�d�Z�e�e�d���Z�e�d�d���Z�d�Z e�d�d���Z
d�Z�d�Z�e�d d
��Z
d�Z�d�Z���f�d�d���Z�d
d���Z�d�d���Z�����Z�S�)���ConstraintQuerya����
Query constraint rules, (mls)constrain/(mls)validatetrans.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
ruletype The list of rule type(s) to match.
tclass The object class(es) to match.
tclass_regex If true, use a regular expression for
matching the rule's object class.
perms The permission(s) to match.
perms_equal If true, the permission set of the rule
must exactly match the permissions
criteria. If false, any set intersection
will match.
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
role The name of the role to match in the
constraint expression.
role_indirect If true, members of an attribute will be
matched rather than the attribute itself.
role_regex If true, regular expression matching will
be used on the role.
type_ The name of the type/attribute to match in the
constraint expression.
type_indirect If true, members of an attribute will be
matched rather than the attribute itself.
type_regex If true, regular expression matching will
be used on the type/attribute.
user The name of the user to match in the
constraint expression.
user_regex If true, regular expression matching will
be used on the user.
)��
enum_class�
user_regexZ�lookup_userF�
role_regexZ�lookup_roleT�
type_regexZ�lookup_type_or_attrc��������������������s$���t�t�|���j�|�f�|�����t�j�t���|�_�d�S�)�N)���superr������__init__��loggingZ getLogger��__name__��log)���self��policy��kwargs)�� __class__���'/usr/lib64/python3.6/constraintquery.pyr����N���s��������z�ConstraintQuery.__init__c����������������C���s8���|�r(t���}�x |�D�]�}�|�j�|�j�������q�W�n�|�}�t�|�|�|���S�)�ay���
Match roles/types/users in a constraint expression,
optionally by expanding the contents of attributes.
Parameters:
expr The expression to match.
criteria The criteria to match.
indirect If attributes in the expression should be expanded.
regex If regular expression matching should be used.
)���set��update��expandr
���)�r������exprZ�criteriaZ�indirectZ�regex��obj��itemr����r����r������_match_exprR���s����������
�����z�ConstraintQuery._match_exprc����������������c���sJ���|�j�j�d�j�|�������|�j�j�d�j�|�������|�j�|�j�����|�j�|�j�����|�j�j�d�j�|�������|�j�j�d�j�|�������|�j�j�d�j�|�������x�|�j�j���D�]�}�|�j�r�|�j�|�j�k�r�q~|�j |���s�q~y�|�j
|���s�w~W�n���t�k
r�������w~Y�n�X�|�j�r�|�j
|�j�j�|�j�|�j�|�j�����r�q~|�j���r�|�j
|�j�j�|�j�|�j�|�j�������r�q~|�j���r<|�j
|�j�j�|�j�d�|�j�������r<q~|�V���q~W�d�S�)�z6Generator which yields all matching constraints rules.z-Generating constraint results from {0.policy}z�Ruletypes: {0.ruletype}z'User: {0.user!r}, regex: {0.user_regex}z'Role: {0.role!r}, regex: {0.role_regex}z(Type: {0.type_!r}, regex: {0.type_regex}FN)�r������info��format��debugZ�_match_object_class_debugZ�_match_perms_debugr����Z�constraints��ruletypeZ�_match_object_classZ�_match_permsr������roler!���Z
expressionZ�roles�
role_indirectr������type_��types�
type_indirectr������userZ�usersr
���)�r������cr����r����r������resultsg���sJ���������������������������
�����
�������
�������
���������������������������z�ConstraintQuery.results)�r�����
__module__��__qualname__��__doc__r����r����r%���r����r+���r
���r&���r����r'���r(���r����r*���r����r!���r-����
__classcell__r����r����)�r����r����r��������s�����$��
�
���
�����
���������r����)�r������reZ�descriptorsr����r����Z exceptionr����Z�mixinsr����r����Z policyrepr����Z�queryr �����utilr
���r����r����r����r����r������<module>����s��������������������
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists