diff options
Diffstat (limited to 'lib/python2.7/site-packages/setools/ioportconquery.py')
-rw-r--r-- | lib/python2.7/site-packages/setools/ioportconquery.py | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/lib/python2.7/site-packages/setools/ioportconquery.py b/lib/python2.7/site-packages/setools/ioportconquery.py new file mode 100644 index 0000000..84775a6 --- /dev/null +++ b/lib/python2.7/site-packages/setools/ioportconquery.py @@ -0,0 +1,124 @@ +# Derived from portconquery.py +# +# This file is part of SETools. +# +# SETools is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as +# published by the Free Software Foundation, either version 2.1 of +# the License, or (at your option) any later version. +# +# SETools is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with SETools. If not, see +# <http://www.gnu.org/licenses/>. +# +import logging + +from .mixins import MatchContext +from .policyrep.xencontext import port_range +from .query import PolicyQuery +from .util import match_range + + +class IoportconQuery(MatchContext, PolicyQuery): + + """ + Ioportcon context query. + + Parameter: + policy The policy to query. + + Keyword Parameters/Class attributes: + ports A 2-tuple of the port range to match. (Set both to + the same value for a single port) + ports_subset If true, the criteria will match if it is a subset + of the ioportcon's range. + ports_overlap If true, the criteria will match if it overlaps + any of the ioportcon's range. + ports_superset If true, the criteria will match if it is a superset + of the ioportcon's range. + ports_proper If true, use proper superset/subset operations. + No effect if not using set operations. + + user The criteria to match the context's user. + user_regex If true, regular expression matching + will be used on the user. + + role The criteria to match the context's role. + role_regex If true, regular expression matching + will be used on the role. + + type_ The criteria to match the context's type. + type_regex If true, regular expression matching + will be used on the type. + + range_ The criteria to match the context's range. + range_subset If true, the criteria will match if it is a subset + of the context's range. + range_overlap If true, the criteria will match if it overlaps + any of the context's range. + range_superset If true, the criteria will match if it is a superset + of the context's range. + range_proper If true, use proper superset/subset operations. + No effect if not using set operations. + """ + + _ports = None + ports_subset = False + ports_overlap = False + ports_superset = False + ports_proper = False + + @property + def ports(self): + return self._ports + + @ports.setter + def ports(self, value): + pending_ports = port_range(*value) + + if all(pending_ports): + if pending_ports.low < 1 or pending_ports.high < 1: + raise ValueError("Port numbers must be positive: {0.low}-{0.high}". + format(pending_ports)) + + if pending_ports.low > pending_ports.high: + raise ValueError( + "The low port must be smaller than the high port: {0.low}-{0.high}". + format(pending_ports)) + + self._ports = pending_ports + else: + self._ports = None + + def __init__(self, policy, **kwargs): + super(IoportconQuery, self).__init__(policy, **kwargs) + self.log = logging.getLogger(__name__) + + def results(self): + """Generator which yields all matching ioportcons.""" + self.log.info("Generating results from {0.policy}".format(self)) + self.log.debug("Ports: {0.ports!r}, overlap: {0.ports_overlap}, " + "subset: {0.ports_subset}, superset: {0.ports_superset}, " + "proper: {0.ports_proper}".format(self)) + self._match_context_debug(self.log) + + for ioportcon in self.policy.ioportcons(): + + if self.ports and not match_range( + ioportcon.ports, + self.ports, + self.ports_subset, + self.ports_overlap, + self.ports_superset, + self.ports_proper): + continue + + if not self._match_context(ioportcon.context): + continue + + yield ioportcon |