1 files changed, 14 insertions, 5 deletions

diff --git a/lib/python2.7/site-packages/setools/rbacrulequery.py b/lib/python2.7/site-packages/setools/rbacrulequery.py
index 5e9a139..2a8e260 100644..100755
--- a/lib/python2.7/site-packages/setools/rbacrulequery.py
+++ b/lib/python2.7/site-packages/setools/rbacrulequery.py
@@ -22,6 +22,7 @@ import re
 from . import mixins, query
 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
 from .policyrep.exception import InvalidType, RuleUseError
+from .util import match_indirect_regex
 
 
 class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery):
@@ -82,15 +83,19 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery):
             except InvalidType:
                 self._target = self.policy.lookup_role(value)
 
+    def __init__(self, policy, **kwargs):
+        super(RBACRuleQuery, self).__init__(policy, **kwargs)
+        self.log = logging.getLogger(__name__)
+
     def results(self):
         """Generator which yields all matching RBAC rules."""
-        self.log.info("Generating results from {0.policy}".format(self))
+        self.log.info("Generating RBAC rule results from {0.policy}".format(self))
         self.log.debug("Ruletypes: {0.ruletype}".format(self))
         self.log.debug("Source: {0.source!r}, indirect: {0.source_indirect}, "
                        "regex: {0.source_regex}".format(self))
         self.log.debug("Target: {0.target!r}, indirect: {0.target_indirect}, "
                        "regex: {0.target_regex}".format(self))
-        self.log.debug("Class: {0.tclass!r}, regex: {0.tclass_regex}".format(self))
+        self._match_object_class_debug(self.log)
         self.log.debug("Default: {0.default!r}, regex: {0.default_regex}".format(self))
 
         for rule in self.policy.rbacrules():
@@ -104,7 +109,7 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery):
             #
             # Matching on source role
             #
-            if self.source and not self._match_indirect_regex(
+            if self.source and not match_indirect_regex(
                     rule.source,
                     self.source,
                     self.source_indirect,
@@ -114,7 +119,7 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery):
             #
             # Matching on target type (role_transition)/role(allow)
             #
-            if self.target and not self._match_indirect_regex(
+            if self.target and not match_indirect_regex(
                     rule.target,
                     self.target,
                     self.target_indirect,
@@ -135,9 +140,13 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery):
             #
             if self.default:
                 try:
-                    if not self._match_regex(
+                    # because default role is always a single
+                    # role, hard-code indirect to True
+                    # so the criteria can be an attribute
+                    if not match_indirect_regex(
                             rule.default,
                             self.default,
+                            True,
                             self.default_regex):
                         continue
                 except RuleUseError: