diff options
Diffstat (limited to 'lib/python2.7/site-packages/setools/rbacrulequery.py')
-rwxr-xr-x[-rw-r--r--] | lib/python2.7/site-packages/setools/rbacrulequery.py | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/python2.7/site-packages/setools/rbacrulequery.py b/lib/python2.7/site-packages/setools/rbacrulequery.py index 5e9a139..2a8e260 100644..100755 --- a/lib/python2.7/site-packages/setools/rbacrulequery.py +++ b/lib/python2.7/site-packages/setools/rbacrulequery.py @@ -22,6 +22,7 @@ import re from . import mixins, query from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor from .policyrep.exception import InvalidType, RuleUseError +from .util import match_indirect_regex class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery): @@ -82,15 +83,19 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery): except InvalidType: self._target = self.policy.lookup_role(value) + def __init__(self, policy, **kwargs): + super(RBACRuleQuery, self).__init__(policy, **kwargs) + self.log = logging.getLogger(__name__) + def results(self): """Generator which yields all matching RBAC rules.""" - self.log.info("Generating results from {0.policy}".format(self)) + self.log.info("Generating RBAC rule results from {0.policy}".format(self)) self.log.debug("Ruletypes: {0.ruletype}".format(self)) self.log.debug("Source: {0.source!r}, indirect: {0.source_indirect}, " "regex: {0.source_regex}".format(self)) self.log.debug("Target: {0.target!r}, indirect: {0.target_indirect}, " "regex: {0.target_regex}".format(self)) - self.log.debug("Class: {0.tclass!r}, regex: {0.tclass_regex}".format(self)) + self._match_object_class_debug(self.log) self.log.debug("Default: {0.default!r}, regex: {0.default_regex}".format(self)) for rule in self.policy.rbacrules(): @@ -104,7 +109,7 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery): # # Matching on source role # - if self.source and not self._match_indirect_regex( + if self.source and not match_indirect_regex( rule.source, self.source, self.source_indirect, @@ -114,7 +119,7 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery): # # Matching on target type (role_transition)/role(allow) # - if self.target and not self._match_indirect_regex( + if self.target and not match_indirect_regex( rule.target, self.target, self.target_indirect, @@ -135,9 +140,13 @@ class RBACRuleQuery(mixins.MatchObjClass, query.PolicyQuery): # if self.default: try: - if not self._match_regex( + # because default role is always a single + # role, hard-code indirect to True + # so the criteria can be an attribute + if not match_indirect_regex( rule.default, self.default, + True, self.default_regex): continue except RuleUseError: |