PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`# Copyright 2014-2015, Tresys Technology, LLC # # This file is part of SETools. # # SETools is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation, either version 2.1 of # the License, or (at your option) any later version. # # SETools is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with SETools. If not, see # . # import logging import re from contextlib import suppress from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor from .exception import NoCommon from .mixins import MatchName from .query import PolicyQuery from .util import match_regex, match_regex_or_set class ObjClassQuery(MatchName, PolicyQuery): """ Query object classes. Parameter: policy The policy to query. Keyword Parameters/Class attributes: name The name of the object set to match. name_regex If true, regular expression matching will be used for matching the name. common The name of the inherited common to match. common_regex If true, regular expression matching will be used for matching the common name. perms The permissions to match. perms_equal If true, only commons with permission sets that are equal to the criteria will match. Otherwise, any intersection will match. perms_regex If true, regular expression matching will be used on the permission names instead of set logic. comparison will not be used. perms_indirect If false, permissions inherited from a common permission set not will be evaluated. Default is true. """ common = CriteriaDescriptor("common_regex", "lookup_common") common_regex = False perms = CriteriaSetDescriptor("perms_regex") perms_equal = False perms_indirect = True perms_regex = False def __init__(self, policy, **kwargs): super(ObjClassQuery, self).__init__(policy, **kwargs) self.log = logging.getLogger(__name__) def results(self): """Generator which yields all matching object classes.""" self.log.info("Generating object class results from {0.policy}".format(self)) self._match_name_debug(self.log) self.log.debug("Common: {0.common!r}, regex: {0.common_regex}".format(self)) self.log.debug("Perms: {0.perms}, regex: {0.perms_regex}, " "eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self)) for class_ in self.policy.classes(): if not self._match_name(class_): continue if self.common: try: if not match_regex( class_.common, self.common, self.common_regex): continue except NoCommon: continue if self.perms: perms = class_.perms if self.perms_indirect: with suppress(NoCommon): perms |= class_.common.perms if not match_regex_or_set( perms, self.perms, self.perms_equal, self.perms_regex): continue yield class_