Geforce File Manager

NAME	SIZE	ACTIONS
📁 __pycache__		[ DEL ]
📁 diff		[ DEL ]
📄 __init__.py	2,856 B	[ EDIT ] \| [ DEL ]
📄 boolquery.py	2,239 B	[ EDIT ] \| [ DEL ]
📄 boundsquery.py	2,406 B	[ EDIT ] \| [ DEL ]
📄 categoryquery.py	1,922 B	[ EDIT ] \| [ DEL ]
📄 commonquery.py	2,164 B	[ EDIT ] \| [ DEL ]
📄 constraintquery.py	5,634 B	[ EDIT ] \| [ DEL ]
📄 defaultquery.py	2,865 B	[ EDIT ] \| [ DEL ]
📄 descriptors.py	7,650 B	[ EDIT ] \| [ DEL ]
📄 devicetreeconquery.py	2,788 B	[ EDIT ] \| [ DEL ]
📄 dta.py	21,918 B	[ EDIT ] \| [ DEL ]
📄 exception.py	6,109 B	[ EDIT ] \| [ DEL ]
📄 fsusequery.py	3,437 B	[ EDIT ] \| [ DEL ]
📄 genfsconquery.py	3,770 B	[ EDIT ] \| [ DEL ]
📄 ibendportconquery.py	3,608 B	[ EDIT ] \| [ DEL ]
📄 ibpkeyconquery.py	5,346 B	[ EDIT ] \| [ DEL ]
📄 infoflow.py	14,939 B	[ EDIT ] \| [ DEL ]
📄 initsidquery.py	2,860 B	[ EDIT ] \| [ DEL ]
📄 iomemconquery.py	4,544 B	[ EDIT ] \| [ DEL ]
📄 ioportconquery.py	4,567 B	[ EDIT ] \| [ DEL ]
📄 mixins.py	7,312 B	[ EDIT ] \| [ DEL ]
📄 mlsrulequery.py	4,703 B	[ EDIT ] \| [ DEL ]
📄 netifconquery.py	3,003 B	[ EDIT ] \| [ DEL ]
📄 nodeconquery.py	4,261 B	[ EDIT ] \| [ DEL ]
📄 objclassquery.py	3,871 B	[ EDIT ] \| [ DEL ]
📄 pcideviceconquery.py	3,116 B	[ EDIT ] \| [ DEL ]
📄 perm_map	89,255 B	[ EDIT ] \| [ DEL ]
📄 permmap.py	16,490 B	[ EDIT ] \| [ DEL ]
📄 pirqconquery.py	3,022 B	[ EDIT ] \| [ DEL ]
📄 polcapquery.py	1,675 B	[ EDIT ] \| [ DEL ]
📄 policyrep.cpython-36m-x86_64-linux-gnu.so	1,963,568 B	[ EDIT ] \| [ DEL ]
📄 portconquery.py	5,166 B	[ EDIT ] \| [ DEL ]
📄 query.py	1,734 B	[ EDIT ] \| [ DEL ]
📄 rbacrulequery.py	5,748 B	[ EDIT ] \| [ DEL ]
📄 rolequery.py	2,540 B	[ EDIT ] \| [ DEL ]
📄 sensitivityquery.py	2,718 B	[ EDIT ] \| [ DEL ]
📄 terulequery.py	9,324 B	[ EDIT ] \| [ DEL ]
📄 typeattrquery.py	2,682 B	[ EDIT ] \| [ DEL ]
📄 typequery.py	3,512 B	[ EDIT ] \| [ DEL ]
📄 userquery.py	4,791 B	[ EDIT ] \| [ DEL ]
📄 util.py	5,444 B	[ EDIT ] \| [ DEL ]

[ CLOSE ]

EDIT: constraintquery.py

# Copyright 2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools.  If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re

from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
from .exception import ConstraintUseError
from .mixins import MatchObjClass, MatchPermission
from .policyrep import ConstraintRuletype
from .query import PolicyQuery
from .util import match_in_set

class ConstraintQuery(MatchObjClass, MatchPermission, PolicyQuery):

"""
    Query constraint rules, (mls)constrain/(mls)validatetrans.

Parameter:
    policy            The policy to query.

Keyword Parameters/Class attributes:
    ruletype          The list of rule type(s) to match.
    tclass            The object class(es) to match.
    tclass_regex      If true, use a regular expression for
                      matching the rule's object class.
    perms             The permission(s) to match.
    perms_equal       If true, the permission set of the rule
                      must exactly match the permissions
                      criteria.  If false, any set intersection
                      will match.
    perms_regex       If true, regular expression matching will be used
                      on the permission names instead of set logic.
    role              The name of the role to match in the
                      constraint expression.
    role_indirect     If true, members of an attribute will be
                      matched rather than the attribute itself.
    role_regex        If true, regular expression matching will
                      be used on the role.
    type_             The name of the type/attribute to match in the
                      constraint expression.
    type_indirect     If true, members of an attribute will be
                      matched rather than the attribute itself.
    type_regex        If true, regular expression matching will
                      be used on the type/attribute.
    user              The name of the user to match in the
                      constraint expression.
    user_regex        If true, regular expression matching will
                      be used on the user.
    """

ruletype = CriteriaSetDescriptor(enum_class=ConstraintRuletype)
    user = CriteriaDescriptor("user_regex", "lookup_user")
    user_regex = False
    role = CriteriaDescriptor("role_regex", "lookup_role")
    role_regex = False
    role_indirect = True
    type_ = CriteriaDescriptor("type_regex", "lookup_type_or_attr")
    type_regex = False
    type_indirect = True

def __init__(self, policy, **kwargs):
        super(ConstraintQuery, self).__init__(policy, **kwargs)
        self.log = logging.getLogger(__name__)

def _match_expr(self, expr, criteria, indirect, regex):
        """
        Match roles/types/users in a constraint expression,
        optionally by expanding the contents of attributes.

Parameters:
        expr        The expression to match.
        criteria    The criteria to match.
        indirect    If attributes in the expression should be expanded.
        regex       If regular expression matching should be used.
        """

if indirect:
            obj = set()
            for item in expr:
                obj.update(item.expand())
        else:
            obj = expr

return match_in_set(obj, criteria, regex)

def results(self):
        """Generator which yields all matching constraints rules."""
        self.log.info("Generating constraint results from {0.policy}".format(self))
        self.log.debug("Ruletypes: {0.ruletype}".format(self))
        self._match_object_class_debug(self.log)
        self._match_perms_debug(self.log)
        self.log.debug("User: {0.user!r}, regex: {0.user_regex}".format(self))
        self.log.debug("Role: {0.role!r}, regex: {0.role_regex}".format(self))
        self.log.debug("Type: {0.type_!r}, regex: {0.type_regex}".format(self))

for c in self.policy.constraints():
            if self.ruletype:
                if c.ruletype not in self.ruletype:
                    continue

if not self._match_object_class(c):
                continue

try:
                if not self._match_perms(c):
                    continue
            except ConstraintUseError:
                continue

if self.role and not self._match_expr(
                    c.expression.roles,
                    self.role,
                    self.role_indirect,
                    self.role_regex):
                continue

if self.type_ and not self._match_expr(
                    c.expression.types,
                    self.type_,
                    self.type_indirect,
                    self.type_regex):
                continue

if self.user and not self._match_expr(
                    c.expression.users,
                    self.user,
                    False,
                    self.user_regex):
                continue

yield c