1# Copyright 2014-2015, Tresys Technology, LLC
2#
3# This file is part of SETools.
4#
5# SETools is free software: you can redistribute it and/or modify
6# it under the terms of the GNU Lesser General Public License as
7# published by the Free Software Foundation, either version 2.1 of
8# the License, or (at your option) any later version.
9#
10# SETools is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU Lesser General Public License for more details.
14#
15# You should have received a copy of the GNU Lesser General Public
16# License along with SETools.  If not, see
17# <http://www.gnu.org/licenses/>.
18#
19import logging
20import re
21
22from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
23from .mixins import MatchContext
24from .query import PolicyQuery
25from .util import match_regex
26
27
28class FSUseQuery(MatchContext, PolicyQuery):
29
30    """
31    Query fs_use_* statements.
32
33    Parameter:
34    policy          The policy to query.
35
36    Keyword Parameters/Class attributes:
37    ruletype        The rule type(s) to match.
38    fs              The criteria to match the file system type.
39    fs_regex        If true, regular expression matching
40                    will be used on the file system type.
41    user            The criteria to match the context's user.
42    user_regex      If true, regular expression matching
43                    will be used on the user.
44    role            The criteria to match the context's role.
45    role_regex      If true, regular expression matching
46                    will be used on the role.
47    type_           The criteria to match the context's type.
48    type_regex      If true, regular expression matching
49                    will be used on the type.
50    range_          The criteria to match the context's range.
51    range_subset    If true, the criteria will match if it is a subset
52                    of the context's range.
53    range_overlap   If true, the criteria will match if it overlaps
54                    any of the context's range.
55    range_superset  If true, the criteria will match if it is a superset
56                    of the context's range.
57    range_proper    If true, use proper superset/subset operations.
58                    No effect if not using set operations.
59    """
60
61    ruletype = CriteriaSetDescriptor(lookup_function="validate_fs_use_ruletype")
62    fs = CriteriaDescriptor("fs_regex")
63    fs_regex = False
64
65    def __init__(self, policy, **kwargs):
66        super(FSUseQuery, self).__init__(policy, **kwargs)
67        self.log = logging.getLogger(__name__)
68
69    def results(self):
70        """Generator which yields all matching fs_use_* statements."""
71        self.log.info("Generating fs_use_* results from {0.policy}".format(self))
72        self.log.debug("Ruletypes: {0.ruletype}".format(self))
73        self.log.debug("FS: {0.fs!r}, regex: {0.fs_regex}".format(self))
74        self._match_context_debug(self.log)
75
76        for fsu in self.policy.fs_uses():
77            if self.ruletype and fsu.ruletype not in self.ruletype:
78                continue
79
80            if self.fs and not match_regex(
81                    fsu.fs,
82                    self.fs,
83                    self.fs_regex):
84                continue
85
86            if not self._match_context(fsu.context):
87                continue
88
89            yield fsu
90