RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-25 04:26:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement RoleQueryTab

Browse Source 
Closes #87
This commit is contained in:
Chris PeBenito 2016-03-14 11:50:08 -04:00
parent 15b2c275e0
commit 8e5b4bc604
4 changed files with 871 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

542
data/rolequery.ui Normal file
View File

@ -0,0 +1,542 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>RoleQueryTab_ui</class>
<widget class="QScrollArea" name="RoleQueryTab_ui">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>774</width>
<height>846</height>
</rect>
</property>
<property name="sizeAdjustPolicy">
<enum>QAbstractScrollArea::AdjustToContents</enum>
</property>
<property name="widgetResizable">
<bool>true</bool>
</property>
<widget class="QWidget" name="contents">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>772</width>
<height>844</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>0</height>
</size>
</property>
<layout class="QGridLayout" name="gridLayout_3">
<item row="0" column="0">
<widget class="QLabel" name="label">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="maximumSize">
<size>
<width>16777215</width>
<height>20</height>
</size>
</property>
<property name="font">
<font>
<pointsize>11</pointsize>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Roles</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="5">
<widget class="QTextEdit" name="notes">
<property name="minimumSize">
<size>
<width>0</width>
<height>80</height>
</size>
</property>
<property name="toolTip">
<string>Optionally enter notes here about the query.</string>
</property>
<property name="placeholderText">
<string>Enter notes here.</string>
</property>
</widget>
</item>
<item row="0" column="1">
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>440</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="2">
<widget class="QLabel" name="label_2">
<property name="text">
<string>Show:</string>
</property>
</widget>
</item>
<item row="0" column="3">
<widget class="QCheckBox" name="criteria_expander">
<property name="toolTip">
<string>Show or hide the search criteria (no settings are lost)</string>
</property>
<property name="text">
<string>Criteria</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item row="0" column="4">
<widget class="QCheckBox" name="notes_expander">
<property name="toolTip">
<string>Show or hide the notes field (no data is lost)</string>
</property>
<property name="text">
<string>Notes</string>
</property>
</widget>
</item>
<item row="1" column="0" rowspan="2" colspan="5">
<widget class="QSplitter" name="splitter">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>1</verstretch>
</sizepolicy>
</property>
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<widget class="QGroupBox" name="browser_groupBox">
<property name="title">
<string>Role Browser</string>
</property>
<layout class="QGridLayout" name="gridLayout">
<item row="0" column="0">
<widget class="GetDetailsListView" name="roles"/>
</item>
</layout>
</widget>
<widget class="QWidget" name="verticalLayoutWidget">
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QGroupBox" name="criteria_frame">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="maximumSize">
<size>
<width>16777215</width>
<height>16777215</height>
</size>
</property>
<property name="title">
<string>Search Criteria</string>
</property>
<layout class="QGridLayout" name="gridLayout_2">
<item row="1" column="0">
<widget class="QGroupBox" name="role_criteria">
<property name="title">
<string>Types</string>
</property>
<layout class="QGridLayout" name="gridLayout_7">
<property name="leftMargin">
<number>6</number>
</property>
<property name="topMargin">
<number>6</number>
</property>
<property name="rightMargin">
<number>6</number>
</property>
<property name="bottomMargin">
<number>6</number>
</property>
<property name="spacing">
<number>3</number>
</property>
<item row="2" column="1">
<widget class="QPushButton" name="clear_roles">
<property name="text">
<string>Clear</string>
</property>
</widget>
</item>
<item row="2" column="2">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="3" column="1">
<widget class="QPushButton" name="invert_types">
<property name="text">
<string>Invert</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QRadioButton" name="types_equal">
<property name="toolTip">
<string>A matching role will have a role set equal to the selected types.</string>
</property>
<property name="text">
<string>Equal</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QRadioButton" name="types_any">
<property name="toolTip">
<string>A matching role will have any of the selected types.</string>
</property>
<property name="text">
<string>Any</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item row="0" column="0" rowspan="5">
<widget class="QListView" name="types">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Expanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="maximumSize">
<size>
<width>250</width>
<height>16777215</height>
</size>
</property>
<property name="toolTip">
<string>Match the type set of the role.</string>
</property>
<property name="selectionMode">
<enum>QAbstractItemView::ExtendedSelection</enum>
</property>
</widget>
</item>
<item row="4" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
</item>
<item row="0" column="0">
<widget class="QGroupBox" name="name_criteria">
<property name="maximumSize">
<size>
<width>16777215</width>
<height>120</height>
</size>
</property>
<property name="title">
<string>Role Name</string>
</property>
<layout class="QGridLayout" name="gridLayout_8">
<property name="leftMargin">
<number>6</number>
</property>
<property name="topMargin">
<number>6</number>
</property>
<property name="rightMargin">
<number>6</number>
</property>
<property name="bottomMargin">
<number>6</number>
</property>
<property name="spacing">
<number>3</number>
</property>
<item row="0" column="1">
<widget class="QLineEdit" name="name">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>150</width>
<height>20</height>
</size>
</property>
<property name="maximumSize">
<size>
<width>250</width>
<height>16777215</height>
</size>
</property>
</widget>
</item>
<item row="0" column="2">
<widget class="QCheckBox" name="name_regex">
<property name="toolTip">
<string>Use regular expressions to match the user's name.</string>
</property>
<property name="text">
<string>Regex</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item row="2" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="standardButtons">
<set>QDialogButtonBox::Apply</set>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QTabWidget" name="results_frame">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>1</verstretch>
</sizepolicy>
</property>
<property name="currentIndex">
<number>0</number>
</property>
<widget class="QWidget" name="table_page">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<attribute name="title">
<string>Results</string>
</attribute>
<layout class="QVBoxLayout" name="verticalLayout_3">
<property name="leftMargin">
<number>6</number>
</property>
<property name="topMargin">
<number>6</number>
</property>
<property name="rightMargin">
<number>6</number>
</property>
<property name="bottomMargin">
<number>6</number>
</property>
<item>
<widget class="QTableView" name="table_results">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="sizeAdjustPolicy">
<enum>QAbstractScrollArea::AdjustIgnored</enum>
</property>
<property name="alternatingRowColors">
<bool>true</bool>
</property>
<property name="sortingEnabled">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
<widget class="QWidget" name="raw_page">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<attribute name="title">
<string>Raw Results</string>
</attribute>
<layout class="QVBoxLayout" name="verticalLayout_2">
<property name="leftMargin">
<number>6</number>
</property>
<property name="topMargin">
<number>6</number>
</property>
<property name="rightMargin">
<number>6</number>
</property>
<property name="bottomMargin">
<number>6</number>
</property>
<item>
<widget class="QPlainTextEdit" name="raw_results">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="MinimumExpanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>0</height>
</size>
</property>
<property name="font">
<font>
<family>Monospace</family>
</font>
</property>
<property name="documentTitle">
<string/>
</property>
<property name="lineWrapMode">
<enum>QPlainTextEdit::NoWrap</enum>
</property>
<property name="readOnly">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
</widget>
</item>
</layout>
</widget>
</widget>
</item>
</layout>
<zorder>splitter</zorder>
<zorder>notes</zorder>
<zorder>label</zorder>
<zorder>label_2</zorder>
<zorder>horizontalSpacer</zorder>
<zorder>criteria_expander</zorder>
<zorder>notes_expander</zorder>
</widget>
</widget>
<customwidgets>
<customwidget>
<class>GetDetailsListView</class>
<extends>QListView</extends>
<header>setoolsgui/getdetailslist.h</header>
</customwidget>
</customwidgets>
<tabstops>
<tabstop>criteria_expander</tabstop>
<tabstop>notes_expander</tabstop>
<tabstop>roles</tabstop>
<tabstop>name</tabstop>
<tabstop>name_regex</tabstop>
<tabstop>types</tabstop>
<tabstop>types_any</tabstop>
<tabstop>types_equal</tabstop>
<tabstop>clear_roles</tabstop>
<tabstop>invert_types</tabstop>
<tabstop>results_frame</tabstop>
<tabstop>table_results</tabstop>
<tabstop>raw_results</tabstop>
<tabstop>notes</tabstop>
</tabstops>
<resources/>
<connections>
<connection>
<sender>clear_roles</sender>
<signal>clicked()</signal>
<receiver>types</receiver>
<slot>clearSelection()</slot>
<hints>
<hint type="sourcelabel">
<x>429</x>
<y>99</y>
</hint>
<hint type="destinationlabel">
<x>319</x>
<y>184</y>
</hint>
</hints>
</connection>
<connection>
<sender>notes_expander</sender>
<signal>toggled(bool)</signal>
<receiver>notes</receiver>
<slot>setVisible(bool)</slot>
<hints>
<hint type="sourcelabel">
<x>732</x>
<y>20</y>
</hint>
<hint type="destinationlabel">
<x>386</x>
<y>754</y>
</hint>
</hints>
</connection>
<connection>
<sender>criteria_expander</sender>
<signal>toggled(bool)</signal>
<receiver>criteria_frame</receiver>
<slot>setVisible(bool)</slot>
<hints>
<hint type="sourcelabel">
<x>583</x>
<y>20</y>
</hint>
<hint type="destinationlabel">
<x>496</x>
<y>226</y>
</hint>
</hints>
</connection>
</connections>
</ui>

4
setoolsgui/apol/mainwindow.py
View File

@ -31,6 +31,7 @@ from .dta import DomainTransitionAnalysisTab
from .infoflow import InfoFlowAnalysisTab
from .mlsrulequery import MLSRuleQueryTab
from .rbacrulequery import RBACRuleQueryTab
from .rolequery import RoleQueryTab
from .terulequery import TERuleQueryTab
from .userquery import UserQueryTab
@ -230,7 +231,8 @@ class ChooseAnalysis(SEToolsWidget, QDialog):
_analysis_map = {"Domain Transition Analysis": DomainTransitionAnalysisTab,
"Information Flow Analysis": InfoFlowAnalysisTab}
_components_map = {"Users": UserQueryTab}
_components_map = {"Roles": RoleQueryTab,
"Users": UserQueryTab}
_rule_map = {"RBAC Rules": RBACRuleQueryTab,
"TE Rules": TERuleQueryTab}
_analysis_choices = {"Components": _components_map,

87
setoolsgui/apol/rolemodel.py Normal file
View File

@ -0,0 +1,87 @@
# Copyright 2016, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from PyQt5.QtCore import Qt, QAbstractTableModel, QModelIndex
from PyQt5.QtGui import QPalette, QTextCursor
from setools.policyrep.exception import MLSDisabled
from .details import DetailsPopup
def role_detail(parent, role):
"""
Create a dialog box for role details.
Parameters:
parent The parent Qt Widget
role The role
"""
detail = DetailsPopup(parent, "SELinux role detail: {0}".format(role))
types = sorted(role.types())
detail.append_header("Types ({0}): ".format(len(types)))
for t in types:
detail.append(" {0}".format(t))
detail.show()
class RoleTableModel(QAbstractTableModel):
"""Table-based model for roles."""
def __init__(self, parent):
super(RoleTableModel, self).__init__(parent)
self.resultlist = []
def headerData(self, section, orientation, role):
if role == Qt.DisplayRole and orientation == Qt.Horizontal:
if section == 0:
return "Role Name"
elif section == 1:
return "Types"
def columnCount(self, parent=QModelIndex()):
return 2
def rowCount(self, parent=QModelIndex()):
if self.resultlist:
return len(self.resultlist)
else:
return 0
def data(self, index, role):
if role == Qt.DisplayRole:
if not self.resultlist:
return None
row = index.row()
col = index.column()
if col == 0:
return str(self.resultlist[row])
elif col == 1:
return ", ".join(sorted(str(t) for t in self.resultlist[row].types()))
else:
raise ValueError("Invalid column number: {0}".format(col))
elif role == Qt.UserRole:
# get the whole rule for role role
return self.resultlist[row].statement()

239
setoolsgui/apol/rolequery.py Normal file
View File

@ -0,0 +1,239 @@
# Copyright 2016, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
from PyQt5.QtCore import pyqtSignal, Qt, QObject, QSortFilterProxyModel, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, QScrollArea
from setools import RoleQuery
from ..logtosignal import LogHandlerToSignal
from ..widget import SEToolsWidget
from .models import SEToolsListModel, invert_list_selection
from .rolemodel import RoleTableModel, role_detail
class RoleQueryTab(SEToolsWidget, QScrollArea):
"""Role browser and query tab."""
def __init__(self, parent, policy, perm_map):
super(RoleQueryTab, self).__init__(parent)
self.log = logging.getLogger(__name__)
self.policy = policy
self.query = RoleQuery(policy)
self.setupUi()
def __del__(self):
self.thread.quit()
self.thread.wait(5000)
logging.getLogger("setools.rolequery").removeHandler(self.handler)
def setupUi(self):
self.load_ui("rolequery.ui")
# populate role list
self.role_model = SEToolsListModel(self)
self.role_model.item_list = sorted(r for r in self.policy.roles())
self.roles.setModel(self.role_model)
# populate type list
self.type_model = SEToolsListModel(self)
self.type_model.item_list = sorted(self.policy.types())
self.types.setModel(self.type_model)
# set up results
self.table_results_model = RoleTableModel(self)
self.sort_proxy = QSortFilterProxyModel(self)
self.sort_proxy.setSourceModel(self.table_results_model)
self.table_results.setModel(self.sort_proxy)
# setup indications of errors on level/range
self.orig_palette = self.name.palette()
self.error_palette = self.name.palette()
self.error_palette.setColor(QPalette.Base, Qt.red)
self.clear_name_error()
# set up processing thread
self.thread = QThread()
self.worker = ResultsUpdater(self.query, self.table_results_model)
self.worker.moveToThread(self.thread)
self.worker.raw_line.connect(self.raw_results.appendPlainText)
self.worker.finished.connect(self.update_complete)
self.worker.finished.connect(self.thread.quit)
self.thread.started.connect(self.worker.update)
# create a "busy, please wait" dialog
self.busy = QProgressDialog(self)
self.busy.setModal(True)
self.busy.setRange(0, 0)
self.busy.setMinimumDuration(0)
self.busy.canceled.connect(self.thread.requestInterruption)
self.busy.reset()
# update busy dialog from query INFO logs
self.handler = LogHandlerToSignal()
self.handler.message.connect(self.busy.setLabelText)
logging.getLogger("setools.rolequery").addHandler(self.handler)
# Ensure settings are consistent with the initial .ui state
self.notes.setHidden(not self.notes_expander.isChecked())
# connect signals
self.roles.doubleClicked.connect(self.get_detail)
self.roles.get_detail.triggered.connect(self.get_detail)
self.name.textEdited.connect(self.clear_name_error)
self.name.editingFinished.connect(self.set_name)
self.name_regex.toggled.connect(self.set_name_regex)
self.types.selectionModel().selectionChanged.connect(self.set_types)
self.invert_types.clicked.connect(self.invert_type_selection)
self.buttonBox.clicked.connect(self.run)
#
# User browser
#
def get_detail(self):
# .ui is set for single item selection.
index = self.roles.selectedIndexes()[0]
item = self.role_model.data(index, Qt.UserRole)
self.log.debug("Generating detail window for {0}".format(item))
role_detail(self, item)
#
# Name criteria
#
def clear_name_error(self):
self.name.setToolTip("Match the role name.")
self.name.setPalette(self.orig_palette)
def set_name(self):
try:
self.query.name = self.name.text()
except Exception as ex:
self.log.error("Role name error: {0}".format(ex))
self.name.setToolTip("Error: " + str(ex))
self.name.setPalette(self.error_palette)
def set_name_regex(self, state):
self.log.debug("Setting name_regex {0}".format(state))
self.query.name_regex = state
self.clear_name_error()
self.set_name()
#
# Type criteria
#
def set_types(self):
selected_types = []
for index in self.types.selectionModel().selectedIndexes():
selected_types.append(self.type_model.data(index, Qt.UserRole))
self.query.types = selected_types
def invert_type_selection(self):
invert_list_selection(self.types.selectionModel())
#
# Results runner
#
def run(self, button):
# right now there is only one button.
self.query.types_equal = self.types_equal.isChecked()
# start processing
self.busy.setLabelText("Processing query...")
self.busy.show()
self.raw_results.clear()
self.thread.start()
def update_complete(self):
# update sizes/location of result displays
if not self.busy.wasCanceled():
self.busy.setLabelText("Resizing the result table's columns; GUI may be unresponsive")
self.busy.repaint()
self.table_results.resizeColumnsToContents()
# If the types column width is too long, pull back
# to a reasonable size
header = self.table_results.horizontalHeader()
if header.sectionSize(1) > 400:
header.resizeSection(1, 400)
if not self.busy.wasCanceled():
self.busy.setLabelText("Resizing the result table's rows; GUI may be unresponsive")
self.busy.repaint()
self.table_results.resizeRowsToContents()
if not self.busy.wasCanceled():
self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive")
self.busy.repaint()
self.raw_results.moveCursor(QTextCursor.Start)
self.busy.reset()
class ResultsUpdater(QObject):
"""
Thread for processing queries and updating result widgets.
Parameters:
query The query object
model The model for the results
Qt signals:
finished The update has completed.
raw_line (str) A string to be appended to the raw results.
"""
finished = pyqtSignal()
raw_line = pyqtSignal(str)
def __init__(self, query, model):
super(ResultsUpdater, self).__init__()
self.query = query
self.log = logging.getLogger(__name__)
self.table_results_model = model
def update(self):
"""Run the query and update results."""
self.table_results_model.beginResetModel()
results = []
counter = 0
for counter, item in enumerate(self.query.results(), start=1):
results.append(item)
self.raw_line.emit(item.statement())
if QThread.currentThread().isInterruptionRequested():
break
elif not counter % 10:
# yield execution every 10 rules
QThread.yieldCurrentThread()
self.table_results_model.resultlist = results
self.table_results_model.endResetModel()
self.log.info("{0} role(s) found.".format(counter))
self.finished.emit()