RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-11 03:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement logging in all Queries.

Browse Source
This commit is contained in:
Chris PeBenito 2015-03-20 12:02:13 -04:00
parent 3d1c8af0c1
commit a4ab5b64d5
21 changed files with 212 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
setools/boolquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -37,6 +38,7 @@ class BoolQuery(compquery.ComponentQuery):
default The default state to match.
match_default If true, the default state will be matched.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -44,6 +46,9 @@ class BoolQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all Booleans matching the criteria."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Default: {0.match_default}, state: {0.default}".format(self))
for b in self.policy.bools():
if self.name and not self._match_name(b):

5
setools/categoryquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -38,6 +39,7 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
alias_regex If true, regular expression matching
will be used on the alias names.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -45,6 +47,9 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching categories."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
for cat in self.policy.categories():
if self.name and not self._match_name(cat):

6
setools/commonquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -41,6 +42,7 @@ class CommonQuery(compquery.ComponentQuery):
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -48,6 +50,10 @@ class CommonQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching commons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp!r}, regex: {0.perms_regex}, eq: {0.perms_equal}".
format(self))
for com in self.policy.commons():
if self.name and not self._match_name(com):

9
setools/constraintquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import mixins
@ -64,6 +65,7 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
user_regex If true, regular expression matching will
be used on the user.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -97,6 +99,13 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
def results(self):
"""Generator which yields all matching constraints rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
for c in self.policy.constraints():
if self.ruletype:

10
setools/fsusequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -61,6 +62,7 @@ class FSUseQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -74,6 +76,14 @@ class FSUseQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching fs_use_* statements."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for fsu in self.policy.fs_uses():
if self.ruletype and fsu.ruletype not in self.ruletype:

11
setools/genfsconquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -64,6 +65,7 @@ class GenfsconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -78,6 +80,15 @@ class GenfsconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching genfscons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
self.log.debug("Path: {0.path_cmp!r}, regex: {0.path_regex}".format(self))
self.log.debug("Filetype: {0.filetype!r}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for g in self.policy.genfscons():
if self.fs and not self._match_regex(

10
setools/initsidquery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
from . import compquery
from . import contextquery
@ -54,6 +56,7 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -66,6 +69,13 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching initial SIDs."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for i in self.policy.initialsids():
if self.name and not self._match_regex(

11
setools/mlsrulequery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
from . import rulequery
@ -44,6 +46,7 @@ class MLSRuleQuery(rulequery.RuleQuery):
tclass_regex If true, use a regular expression for
matching the rule's object class.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -56,6 +59,14 @@ class MLSRuleQuery(rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching MLS rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source_cmp!r}, regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target_cmp!r}, regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Default: {0.default_cmp!r}, overlap: {0.default_overlap}, "
"subset: {0.default_subset}, superset: {0.default_superset}, "
"proper: {0.default_proper}".format(self))
for r in self.policy.mlsrules():
#

10
setools/netifconquery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
from . import compquery
from . import contextquery
@ -54,6 +56,7 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -66,6 +69,13 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching netifcons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for netif in self.policy.netifcons():
if self.name and not self._match_regex(

10
setools/nodeconquery.py
View File

@ -21,6 +21,7 @@ try:
except ImportError: # pragma: no cover
pass
import logging
import re
from socket import AF_INET, AF_INET6
@ -66,6 +67,7 @@ class NodeconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -79,6 +81,14 @@ class NodeconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching nodecons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Network: {0.network!r}, overlap: {0.network_overlap}".format(self))
self.log.debug("Ver: {0.version}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for n in self.policy.nodecons():

7
setools/objclassquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -52,6 +53,7 @@ class ObjClassQuery(compquery.ComponentQuery):
permission set not will be evaluated. Default
is true.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -60,6 +62,11 @@ class ObjClassQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching object classes."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Common: {0.common_cmp!r}, regex: {0.common_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp}, regex: {0.perms_regex}, "
"eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self))
for class_ in self.policy.classes():
if self.name and not self._match_name(class_):

54
setools/permmap.py
View File

@ -303,3 +303,57 @@ class PermissionMap(object):
write_weight = max(write_weight, mapping['weight'])
return (read_weight, write_weight)
def set_direction(self, class_, permission, direction):
"""
Set the information flow direction of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
direction The information flow direction the permission (r/w/b/n).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
"""
if direction not in self.valid_infoflow_directions:
raise ValueError("Invalid information flow direction: {0}".format(direction))
classname = str(class_)
if classname not in self.permmap:
raise UnmappedClass("{0} is not mapped.".format(classname))
try:
self.permmap[classname][permission]['direction'] = direction
except KeyError:
raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))
def set_weight(self, class_, permission, weight):
"""
Set the weight of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
weight The weight of the permission (1-10).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
"""
if not self.min_weight <= weight <= self.max_weight:
raise ValueError("Permission weights must be 1-10: {0}".format(weight))
classname = str(class_)
if classname not in self.permmap:
raise UnmappedClass("{0} is not mapped.".format(classname))
try:
self.permmap[classname][permission]['weight'] = weight
except KeyError:
raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))

4
setools/polcapquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -33,12 +34,15 @@ class PolCapQuery(compquery.ComponentQuery):
name_regex If true, regular expression matching will
be used for matching the name.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
def results(self):
"""Generator which yields all matching policy capabilities."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
for cap in self.policy.polcaps():
if self.name and not self._match_name(cap):

11
setools/portconquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
from socket import IPPROTO_TCP, IPPROTO_UDP
from . import contextquery
@ -75,6 +76,7 @@ class PortconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -89,6 +91,15 @@ class PortconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching portcons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ports: {0.ports_cmp}, overlap: {0.ports_overlap}, "
"subset: {0.ports_subset}, superset: {0.ports_superset}, "
"proper: {0.ports_proper}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for p in self.policy.portcons():

10
setools/rbacrulequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from .policyrep.rule import RuleUseError
@ -57,6 +58,7 @@ class RBACRuleQuery(rulequery.RuleQuery):
default_regex If true, regular expression matching will
be used on the default role.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@ -68,6 +70,14 @@ class RBACRuleQuery(rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching RBAC rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
"regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
"regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
for r in self.policy.rbacrules():
#

6
setools/rolequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -43,6 +44,7 @@ class RoleQuery(compquery.ComponentQuery):
will be used on the type names instead
of set logic.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -50,6 +52,10 @@ class RoleQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching roles."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
"eq: {0.types_equal}".format(self))
for r in self.policy.roles():
if r == "object_r":

6
setools/sensitivityquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -44,6 +45,7 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
sens_domby If true, the criteria will match if it is dominated
by the sensitivity.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -52,6 +54,10 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching sensitivities."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
self.log.debug("Sens: {0.sens!r}, dom: {0.sens_dom}, domby: {0.sens_domby}".format(self))
for s in self.policy.sensitivities():
if self.name and not self._match_name(s):

14
setools/terulequery.py
View File

@ -78,16 +78,16 @@ class TERuleQuery(mixins.MatchPermission, rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching TE rules."""
self.log.info("Generating results.")
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source}, indirect: {0.source_indirect}, "
self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
"regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target}, indirect: {0.target_indirect}, "
self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
"regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass}, regex: {0.tclass_regex}".format(self))
self.log.debug("Perms: {0.perms}, eq: {0.perms_equal}".format(self))
self.log.debug("Default: {0.default}, regex: {0.default_regex}".format(self))
self.log.debug("Boolean: {0.boolean}, eq: {0.boolean_equal}, "
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
self.log.debug("Boolean: {0.boolean_cmp!r}, eq: {0.boolean_equal}, "
"regex: {0.boolean_regex}".format(self))
for r in self.policy.terules():

6
setools/typeattrquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -43,6 +44,7 @@ class TypeAttributeQuery(compquery.ComponentQuery):
will be used on the type names instead
of set logic.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -50,6 +52,10 @@ class TypeAttributeQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching types."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
"eq: {0.types_equal}".format(self))
for a in self.policy.typeattributes():
if self.name and not self._match_name(a):

8
setools/typequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import logging
import re
from . import compquery
@ -51,6 +52,7 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
match_permissive If true, the permissive state will be matched.
permissive The permissive state to match.
"""
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@ -60,6 +62,12 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching types."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
self.log.debug("Attrs: {0.attrs_cmp!r}, regex: {0.attrs_regex}, "
"eq: {0.attrs_equal}".format(self))
self.log.debug("Permissive: {0.match_permissive}, state: {0.permissive}".format(self))
for t in self.policy.types():
if self.name and not self._match_name(t):

11
setools/userquery.py
View File

@ -74,12 +74,13 @@ class UserQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching users."""
self.log.info("Generating results.")
self.log.debug("Name: {0.name}, regex: {0.name_regex}".format(self))
self.log.debug("Roles: {0.roles}, regex: {0.roles_regex}, eq: {0.roles_equal}".format(self))
self.log.debug("Level: {0.level}, dom: {0.level_dom}, domby: {0.level_domby}, "
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Roles: {0.roles_cmp!r}, regex: {0.roles_regex}, "
"eq: {0.roles_equal}".format(self))
self.log.debug("Level: {0.level!r}, dom: {0.level_dom}, domby: {0.level_domby}, "
"incomp: {0.level_incomp}".format(self))
self.log.debug("Range: {0.range_}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for u in self.policy.users():