diff --git a/setools/boolquery.py b/setools/boolquery.py
index 9302422..9f85be7 100644
--- a/setools/boolquery.py
+++ b/setools/boolquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -37,6 +38,7 @@ class BoolQuery(compquery.ComponentQuery):
default The default state to match.
match_default If true, the default state will be matched.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -44,6 +46,9 @@ class BoolQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all Booleans matching the criteria."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Default: {0.match_default}, state: {0.default}".format(self))
for b in self.policy.bools():
if self.name and not self._match_name(b):
diff --git a/setools/categoryquery.py b/setools/categoryquery.py
index 6f74be2..eab4039 100644
--- a/setools/categoryquery.py
+++ b/setools/categoryquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -38,6 +39,7 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
alias_regex If true, regular expression matching
will be used on the alias names.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -45,6 +47,9 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching categories."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
for cat in self.policy.categories():
if self.name and not self._match_name(cat):
diff --git a/setools/commonquery.py b/setools/commonquery.py
index fd4e2bc..543914f 100644
--- a/setools/commonquery.py
+++ b/setools/commonquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -41,6 +42,7 @@ class CommonQuery(compquery.ComponentQuery):
perms_regex If true, regular expression matching will be used
on the permission names instead of set logic.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -48,6 +50,10 @@ class CommonQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching commons."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Perms: {0.perms_cmp!r}, regex: {0.perms_regex}, eq: {0.perms_equal}".
+ format(self))
for com in self.policy.commons():
if self.name and not self._match_name(com):
diff --git a/setools/constraintquery.py b/setools/constraintquery.py
index 64f5f07..bda7ebb 100644
--- a/setools/constraintquery.py
+++ b/setools/constraintquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import mixins
@@ -64,6 +65,7 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
user_regex If true, regular expression matching will
be used on the user.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -97,6 +99,13 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
def results(self):
"""Generator which yields all matching constraints rules."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Ruletypes: {0.ruletype}".format(self))
+ self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
+ self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
for c in self.policy.constraints():
if self.ruletype:
diff --git a/setools/fsusequery.py b/setools/fsusequery.py
index 60290c2..d292f27 100644
--- a/setools/fsusequery.py
+++ b/setools/fsusequery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -61,6 +62,7 @@ class FSUseQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -74,6 +76,14 @@ class FSUseQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching fs_use_* statements."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Ruletypes: {0.ruletype}".format(self))
+ self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for fsu in self.policy.fs_uses():
if self.ruletype and fsu.ruletype not in self.ruletype:
diff --git a/setools/genfsconquery.py b/setools/genfsconquery.py
index b7b23bc..e567af2 100644
--- a/setools/genfsconquery.py
+++ b/setools/genfsconquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -64,6 +65,7 @@ class GenfsconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -78,6 +80,15 @@ class GenfsconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching genfscons."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
+ self.log.debug("Path: {0.path_cmp!r}, regex: {0.path_regex}".format(self))
+ self.log.debug("Filetype: {0.filetype!r}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for g in self.policy.genfscons():
if self.fs and not self._match_regex(
diff --git a/setools/initsidquery.py b/setools/initsidquery.py
index 5ec2aa9..04a1632 100644
--- a/setools/initsidquery.py
+++ b/setools/initsidquery.py
@@ -16,6 +16,8 @@
# License along with SETools. If not, see
# .
#
+import logging
+
from . import compquery
from . import contextquery
@@ -54,6 +56,7 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -66,6 +69,13 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching initial SIDs."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for i in self.policy.initialsids():
if self.name and not self._match_regex(
diff --git a/setools/mlsrulequery.py b/setools/mlsrulequery.py
index 6733c4d..835aebf 100644
--- a/setools/mlsrulequery.py
+++ b/setools/mlsrulequery.py
@@ -16,6 +16,8 @@
# License along with SETools. If not, see
# .
#
+import logging
+
from . import rulequery
@@ -44,6 +46,7 @@ class MLSRuleQuery(rulequery.RuleQuery):
tclass_regex If true, use a regular expression for
matching the rule's object class.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -56,6 +59,14 @@ class MLSRuleQuery(rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching MLS rules."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Ruletypes: {0.ruletype}".format(self))
+ self.log.debug("Source: {0.source_cmp!r}, regex: {0.source_regex}".format(self))
+ self.log.debug("Target: {0.target_cmp!r}, regex: {0.target_regex}".format(self))
+ self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
+ self.log.debug("Default: {0.default_cmp!r}, overlap: {0.default_overlap}, "
+ "subset: {0.default_subset}, superset: {0.default_superset}, "
+ "proper: {0.default_proper}".format(self))
for r in self.policy.mlsrules():
#
diff --git a/setools/netifconquery.py b/setools/netifconquery.py
index a6475be..f1cdf9e 100644
--- a/setools/netifconquery.py
+++ b/setools/netifconquery.py
@@ -16,6 +16,8 @@
# License along with SETools. If not, see
# .
#
+import logging
+
from . import compquery
from . import contextquery
@@ -54,6 +56,7 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -66,6 +69,13 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching netifcons."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for netif in self.policy.netifcons():
if self.name and not self._match_regex(
diff --git a/setools/nodeconquery.py b/setools/nodeconquery.py
index cb4b5ff..c0314e3 100644
--- a/setools/nodeconquery.py
+++ b/setools/nodeconquery.py
@@ -21,6 +21,7 @@ try:
except ImportError: # pragma: no cover
pass
+import logging
import re
from socket import AF_INET, AF_INET6
@@ -66,6 +67,7 @@ class NodeconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -79,6 +81,14 @@ class NodeconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching nodecons."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Network: {0.network!r}, overlap: {0.network_overlap}".format(self))
+ self.log.debug("Ver: {0.version}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for n in self.policy.nodecons():
diff --git a/setools/objclassquery.py b/setools/objclassquery.py
index 0b3d647..db6e2de 100644
--- a/setools/objclassquery.py
+++ b/setools/objclassquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -52,6 +53,7 @@ class ObjClassQuery(compquery.ComponentQuery):
permission set not will be evaluated. Default
is true.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -60,6 +62,11 @@ class ObjClassQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching object classes."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Common: {0.common_cmp!r}, regex: {0.common_regex}".format(self))
+ self.log.debug("Perms: {0.perms_cmp}, regex: {0.perms_regex}, "
+ "eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self))
for class_ in self.policy.classes():
if self.name and not self._match_name(class_):
diff --git a/setools/permmap.py b/setools/permmap.py
index 4af69de..c0f3436 100644
--- a/setools/permmap.py
+++ b/setools/permmap.py
@@ -303,3 +303,57 @@ class PermissionMap(object):
write_weight = max(write_weight, mapping['weight'])
return (read_weight, write_weight)
+
+ def set_direction(self, class_, permission, direction):
+ """
+ Set the information flow direction of a permission.
+
+ Parameter:
+ class_ The object class of the permission.
+ permission The permission name.
+ direction The information flow direction the permission (r/w/b/n).
+
+ Exceptions:
+ UnmappedClass The specified object class is not mapped.
+ UnmappedPermission The specified permission is not mapped for the object class.
+ """
+
+ if direction not in self.valid_infoflow_directions:
+ raise ValueError("Invalid information flow direction: {0}".format(direction))
+
+ classname = str(class_)
+
+ if classname not in self.permmap:
+ raise UnmappedClass("{0} is not mapped.".format(classname))
+
+ try:
+ self.permmap[classname][permission]['direction'] = direction
+ except KeyError:
+ raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))
+
+ def set_weight(self, class_, permission, weight):
+ """
+ Set the weight of a permission.
+
+ Parameter:
+ class_ The object class of the permission.
+ permission The permission name.
+ weight The weight of the permission (1-10).
+
+ Exceptions:
+ UnmappedClass The specified object class is not mapped.
+ UnmappedPermission The specified permission is not mapped for the object class.
+ """
+
+ if not self.min_weight <= weight <= self.max_weight:
+ raise ValueError("Permission weights must be 1-10: {0}".format(weight))
+
+ classname = str(class_)
+
+ if classname not in self.permmap:
+ raise UnmappedClass("{0} is not mapped.".format(classname))
+
+ try:
+ self.permmap[classname][permission]['weight'] = weight
+ except KeyError:
+ raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))
diff --git a/setools/polcapquery.py b/setools/polcapquery.py
index bbb2adf..bf85f54 100644
--- a/setools/polcapquery.py
+++ b/setools/polcapquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -33,12 +34,15 @@ class PolCapQuery(compquery.ComponentQuery):
name_regex If true, regular expression matching will
be used for matching the name.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
def results(self):
"""Generator which yields all matching policy capabilities."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
for cap in self.policy.polcaps():
if self.name and not self._match_name(cap):
diff --git a/setools/portconquery.py b/setools/portconquery.py
index f0a1de3..217eaea 100644
--- a/setools/portconquery.py
+++ b/setools/portconquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
from socket import IPPROTO_TCP, IPPROTO_UDP
from . import contextquery
@@ -75,6 +76,7 @@ class PortconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -89,6 +91,15 @@ class PortconQuery(contextquery.ContextQuery):
def results(self):
"""Generator which yields all matching portcons."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Ports: {0.ports_cmp}, overlap: {0.ports_overlap}, "
+ "subset: {0.ports_subset}, superset: {0.ports_superset}, "
+ "proper: {0.ports_proper}".format(self))
+ self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
+ self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
+ self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for p in self.policy.portcons():
diff --git a/setools/rbacrulequery.py b/setools/rbacrulequery.py
index 58b5cd5..dbfab12 100644
--- a/setools/rbacrulequery.py
+++ b/setools/rbacrulequery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from .policyrep.rule import RuleUseError
@@ -57,6 +58,7 @@ class RBACRuleQuery(rulequery.RuleQuery):
default_regex If true, regular expression matching will
be used on the default role.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
@@ -68,6 +70,14 @@ class RBACRuleQuery(rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching RBAC rules."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Ruletypes: {0.ruletype}".format(self))
+ self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
+ "regex: {0.source_regex}".format(self))
+ self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
+ "regex: {0.target_regex}".format(self))
+ self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
+ self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
for r in self.policy.rbacrules():
#
diff --git a/setools/rolequery.py b/setools/rolequery.py
index 737b313..68b7b7a 100644
--- a/setools/rolequery.py
+++ b/setools/rolequery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -43,6 +44,7 @@ class RoleQuery(compquery.ComponentQuery):
will be used on the type names instead
of set logic.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -50,6 +52,10 @@ class RoleQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching roles."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
+ "eq: {0.types_equal}".format(self))
for r in self.policy.roles():
if r == "object_r":
diff --git a/setools/sensitivityquery.py b/setools/sensitivityquery.py
index 83e4e3f..786d513 100644
--- a/setools/sensitivityquery.py
+++ b/setools/sensitivityquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -44,6 +45,7 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
sens_domby If true, the criteria will match if it is dominated
by the sensitivity.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -52,6 +54,10 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching sensitivities."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
+ self.log.debug("Sens: {0.sens!r}, dom: {0.sens_dom}, domby: {0.sens_domby}".format(self))
for s in self.policy.sensitivities():
if self.name and not self._match_name(s):
diff --git a/setools/terulequery.py b/setools/terulequery.py
index 3a678b1..8157dea 100644
--- a/setools/terulequery.py
+++ b/setools/terulequery.py
@@ -78,16 +78,16 @@ class TERuleQuery(mixins.MatchPermission, rulequery.RuleQuery):
def results(self):
"""Generator which yields all matching TE rules."""
- self.log.info("Generating results.")
+ self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
- self.log.debug("Source: {0.source}, indirect: {0.source_indirect}, "
+ self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
"regex: {0.source_regex}".format(self))
- self.log.debug("Target: {0.target}, indirect: {0.target_indirect}, "
+ self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
"regex: {0.target_regex}".format(self))
- self.log.debug("Class: {0.tclass}, regex: {0.tclass_regex}".format(self))
- self.log.debug("Perms: {0.perms}, eq: {0.perms_equal}".format(self))
- self.log.debug("Default: {0.default}, regex: {0.default_regex}".format(self))
- self.log.debug("Boolean: {0.boolean}, eq: {0.boolean_equal}, "
+ self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
+ self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
+ self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
+ self.log.debug("Boolean: {0.boolean_cmp!r}, eq: {0.boolean_equal}, "
"regex: {0.boolean_regex}".format(self))
for r in self.policy.terules():
diff --git a/setools/typeattrquery.py b/setools/typeattrquery.py
index 49c2f53..f9f1187 100644
--- a/setools/typeattrquery.py
+++ b/setools/typeattrquery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -43,6 +44,7 @@ class TypeAttributeQuery(compquery.ComponentQuery):
will be used on the type names instead
of set logic.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -50,6 +52,10 @@ class TypeAttributeQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching types."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
+ "eq: {0.types_equal}".format(self))
for a in self.policy.typeattributes():
if self.name and not self._match_name(a):
diff --git a/setools/typequery.py b/setools/typequery.py
index 102d32d..6484e48 100644
--- a/setools/typequery.py
+++ b/setools/typequery.py
@@ -16,6 +16,7 @@
# License along with SETools. If not, see
# .
#
+import logging
import re
from . import compquery
@@ -51,6 +52,7 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
match_permissive If true, the permissive state will be matched.
permissive The permissive state to match.
"""
+ self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy
self.set_name(name, regex=name_regex)
@@ -60,6 +62,12 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching types."""
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
+ self.log.debug("Attrs: {0.attrs_cmp!r}, regex: {0.attrs_regex}, "
+ "eq: {0.attrs_equal}".format(self))
+ self.log.debug("Permissive: {0.match_permissive}, state: {0.permissive}".format(self))
for t in self.policy.types():
if self.name and not self._match_name(t):
diff --git a/setools/userquery.py b/setools/userquery.py
index 46df0e0..d1f6155 100644
--- a/setools/userquery.py
+++ b/setools/userquery.py
@@ -74,12 +74,13 @@ class UserQuery(compquery.ComponentQuery):
def results(self):
"""Generator which yields all matching users."""
- self.log.info("Generating results.")
- self.log.debug("Name: {0.name}, regex: {0.name_regex}".format(self))
- self.log.debug("Roles: {0.roles}, regex: {0.roles_regex}, eq: {0.roles_equal}".format(self))
- self.log.debug("Level: {0.level}, dom: {0.level_dom}, domby: {0.level_domby}, "
+ self.log.info("Generating results from {0.policy}".format(self))
+ self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
+ self.log.debug("Roles: {0.roles_cmp!r}, regex: {0.roles_regex}, "
+ "eq: {0.roles_equal}".format(self))
+ self.log.debug("Level: {0.level!r}, dom: {0.level_dom}, domby: {0.level_domby}, "
"incomp: {0.level_incomp}".format(self))
- self.log.debug("Range: {0.range_}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
+ self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for u in self.policy.users():