RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-25 04:39:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement logging in all Queries.

Browse Source
This commit is contained in:
Chris PeBenito 2015-03-20 12:02:13 -04:00
parent 3d1c8af0c1
commit a4ab5b64d5
21 changed files with 212 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
setools/boolquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -37,6 +38,7 @@ class BoolQuery(compquery.ComponentQuery):
default The default state to match. default The default state to match.
match_default If true, the default state will be matched. match_default If true, the default state will be matched.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -44,6 +46,9 @@ class BoolQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all Booleans matching the criteria.""" """Generator which yields all Booleans matching the criteria."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Default: {0.match_default}, state: {0.default}".format(self))
for b in self.policy.bools(): for b in self.policy.bools():
if self.name and not self._match_name(b): if self.name and not self._match_name(b):

5
setools/categoryquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -38,6 +39,7 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
alias_regex If true, regular expression matching alias_regex If true, regular expression matching
will be used on the alias names. will be used on the alias names.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -45,6 +47,9 @@ class CategoryQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching categories.""" """Generator which yields all matching categories."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
for cat in self.policy.categories(): for cat in self.policy.categories():
if self.name and not self._match_name(cat): if self.name and not self._match_name(cat):

6
setools/commonquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -41,6 +42,7 @@ class CommonQuery(compquery.ComponentQuery):
perms_regex If true, regular expression matching will be used perms_regex If true, regular expression matching will be used
on the permission names instead of set logic. on the permission names instead of set logic.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -48,6 +50,10 @@ class CommonQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching commons.""" """Generator which yields all matching commons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp!r}, regex: {0.perms_regex}, eq: {0.perms_equal}".
format(self))
for com in self.policy.commons(): for com in self.policy.commons():
if self.name and not self._match_name(com): if self.name and not self._match_name(com):

9
setools/constraintquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import mixins from . import mixins
@ -64,6 +65,7 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
user_regex If true, regular expression matching will user_regex If true, regular expression matching will
be used on the user. be used on the user.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -97,6 +99,13 @@ class ConstraintQuery(mixins.MatchObjClass, mixins.MatchPermission, PolicyQuery)
def results(self): def results(self):
"""Generator which yields all matching constraints rules.""" """Generator which yields all matching constraints rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
for c in self.policy.constraints(): for c in self.policy.constraints():
if self.ruletype: if self.ruletype:

10
setools/fsusequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -61,6 +62,7 @@ class FSUseQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -74,6 +76,14 @@ class FSUseQuery(contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching fs_use_* statements.""" """Generator which yields all matching fs_use_* statements."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for fsu in self.policy.fs_uses(): for fsu in self.policy.fs_uses():
if self.ruletype and fsu.ruletype not in self.ruletype: if self.ruletype and fsu.ruletype not in self.ruletype:

11
setools/genfsconquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -64,6 +65,7 @@ class GenfsconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -78,6 +80,15 @@ class GenfsconQuery(contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching genfscons.""" """Generator which yields all matching genfscons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("FS: {0.fs_cmp!r}, regex: {0.fs_regex}".format(self))
self.log.debug("Path: {0.path_cmp!r}, regex: {0.path_regex}".format(self))
self.log.debug("Filetype: {0.filetype!r}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for g in self.policy.genfscons(): for g in self.policy.genfscons():
if self.fs and not self._match_regex( if self.fs and not self._match_regex(

10
setools/initsidquery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
from . import compquery from . import compquery
from . import contextquery from . import contextquery
@ -54,6 +56,7 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -66,6 +69,13 @@ class InitialSIDQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching initial SIDs.""" """Generator which yields all matching initial SIDs."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for i in self.policy.initialsids(): for i in self.policy.initialsids():
if self.name and not self._match_regex( if self.name and not self._match_regex(

11
setools/mlsrulequery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
from . import rulequery from . import rulequery
@ -44,6 +46,7 @@ class MLSRuleQuery(rulequery.RuleQuery):
tclass_regex If true, use a regular expression for tclass_regex If true, use a regular expression for
matching the rule's object class. matching the rule's object class.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -56,6 +59,14 @@ class MLSRuleQuery(rulequery.RuleQuery):
def results(self): def results(self):
"""Generator which yields all matching MLS rules.""" """Generator which yields all matching MLS rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source_cmp!r}, regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target_cmp!r}, regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Default: {0.default_cmp!r}, overlap: {0.default_overlap}, "
"subset: {0.default_subset}, superset: {0.default_superset}, "
"proper: {0.default_proper}".format(self))
for r in self.policy.mlsrules(): for r in self.policy.mlsrules():
# #

10
setools/netifconquery.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
from . import compquery from . import compquery
from . import contextquery from . import contextquery
@ -54,6 +56,7 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -66,6 +69,13 @@ class NetifconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching netifcons.""" """Generator which yields all matching netifcons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for netif in self.policy.netifcons(): for netif in self.policy.netifcons():
if self.name and not self._match_regex( if self.name and not self._match_regex(

10
setools/nodeconquery.py
View File

@ -21,6 +21,7 @@ try:
except ImportError: # pragma: no cover except ImportError: # pragma: no cover
pass pass
import logging
import re import re
from socket import AF_INET, AF_INET6 from socket import AF_INET, AF_INET6
@ -66,6 +67,7 @@ class NodeconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -79,6 +81,14 @@ class NodeconQuery(contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching nodecons.""" """Generator which yields all matching nodecons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Network: {0.network!r}, overlap: {0.network_overlap}".format(self))
self.log.debug("Ver: {0.version}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for n in self.policy.nodecons(): for n in self.policy.nodecons():

7
setools/objclassquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -52,6 +53,7 @@ class ObjClassQuery(compquery.ComponentQuery):
permission set not will be evaluated. Default permission set not will be evaluated. Default
is true. is true.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -60,6 +62,11 @@ class ObjClassQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching object classes.""" """Generator which yields all matching object classes."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Common: {0.common_cmp!r}, regex: {0.common_regex}".format(self))
self.log.debug("Perms: {0.perms_cmp}, regex: {0.perms_regex}, "
"eq: {0.perms_equal}, indirect: {0.perms_indirect}".format(self))
for class_ in self.policy.classes(): for class_ in self.policy.classes():
if self.name and not self._match_name(class_): if self.name and not self._match_name(class_):

54
setools/permmap.py
View File

@ -303,3 +303,57 @@ class PermissionMap(object):
write_weight = max(write_weight, mapping['weight']) write_weight = max(write_weight, mapping['weight'])
return (read_weight, write_weight) return (read_weight, write_weight)
def set_direction(self, class_, permission, direction):
"""
Set the information flow direction of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
direction The information flow direction the permission (r/w/b/n).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
"""
if direction not in self.valid_infoflow_directions:
raise ValueError("Invalid information flow direction: {0}".format(direction))
classname = str(class_)
if classname not in self.permmap:
raise UnmappedClass("{0} is not mapped.".format(classname))
try:
self.permmap[classname][permission]['direction'] = direction
except KeyError:
raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))
def set_weight(self, class_, permission, weight):
"""
Set the weight of a permission.
Parameter:
class_ The object class of the permission.
permission The permission name.
weight The weight of the permission (1-10).
Exceptions:
UnmappedClass The specified object class is not mapped.
UnmappedPermission The specified permission is not mapped for the object class.
"""
if not self.min_weight <= weight <= self.max_weight:
raise ValueError("Permission weights must be 1-10: {0}".format(weight))
classname = str(class_)
if classname not in self.permmap:
raise UnmappedClass("{0} is not mapped.".format(classname))
try:
self.permmap[classname][permission]['weight'] = weight
except KeyError:
raise UnmappedPermission("{0}:{1} is not mapped.".format(classname, permission))

4
setools/polcapquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -33,12 +34,15 @@ class PolCapQuery(compquery.ComponentQuery):
name_regex If true, regular expression matching will name_regex If true, regular expression matching will
be used for matching the name. be used for matching the name.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
def results(self): def results(self):
"""Generator which yields all matching policy capabilities.""" """Generator which yields all matching policy capabilities."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
for cap in self.policy.polcaps(): for cap in self.policy.polcaps():
if self.name and not self._match_name(cap): if self.name and not self._match_name(cap):

11
setools/portconquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
from socket import IPPROTO_TCP, IPPROTO_UDP from socket import IPPROTO_TCP, IPPROTO_UDP
from . import contextquery from . import contextquery
@ -75,6 +76,7 @@ class PortconQuery(contextquery.ContextQuery):
range_proper If true, use proper superset/subset operations. range_proper If true, use proper superset/subset operations.
No effect if not using set operations. No effect if not using set operations.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -89,6 +91,15 @@ class PortconQuery(contextquery.ContextQuery):
def results(self): def results(self):
"""Generator which yields all matching portcons.""" """Generator which yields all matching portcons."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ports: {0.ports_cmp}, overlap: {0.ports_overlap}, "
"subset: {0.ports_subset}, superset: {0.ports_superset}, "
"proper: {0.ports_proper}".format(self))
self.log.debug("User: {0.user_cmp!r}, regex: {0.user_regex}".format(self))
self.log.debug("Role: {0.role_cmp!r}, regex: {0.role_regex}".format(self))
self.log.debug("Type: {0.type_cmp!r}, regex: {0.type_regex}".format(self))
self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for p in self.policy.portcons(): for p in self.policy.portcons():

10
setools/rbacrulequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from .policyrep.rule import RuleUseError from .policyrep.rule import RuleUseError
@ -57,6 +58,7 @@ class RBACRuleQuery(rulequery.RuleQuery):
default_regex If true, regular expression matching will default_regex If true, regular expression matching will
be used on the default role. be used on the default role.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
@ -68,6 +70,14 @@ class RBACRuleQuery(rulequery.RuleQuery):
def results(self): def results(self):
"""Generator which yields all matching RBAC rules.""" """Generator which yields all matching RBAC rules."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
"regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
"regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
for r in self.policy.rbacrules(): for r in self.policy.rbacrules():
# #

6
setools/rolequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -43,6 +44,7 @@ class RoleQuery(compquery.ComponentQuery):
will be used on the type names instead will be used on the type names instead
of set logic. of set logic.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -50,6 +52,10 @@ class RoleQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching roles.""" """Generator which yields all matching roles."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
"eq: {0.types_equal}".format(self))
for r in self.policy.roles(): for r in self.policy.roles():
if r == "object_r": if r == "object_r":

6
setools/sensitivityquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -44,6 +45,7 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
sens_domby If true, the criteria will match if it is dominated sens_domby If true, the criteria will match if it is dominated
by the sensitivity. by the sensitivity.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -52,6 +54,10 @@ class SensitivityQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching sensitivities.""" """Generator which yields all matching sensitivities."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
self.log.debug("Sens: {0.sens!r}, dom: {0.sens_dom}, domby: {0.sens_domby}".format(self))
for s in self.policy.sensitivities(): for s in self.policy.sensitivities():
if self.name and not self._match_name(s): if self.name and not self._match_name(s):

14
setools/terulequery.py
View File

@ -78,16 +78,16 @@ class TERuleQuery(mixins.MatchPermission, rulequery.RuleQuery):
def results(self): def results(self):
"""Generator which yields all matching TE rules.""" """Generator which yields all matching TE rules."""
self.log.info("Generating results.") self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Ruletypes: {0.ruletype}".format(self)) self.log.debug("Ruletypes: {0.ruletype}".format(self))
self.log.debug("Source: {0.source}, indirect: {0.source_indirect}, " self.log.debug("Source: {0.source_cmp!r}, indirect: {0.source_indirect}, "
"regex: {0.source_regex}".format(self)) "regex: {0.source_regex}".format(self))
self.log.debug("Target: {0.target}, indirect: {0.target_indirect}, " self.log.debug("Target: {0.target_cmp!r}, indirect: {0.target_indirect}, "
"regex: {0.target_regex}".format(self)) "regex: {0.target_regex}".format(self))
self.log.debug("Class: {0.tclass}, regex: {0.tclass_regex}".format(self)) self.log.debug("Class: {0.tclass_cmp!r}, regex: {0.tclass_regex}".format(self))
self.log.debug("Perms: {0.perms}, eq: {0.perms_equal}".format(self)) self.log.debug("Perms: {0.perms_cmp}, eq: {0.perms_equal}".format(self))
self.log.debug("Default: {0.default}, regex: {0.default_regex}".format(self)) self.log.debug("Default: {0.default_cmp!r}, regex: {0.default_regex}".format(self))
self.log.debug("Boolean: {0.boolean}, eq: {0.boolean_equal}, " self.log.debug("Boolean: {0.boolean_cmp!r}, eq: {0.boolean_equal}, "
"regex: {0.boolean_regex}".format(self)) "regex: {0.boolean_regex}".format(self))
for r in self.policy.terules(): for r in self.policy.terules():

6
setools/typeattrquery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -43,6 +44,7 @@ class TypeAttributeQuery(compquery.ComponentQuery):
will be used on the type names instead will be used on the type names instead
of set logic. of set logic.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -50,6 +52,10 @@ class TypeAttributeQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching types.""" """Generator which yields all matching types."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Types: {0.types_cmp!r}, regex: {0.types_regex}, "
"eq: {0.types_equal}".format(self))
for a in self.policy.typeattributes(): for a in self.policy.typeattributes():
if self.name and not self._match_name(a): if self.name and not self._match_name(a):

8
setools/typequery.py
View File

@ -16,6 +16,7 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import logging
import re import re
from . import compquery from . import compquery
@ -51,6 +52,7 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
match_permissive If true, the permissive state will be matched. match_permissive If true, the permissive state will be matched.
permissive The permissive state to match. permissive The permissive state to match.
""" """
self.log = logging.getLogger(self.__class__.__name__)
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
@ -60,6 +62,12 @@ class TypeQuery(mixins.MatchAlias, compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching types.""" """Generator which yields all matching types."""
self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Alias: {0.alias_cmp}, regex: {0.alias_regex}".format(self))
self.log.debug("Attrs: {0.attrs_cmp!r}, regex: {0.attrs_regex}, "
"eq: {0.attrs_equal}".format(self))
self.log.debug("Permissive: {0.match_permissive}, state: {0.permissive}".format(self))
for t in self.policy.types(): for t in self.policy.types():
if self.name and not self._match_name(t): if self.name and not self._match_name(t):

11
setools/userquery.py
View File

@ -74,12 +74,13 @@ class UserQuery(compquery.ComponentQuery):
def results(self): def results(self):
"""Generator which yields all matching users.""" """Generator which yields all matching users."""
self.log.info("Generating results.") self.log.info("Generating results from {0.policy}".format(self))
self.log.debug("Name: {0.name}, regex: {0.name_regex}".format(self)) self.log.debug("Name: {0.name_cmp!r}, regex: {0.name_regex}".format(self))
self.log.debug("Roles: {0.roles}, regex: {0.roles_regex}, eq: {0.roles_equal}".format(self)) self.log.debug("Roles: {0.roles_cmp!r}, regex: {0.roles_regex}, "
self.log.debug("Level: {0.level}, dom: {0.level_dom}, domby: {0.level_domby}, " "eq: {0.roles_equal}".format(self))
self.log.debug("Level: {0.level!r}, dom: {0.level_dom}, domby: {0.level_domby}, "
"incomp: {0.level_incomp}".format(self)) "incomp: {0.level_incomp}".format(self))
self.log.debug("Range: {0.range_}, subset: {0.range_subset}, overlap: {0.range_overlap}, " self.log.debug("Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, "
"superset: {0.range_superset}, proper: {0.range_proper}".format(self)) "superset: {0.range_superset}, proper: {0.range_proper}".format(self))
for u in self.policy.users(): for u in self.policy.users():