def get_all_role_allows(): global role_allows if role_allows: return role_allows role_allows = {} q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW]) for r in q.results(): src = str(r.source) tgt = str(r.target) if src == "system_r" or tgt == "system_r": continue if src in role_allows: role_allows[src].append(tgt) else: role_allows[src] = [tgt] return role_allows
def roletrans_query(self, **kwargs): if "ruletype" not in kwargs: kwargs["ruletype"] = [ se.RBACRuletype.role_transition, se.RBACRuletype.allow ] return sorted(se.RBACRuleQuery(self, **kwargs).results())
def search(types, seinfo=None): if not seinfo: seinfo = {} valid_types = set( [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]) for setype in types: if setype not in valid_types: raise ValueError("Type has to be in %s" % " ".join(valid_types)) source = None if SOURCE in seinfo: source = str(seinfo[SOURCE]) target = None if TARGET in seinfo: target = str(seinfo[TARGET]) tclass = None if CLASS in seinfo: tclass = str(seinfo[CLASS]).split(',') toret = [] tertypes = [] if ALLOW in types: tertypes.append(ALLOW) if NEVERALLOW in types: tertypes.append(NEVERALLOW) if AUDITALLOW in types: tertypes.append(AUDITALLOW) if DONTAUDIT in types: tertypes.append(DONTAUDIT) if len(tertypes) > 0: q = setools.TERuleQuery(_pol, ruletype=tertypes, source=source, target=target, tclass=tclass) if PERMS in seinfo: q.perms = seinfo[PERMS] toret += [_setools_rule_to_dict(x) for x in q.results()] if TRANSITION in types: rtypes = ['type_transition', 'type_change', 'type_member'] q = setools.TERuleQuery(_pol, ruletype=rtypes, source=source, target=target, tclass=tclass) if PERMS in seinfo: q.perms = seinfo[PERMS] toret += [_setools_rule_to_dict(x) for x in q.results()] if ROLE_ALLOW in types: ratypes = ['allow'] q = setools.RBACRuleQuery(_pol, ruletype=ratypes, source=source, target=target, tclass=tclass) for r in q.results(): toret.append({'source': str(r.source), 'target': str(r.target)}) return toret
if args.boolean: if args.boolean_regex: q.boolean = args.boolean else: q.boolean = args.boolean.split(",") for r in sorted(q.results()): print(r) if args.rbacrtypes: q = setools.RBACRuleQuery(p, ruletype=args.rbacrtypes, source=args.source, source_indirect=args.source_indirect, source_regex=args.source_regex, target=args.target, target_indirect=args.target_indirect, target_regex=args.target_regex, default=args.default, default_regex=args.default_regex, tclass_regex=args.tclass_regex) # these are broken out from the above statement to prevent making a list # with an empty string in it (split on empty string) if args.tclass: if args.tclass_regex: q.tclass = args.tclass else: q.tclass = args.tclass.split(",") for r in sorted(q.results()):