def get_all_role_allows():
global role_allows
if role_allows:
return role_allows
role_allows = {}
q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
for r in q.results():
src = str(r.source)
tgt = str(r.target)
if src == "system_r" or tgt == "system_r":
continue
if src in role_allows:
role_allows[src].append(tgt)
else:
role_allows[src] = [tgt]
return role_allows
def roletrans_query(self, **kwargs):
if "ruletype" not in kwargs:
kwargs["ruletype"] = [
se.RBACRuletype.role_transition, se.RBACRuletype.allow
]
return sorted(se.RBACRuleQuery(self, **kwargs).results())
def search(types, seinfo=None):
if not seinfo:
seinfo = {}
valid_types = set(
[ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW])
for setype in types:
if setype not in valid_types:
raise ValueError("Type has to be in %s" % " ".join(valid_types))
source = None
if SOURCE in seinfo:
source = str(seinfo[SOURCE])
target = None
if TARGET in seinfo:
target = str(seinfo[TARGET])
tclass = None
if CLASS in seinfo:
tclass = str(seinfo[CLASS]).split(',')
toret = []
tertypes = []
if ALLOW in types:
tertypes.append(ALLOW)
if NEVERALLOW in types:
tertypes.append(NEVERALLOW)
if AUDITALLOW in types:
tertypes.append(AUDITALLOW)
if DONTAUDIT in types:
tertypes.append(DONTAUDIT)
if len(tertypes) > 0:
q = setools.TERuleQuery(_pol,
ruletype=tertypes,
source=source,
target=target,
tclass=tclass)
if PERMS in seinfo:
q.perms = seinfo[PERMS]
toret += [_setools_rule_to_dict(x) for x in q.results()]
if TRANSITION in types:
rtypes = ['type_transition', 'type_change', 'type_member']
q = setools.TERuleQuery(_pol,
ruletype=rtypes,
source=source,
target=target,
tclass=tclass)
if PERMS in seinfo:
q.perms = seinfo[PERMS]
toret += [_setools_rule_to_dict(x) for x in q.results()]
if ROLE_ALLOW in types:
ratypes = ['allow']
q = setools.RBACRuleQuery(_pol,
ruletype=ratypes,
source=source,
target=target,
tclass=tclass)
for r in q.results():
toret.append({'source': str(r.source), 'target': str(r.target)})
return toret
if args.boolean:
if args.boolean_regex:
q.boolean = args.boolean
else:
q.boolean = args.boolean.split(",")
for r in sorted(q.results()):
print(r)
if args.rbacrtypes:
q = setools.RBACRuleQuery(p,
ruletype=args.rbacrtypes,
source=args.source,
source_indirect=args.source_indirect,
source_regex=args.source_regex,
target=args.target,
target_indirect=args.target_indirect,
target_regex=args.target_regex,
default=args.default,
default_regex=args.default_regex,
tclass_regex=args.tclass_regex)
# these are broken out from the above statement to prevent making a list
# with an empty string in it (split on empty string)
if args.tclass:
if args.tclass_regex:
q.tclass = args.tclass
else:
q.tclass = args.tclass.split(",")
for r in sorted(q.results()):
