File: rbacrulequery.py

package info (click to toggle)
setools 4.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,600 kB
  • sloc: python: 24,485; makefile: 14
file content (130 lines) | stat: -rw-r--r-- 4,931 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# SPDX-License-Identifier: LGPL-2.1-only

from PyQt6 import QtCore, QtWidgets
import setools

from . import criteria, models, tab


class RBACRuleQueryTab(tab.TableResultTabWidget[setools.RBACRuleQuery, setools.AnyRBACRule]):

    """An RBAC rule query."""

    section = tab.AnalysisSection.Rules
    tab_title = "Role-based Access Control (RBAC) Rules"
    mlsonly = False

    def __init__(self, policy: setools.SELinuxPolicy, /, *,
                 parent: QtWidgets.QWidget | None = None) -> None:

        super().__init__(setools.RBACRuleQuery(policy), enable_criteria=True, parent=parent)

        self.setWhatsThis("<b>Search RBAC rules in a SELinux policy.</b>")

        #
        # Set up criteria widgets
        #
        rt = criteria.RBACRuleType("Rule Type", self.query,
                                   parent=self.criteria_frame)
        rt.setToolTip("The rule types for rule matching.")
        rt.setWhatsThis(
            """
            <p><b>Select rule types for rule matching.</b></p>

            <p>If a rule's has a one of the selected types, it will be returned.</p>
            """)

        src = criteria.RoleName("Source Role", self.query, "source",
                                enable_regex=True,
                                parent=self.criteria_frame)
        src.setToolTip("The source role for rule matching.")
        src.setWhatsThis(
            """
            <p><b>Enter the source role for rule matching.</b></p>

            <p>If regex is enabled, a regular expression is used for matching
            the role name instead of direct string comparison.</p>
            """)

        dst = criteria.TypeOrAttrName("Target Role/Type", self.query, "target",
                                      enable_regex=True,
                                      enable_indirect=True,
                                      parent=self.criteria_frame)
        # add roles to completion
        completer = dst.criteria.completer()
        assert completer, "No completer set, this is an SETools bug"  # type narrowing
        model = completer.model()
        assert isinstance(model, QtCore.QStringListModel)
        completion = model.stringList()
        completion.extend(r.name for r in policy.roles())
        model.setStringList(completion)

        dst.setToolTip("The target role/type for rule matching.")
        dst.setWhatsThis(
            """
            <p><b>Enter the target role/type for rule matching.</b></p>

            <p>If regex is enabled, a regular expression is used for matching
            the role/type name instead of direct string comparison.</p>
            """)

        tclass = criteria.ObjClassList("Object Class", self.query, "tclass",
                                       parent=self.criteria_frame)
        tclass.setToolTip("The object class(es) for rule matching.")
        tclass.setWhatsThis(
            """
            <p><b>Select object classes for rule matching.</b></p>

            <p>A rule will be returned if its object class is one of the selected
            classes</p>
            """)

        dflt = criteria.RoleName("Default Role", self.query, "default",
                                 enable_regex=True,
                                 parent=self.criteria_frame)
        dflt.setToolTip("The default role for rule matching.")
        dflt.setWhatsThis(
            """
            <p><b>Enter the default role for rule matching.</b></p>

            <p>If a rule has this role as the default, it will be returned.
            Allow rules will not be returned.</p>
            """)

        # Add widgets to layout
        self.criteria_frame_layout.addWidget(rt, 0, 0, 1, 2)
        self.criteria_frame_layout.addWidget(src, 1, 0, 1, 1)
        self.criteria_frame_layout.addWidget(dst, 1, 1, 1, 1)
        self.criteria_frame_layout.addWidget(tclass, 2, 0, 1, 1)
        self.criteria_frame_layout.addWidget(dflt, 2, 1, 1, 1)
        self.criteria_frame_layout.addWidget(self.buttonBox, 3, 0, 1, 2)

        # Save widget references
        self.criteria = (rt, src, dst, tclass, dflt)

        # Set result table's model
        self.table_results_model = models.RBACRuleTable(self.table_results)


if __name__ == '__main__':
    import sys
    import warnings
    import pprint
    import logging

    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    warnings.simplefilter("default")

    app = QtWidgets.QApplication(sys.argv)
    mw = QtWidgets.QMainWindow()
    widget = RBACRuleQueryTab(setools.SELinuxPolicy(), parent=mw)
    mw.setCentralWidget(widget)
    mw.resize(widget.size())
    whatsthis = QtWidgets.QWhatsThis.createAction(mw)
    mw.menuBar().addAction(whatsthis)  # type: ignore[union-attr]
    mw.setStatusBar(QtWidgets.QStatusBar(mw))
    mw.show()
    rc = app.exec()
    pprint.pprint(widget.save())
    sys.exit(rc)