shell bypass 403
3
�^�������������������@���sb���d�dl�Z�d�dlZddlmZmZ�ddlmZ�ddlmZ�ddl m
Z
m
Z
m
Z
�G�dd��dee�Z
dS�) �����N����)�CriteriaDescriptor�CriteriaSetDescriptor)� MatchName)�
PolicyQuery)�match_regex_or_set�
match_level�
match_rangec�������������������sj���e�Zd�ZdZedd�ZdZdZdZedd�Z dZ
dZ
dZ
dZ
edd�ZdZdZ��fdd �Zd
d
��Z���ZS�)
� UserQueryaf��
Query SELinux policy users.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
name The user name to match.
name_regex If true, regular expression matching
will be used on the user names.
roles The attribute to match.
roles_equal If true, only types with role sets
that are equal to the criteria will
match. Otherwise, any intersection
will match.
roles_regex If true, regular expression matching
will be used on the role names instead
of set logic.
level The criteria to match the user's default level.
level_dom If true, the criteria will match if it dominates
the user's default level.
level_domby If true, the criteria will match if it is dominated
by the user's default level.
level_incomp If true, the criteria will match if it is incomparable
to the user's default level.
range_ The criteria to match the user's range.
range_subset If true, the criteria will match if it is a subset
of the user's range.
range_overlap If true, the criteria will match if it overlaps
any of the user's range.
range_superset If true, the criteria will match if it is a superset
of the user's range.
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
Z
lookup_level)Zlookup_functionFZ
lookup_range�
roles_regexZ
lookup_rolec�������������
���s$���t�t|��j|f|��tjt�|�_d�S�)N)�superr
����__init__�loggingZ getLogger�__name__�log)�self�policy�kwargs)� __class__���!/usr/lib64/python3.6/userquery.pyr
���O���s����zUserQuery.__init__c�������������c���s����|�j�jdj|����|�j|�j���|�j�jdj|����|�j�jdj|����|�j�jdj|����x�|�jj��D�]�}|�j|�spq`|�jr�t |j|�j|�j
|�j
�
�r�q`|�j
r�t
|j|�j
|�j|�j|�j�
�r�q`|�jr�t|j|�j|�j|�j|�j|�j�
�r�q`|V��q`W�dS�)z*Generator which yields all matching users.z'Generating user results from {0.policy}z?Roles: {0.roles!r}, regex: {0.roles_regex}, eq: {0.roles_equal}zXLevel: {0.level!r}, dom: {0.level_dom}, domby: {0.level_domby}, incomp: {0.level_incomp}z�Range: {0.range_!r}, subset: {0.range_subset}, overlap: {0.range_overlap}, superset: {0.range_superset}, proper: {0.range_proper}N)r����info�formatZ_match_name_debug�debugr���ZusersZ
_match_name�rolesr����
roles_equalr
����levelr���Z mls_level� level_dom�
level_domby�
level_incomp�range_r ���Z mls_range�
range_subset�
range_overlap�range_superset�
range_proper)r����userr���r���r����resultsS���sB����
zUserQuery.results)r����
__module__�
__qualname__�__doc__r���r
���r
���r
���r ���r ���r"���r!���r#���r$���r���r���r���r
���r
���r&����
__classcell__r���r���)r���r���r
���
���s
���$
r
���)r����reZ
descriptorsr���r���Zmixinsr���Zqueryr����utilr���r���r ���r
���r���r���r���r����<module>���s
���