/usr/lib/python3/dist-packages/setools/policyrep/user.py is in python3-setools 4.0.1-6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | # Copyright 2014, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from . import exception
from . import qpol
from . import role
from . import mls
from . import symbol
def user_factory(qpol_policy, name):
"""Factory function for creating User objects."""
if isinstance(name, User):
assert name.policy == qpol_policy
return name
elif isinstance(name, qpol.qpol_user_t):
return User(qpol_policy, name)
try:
return User(qpol_policy, qpol.qpol_user_t(qpol_policy, str(name)))
except ValueError:
raise exception.InvalidUser("{0} is not a valid user".format(name))
class User(symbol.PolicySymbol):
"""A user."""
@property
def roles(self):
"""The user's set of roles."""
roleset = set()
for role_ in self.qpol_symbol.role_iter(self.policy):
item = role.role_factory(self.policy, role_)
# object_r is implicitly added to all roles by the compiler.
# technically it is incorrect to skip it, but policy writers
# and analysts don't expect to see it in results, and it
# will confuse, especially for role set equality user queries.
if item != "object_r":
roleset.add(item)
return roleset
@property
def mls_level(self):
"""The user's default MLS level."""
return mls.level_factory(self.policy, self.qpol_symbol.dfltlevel(self.policy))
@property
def mls_range(self):
"""The user's MLS range."""
return mls.range_factory(self.policy, self.qpol_symbol.range(self.policy))
def statement(self):
roles = list(str(r) for r in self.roles)
stmt = "user {0} roles ".format(self)
if len(roles) > 1:
stmt += "{{ {0} }}".format(' '.join(roles))
else:
stmt += roles[0]
try:
stmt += " level {0.mls_level} range {0.mls_range};".format(self)
except exception.MLSDisabled:
stmt += ";"
return stmt
|