PNG  IHDR pHYs   OiCCPPhotoshop ICC profilexڝSgTS=BKKoR RB&*! J!QEEȠQ, !{kּ> H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3- cHRMz%u0`:o_F@8N ' p @8N@8}' p '#@8N@8N pQ9p!i~}|6-ӪG` VP.@*j>[ K^<֐Z]@8N'KQ<Q(`s" 'hgpKB`R@Dqj '  'P$a ( `D$Na L?u80e J,K˷NI'0eݷ(NI'؀ 2ipIIKp`:O'`ʤxB8Ѥx Ѥx $ $P6 :vRNb 'p,>NB 'P]-->P T+*^h& p '‰a ‰ (ĵt#u33;Nt̵'ޯ; [3W ~]0KH1q@8]O2]3*̧7# *p>us p _6]/}-4|t'|Smx= DoʾM×M_8!)6lq':l7!|4} '\ne t!=hnLn (~Dn\+‰_4k)0e@OhZ`F `.m1} 'vp{F`ON7Srx 'D˸nV`><;yMx!IS钦OM)Ե٥x 'DSD6bS8!" ODz#R >S8!7ّxEh0m$MIPHi$IvS8IN$I p$O8I,sk&I)$IN$Hi$I^Ah.p$MIN$IR8I·N "IF9Ah0m$MIN$IR8IN$I 3jIU;kO$ɳN$+ q.x* tEXtComment

Viewing File: /lib64/python3.9/site-packages/setools/diff/users.py

# Copyright 2016, Tresys Technology, LLC
# Copyright 2018, Chris PeBenito <pebenito@ieee.org>
#
# SPDX-License-Identifier: LGPL-2.1-only
#
from collections import defaultdict
from typing import NamedTuple, Set, Optional, Union

from ..exception import MLSDisabled
from ..policyrep import Level, Range, Role, User

from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper
from .mls import LevelWrapper, RangeWrapper
from .roles import role_wrapper_factory
from .typing import SymbolCache

_users_cache: SymbolCache[User] = defaultdict(dict)


class ModifiedUser(NamedTuple):

    """Difference details for a modified user."""

    added_roles: Set[Role]
    removed_roles: Set[Role]
    matched_roles: Set[Role]
    added_level: Optional[Union[Level, str]]
    removed_level: Optional[Union[Level, str]]
    added_range: Optional[Union[Range, str]]
    removed_range: Optional[Union[Range, str]]


def user_wrapper_factory(user: User) -> SymbolWrapper[User]:
    """
    Wrap users from the specified policy.

    This caches results to prevent duplicate wrapper
    objects in memory.
    """
    try:
        return _users_cache[user.policy][user]
    except KeyError:
        r = SymbolWrapper(user)
        _users_cache[user.policy][user] = r
        return r


class UsersDifference(Difference):

    """Determine the difference in users between two policies."""

    added_users = DiffResultDescriptor("diff_users")
    removed_users = DiffResultDescriptor("diff_users")
    modified_users = DiffResultDescriptor("diff_users")

    def diff_users(self) -> None:
        """Generate the difference in users between the policies."""

        self.log.info(
            "Generating user differences from {0.left_policy} to {0.right_policy}".format(self))

        self.added_users, self.removed_users, matched_users = self._set_diff(
            (user_wrapper_factory(r) for r in self.left_policy.users()),
            (user_wrapper_factory(r) for r in self.right_policy.users()))

        self.modified_users = dict()

        for left_user, right_user in matched_users:
            # Criteria for modified users
            # 1. change to role set, or
            # 2. change to default level, or
            # 3. change to range
            added_roles, removed_roles, matched_roles = self._set_diff(
                (role_wrapper_factory(r) for r in left_user.roles),
                (role_wrapper_factory(r) for r in right_user.roles))

            # keep wrapped and unwrapped MLS objects here so there
            # are not several nested try blocks
            left_level_wrap: Optional[LevelWrapper]
            left_range_wrap: Optional[RangeWrapper]
            left_level: Union[Level, str]
            left_range: Union[Range, str]
            right_level_wrap: Optional[LevelWrapper]
            right_range_wrap: Optional[RangeWrapper]
            right_level: Union[Level, str]
            right_range: Union[Range, str]
            added_level: Optional[Union[Level, str]]
            added_range: Optional[Union[Range, str]]
            removed_level: Optional[Union[Level, str]]
            removed_range: Optional[Union[Range, str]]
            try:
                left_level_wrap = LevelWrapper(left_user.mls_level)
                left_range_wrap = RangeWrapper(left_user.mls_range)
                left_level = left_user.mls_level
                left_range = left_user.mls_range
            except MLSDisabled:
                left_level_wrap = None
                left_range_wrap = None
                left_level = "None (MLS Disabled)"
                left_range = "None (MLS Disabled)"

            try:
                right_level_wrap = LevelWrapper(right_user.mls_level)
                right_range_wrap = RangeWrapper(right_user.mls_range)
                right_level = right_user.mls_level
                right_range = right_user.mls_range
            except MLSDisabled:
                right_level_wrap = None
                right_range_wrap = None
                right_level = "None (MLS Disabled)"
                right_range = "None (MLS Disabled)"

            if left_level_wrap != right_level_wrap:
                added_level = right_level
                removed_level = left_level
            else:
                added_level = None
                removed_level = None

            if left_range_wrap != right_range_wrap:
                added_range = right_range
                removed_range = left_range
            else:
                added_range = None
                removed_range = None

            if added_roles or removed_roles or removed_level or removed_range:
                self.modified_users[left_user] = ModifiedUser(added_roles,
                                                              removed_roles,
                                                              matched_roles,
                                                              added_level,
                                                              removed_level,
                                                              added_range,
                                                              removed_range)

    #
    # Internal functions
    #
    def _reset_diff(self) -> None:
        """Reset diff results on policy changes."""
        self.log.debug("Resetting user differences")
        self.added_users = None
        self.removed_users = None
        self.modified_users = None
Back to Directory=ceiIENDB`