Skip to content

Commit

Permalink
Merge pull request #116 from pebenito/sesearch-no-results-opts
Browse files Browse the repository at this point in the history
sesearch: Raise parse error mixing expressions unused by RBAC/MLS searches.
  • Loading branch information
pebenito authored Dec 13, 2023
2 parents 4d0e13b + a1e8949 commit a3281e6
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 10 deletions.
6 changes: 3 additions & 3 deletions man/sesearch.1
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Find allowxperm rules.
Find auditallowxperm rules.
.IP "--dontauditxperm"
Find dontauditxperm rules.
.IP "-T, --type_trans"
.IP "-T, --type_transition"
Find type_transition rules.
.IP "--type_member"
Find type_member rules.
Expand All @@ -46,12 +46,12 @@ Find type_change rules.
.SS RBAC Rule Types
.IP "--role_allow"
Find role allow rules.
.IP "--role_trans"
.IP "--role_transition"
Find role_transition rules.
.IP "Note: TE/MLS rule searches cannot be mixed with RBAC rule searches"

.SS MLS Rule Types
.IP "--range_trans"
.IP "--range_transition"
Find range_transition rules.

.SS Rule Fields
Expand Down
19 changes: 12 additions & 7 deletions sesearch
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ rtypes.add_argument("--dontauditxperm", action="append_const",
# rtypes.add_argument("--neverallowxperm", action="append_const",
# const=setools.TERuletype.neverallowxperm, dest="tertypes",
# help="Search neverallowxperm rules.")
rtypes.add_argument("-T", "--type_trans", action="append_const",
rtypes.add_argument("-T", "--type_transition", action="append_const",
const=setools.TERuletype.type_transition, dest="tertypes",
help="Search type_transition rules.")
rtypes.add_argument("--type_change", action="append_const",
Expand All @@ -61,12 +61,12 @@ rbacrtypes = parser.add_argument_group("RBAC Rule Types")
rbacrtypes.add_argument("--role_allow", action="append_const",
const=setools.RBACRuletype.allow, dest="rbacrtypes",
help="Search role allow rules.")
rbacrtypes.add_argument("--role_trans", action="append_const",
rbacrtypes.add_argument("--role_transition", action="append_const",
const=setools.RBACRuletype.role_transition, dest="rbacrtypes",
help="Search role_transition rules.")

mlsrtypes = parser.add_argument_group("MLS Rule Types")
mlsrtypes.add_argument("--range_trans", action="append_const",
mlsrtypes.add_argument("--range_transition", action="append_const",
const=setools.MLSRuletype.range_transition, dest="mlsrtypes",
help="Search range_transition rules.")

Expand All @@ -78,13 +78,14 @@ expr.add_argument("-t", "--target",
expr.add_argument("-c", "--class", dest="tclass",
help="Comma separated list of object classes")
expr.add_argument("-p", "--perms", metavar="PERMS",
help="Comma separated list of permissions.")
help="Comma separated list of permissions. (TE rule searches only.)")
expr.add_argument("-x", "--xperms", metavar="XPERMS",
help="Comma separated list of extended permissions.")
help="Comma separated list of extended permissions. (TE rule searches only.)")
expr.add_argument("-D", "--default",
help="Default of the rule. (type/role/range transition rules)")
expr.add_argument("-b", "--bool", dest="boolean", metavar="BOOL",
help="Comma separated list of Booleans in the conditional expression.")
help="Comma separated list of Booleans in the conditional expression. "
"(TE rule searches only.)")

opts = parser.add_argument_group("Search options")
opts.add_argument("-eb", action="store_true", dest="boolean_equal",
Expand Down Expand Up @@ -120,9 +121,13 @@ if args.A:
except AttributeError:
args.tertypes = [setools.TERuletype.allow, setools.TERuletype.allowxperm]

if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes:
if not any((args.tertypes, args.mlsrtypes, args.rbacrtypes)):
parser.error("At least one rule type must be specified.")

if any((args.perms, args.xperms, args.boolean)) and any((args.rbacrtypes, args.mlsrtypes)):
parser.error("-p/--perms, -x/--xperms, and -b/--bool options are only supported "
"with TE rule searches.")

if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
Expand Down

0 comments on commit a3281e6

Please sign in to comment.