*RulesDifference: fix rule list creation checks

If multiple rule types were diffed, the rule lists would be generated multiple times if one or more of the rule lists were empty.
2025-02-22 15:16:58 +00:00 · 2016-03-28 09:17:58 -04:00 · 2016-03-28 09:17:58 -04:00 · 0211b8951c
commit 0211b8951c
parent b8b7422c8f
3 changed files with 18 additions and 8 deletions
--- a/setools/diff/mlsrules.py
+++ b/setools/diff/mlsrules.py
@ -47,8 +47,7 @@ class MLSRulesDifference(Difference):
            "Generating range_transition differences from {0.left_policy} to {0.right_policy}".
            format(self))

-        if "range_transition" not in self._left_mls_rules or \
-                "range_transition" not in self._right_mls_rules:
+        if not self._left_mls_rules or not self._right_mls_rules:
            self._create_mls_rule_lists()

        added, removed, matched = self._set_diff(
@ -76,12 +75,16 @@ class MLSRulesDifference(Difference):
        """Create rule lists for both policies."""
        # do not expand yet, to keep memory
        # use down as long as possible
+        self.log.debug("Building MLS rule lists from {0.left_policy}".format(self))
        for rule in self.left_policy.mlsrules():
            self._left_mls_rules[rule.ruletype].append(rule)

+        self.log.debug("Building MLS rule lists from {0.right_policy}".format(self))
        for rule in self.right_policy.mlsrules():
            self._right_mls_rules[rule.ruletype].append(rule)

+        self.log.debug("Completed building MLS rule lists.")
+
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting MLS rule differences")
--- a/setools/diff/rbacrules.py
+++ b/setools/diff/rbacrules.py
@ -50,7 +50,7 @@ class RBACRulesDifference(Difference):
            "Generating role allow differences from {0.left_policy} to {0.right_policy}".
            format(self))

-        if "allow" not in self._left_rbac_rules or "allow" not in self._right_rbac_rules:
+        if not self._left_rbac_rules or not self._right_rbac_rules:
            self._create_rbac_rule_lists()

        self.added_role_allows, self.removed_role_allows, _ = self._set_diff(
@ -64,8 +64,7 @@ class RBACRulesDifference(Difference):
            "Generating role_transition differences from {0.left_policy} to {0.right_policy}".
            format(self))

-        if "role_transition" not in self._left_rbac_rules or \
-                "role_transition" not in self._right_rbac_rules:
+        if not self._left_rbac_rules or not self._right_rbac_rules:
            self._create_rbac_rule_lists()

        added, removed, matched = self._set_diff(
@ -93,12 +92,16 @@ class RBACRulesDifference(Difference):
        """Create rule lists for both policies."""
        # do not expand yet, to keep memory
        # use down as long as possible
+        self.log.debug("Building RBAC rule lists from {0.left_policy}".format(self))
        for rule in self.left_policy.rbacrules():
            self._left_rbac_rules[rule.ruletype].append(rule)

+        self.log.debug("Building RBAC rule lists from {0.right_policy}".format(self))
        for rule in self.right_policy.rbacrules():
            self._right_rbac_rules[rule.ruletype].append(rule)

+        self.log.debug("Completed building RBAC rule lists.")
+
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting RBAC rule differences")
--- a/setools/diff/terules.py
+++ b/setools/diff/terules.py
@ -50,7 +50,7 @@ def av_diff_template(ruletype):
            "Generating {0} differences from {1.left_policy} to {1.right_policy}".
            format(ruletype, self))

-        if ruletype not in self._left_te_rules or ruletype not in self._right_te_rules:
+        if not self._left_te_rules or not self._right_te_rules:
            self._create_te_rule_lists()

        added, removed, matched = self._set_diff(
@ -96,7 +96,7 @@ def avx_diff_template(ruletype):
            "Generating {0} differences from {1.left_policy} to {1.right_policy}".
            format(ruletype, self))

-        if ruletype not in self._left_te_rules or ruletype not in self._right_te_rules:
+        if not self._left_te_rules or not self._right_te_rules:
            self._create_te_rule_lists()

        added, removed, matched = self._set_diff(
@ -142,7 +142,7 @@ def te_diff_template(ruletype):
            "Generating {0} differences from {1.left_policy} to {1.right_policy}".
            format(ruletype, self))

-        if ruletype not in self._left_te_rules or ruletype not in self._right_te_rules:
+        if not self._left_te_rules or not self._right_te_rules:
            self._create_te_rule_lists()

        added, removed, matched = self._set_diff(
@ -238,12 +238,16 @@ class TERulesDifference(Difference):
        """Create rule lists for both policies."""
        # do not expand yet, to keep memory
        # use down as long as possible
+        self.log.debug("Building TE rule lists from {0.left_policy}".format(self))
        for rule in self.left_policy.terules():
            self._left_te_rules[rule.ruletype].append(rule)

+        self.log.debug("Building TE rule lists from {0.right_policy}".format(self))
        for rule in self.right_policy.terules():
            self._right_te_rules[rule.ruletype].append(rule)

+        self.log.debug("Completed building TE rule lists.")
+
    def _reset_diff(self):
        """Reset diff results on policy changes."""
        self.log.debug("Resetting TE rule differences")