RuleWeight: Change to dataclass.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2023-03-24 11:16:01 -04:00
parent 450f94875a
commit 02e70efcb0
3 changed files with 28 additions and 25 deletions

View File

@ -313,21 +313,21 @@ class InfoFlowAnalysis:
if rule.ruletype != TERuletype.allow:
continue
(rweight, wweight) = self.perm_map.rule_weight(cast(AVRule, rule))
weight = self.perm_map.rule_weight(cast(AVRule, rule))
for s, t in itertools.product(rule.source.expand(), rule.target.expand()):
# only add flows if they actually flow
# in or out of the source type type
if s != t:
if wweight:
if weight.write:
edge = InfoFlowStep(self.G, s, t, create=True)
edge.rules.append(rule)
edge.weight = wweight
edge.weight = weight.write
if rweight:
if weight.read:
edge = InfoFlowStep(self.G, t, s, create=True)
edge.rules.append(rule)
edge.weight = rweight
edge.weight = weight.read
self.rebuildgraph = False
self.rebuildsubgraph = True

View File

@ -6,12 +6,14 @@ import logging
import copy
from collections import OrderedDict
from contextlib import suppress
from typing import cast, Dict, Iterable, NamedTuple, Optional, Union
from dataclasses import dataclass
from typing import cast, Dict, Iterable, Optional, Union
import pkg_resources
from . import exception
from .descriptors import PermissionMapDescriptor
from .mixins import TupleCompat
from .policyrep import AVRule, SELinuxPolicy, TERuletype
INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u")
@ -19,7 +21,8 @@ MIN_WEIGHT = 1
MAX_WEIGHT = 10
class RuleWeight(NamedTuple):
@dataclass
class RuleWeight(TupleCompat):
"""The read and write weights for a rule, given all of its permissions."""

View File

@ -285,9 +285,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["med_r", "hi_r"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 10)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 10)
self.assertEqual(weight.write, 0)
def test_141_weight_write_only(self):
"""PermMap get weight of write-only rule."""
@ -297,9 +297,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_w", "med_w"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 5)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 5)
def test_142_weight_both(self):
"""PermMap get weight of both rule."""
@ -309,9 +309,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_r", "hi_w"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 1)
self.assertEqual(w, 10)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 1)
self.assertEqual(weight.write, 10)
def test_143_weight_none(self):
"""PermMap get weight of none rule."""
@ -321,9 +321,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["null"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 0)
def test_144_weight_unmapped_class(self):
"""PermMap get weight of rule with unmapped class."""
@ -363,9 +363,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map")
permmap.exclude_permission("infoflow", "hi_r")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 5)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 5)
self.assertEqual(weight.write, 0)
def test_148_weight_excluded_class(self):
"""PermMap get weight of a rule with excluded class."""
@ -376,9 +376,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map")
permmap.exclude_class("infoflow")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 0)
def test_150_map_policy(self):
"""PermMap create mappings for classes/perms in a policy."""