RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-25 04:26:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

RuleWeight: Change to dataclass.

Browse Source 
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2023-03-24 11:16:01 -04:00
parent 450f94875a
commit 02e70efcb0
3 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
setools/infoflow.py
View File

@ -313,21 +313,21 @@ class InfoFlowAnalysis:
if rule.ruletype != TERuletype.allow:
continue
(rweight, wweight) = self.perm_map.rule_weight(cast(AVRule, rule))
weight = self.perm_map.rule_weight(cast(AVRule, rule))
for s, t in itertools.product(rule.source.expand(), rule.target.expand()):
# only add flows if they actually flow
# in or out of the source type type
if s != t:
if wweight:
if weight.write:
edge = InfoFlowStep(self.G, s, t, create=True)
edge.rules.append(rule)
edge.weight = wweight
edge.weight = weight.write
if rweight:
if weight.read:
edge = InfoFlowStep(self.G, t, s, create=True)
edge.rules.append(rule)
edge.weight = rweight
edge.weight = weight.read
self.rebuildgraph = False
self.rebuildsubgraph = True

7
setools/permmap.py
View File

@ -6,12 +6,14 @@ import logging
import copy
from collections import OrderedDict
from contextlib import suppress
from typing import cast, Dict, Iterable, NamedTuple, Optional, Union
from dataclasses import dataclass
from typing import cast, Dict, Iterable, Optional, Union
import pkg_resources
from . import exception
from .descriptors import PermissionMapDescriptor
from .mixins import TupleCompat
from .policyrep import AVRule, SELinuxPolicy, TERuletype
INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u")
@ -19,7 +21,8 @@ MIN_WEIGHT = 1
MAX_WEIGHT = 10
class RuleWeight(NamedTuple):
@dataclass
class RuleWeight(TupleCompat):
"""The read and write weights for a rule, given all of its permissions."""

36
tests/test_permmap.py
View File

@ -285,9 +285,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["med_r", "hi_r"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 10)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 10)
self.assertEqual(weight.write, 0)
def test_141_weight_write_only(self):
"""PermMap get weight of write-only rule."""
@ -297,9 +297,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_w", "med_w"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 5)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 5)
def test_142_weight_both(self):
"""PermMap get weight of both rule."""
@ -309,9 +309,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_r", "hi_w"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 1)
self.assertEqual(w, 10)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 1)
self.assertEqual(weight.write, 10)
def test_143_weight_none(self):
"""PermMap get weight of none rule."""
@ -321,9 +321,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["null"])
permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 0)
def test_144_weight_unmapped_class(self):
"""PermMap get weight of rule with unmapped class."""
@ -363,9 +363,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map")
permmap.exclude_permission("infoflow", "hi_r")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 5)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 5)
self.assertEqual(weight.write, 0)
def test_148_weight_excluded_class(self):
"""PermMap get weight of a rule with excluded class."""
@ -376,9 +376,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map")
permmap.exclude_class("infoflow")
r, w = permmap.rule_weight(rule)
self.assertEqual(r, 0)
self.assertEqual(w, 0)
weight = permmap.rule_weight(rule)
self.assertEqual(weight.read, 0)
self.assertEqual(weight.write, 0)
def test_150_map_policy(self):
"""PermMap create mappings for classes/perms in a policy."""