Fix alias handling for sensitivities and categories.

If there are aliases, qpol includes those in the counts.
2025-04-01 00:06:19 +00:00 · 2015-03-07 11:06:24 -05:00 · 2015-03-07 11:06:24 -05:00 · 0aacb700da
commit 0aacb700da
parent 61a3c020e5
3 changed files with 42 additions and 32 deletions
--- a/setools/policyrep/init.py
+++ b/setools/policyrep/init.py
@ -123,7 +123,7 @@ class SELinuxPolicy(object):
    @property
    def category_count(self):
        """The number of categories."""
-        return self.policy.cat_count()
+        return sum(1 for _ in self.categories())

    @property
    def class_count(self):
@ -168,7 +168,7 @@ class SELinuxPolicy(object):
    @property
    def level_count(self):
        """The number of levels."""
-        return self.policy.level_count()
+        return sum(1 for _ in self.levels())

    @property
    def mlsconstraint_count(self):
@ -361,7 +361,12 @@ class SELinuxPolicy(object):
        """Generator which yields all level declarations."""

        for level in self.policy.level_iter():
-            yield mls.level_decl_factory(self.policy, level)
+
+            try:
+                yield mls.level_decl_factory(self.policy, level)
+            except TypeError:
+                # libqpol unfortunately iterates over levels and sens aliases
+                pass

    def types(self):
        """Generator which yields all types."""
--- a/setools/policyrep/mls.py
+++ b/setools/policyrep/mls.py
@ -86,6 +86,9 @@ def category_factory(policy, symbol):
 def sensitivity_factory(policy, symbol):
    """Factory function for creating MLS sensitivity objects."""
    if isinstance(symbol, qpol.qpol_level_t):
+        if symbol.isalias(policy):
+            raise TypeError("{0} is an alias".format(symbol.name(policy)))
+
        return Sensitivity(policy, symbol)

    try:
@ -151,6 +154,9 @@ def level_decl_factory(policy, symbol):
    """

    if isinstance(symbol, qpol.qpol_level_t):
+        if symbol.isalias(policy):
+            raise TypeError("{0} is an alias".format(symbol.name(policy)))
+
        return LevelDecl(policy, symbol)

    try:
@ -191,20 +197,16 @@ def range_factory(policy, symbol):
    return Range(policy, policy_range)


-class Category(symbol.PolicySymbol):
+class BaseMLSComponent(symbol.PolicySymbol):

-    """An MLS category."""
+    """Abstract base class for sensitivities and categories."""

    @property
    def _value(self):
        """
-        The value of the category.
+        The value of the component.

-        This is a low-level policy detail exposed so that categories can
-        be sorted based on their policy declaration order instead of
-        by their name.  This has no other use.
-
-        Example usage: sorted(self.categories(), key=lambda k: k._value)
+        This is a low-level policy detail exposed for internal use only.
        """
        return self.qpol_symbol.value(self.policy)

@ -214,6 +216,11 @@ class Category(symbol.PolicySymbol):
        for alias in self.qpol_symbol.alias_iter(self.policy):
            yield alias

+
+class Category(BaseMLSComponent):
+
+    """An MLS category."""
+
    def statement(self):
        aliases = list(self.aliases())
        stmt = "category {0}".format(self)
@ -226,7 +233,7 @@ class Category(symbol.PolicySymbol):
        return stmt


-class Sensitivity(symbol.PolicySymbol):
+class Sensitivity(BaseMLSComponent):

    """An MLS sensitivity"""

@ -248,18 +255,16 @@ class Sensitivity(symbol.PolicySymbol):
    def __lt__(self, other):
        return (self._value < other._value)

-    @property
-    def _value(self):
-        """
-        The value of the sensitivity.
-
-        This is a low-level policy detail exposed so that sensitivities can
-        be compared based on their dominance.  This has no other use.
-        """
-        return self.qpol_symbol.value(self.policy)
-
    def statement(self):
-        return "sensitivity {0};".format(self)
+        aliases = list(self.aliases())
+        stmt = "sensitivity {0}".format(self)
+        if aliases:
+            if len(aliases) > 1:
+                stmt += " alias {{ {0} }}".format(' '.join(aliases))
+            else:
+                stmt += " alias {0}".format(aliases[0])
+        stmt += ";"
+        return stmt


 class BaseMLSLevel(symbol.PolicySymbol):
--- a/tests/policyrep/selinuxpolicy.conf
+++ b/tests/policyrep/selinuxpolicy.conf
@ -92,9 +92,9 @@ class infoflow7
 inherits hi_c

 # 13 sensitivities/levels
-sensitivity s0;
-sensitivity s1;
-sensitivity s2;
+sensitivity s0 alias sens_alias0;
+sensitivity s1 alias sens_alias1;
+sensitivity s2 alias sens_alias2;
 sensitivity s3;
 sensitivity s4;
 sensitivity s5;
@ -109,9 +109,9 @@ sensitivity s12;
 dominance { s0 s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 }

 # 17 categories
-category c0;
-category c1;
-category c2;
+category c0 alias cat_alias0;
+category c1 alias cat_alias1;
+category c2 alias cat_alias2;
 category c3;
 category c4;
 category c5;
@ -731,9 +731,9 @@ role role128 types type0;
 role role129 types type0;

 # 137 types
-type type0;
-type type1;
-type type2;
+type type0 alias type_alias0;
+type type1 alias type_alias1;
+type type2 alias type_alias2;
 type type3;
 type type4;
 type type5;