RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-29 14:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix alias handling for sensitivities and categories.

Browse Source 
If there are aliases, qpol includes those in the counts.
This commit is contained in:
Chris PeBenito 2015-03-07 11:06:24 -05:00
parent 61a3c020e5
commit 0aacb700da
3 changed files with 42 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
setools/policyrep/__init__.py
View File

@ -123,7 +123,7 @@ class SELinuxPolicy(object):
@property @property
def category_count(self): def category_count(self):
"""The number of categories.""" """The number of categories."""
return self.policy.cat_count() return sum(1 for _ in self.categories())
@property @property
def class_count(self): def class_count(self):
@ -168,7 +168,7 @@ class SELinuxPolicy(object):
@property @property
def level_count(self): def level_count(self):
"""The number of levels.""" """The number of levels."""
return self.policy.level_count() return sum(1 for _ in self.levels())
@property @property
def mlsconstraint_count(self): def mlsconstraint_count(self):
@ -361,7 +361,12 @@ class SELinuxPolicy(object):
"""Generator which yields all level declarations.""" """Generator which yields all level declarations."""
for level in self.policy.level_iter(): for level in self.policy.level_iter():
try:
yield mls.level_decl_factory(self.policy, level) yield mls.level_decl_factory(self.policy, level)
except TypeError:
# libqpol unfortunately iterates over levels and sens aliases
pass
def types(self): def types(self):
"""Generator which yields all types.""" """Generator which yields all types."""

45
setools/policyrep/mls.py
View File

@ -86,6 +86,9 @@ def category_factory(policy, symbol):
def sensitivity_factory(policy, symbol): def sensitivity_factory(policy, symbol):
"""Factory function for creating MLS sensitivity objects.""" """Factory function for creating MLS sensitivity objects."""
if isinstance(symbol, qpol.qpol_level_t): if isinstance(symbol, qpol.qpol_level_t):
if symbol.isalias(policy):
raise TypeError("{0} is an alias".format(symbol.name(policy)))
return Sensitivity(policy, symbol) return Sensitivity(policy, symbol)
try: try:
@ -151,6 +154,9 @@ def level_decl_factory(policy, symbol):
""" """
if isinstance(symbol, qpol.qpol_level_t): if isinstance(symbol, qpol.qpol_level_t):
if symbol.isalias(policy):
raise TypeError("{0} is an alias".format(symbol.name(policy)))
return LevelDecl(policy, symbol) return LevelDecl(policy, symbol)
try: try:
@ -191,20 +197,16 @@ def range_factory(policy, symbol):
return Range(policy, policy_range) return Range(policy, policy_range)
class Category(symbol.PolicySymbol): class BaseMLSComponent(symbol.PolicySymbol):
"""An MLS category.""" """Abstract base class for sensitivities and categories."""
@property @property
def _value(self): def _value(self):
""" """
The value of the category. The value of the component.
This is a low-level policy detail exposed so that categories can This is a low-level policy detail exposed for internal use only.
be sorted based on their policy declaration order instead of
by their name. This has no other use.
Example usage: sorted(self.categories(), key=lambda k: k._value)
""" """
return self.qpol_symbol.value(self.policy) return self.qpol_symbol.value(self.policy)
@ -214,6 +216,11 @@ class Category(symbol.PolicySymbol):
for alias in self.qpol_symbol.alias_iter(self.policy): for alias in self.qpol_symbol.alias_iter(self.policy):
yield alias yield alias
class Category(BaseMLSComponent):
"""An MLS category."""
def statement(self): def statement(self):
aliases = list(self.aliases()) aliases = list(self.aliases())
stmt = "category {0}".format(self) stmt = "category {0}".format(self)
@ -226,7 +233,7 @@ class Category(symbol.PolicySymbol):
return stmt return stmt
class Sensitivity(symbol.PolicySymbol): class Sensitivity(BaseMLSComponent):
"""An MLS sensitivity""" """An MLS sensitivity"""
@ -248,18 +255,16 @@ class Sensitivity(symbol.PolicySymbol):
def __lt__(self, other): def __lt__(self, other):
return (self._value < other._value) return (self._value < other._value)
@property
def _value(self):
"""
The value of the sensitivity.
This is a low-level policy detail exposed so that sensitivities can
be compared based on their dominance. This has no other use.
"""
return self.qpol_symbol.value(self.policy)
def statement(self): def statement(self):
return "sensitivity {0};".format(self) aliases = list(self.aliases())
stmt = "sensitivity {0}".format(self)
if aliases:
if len(aliases) > 1:
stmt += " alias {{ {0} }}".format(' '.join(aliases))
else:
stmt += " alias {0}".format(aliases[0])
stmt += ";"
return stmt
class BaseMLSLevel(symbol.PolicySymbol): class BaseMLSLevel(symbol.PolicySymbol):

18
tests/policyrep/selinuxpolicy.conf
View File

@ -92,9 +92,9 @@ class infoflow7
inherits hi_c inherits hi_c
# 13 sensitivities/levels # 13 sensitivities/levels
sensitivity s0; sensitivity s0 alias sens_alias0;
sensitivity s1; sensitivity s1 alias sens_alias1;
sensitivity s2; sensitivity s2 alias sens_alias2;
sensitivity s3; sensitivity s3;
sensitivity s4; sensitivity s4;
sensitivity s5; sensitivity s5;
@ -109,9 +109,9 @@ sensitivity s12;
dominance { s0 s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 } dominance { s0 s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 }
# 17 categories # 17 categories
category c0; category c0 alias cat_alias0;
category c1; category c1 alias cat_alias1;
category c2; category c2 alias cat_alias2;
category c3; category c3;
category c4; category c4;
category c5; category c5;
@ -731,9 +731,9 @@ role role128 types type0;
role role129 types type0; role role129 types type0;
# 137 types # 137 types
type type0; type type0 alias type_alias0;
type type1; type type1 alias type_alias1;
type type2; type type2 alias type_alias2;
type type3; type type3;
type type4; type type4;
type type5; type type5;