From 3178745ffc6864e8cf77a72dbf3b1dc73222fc54 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Sat, 3 Sep 2016 16:42:38 -0400
Subject: [PATCH] Implement an enumeration for nodecon IP version.

---
 data/nodeconquery.ui            | 14 ++------------
 setools/nodeconquery.py         | 10 +++-------
 setools/policyrep/__init__.py   |  2 +-
 setools/policyrep/netcontext.py | 12 ++++++++++--
 setoolsgui/apol/nodeconquery.py | 13 ++++++++-----
 5 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/data/nodeconquery.ui b/data/nodeconquery.ui
index ddcd3f5..5139a59 100644
--- a/data/nodeconquery.ui
+++ b/data/nodeconquery.ui
@@ -21,8 +21,8 @@
     <rect>
      <x>0</x>
      <y>0</y>
-     <width>772</width>
-     <height>844</height>
+     <width>770</width>
+     <height>842</height>
     </rect>
    </property>
    <property name="minimumSize">
@@ -677,16 +677,6 @@
               <string/>
              </property>
             </item>
-            <item>
-             <property name="text">
-              <string>IPv4</string>
-             </property>
-            </item>
-            <item>
-             <property name="text">
-              <string>IPv6</string>
-             </property>
-            </item>
            </widget>
           </item>
          </layout>
diff --git a/setools/nodeconquery.py b/setools/nodeconquery.py
index 4410f96..4200356 100644
--- a/setools/nodeconquery.py
+++ b/setools/nodeconquery.py
@@ -25,6 +25,7 @@ import logging
 from socket import AF_INET, AF_INET6
 
 from .mixins import MatchContext
+from .policyrep import NodeconIPVersion
 from .query import PolicyQuery
 
 
@@ -75,12 +76,7 @@ class NodeconQuery(MatchContext, PolicyQuery):
     @ip_version.setter
     def ip_version(self, value):
         if value:
-            if not (value == AF_INET or value == AF_INET6):
-                raise ValueError(
-                    "The address family must be {0} for IPv4 or {1} for IPv6.".
-                    format(AF_INET, AF_INET6))
-
-            self._ip_version = value
+            self._ip_version = NodeconIPVersion.lookup(value)
         else:
             self._ip_version = None
 
@@ -106,7 +102,7 @@ class NodeconQuery(MatchContext, PolicyQuery):
         """Generator which yields all matching nodecons."""
         self.log.info("Generating nodecon results from {0.policy}".format(self))
         self.log.debug("Network: {0.network!r}, overlap: {0.network_overlap}".format(self))
-        self.log.debug("IP Version: {0.ip_version}".format(self))
+        self.log.debug("IP Version: {0.ip_version!r}".format(self))
         self._match_context_debug(self.log)
 
         for nodecon in self.policy.nodecons():
diff --git a/setools/policyrep/__init__.py b/setools/policyrep/__init__.py
index a437bd1..fd5b600 100644
--- a/setools/policyrep/__init__.py
+++ b/setools/policyrep/__init__.py
@@ -24,7 +24,7 @@
 from . import exception
 from .netcontext import PortconProtocol, PortconRange
 from .mlsrule import MLSRuletype
-from .netcontext import PortconProtocol, PortconRange
+from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange
 from .rbacrule import RBACRuletype
 from .selinuxpolicy import SELinuxPolicy
 from .terule import IoctlSet, TERuletype
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
index d70b817..9a01fc5 100644
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@@ -17,7 +17,7 @@
 # License along with SETools.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
-from socket import IPPROTO_TCP, IPPROTO_UDP, getprotobyname
+from socket import AF_INET, AF_INET6, IPPROTO_TCP, IPPROTO_UDP, getprotobyname
 from collections import namedtuple
 
 import socket
@@ -106,6 +106,14 @@ class Netifcon(NetContext):
         return context.context_factory(self.policy, self.qpol_symbol.msg_con(self.policy))
 
 
+class NodeconIPVersion(int, PolicyEnum):
+
+    """Nodecon IP Version"""
+
+    ipv4 = AF_INET
+    ipv6 = AF_INET6
+
+
 class Nodecon(NetContext):
 
     """A nodecon statement."""
@@ -133,7 +141,7 @@ class Nodecon(NetContext):
         The IP version for the nodecon (socket.AF_INET or
         socket.AF_INET6).
         """
-        return self.qpol_symbol.protocol(self.policy)
+        return NodeconIPVersion(self.qpol_symbol.protocol(self.policy))
 
     @property
     def address(self):
diff --git a/setoolsgui/apol/nodeconquery.py b/setoolsgui/apol/nodeconquery.py
index 301941a..2c48b80 100644
--- a/setoolsgui/apol/nodeconquery.py
+++ b/setoolsgui/apol/nodeconquery.py
@@ -1,4 +1,5 @@
 # Copyright 2016, Tresys Technology, LLC
+# Copyright 2016, Chris PeBenito <pebenito@ieee.org>
 #
 # This file is part of SETools.
 #
@@ -18,12 +19,11 @@
 #
 import sys
 import logging
-from socket import AF_INET, AF_INET6
 
 from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread
 from PyQt5.QtGui import QPalette, QTextCursor
 from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog
-from setools import NodeconQuery
+from setools import NodeconQuery, NodeconIPVersion
 
 from ..logtosignal import LogHandlerToSignal
 from ..nodeconmodel import NodeconTableModel
@@ -53,8 +53,6 @@ class NodeconQueryTab(AnalysisTab):
     def setupUi(self):
         self.load_ui("nodeconquery.ui")
 
-        self.proto_map = {"": None, "IPv4": AF_INET, "IPv6": AF_INET6}
-
         # set up user autocompletion
         user_completion_list = [str(u) for u in self.policy.users()]
         user_completer_model = QStringListModel(self)
@@ -79,6 +77,11 @@ class NodeconQueryTab(AnalysisTab):
         self.type_completion.setModel(type_completer_model)
         self.type_.setCompleter(self.type_completion)
 
+        # setup IP version
+        # item 0 is empty string (in the .ui file)
+        self.ip_version.insertItem(1, "IPv4", NodeconIPVersion.ipv4)
+        self.ip_version.insertItem(2, "IPv6", NodeconIPVersion.ipv6)
+
         # setup indications of errors on source/target/default
         self.errors = set()
         self.orig_palette = self.type_.palette()
@@ -274,7 +277,7 @@ class NodeconQueryTab(AnalysisTab):
     def run(self, button):
         # right now there is only one button.
         self.query.network_overlap = self.network_overlap.isChecked()
-        self.query.ip_version = self.proto_map[self.ip_version.currentData(Qt.DisplayRole)]
+        self.query.ip_version = self.ip_version.currentData(Qt.UserRole)
         self.query.range_overlap = self.range_overlap.isChecked()
         self.query.range_subset = self.range_subset.isChecked()
         self.query.range_superset = self.range_superset.isChecked()