From 3d4b03691d7cf94fcd40050271f3cdb6044ac208 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sun, 11 Feb 2018 11:46:10 -0500 Subject: [PATCH] Context: Convert to direct sepol structure access. --- libqpol/context_query.c | 126 ------------------------------- setools/policyrep/context.pxi | 20 ++--- setools/policyrep/netcontext.pxi | 2 +- setools/policyrep/symbol.pxi | 2 +- setup.py | 1 - 5 files changed, 12 insertions(+), 139 deletions(-) delete mode 100644 libqpol/context_query.c diff --git a/libqpol/context_query.c b/libqpol/context_query.c deleted file mode 100644 index 805ebe7..0000000 --- a/libqpol/context_query.c +++ /dev/null @@ -1,126 +0,0 @@ -/** -* @file -* Defines the public interface for accessing contexts. -* -* @author Kevin Carr kcarr@tresys.com -* @author Jeremy A. Mowery jmowery@tresys.com -* @author Jason Tang jtang@tresys.com -* -* Copyright (C) 2006-2007 Tresys Technology, LLC -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public -* License as published by the Free Software Foundation; either -* version 2.1 of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this library; if not, write to the Free Software -* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "qpol_internal.h" - -int qpol_context_get_user(const qpol_policy_t * policy, const qpol_context_t * context, const qpol_user_t ** user) -{ - policydb_t *db = NULL; - context_struct_t *internal_context = NULL; - - if (user != NULL) - *user = NULL; - - if (policy == NULL || context == NULL || user == NULL) { - ERR(policy, "%s", strerror(EINVAL)); - errno = EINVAL; - return STATUS_ERR; - } - - internal_context = (context_struct_t *) context; - db = &policy->p->p; - - *user = (qpol_user_t *) db->user_val_to_struct[internal_context->user - 1]; - - return STATUS_SUCCESS; -} - -int qpol_context_get_role(const qpol_policy_t * policy, const qpol_context_t * context, const qpol_role_t ** role) -{ - policydb_t *db = NULL; - context_struct_t *internal_context = NULL; - - if (role != NULL) - *role = NULL; - - if (policy == NULL || context == NULL || role == NULL) { - ERR(policy, "%s", strerror(EINVAL)); - errno = EINVAL; - return STATUS_ERR; - } - - internal_context = (context_struct_t *) context; - db = &policy->p->p; - - *role = (qpol_role_t *) db->role_val_to_struct[internal_context->role - 1]; - - return STATUS_SUCCESS; -} - -int qpol_context_get_type(const qpol_policy_t * policy, const qpol_context_t * context, const qpol_type_t ** type) -{ - policydb_t *db = NULL; - context_struct_t *internal_context = NULL; - - if (type != NULL) - *type = NULL; - - if (policy == NULL || context == NULL || type == NULL) { - ERR(policy, "%s", strerror(EINVAL)); - errno = EINVAL; - return STATUS_ERR; - } - - internal_context = (context_struct_t *) context; - db = &policy->p->p; - - *type = (qpol_type_t *) db->type_val_to_struct[internal_context->type - 1]; - - return STATUS_SUCCESS; -} - -int qpol_context_get_range(const qpol_policy_t * policy, const qpol_context_t * context, const qpol_mls_range_t ** range) -{ - context_struct_t *internal_context = NULL; - - if (range != NULL) - *range = NULL; - - if (policy == NULL || context == NULL || range == NULL) { - ERR(policy, "%s", strerror(EINVAL)); - errno = EINVAL; - return STATUS_ERR; - } - - if (!qpol_policy_has_capability(policy, QPOL_CAP_MLS)) { - *range = NULL; - } else { - internal_context = (context_struct_t *) context; - *range = (qpol_mls_range_t *) & internal_context->range; - } - - return STATUS_SUCCESS; -} diff --git a/setools/policyrep/context.pxi b/setools/policyrep/context.pxi index 7d0483e..739384d 100644 --- a/setools/policyrep/context.pxi +++ b/setools/policyrep/context.pxi @@ -1,5 +1,5 @@ # Copyright 2014-2015, Tresys Technology, LLC -# Copyright 2016-2017, Chris PeBenito +# Copyright 2016-2018, Chris PeBenito # # This file is part of SETools. # @@ -18,19 +18,19 @@ # . # -cdef inline Context context_factory(SELinuxPolicy policy, const qpol_context_t *symbol): - """Factory function for creating Context objects.""" - r = Context() - r.policy = policy - r.handle = symbol - return r - - cdef class Context(PolicySymbol): """A SELinux security context/security attribute.""" - cdef const qpol_context_t *handle + cdef sepol.context_struct_t *handle + + @staticmethod + cdef factory(SELinuxPolicy policy, sepol.context_struct_t *symbol): + """Factory function for creating Context objects.""" + r = Context() + r.policy = policy + r.handle = symbol + return r def __str__(self): try: diff --git a/setools/policyrep/netcontext.pxi b/setools/policyrep/netcontext.pxi index 380bca4..bc01c25 100644 --- a/setools/policyrep/netcontext.pxi +++ b/setools/policyrep/netcontext.pxi @@ -58,7 +58,7 @@ cdef class Netifcon(Ocontext): @property def packet(self): """The context for the packets.""" - return context_factory(self.policy, &self.handle.context[1]) + return Context.factory(self.policy, &self.handle.context[1]) class NodeconIPVersion(PolicyEnum): diff --git a/setools/policyrep/symbol.pxi b/setools/policyrep/symbol.pxi index 1324194..956efd7 100644 --- a/setools/policyrep/symbol.pxi +++ b/setools/policyrep/symbol.pxi @@ -78,7 +78,7 @@ cdef class Ocontext(PolicySymbol): @property def context(self): """The context for this statement.""" - return context_factory(self.policy, self.handle.context) + return Context.factory(self.policy, self.handle.context) def statement(self): return str(self) diff --git a/setup.py b/setup.py index 8f9890b..5ef474c 100644 --- a/setup.py +++ b/setup.py @@ -71,7 +71,6 @@ ext_py_mods = [Extension('setools.policyrep.libpolicyrep', 'libqpol/class_perm_query.c', 'libqpol/cond_query.c', 'libqpol/constraint_query.c', - 'libqpol/context_query.c', 'libqpol/ftrule_query.c', 'libqpol/iterator.c', 'libqpol/mlsrule_query.c',