RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-25 04:26:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rebase policyrep to new qpol interface.

Browse Source
This commit is contained in:
Chris PeBenito 2014-10-24 21:08:22 -04:00
parent 8363f8edf7
commit 580ccf880e
18 changed files with 225 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
libapol/policyrep/__init__.py
View File

@ -21,7 +21,7 @@
# abstractions and methods for accessing the policy
# structures.
import setools.qpol as qpol
import qpol
# The libqpol SWIG class is not quite natural for
# Python, since void* are passed around from the
@ -82,70 +82,70 @@ class SELinuxPolicy(object):
def classes(self):
"""Generator which yields all object classes."""
qiter = self.policy.get_class_iter()
while not qiter.end():
yield objclass.ObjClass(self.policy, qpol.qpol_class_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.class_iter()
while not qiter.isend():
yield objclass.ObjClass(self.policy, qpol.qpol_class_from_void(qiter.item()))
qiter.next_()
def commons(self):
"""Generator which yields all commons."""
qiter = self.policy.get_common_iter()
while not qiter.end():
yield objclass.Common(self.policy, qpol.qpol_common_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.common_iter()
while not qiter.isend():
yield objclass.Common(self.policy, qpol.qpol_common_from_void(qiter.item()))
qiter.next_()
def types(self):
"""Generator which yields all types."""
# libqpol unfortunately iterates over attributes and aliases
qiter = self.policy.get_type_iter()
while not qiter.end():
qiter = self.policy.type_iter()
while not qiter.isend():
t = typeattr.TypeAttr(
self.policy, qpol.qpol_type_from_void(qiter.get_item()))
self.policy, qpol.qpol_type_from_void(qiter.item()))
if not t.isattr and not t.isalias:
yield t
qiter.next()
qiter.next_()
def roles(self):
"""Generator which yields all roles."""
qiter = self.policy.get_role_iter()
while not qiter.end():
yield role.Role(self.policy, qpol.qpol_role_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.role_iter()
while not qiter.isend():
yield role.Role(self.policy, qpol.qpol_role_from_void(qiter.item()))
qiter.next_()
def users(self):
"""Generator which yields all users."""
qiter = self.policy.get_user_iter()
while not qiter.end():
yield user.User(self.policy, qpol.qpol_user_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.user_iter()
while not qiter.isend():
yield user.User(self.policy, qpol.qpol_user_from_void(qiter.item()))
qiter.next_()
def bools(self):
"""Generator which yields all Booleans."""
qiter = self.policy.get_bool_iter()
while not qiter.end():
yield boolcond.Boolean(self.policy, qpol.qpol_bool_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.bool_iter()
while not qiter.isend():
yield boolcond.Boolean(self.policy, qpol.qpol_bool_from_void(qiter.item()))
qiter.next_()
def polcaps(self):
"""Generator which yields all policy capabilities."""
qiter = self.policy.get_polcap_iter()
while not qiter.end():
yield polcap.PolicyCapability(self.policy, qpol.qpol_polcap_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.polcap_iter()
while not qiter.isend():
yield polcap.PolicyCapability(self.policy, qpol.qpol_polcap_from_void(qiter.item()))
qiter.next_()
def permissives(self):
"""Generator which yields all permissive types."""
qiter = self.policy.get_permissive_iter()
while not qiter.end():
yield typeattr.TypeAttr(self.policy, qpol.qpol_type_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.permissive_iter()
while not qiter.isend():
yield typeattr.TypeAttr(self.policy, qpol.qpol_type_from_void(qiter.item()))
qiter.next_()
#
# Policy rules generators
@ -156,41 +156,41 @@ class SELinuxPolicy(object):
av_ruletype = qpol.QPOL_RULE_ALLOW | qpol.QPOL_RULE_AUDITALLOW | qpol.QPOL_RULE_DONTAUDIT
te_ruletype = qpol.QPOL_RULE_TYPE_TRANS | qpol.QPOL_RULE_TYPE_CHANGE | qpol.QPOL_RULE_TYPE_MEMBER
qiter = self.policy.get_avrule_iter(av_ruletype)
while not qiter.end():
yield terule.TERule(self.policy, qpol.qpol_avrule_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.avrule_iter(av_ruletype)
while not qiter.isend():
yield terule.TERule(self.policy, qpol.qpol_avrule_from_void(qiter.item()))
qiter.next_()
qiter = self.policy.get_terule_iter(te_ruletype)
while not qiter.end():
yield terule.TERule(self.policy, qpol.qpol_terule_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.terule_iter(te_ruletype)
while not qiter.isend():
yield terule.TERule(self.policy, qpol.qpol_terule_from_void(qiter.item()))
qiter.next_()
qiter = self.policy.get_filename_trans_iter()
while not qiter.end():
yield terule.TERule(self.policy, qpol.qpol_filename_trans_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.filename_trans_iter()
while not qiter.isend():
yield terule.TERule(self.policy, qpol.qpol_filename_trans_from_void(qiter.item()))
qiter.next_()
def rbacrules(self):
"""Generator which yields all RBAC rules."""
qiter = self.policy.get_role_allow_iter()
while not qiter.end():
yield rbacrule.RBACRule(self.policy, qpol.qpol_role_allow_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.role_allow_iter()
while not qiter.isend():
yield rbacrule.RBACRule(self.policy, qpol.qpol_role_allow_from_void(qiter.item()))
qiter.next_()
qiter = self.policy.get_role_trans_iter()
while not qiter.end():
yield rbacrule.RBACRule(self.policy, qpol.qpol_role_trans_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.role_trans_iter()
while not qiter.isend():
yield rbacrule.RBACRule(self.policy, qpol.qpol_role_trans_from_void(qiter.item()))
qiter.next_()
def mlsrules(self):
"""Generator which yields all MLS rules."""
qiter = self.policy.get_range_trans_iter()
while not qiter.end():
yield mlsrule.MLSRule(self.policy, qpol.qpol_range_trans_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.range_trans_iter()
while not qiter.isend():
yield mlsrule.MLSRule(self.policy, qpol.qpol_range_trans_from_void(qiter.item()))
qiter.next_()
#
# Constraints generators
@ -199,22 +199,24 @@ class SELinuxPolicy(object):
def constraints(self):
"""Generator which yields all constraints."""
qiter = self.policy.get_constraint_iter()
while not qiter.end():
c = constraint.Constraint(self.policy, qpol.qpol_constraint_from_void(qiter.get_item()))
qiter = self.policy.constraint_iter()
while not qiter.isend():
c = constraint.Constraint(
self.policy, qpol.qpol_constraint_from_void(qiter.item()))
if not c.ismls:
yield c
qiter.next()
qiter.next_()
def mlsconstraints(self):
"""Generator which yields all MLS constraints."""
qiter = self.policy.get_constraint_iter()
while not qiter.end():
c = constraint.Constraint(self.policy, qpol.qpol_constraint_from_void(qiter.get_item()))
qiter = self.policy.constraint_iter()
while not qiter.isend():
c = constraint.Constraint(
self.policy, qpol.qpol_constraint_from_void(qiter.item()))
if c.ismls:
yield c
qiter.next()
qiter.next_()
#
# In-policy Labeling statement generators
@ -222,47 +224,47 @@ class SELinuxPolicy(object):
def initialsids(self):
"""Generator which yields all initial SID statements."""
qiter = self.policy.get_isid_iter()
while not qiter.end():
yield initsid.InitialSID(self.policy, qpol.qpol_isid_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.isid_iter()
while not qiter.isend():
yield initsid.InitialSID(self.policy, qpol.qpol_isid_from_void(qiter.item()))
qiter.next_()
def fs_uses(self):
"""Generator which yields all fs_use_* statements."""
qiter = self.policy.get_fs_use_iter()
while not qiter.end():
yield fscontext.FSUse(self.policy, qpol.qpol_fs_use_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.fs_use_iter()
while not qiter.isend():
yield fscontext.FSUse(self.policy, qpol.qpol_fs_use_from_void(qiter.item()))
qiter.next_()
def genfscons(self):
"""Generator which yields all genfscon statements."""
qiter = self.policy.get_genfscon_iter()
while not qiter.end():
yield fscontext.Genfscon(self.policy, qpol.qpol_genfscon_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.genfscon_iter()
while not qiter.isend():
yield fscontext.Genfscon(self.policy, qpol.qpol_genfscon_from_void(qiter.item()))
qiter.next_()
def netifcons(self):
"""Generator which yields all netifcon statements."""
qiter = self.policy.get_netifcon_iter()
while not qiter.end():
yield netcontext.Netifcon(self.policy, qpol.qpol_netifcon_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.netifcon_iter()
while not qiter.isend():
yield netcontext.Netifcon(self.policy, qpol.qpol_netifcon_from_void(qiter.item()))
qiter.next_()
def nodecons(self):
"""Generator which yields all nodecon statements."""
qiter = self.policy.get_nodecon_iter()
while not qiter.end():
yield netcontext.Nodecon(self.policy, qpol.qpol_nodecon_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.nodecon_iter()
while not qiter.isend():
yield netcontext.Nodecon(self.policy, qpol.qpol_nodecon_from_void(qiter.item()))
qiter.next_()
def portcons(self):
"""Generator which yields all portcon statements."""
qiter = self.policy.get_portcon_iter()
while not qiter.end():
yield netcontext.Portcon(self.policy, qpol.qpol_portcon_from_void(qiter.get_item()))
qiter.next()
qiter = self.policy.portcon_iter()
while not qiter.isend():
yield netcontext.Portcon(self.policy, qpol.qpol_portcon_from_void(qiter.item()))
qiter.next_()

26
libapol/policyrep/boolcond.py
View File

@ -16,7 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import string
import symbol
@ -27,7 +27,7 @@ class Boolean(symbol.PolicySymbol):
def state(self):
"""The default state of the Boolean."""
return bool(self.qpol_symbol.get_state(self.policy))
return bool(self.qpol_symbol.state(self.policy))
def statement(self):
"""The policy statement."""
@ -55,20 +55,20 @@ class ConditionalExpr(symbol.PolicySymbol):
qpol.QPOL_COND_EXPR_NEQ: 4}
def __contains__(self, other):
qpol_iter = self.qpol_symbol.get_expr_node_iter(self.policy)
qpol_iter = self.qpol_symbol.expr_node_iter(self.policy)
while not qpol_iter.end():
while not qpol_iter.isend():
expr_node = qpol.qpol_cond_expr_node_from_void(
qpol_iter.get_item())
expr_node_type = expr_node.get_expr_type(self.policy)
qpol_iter.item())
expr_node_type = expr_node.expr_type(self.policy)
if expr_node_type == qpol.QPOL_COND_EXPR_BOOL and other == Boolean(self.policy, expr_node.get_bool(self.policy)):
if expr_node_type == qpol.QPOL_COND_EXPR_BOOL and other == Boolean(self.policy, expr_node.bool(self.policy)):
return True
return False
def __str__(self):
qpol_iter = self.qpol_symbol.get_expr_node_iter(self.policy)
qpol_iter = self.qpol_symbol.expr_node_iter(self.policy)
# qpol representation is in postfix notation. This code
# converts it to infix notation. Parentheses are added
@ -78,15 +78,15 @@ class ConditionalExpr(symbol.PolicySymbol):
# operator, no parentheses are output
stack = []
prev_oper = qpol.QPOL_COND_EXPR_NOT
while not qpol_iter.end():
while not qpol_iter.isend():
expr_node = qpol.qpol_cond_expr_node_from_void(
qpol_iter.get_item())
expr_node_type = expr_node.get_expr_type(self.policy)
qpol_iter.item())
expr_node_type = expr_node.expr_type(self.policy)
if expr_node_type == qpol.QPOL_COND_EXPR_BOOL:
# append the boolean name
nodebool = Boolean(
self.policy, expr_node.get_bool(self.policy))
self.policy, expr_node.get_boolean(self.policy))
stack.append(str(nodebool))
elif expr_node_type == qpol.QPOL_COND_EXPR_NOT: # unary operator
operand = stack.pop()
@ -119,7 +119,7 @@ class ConditionalExpr(symbol.PolicySymbol):
stack.append(subexpr)
prev_oper = expr_node_type
qpol_iter.next()
qpol_iter.next_()
return self.__unwind_subexpression(stack)

39
libapol/policyrep/constraint.py
View File

@ -18,8 +18,7 @@
#
import string
import setools.qpol as qpol
import qpol
import symbol
import objclass
@ -94,17 +93,17 @@ class Constraint(symbol.PolicySymbol):
# operator, no parentheses are output
expr_string = ""
qpol_iter = self.qpol_symbol.get_expr_iter(self.policy)
qpol_iter = self.qpol_symbol.expr_iter(self.policy)
stack = []
prev_oper = self._expr_op_precedence
while not qpol_iter.end():
while not qpol_iter.isend():
expr_node = qpol.qpol_constraint_expr_node_from_void(
qpol_iter.get_item())
qpol_iter.item())
op = expr_node.get_op(self.policy)
sym_type = expr_node.get_sym_type(self.policy)
expr_type = expr_node.get_expr_type(self.policy)
op = expr_node.op(self.policy)
sym_type = expr_node.sym_type(self.policy)
expr_type = expr_node.expr_type(self.policy)
if expr_type == qpol.QPOL_CEXPR_TYPE_ATTR:
stack.append([self._sym_to_text[sym_type],
@ -113,9 +112,9 @@ class Constraint(symbol.PolicySymbol):
prev_oper = self._expr_op_precedence
elif expr_type == qpol.QPOL_CEXPR_TYPE_NAMES:
names = []
names_iter = expr_node.get_names_iter(self.policy)
while not names_iter.end():
names.append(qpol.to_str(names_iter.get_item()))
names_iter = expr_node.names_iter(self.policy)
while not names_iter.isend():
names.append(qpol.to_str(names_iter.item()))
names_iter.next()
if not names:
@ -179,13 +178,13 @@ class Constraint(symbol.PolicySymbol):
except AttributeError:
self._ismls = False
qpol_iter = self.qpol_symbol.get_expr_iter(self.policy)
while not qpol_iter.end():
qpol_iter = self.qpol_symbol.expr_iter(self.policy)
while not qpol_iter.isend():
expr_node = qpol.qpol_constraint_expr_node_from_void(
qpol_iter.get_item())
qpol_iter.item())
sym_type = expr_node.get_sym_type(self.policy)
expr_type = expr_node.get_expr_type(self.policy)
sym_type = expr_node.sym_type(self.policy)
expr_type = expr_node.expr_type(self.policy)
if expr_type == qpol.QPOL_CEXPR_TYPE_ATTR and sym_type >= qpol.QPOL_CEXPR_SYM_L1L2:
self._ismls = True
@ -199,11 +198,11 @@ class Constraint(symbol.PolicySymbol):
def perms(self):
"""The constraint's permission set."""
iter = self.qpol_symbol.get_perm_iter(self.policy)
iter = self.qpol_symbol.perm_iter(self.policy)
p = set()
while not iter.end():
p.add(qpol.to_str(iter.get_item()))
while not iter.isend():
p.add(qpol.to_str(iter.item()))
iter.next()
return p
@ -214,7 +213,7 @@ class Constraint(symbol.PolicySymbol):
@property
def tclass(self):
"""Object class for this constraint."""
return objclass.ObjClass(self.policy, self.qpol_symbol.get_class(self.policy))
return objclass.ObjClass(self.policy, self.qpol_symbol.object_class(self.policy))
class ValidateTrans(symbol.PolicySymbol):

11
libapol/policyrep/context.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import symbol
import user
import role
@ -38,17 +37,17 @@ class Context(symbol.PolicySymbol):
@property
def user(self):
"""The user portion of the context."""
return user.User(self.policy, self.qpol_symbol.get_user(self.policy))
return user.User(self.policy, self.qpol_symbol.user(self.policy))
@property
def role(self):
"""The role portion of the context."""
return role.Role(self.policy, self.qpol_symbol.get_role(self.policy))
return role.Role(self.policy, self.qpol_symbol.role(self.policy))
@property
def type_(self):
"""The type portion of the context."""
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.type_(self.policy))
@property
def mls(self):
@ -56,6 +55,6 @@ class Context(symbol.PolicySymbol):
# without this check, qpol will segfault on MLS-disabled policies
if self.policy.has_capability(qpol.QPOL_CAP_MLS):
return mls.MLSRange(self.policy, self.qpol_symbol.get_range(self.policy))
return mls.MLSRange(self.policy, self.qpol_symbol.range(self.policy))
else:
raise mls.MLSDisabled("MLS is disabled, the context has no range.")

11
libapol/policyrep/fscontext.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from setools import qpol
import qpol
import symbol
import context
@ -32,12 +31,12 @@ class FSContext(symbol.PolicySymbol):
@property
def fs(self):
"""The filesystem type for this statement."""
return self.qpol_symbol.get_name(self.policy)
return self.qpol_symbol.name(self.policy)
@property
def context(self):
"""The context for this statement."""
return context.Context(self.policy, self.qpol_symbol.get_context(self.policy))
return context.Context(self.policy, self.qpol_symbol.context(self.policy))
def statement(self):
return str(self)
@ -53,7 +52,7 @@ class Genfscon(FSContext):
@property
def path(self):
"""The path for this genfscon statement."""
return self.qpol_symbol.get_path(self.policy)
return self.qpol_symbol.path(self.policy)
class FSUse(FSContext):
@ -73,4 +72,4 @@ class FSUse(FSContext):
@property
def ruletype(self):
"""The rule type for this fs_use_* statement."""
return self._ruletype_to_text[self.qpol_symbol.get_behavior(self.policy)]
return self._ruletype_to_text[self.qpol_symbol.behavior(self.policy)]

5
libapol/policyrep/initsid.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import symbol
import context
@ -29,7 +28,7 @@ class InitialSID(symbol.PolicySymbol):
@property
def context(self):
"""The context for this initial SID."""
return context.Context(self.policy, self.qpol_symbol.get_context(self.policy))
return context.Context(self.policy, self.qpol_symbol.context(self.policy))
def statement(self):
return "sid {0} {1}".format(self, self.context)

28
libapol/policyrep/mls.py
View File

@ -19,7 +19,7 @@
import itertools
import string
import setools.qpol as qpol
import qpol
import symbol
@ -38,7 +38,7 @@ class MLSCategory(symbol.PolicySymbol):
@property
def isalias(self):
"""(T/F) this is an alias."""
return self.qpol_symbol.get_isalias(self.policy)
return self.qpol_symbol.isalias(self.policy)
@property
def value(self):
@ -51,17 +51,19 @@ class MLSCategory(symbol.PolicySymbol):
Example usage: sorted(self.categories(), key=lambda k: k.value)
"""
return self.qpol_symbol.get_value(self.policy)
return self.qpol_symbol.value(self.policy)
def aliases(self):
"""Generator that yields all aliases for this category."""
aiter = self.qpol_symbol.get_alias_iter(self.policy)
while not aiter.end():
yield qpol.to_str(aiter.get_item())
aiter = self.qpol_symbol.alias_iter(self.policy)
while not aiter.isend():
yield qpol.to_str(aiter.item())
aiter.next()
# libqpol does not expose sensitivities as an individual component
class MLSSensitivity(symbol.PolicySymbol):
pass
@ -72,7 +74,7 @@ class MLSLevel(symbol.PolicySymbol):
def __eq__(self, other):
if self.policy == other.policy:
if (self.qpol_symbol.get_sens_name(self.policy) != other.qpol_symbol.get_sens_name(self.policy)):
if (self.qpol_symbol.sens_name(self.policy) != other.qpol_symbol.get_sens_name(self.policy)):
return False
selfcats = set(str(c) for c in self.categories())
@ -83,7 +85,7 @@ class MLSLevel(symbol.PolicySymbol):
raise NotImplementedError
def __str__(self):
lvl = str(self.qpol_symbol.get_sens_name(self.policy))
lvl = str(self.qpol_symbol.sens_name(self.policy))
# sort by policy declaration order
cats = sorted(self.categories(), key=lambda k: k.value)
@ -109,9 +111,9 @@ class MLSLevel(symbol.PolicySymbol):
c0.c255
"""
citer = self.qpol_symbol.get_cat_iter(self.policy)
while not citer.end():
yield MLSCategory(self.policy, qpol.qpol_cat_from_void(citer.get_item()))
citer = self.qpol_symbol.cat_iter(self.policy)
while not citer.isend():
yield MLSCategory(self.policy, qpol.qpol_cat_from_void(citer.item()))
citer.next()
@ -130,9 +132,9 @@ class MLSRange(symbol.PolicySymbol):
@property
def high(self):
"""The high end/clearance level of this range."""
return MLSLevel(self.policy, self.qpol_symbol.get_high_level(self.policy))
return MLSLevel(self.policy, self.qpol_symbol.high_level(self.policy))
@property
def low(self):
"""The low end/current level of this range."""
return MLSLevel(self.policy, self.qpol_symbol.get_low_level(self.policy))
return MLSLevel(self.policy, self.qpol_symbol.low_level(self.policy))

11
libapol/policyrep/mlsrule.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import rule
import typeattr
import mls
@ -41,19 +40,19 @@ class MLSRule(rule.PolicyRule):
@property
def source(self):
"""The rule's source type/attribute."""
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_source_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.source_type(self.policy))
@property
def target(self):
"""The rule's target type/attribute."""
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_target_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.target_type(self.policy))
@property
def tclass(self):
"""The rule's object class."""
return objclass.ObjClass(self.policy, self.qpol_symbol.get_target_class(self.policy))
return objclass.ObjClass(self.policy, self.qpol_symbol.target_class(self.policy))
@property
def default(self):
"""The rule's default range."""
return mls.MLSRange(self.policy, self.qpol_symbol.get_range(self.policy))
return mls.MLSRange(self.policy, self.qpol_symbol.range(self.policy))

23
libapol/policyrep/netcontext.py
View File

@ -18,8 +18,7 @@
#
import socket
from setools import qpol
import qpol
import symbol
import context
@ -34,7 +33,7 @@ class NetContext(symbol.PolicySymbol):
@property
def context(self):
"""The context for this statement."""
return context.Context(self.policy, self.qpol_symbol.get_context(self.policy))
return context.Context(self.policy, self.qpol_symbol.context(self.policy))
def statement(self):
return str(self)
@ -50,17 +49,17 @@ class Netifcon(NetContext):
@property
def netif(self):
"""The network interface name."""
return self.qpol_symbol.get_name(self.policy)
return self.qpol_symbol.name(self.policy)
@property
def context(self):
"""The context for the interface."""
return context.Context(self.policy, self.qpol_symbol.get_if_con(self.policy))
return context.Context(self.policy, self.qpol_symbol.if_con(self.policy))
@property
def packet(self):
"""The context for the packets."""
return context.Context(self.policy, self.qpol_symbol.get_msg_con(self.policy))
return context.Context(self.policy, self.qpol_symbol.msg_con(self.policy))
class Nodecon(NetContext):
@ -81,7 +80,7 @@ class Nodecon(NetContext):
The IP version for the nodecon (socket.AF_INET or
socket.AF_INET6).
"""
if self.qpol_symbol.get_protocol(self.policy) == qpol.QPOL_IPV6:
if self.qpol_symbol.protocol(self.policy) == qpol.QPOL_IPV6:
return socket.AF_INET6
return socket.AF_INET
@ -93,11 +92,11 @@ class Nodecon(NetContext):
# converted into the human-readable string version.
# IPv(4|6)Network looks good for this (with mask below)
# but it is limited to Python >= 3.3
return self.qpol_symbol.get_addr(self.policy)
return self.qpol_symbol.addr(self.policy)
@property
def netmask(self):
return self.qpol_symbol.get_mask(self.policy)
return self.qpol_symbol.mask(self.policy)
class Portcon(NetContext):
@ -122,7 +121,7 @@ class Portcon(NetContext):
The protocol number for the portcon (socket.IPPROTO_TCP
or socket.IPPROTO_UDP).
"""
return self.qpol_symbol.get_protocol(self.policy)
return self.qpol_symbol.protocol(self.policy)
@property
def ports(self):
@ -133,6 +132,6 @@ class Portcon(NetContext):
low The low port of the range.
high The high port of the range.
"""
low = self.qpol_symbol.get_low_port(self.policy)
high = self.qpol_symbol.get_high_port(self.policy)
low = self.qpol_symbol.low_port(self.policy)
high = self.qpol_symbol.high_port(self.policy)
return (low, high)

20
libapol/policyrep/objclass.py
View File

@ -17,7 +17,7 @@
# <http://www.gnu.org/licenses/>.
#
import symbol
import setools.qpol as qpol
import qpol
class Common(symbol.PolicySymbol):
@ -25,10 +25,10 @@ class Common(symbol.PolicySymbol):
"""A common permission set."""
def __contains__(self, other):
piter = self.qpol_symbol.get_perm_iter(self.policy)
piter = self.qpol_symbol.perm_iter(self.policy)
while not piter.end():
if other == qpol.to_str(piter.get_item()):
while not piter.isend():
if other == qpol.to_str(piter.item()):
return True
piter.next()
@ -39,12 +39,12 @@ class Common(symbol.PolicySymbol):
def perms(self):
"""The list of the common's permissions."""
piter = self.qpol_symbol.get_perm_iter(self.policy)
piter = self.qpol_symbol.perm_iter(self.policy)
p = set()
while not piter.end():
p.add(qpol.to_str(piter.get_item()))
piter.next()
while not piter.isend():
p.add(qpol.to_str(piter.item()))
piter.next_()
return p
@ -62,7 +62,7 @@ class Common(symbol.PolicySymbol):
Example usage: sorted(policy.commons(), key=lambda k: k.value)
"""
return self.qpol_symbol.get_value(self.policy)
return self.qpol_symbol.value(self.policy)
class NoCommon(symbol.InvalidSymbol):
@ -87,7 +87,7 @@ class ObjClass(Common):
"""
try:
return Common(self.policy, self.qpol_symbol.get_common(self.policy))
return Common(self.policy, self.qpol_symbol.common(self.policy))
except symbol.InvalidSymbol:
raise NoCommon("{0} does not inherit a common.".format(self))

3
libapol/policyrep/polcap.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import symbol

13
libapol/policyrep/rbacrule.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import rule
import role
import typeattr
@ -45,7 +44,7 @@ class RBACRule(rule.PolicyRule):
@property
def source(self):
"""The rule's source role."""
return role.Role(self.policy, self.qpol_symbol.get_source_role(self.policy))
return role.Role(self.policy, self.qpol_symbol.source_role(self.policy))
@property
def target(self):
@ -54,15 +53,15 @@ class RBACRule(rule.PolicyRule):
(role_transition).
"""
try:
return role.Role(self.policy, self.qpol_symbol.get_target_role(self.policy))
return role.Role(self.policy, self.qpol_symbol.target_role(self.policy))
except AttributeError:
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_target_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.target_type(self.policy))
@property
def tclass(self):
"""The rule's object class."""
try:
return objclass.ObjClass(self.policy, self.qpol_symbol.get_object_class(self.policy))
return objclass.ObjClass(self.policy, self.qpol_symbol.object_class(self.policy))
except AttributeError:
raise rule.InvalidRuleUse(
"Role allow rules do not have an object class.")
@ -71,7 +70,7 @@ class RBACRule(rule.PolicyRule):
def default(self):
"""The rule's default role."""
try:
return role.Role(self.policy, self.qpol_symbol.get_default_role(self.policy))
return role.Role(self.policy, self.qpol_symbol.default_role(self.policy))
except AttributeError:
raise rule.InvalidRuleUse(
"Role allow rules do not have a default role.")

11
libapol/policyrep/role.py
View File

@ -17,8 +17,7 @@
# <http://www.gnu.org/licenses/>.
#
import string
import setools.qpol as qpol
import qpol
import symbol
import typeattr
@ -44,11 +43,11 @@ class Role(symbol.PolicySymbol):
def types(self):
"""Generator which yields the role's set of types."""
titer = self.qpol_symbol.get_type_iter(self.policy)
while not titer.end():
titer = self.qpol_symbol.type_iter(self.policy)
while not titer.isend():
yield typeattr.TypeAttr(
self.policy, qpol.qpol_type_from_void(titer.get_item()))
titer.next()
self.policy, qpol.qpol_type_from_void(titer.item()))
titer.next_()
def statement(self):
types = list(str(t) for t in self.types())

3
libapol/policyrep/rule.py
View File

@ -16,8 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
import symbol

4
libapol/policyrep/symbol.py
View File

@ -16,7 +16,7 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import setools.qpol as qpol
import qpol
class InvalidSymbol(Exception):
@ -50,7 +50,7 @@ class PolicySymbol(object):
self.qpol_symbol = qpol_symbol
def __str__(self):
return self.qpol_symbol.get_name(self.policy)
return self.qpol_symbol.name(self.policy)
def __hash__(self):
return hash(self.qpol_symbol)

25
libapol/policyrep/terule.py
View File

@ -18,8 +18,7 @@
#
import string
import setools.qpol as qpol
import qpol
import symbol
import rule
import typeattr
@ -85,7 +84,7 @@ class TERule(rule.PolicyRule):
def ruletype(self):
"""The rule type."""
try:
return self._teruletype_val_to_text[self.qpol_symbol.get_rule_type(self.policy)]
return self._teruletype_val_to_text[self.qpol_symbol.rule_type(self.policy)]
except AttributeError:
# qpol does not have a rule type function for name filetrans rules
return "type_transition"
@ -93,33 +92,33 @@ class TERule(rule.PolicyRule):
@property
def source(self):
"""The rule's source type/attribute."""
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_source_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.source_type(self.policy))
@property
def target(self):
"""The rule's target type/attribute."""
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_target_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.target_type(self.policy))
@property
def tclass(self):
"""The rule's object class."""
return objclass.ObjClass(self.policy, self.qpol_symbol.get_object_class(self.policy))
return objclass.ObjClass(self.policy, self.qpol_symbol.object_class(self.policy))
@property
def perms(self):
"""The rule's permission set."""
try:
# create permission list
iter = self.qpol_symbol.get_perm_iter(self.policy)
qiter = self.qpol_symbol.perm_iter(self.policy)
except AttributeError:
raise rule.InvalidRuleUse(
"{0} rules do not have a permission set.".format(self.ruletype))
p = set()
while not iter.end():
p.add(qpol.to_str(iter.get_item()))
iter.next()
while not qiter.isend():
p.add(qpol.to_str(qiter.item()))
qiter.next_()
return p
@ -127,7 +126,7 @@ class TERule(rule.PolicyRule):
def default(self):
"""The rule's default type."""
try:
return typeattr.TypeAttr(self.policy, self.qpol_symbol.get_default_type(self.policy))
return typeattr.TypeAttr(self.policy, self.qpol_symbol.default_type(self.policy))
except AttributeError:
raise rule.InvalidRuleUse(
"{0} rules do not have a default type.".format(self.ruletype))
@ -136,7 +135,7 @@ class TERule(rule.PolicyRule):
def filename(self):
"""The type_transition rule's file name."""
try:
return self.qpol_symbol.get_filename(self.policy)
return self.qpol_symbol.filename(self.policy)
except AttributeError:
if self.ruletype == "type_transition":
raise TERuleNoFilename
@ -148,7 +147,7 @@ class TERule(rule.PolicyRule):
def conditional(self):
"""The rule's conditional expression."""
try:
return boolcond.ConditionalExpr(self.policy, self.qpol_symbol.get_cond(self.policy))
return boolcond.ConditionalExpr(self.policy, self.qpol_symbol.cond(self.policy))
except (AttributeError, symbol.InvalidSymbol):
# AttributeError: name filetrans rules cannot be conditional
# so no member function

31
libapol/policyrep/typeattr.py
View File

@ -18,8 +18,7 @@
#
import string
import setools.qpol as qpol
import qpol
import symbol
@ -35,12 +34,12 @@ class TypeAttr(symbol.PolicySymbol):
@property
def isattr(self):
"""(T/F) this is an attribute."""
return self.qpol_symbol.get_isattr(self.policy)
return self.qpol_symbol.isattr(self.policy)
@property
def isalias(self):
"""(T/F) this is an alias."""
return self.qpol_symbol.get_isalias(self.policy)
return self.qpol_symbol.isalias(self.policy)
def expand(self):
"""
@ -51,10 +50,10 @@ class TypeAttr(symbol.PolicySymbol):
if not self.isattr:
yield self
else:
aiter = self.qpol_symbol.get_type_iter(self.policy)
while not aiter.end():
yield TypeAttr(self.policy, qpol.qpol_type_from_void(aiter.get_item()))
aiter.next()
aiter = self.qpol_symbol.type_iter(self.policy)
while not aiter.isend():
yield TypeAttr(self.policy, qpol.qpol_type_from_void(aiter.item()))
aiter.next_()
def attributes(self):
"""Generator that yields all attributes for this type."""
@ -62,10 +61,10 @@ class TypeAttr(symbol.PolicySymbol):
raise TypeError(
"{0} is an attribute, thus does not have attributes.".format(self))
aiter = self.qpol_symbol.get_attr_iter(self.policy)
while not aiter.end():
yield TypeAttr(self.policy, qpol.qpol_type_from_void(aiter.get_item()))
aiter.next()
aiter = self.qpol_symbol.attr_iter(self.policy)
while not aiter.isend():
yield TypeAttr(self.policy, qpol.qpol_type_from_void(aiter.item()))
aiter.next_()
def aliases(self):
"""Generator that yields all aliases for this type."""
@ -73,10 +72,10 @@ class TypeAttr(symbol.PolicySymbol):
raise TypeError(
"{0} is an attribute, thus does not have aliases.".format(self))
aiter = self.qpol_symbol.get_alias_iter(self.policy)
while not aiter.end():
yield qpol.to_str(aiter.get_item())
aiter.next()
aiter = self.qpol_symbol.alias_iter(self.policy)
while not aiter.isend():
yield qpol.to_str(aiter.item())
aiter.next_()
def statement(self):
if self.isattr:

15
libapol/policyrep/user.py
View File

@ -19,8 +19,7 @@
import string
import setools.qpol as qpol
import qpol
import role
import mls
import symbol
@ -36,10 +35,10 @@ class User(symbol.PolicySymbol):
r = set()
aiter = self.qpol_symbol.get_role_iter(self.policy)
while not aiter.end():
aiter = self.qpol_symbol.role_iter(self.policy)
while not aiter.isend():
item = role.Role(
self.policy, qpol.qpol_role_from_void(aiter.get_item()))
self.policy, qpol.qpol_role_from_void(aiter.item()))
# object_r is implicitly added to all roles by the compiler.
# technically it is incorrect to skip it, but policy writers
@ -48,19 +47,19 @@ class User(symbol.PolicySymbol):
if item != "object_r":
r.add(item)
aiter.next()
aiter.next_()
return r
@property
def mls_level(self):
"""The user's default MLS level."""
return mls.MLSLevel(self.policy, self.qpol_symbol.get_dfltlevel(self.policy))
return mls.MLSLevel(self.policy, self.qpol_symbol.dfltlevel(self.policy))
@property
def mls_range(self):
"""The user's MLS range."""
return mls.MLSRange(self.policy, self.qpol_symbol.get_range(self.policy))
return mls.MLSRange(self.policy, self.qpol_symbol.range(self.policy))
def statement(self):
roles = list(str(r) for r in self.roles)