RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-11 07:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

policyrep: add typebounds rules

Browse Source 
Closes #66
This commit is contained in:
Chris PeBenito 2016-02-05 13:53:30 -05:00
parent 522ab7e7f6
commit 699ce33cd7
4 changed files with 97 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
libqpol/bounds_query.c
View File

@ -87,7 +87,28 @@ int qpol_typebounds_get_child_name(const qpol_policy_t *policy, const qpol_typeb
return STATUS_SUCCESS;
}
/* As type bounds are in types use these, however will need to calc number of bounds manually in top.tcl*/
static int hash_state_next_typebounds(qpol_iterator_t * iter)
{
void *datum = NULL;
type_datum_t *internal_datum = NULL;
do {
hash_state_next(iter);
if (qpol_iterator_end(iter))
break;
qpol_iterator_get_item(iter, &datum);
internal_datum = (type_datum_t *) datum;
/* keep going on attributes */
if (internal_datum -> flavor != TYPE_TYPE)
continue;
/* keep going if type has no bounding */
} while (internal_datum->bounds == 0);
return STATUS_SUCCESS;
}
int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t **iter)
{
policydb_t *db;
@ -103,21 +124,6 @@ int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t
}
db = &policy->p->p;
/*
struct type_datum *type;
size_t i;
int count = 0;
for (i = 0; i < db->p_types.nprim - 1; i++) {
type = db->type_val_to_struct[i];
if (type->flavor == TYPE_TYPE && type->bounds != 0) {
printf("PARENT DOMAIN: %s\n", db->p_type_val_to_name[type->bounds - 1]);
printf("CHILD NAME: %s\n", db->p_type_val_to_name[type->s.value - 1]);
count++;
}
}
printf("Type Bounds count: %d\n", count);
*/
hs = calloc(1, sizeof(hash_state_t));
if (hs == NULL) {
error = errno;
@ -129,13 +135,25 @@ int qpol_policy_get_typebounds_iter(const qpol_policy_t *policy, qpol_iterator_t
hs->node = (*(hs->table))->htable[0];
if (qpol_iterator_create(policy, (void *)hs, hash_state_get_cur,
hash_state_next, hash_state_end, hash_state_size, free, iter)) {
hash_state_next_typebounds, hash_state_end, hash_state_size, free, iter)) {
free(hs);
return STATUS_ERR;
}
if (hs->node == NULL)
hash_state_next(*iter);
hash_state_next_typebounds(*iter);
/* since we are iterating over all types, ensure our first item is actually bounded. */
if (!qpol_iterator_end(*iter)) {
void *datum = NULL;
type_datum_t *internal_datum = NULL;
qpol_iterator_get_item(*iter, &datum);
internal_datum = (type_datum_t *) datum;
if (internal_datum -> flavor != TYPE_TYPE || internal_datum->bounds == 0)
hash_state_next_typebounds(*iter);
}
return STATUS_SUCCESS;
}

13
setools/policyrep/__init__.py
View File

@ -1,4 +1,4 @@
# Copyright 2014-2015, Tresys Technology, LLC
# Copyright 2014-2016, Tresys Technology, LLC
#
# This file is part of SETools.
#
@ -46,6 +46,7 @@ from . import exception
# Components
from . import boolcond
from . import bounds
from . import default
from . import mls
from . import objclass
@ -330,6 +331,11 @@ class SELinuxPolicy(object):
"""The number of type_transition rules."""
return self.policy.terule_trans_count() + self.policy.filename_trans_count()
@property
def typebounds_count(self):
"""The number of typebounds rules."""
return sum(1 for b in self.bounds() if b.ruletype == "typebounds")
@property
def user_count(self):
"""The number of users."""
@ -400,6 +406,11 @@ class SELinuxPolicy(object):
for bool_ in self.policy.bool_iter():
yield boolcond.boolean_factory(self.policy, bool_)
def bounds(self):
"""Generator which yields all *bounds statements (typebounds, etc.)"""
for bound in self.policy.typebounds_iter():
yield bounds.bounds_factory(self.policy, bound)
def categories(self):
"""Generator which yields all MLS categories."""
for cat in self.policy.cat_iter():

48
setools/policyrep/bounds.py Normal file
View File

@ -0,0 +1,48 @@
# Copyright 2016, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from .symbol import PolicySymbol
from .qpol import qpol_typebounds_t
from .typeattr import type_factory
def bounds_factory(policy, sym):
"""Factory for creating bounds statement objects."""
if isinstance(sym, qpol_typebounds_t):
return Bounds(policy, sym)
else:
raise TypeError("typebounds rules cannot be looked up.")
class Bounds(PolicySymbol):
"""A typebounds statement."""
def __str__(self):
return "{0.ruletype} {0.parent} {0.child};".format(self)
ruletype = "typebounds"
@property
def parent(self):
return type_factory(self.policy, self.qpol_symbol.parent_name(self.policy))
@property
def child(self):
return type_factory(self.policy, self.qpol_symbol.child_name(self.policy))

13
setools/policyrep/qpol.i
View File

@ -888,6 +888,7 @@ typedef enum qpol_capability
};
%newobject typebounds_iter();
%pythoncode %{ @QpolGenerator(_qpol.qpol_typebounds_from_void) %}
qpol_iterator_t *typebounds_iter() {
qpol_iterator_t *iter;
if (qpol_policy_get_typebounds_iter(self, &iter)) {
@ -898,18 +899,6 @@ typedef enum qpol_capability
return NULL;
};
size_t typebounds_count() {
qpol_iterator_t *iter;
size_t count = 0;
if (qpol_policy_get_typebounds_iter(self, &iter)) {
SWIG_exception(SWIG_MemoryError, "Out of Memory");
}
qpol_iterator_get_size(iter, &count);
return count;
fail:
return 0;
};
%newobject polcap_iter();
%pythoncode %{ @QpolGenerator(_qpol.qpol_polcap_from_void) %}
qpol_iterator_t *polcap_iter() {