diff --git a/setools/policyrep/mlsrule.pxi b/setools/policyrep/mlsrule.pxi
index dfaecfd..0b38eda 100644
--- a/setools/policyrep/mlsrule.pxi
+++ b/setools/policyrep/mlsrule.pxi
@@ -32,73 +32,27 @@ cdef class MLSRule(PolicyRule):
"""An MLS rule."""
cdef:
- sepol.range_trans_t *handle
+ readonly ObjClass tclass
object rng
- readonly object ruletype
@staticmethod
- cdef factory(SELinuxPolicy policy, sepol.range_trans_t *symbol, sepol.mls_range_t *rng):
+ cdef inline MLSRule factory(SELinuxPolicy policy, sepol.range_trans_t *symbol,
+ sepol.mls_range_t *rng):
"""Factory function for creating MLSRule objects."""
- r = MLSRule(Range.factory(policy, rng))
+ cdef MLSRule r = MLSRule.__new__(MLSRule)
r.policy = policy
- r.handle = symbol
+ r.key = <uintptr_t>symbol
+ r.ruletype = MLSRuletype.range_transition
+ r.source = type_or_attr_factory(policy, policy.type_value_to_datum(symbol.source_type - 1))
+ r.target = type_or_attr_factory(policy, policy.type_value_to_datum(symbol.target_type - 1))
+ r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(symbol.target_class - 1))
+ r.rng = Range.factory(policy, rng)
+ r.origin = None
return r
- def __cinit__(self, rng):
- self.ruletype = MLSRuletype.range_transition
- self.rng = rng
-
def __str__(self):
return "{0.ruletype} {0.source} {0.target}:{0.tclass} {0.default};".format(self)
- def _eq(self, MLSRule other):
- """Low-level equality check (C pointers)."""
- return self.handle == other.handle
-
- @property
- def source(self):
- """The rule's source type/attribute."""
- return type_or_attr_factory(self.policy,
- self.policy.type_value_to_datum(self.handle.source_type - 1))
-
- @property
- def target(self):
- """The rule's target type/attribute."""
- return type_or_attr_factory(self.policy,
- self.policy.type_value_to_datum(self.handle.target_type - 1))
-
- @property
- def tclass(self):
- """The rule's object class."""
- return ObjClass.factory(self.policy,
- self.policy.class_value_to_datum(self.handle.target_class - 1))
-
- @property
- def default(self):
- """The rule's default range."""
- return self.rng
-
- def expand(self):
- """Expand the rule into an equivalent set of rules without attributes."""
- for s, t in itertools.product(self.source.expand(), self.target.expand()):
- r = ExpandedMLSRule(self.rng)
- r.policy = self.policy
- r.handle = self.handle
- r.source = s
- r.target = t
- r.origin = self
- yield r
-
-
-cdef class ExpandedMLSRule(MLSRule):
-
- """An expanded MLS rule."""
-
- cdef:
- public object source
- public object target
- public object origin
-
def __hash__(self):
try:
cond = self.conditional
@@ -113,6 +67,31 @@ cdef class ExpandedMLSRule(MLSRule):
def __lt__(self, other):
return str(self) < str(other)
+ @property
+ def default(self):
+ """The rule's default range."""
+ return self.rng
+
+ def expand(self):
+ """Expand the rule into an equivalent set of rules without attributes."""
+ cdef MLSRule r
+ if self.origin is None:
+ for s, t in itertools.product(self.source.expand(), self.target.expand()):
+ r = MLSRule.__new__(MLSRule)
+ r.policy = self.policy
+ r.key = self.key
+ r.ruletype = self.ruletype
+ r.source = s
+ r.target = t
+ r.tclass = self.tclass
+ r.rng = self.rng
+ r.origin = self
+ yield r
+
+ else:
+ # this rule is already expanded.
+ yield self
+
#
# Iterators