mirror of
https://github.com/SELinuxProject/setools
synced 2025-03-18 08:35:19 +00:00
policyrep: Misc revisions to reduce Python interactions in Cython code.
This commit is contained in:
parent
9f339ca9d4
commit
8156e809b8
@ -61,7 +61,7 @@ cdef class FSUse(Ocontext):
|
||||
return str(self) < str(other)
|
||||
|
||||
|
||||
class GenfsFiletype(int):
|
||||
cdef class GenfsFiletype(int):
|
||||
|
||||
"""
|
||||
A genfscon file type.
|
||||
|
@ -54,15 +54,7 @@ cdef class MLSRule(PolicyRule):
|
||||
return "{0.ruletype} {0.source} {0.target}:{0.tclass} {0.default};".format(self)
|
||||
|
||||
def __hash__(self):
|
||||
try:
|
||||
cond = self.conditional
|
||||
cond_block = self.conditional_block
|
||||
except RuleNotConditional:
|
||||
cond = None
|
||||
cond_block = None
|
||||
|
||||
return hash("{0.ruletype}|{0.source}|{0.target}|{0.tclass}|{1}|{2}".format(
|
||||
self, cond, cond_block))
|
||||
return hash("{0.ruletype}|{0.source}|{0.target}|{0.tclass}|None|None".format(self))
|
||||
|
||||
def __lt__(self, other):
|
||||
return str(self) < str(other)
|
||||
|
@ -79,7 +79,12 @@ cdef class Nodecon(Ocontext):
|
||||
@staticmethod
|
||||
cdef inline Nodecon factory(SELinuxPolicy policy, sepol.ocontext_t *symbol, ip_version):
|
||||
"""Factory function for creating Nodecon objects."""
|
||||
cdef Nodecon n = Nodecon.__new__(Nodecon)
|
||||
cdef:
|
||||
int CIDR = 0
|
||||
int i
|
||||
uint32_t block
|
||||
Nodecon n = Nodecon.__new__(Nodecon)
|
||||
|
||||
n.policy = policy
|
||||
n.key = <uintptr_t>symbol
|
||||
n.ip_version = ip_version
|
||||
@ -96,28 +101,38 @@ cdef class Nodecon(Ocontext):
|
||||
if not n._mask:
|
||||
raise MemoryError
|
||||
|
||||
# convert network order to string
|
||||
if ip_version == NodeconIPVersion.ipv4:
|
||||
inet_ntop(AF_INET, &symbol.u.node.addr, n._addr, INET6_ADDRSTRLEN)
|
||||
inet_ntop(AF_INET, &symbol.u.node.mask, n._mask, INET6_ADDRSTRLEN)
|
||||
else:
|
||||
inet_ntop(AF_INET6, &symbol.u.node6.addr, n._addr, INET6_ADDRSTRLEN)
|
||||
inet_ntop(AF_INET6, &symbol.u.node6.mask, n._mask, INET6_ADDRSTRLEN)
|
||||
|
||||
#
|
||||
# Build network object
|
||||
#
|
||||
CIDR = 0
|
||||
# Python 3.4's IPv6Network constructor does not support
|
||||
# expanded netmasks, only CIDR numbers. Convert netmask
|
||||
# into CIDR.
|
||||
# This is Brian Kernighan's method for counting set bits.
|
||||
# If the netmask happens to be invalid, this will
|
||||
# not detect it.
|
||||
int_mask = int(ip_address(n._mask))
|
||||
while int_mask:
|
||||
int_mask &= int_mask - 1
|
||||
CIDR += 1
|
||||
if ip_version == NodeconIPVersion.ipv4:
|
||||
# convert network order to string
|
||||
inet_ntop(AF_INET, &symbol.u.node.addr, n._addr, INET6_ADDRSTRLEN)
|
||||
inet_ntop(AF_INET, &symbol.u.node.mask, n._mask, INET6_ADDRSTRLEN)
|
||||
|
||||
# count bits
|
||||
block = symbol.u.node.mask
|
||||
while block:
|
||||
block &= block - 1
|
||||
CIDR += 1
|
||||
|
||||
else: # NodeconIPVersion.ipv6
|
||||
# convert network order to string
|
||||
inet_ntop(AF_INET6, &symbol.u.node6.addr, n._addr, INET6_ADDRSTRLEN)
|
||||
inet_ntop(AF_INET6, &symbol.u.node6.mask, n._mask, INET6_ADDRSTRLEN)
|
||||
|
||||
# count bits
|
||||
for i in range(4):
|
||||
block = symbol.u.node6.mask[i]
|
||||
while block:
|
||||
block &= block - 1
|
||||
CIDR += 1
|
||||
|
||||
|
||||
net_with_mask = "{0}/{1}".format(n._addr, CIDR)
|
||||
try:
|
||||
|
@ -112,15 +112,7 @@ cdef class RoleTransition(PolicyRule):
|
||||
return "{0.ruletype} {0.source} {0.target}:{0.tclass} {0.default};".format(self)
|
||||
|
||||
def __hash__(self):
|
||||
try:
|
||||
cond = self.conditional
|
||||
cond_block = self.conditional_block
|
||||
except RuleNotConditional:
|
||||
cond = None
|
||||
cond_block = None
|
||||
|
||||
return hash("{0.ruletype}|{0.source}|{0.target}|{0.tclass}|{1}|{2}".format(
|
||||
self, cond, cond_block))
|
||||
return hash("{0.ruletype}|{0.source}|{0.target}|{0.tclass}|None|None".format(self))
|
||||
|
||||
def __lt__(self, other):
|
||||
return str(self) < str(other)
|
||||
|
@ -61,13 +61,15 @@ cdef class Role(PolicySymbol):
|
||||
return iter(self._types)
|
||||
|
||||
def statement(self):
|
||||
types = list(str(t) for t in self.types())
|
||||
cdef size_t count
|
||||
types = list(str(t) for t in self._types)
|
||||
count = len(types)
|
||||
stmt = "role {0}".format(self)
|
||||
if types:
|
||||
if (len(types) > 1):
|
||||
stmt += " types {{ {0} }}".format(' '.join(types))
|
||||
else:
|
||||
stmt += " types {0}".format(types[0])
|
||||
if count == 1:
|
||||
stmt += " types {0}".format(types[0])
|
||||
else:
|
||||
stmt += " types {{ {0} }}".format(' '.join(types))
|
||||
|
||||
stmt += ";"
|
||||
return stmt
|
||||
|
||||
|
@ -51,12 +51,15 @@ cdef class SELinuxPolicy:
|
||||
object constraint_counts
|
||||
object terule_counts
|
||||
|
||||
def __init__(self, policyfile=None):
|
||||
def __cinit__(self, policyfile=None):
|
||||
"""
|
||||
Parameter:
|
||||
policyfile Path to a policy to open.
|
||||
"""
|
||||
|
||||
self.handle = NULL
|
||||
self.cat_val_to_struct = NULL
|
||||
self.level_val_to_struct = NULL
|
||||
self.log = logging.getLogger(__name__)
|
||||
|
||||
if policyfile:
|
||||
@ -67,10 +70,6 @@ cdef class SELinuxPolicy:
|
||||
except NameError:
|
||||
raise RuntimeError("Loading the running policy requires libselinux Python bindings")
|
||||
|
||||
def __cinit__(self):
|
||||
self.handle = NULL
|
||||
self.cat_val_to_struct = NULL
|
||||
self.level_val_to_struct = NULL
|
||||
|
||||
def __dealloc__(self):
|
||||
PyMem_Free(self.cat_val_to_struct)
|
||||
|
@ -504,7 +504,7 @@ cdef class TERuleIterator(PolicyIterator):
|
||||
i.reset()
|
||||
return i
|
||||
|
||||
def _next_bucket(self):
|
||||
cdef void _next_bucket(self):
|
||||
"""Internal method for advancing to the next bucket."""
|
||||
self.bucket += 1
|
||||
if self.bucket < self.table.nslot:
|
||||
@ -512,7 +512,7 @@ cdef class TERuleIterator(PolicyIterator):
|
||||
else:
|
||||
self.node = NULL
|
||||
|
||||
def _next_node(self):
|
||||
cdef void _next_node(self):
|
||||
"""Internal method for advancing to the next node."""
|
||||
if self.node != NULL and self.node.next != NULL:
|
||||
self.node = self.node.next
|
||||
|
@ -29,7 +29,7 @@ cdef dict _typeattr_cache = {}
|
||||
#
|
||||
# Type or attribute factory function
|
||||
#
|
||||
cdef type_or_attr_factory(SELinuxPolicy policy, sepol.type_datum_t *symbol):
|
||||
cdef inline BaseType type_or_attr_factory(SELinuxPolicy policy, sepol.type_datum_t *symbol):
|
||||
"""Factory function for creating type or attribute objects."""
|
||||
cdef sepol.type_datum_t *handle
|
||||
|
||||
@ -205,7 +205,7 @@ cdef class TypeAttribute(BaseType):
|
||||
#
|
||||
# Hash Table Iterator Classes
|
||||
#
|
||||
cdef inline type_is_alias(sepol.type_datum_t *datum):
|
||||
cdef inline bint type_is_alias(sepol.type_datum_t *datum):
|
||||
"""Determine if the type datum is an alias."""
|
||||
return (datum.primary == 0 and datum.flavor == sepol.TYPE_TYPE) \
|
||||
or datum.flavor == sepol.TYPE_ALIAS
|
||||
|
@ -74,12 +74,15 @@ cdef class User(PolicySymbol):
|
||||
raise MLSDisabled
|
||||
|
||||
def statement(self):
|
||||
roles = list(str(r) for r in self.roles)
|
||||
stmt = "user {0} roles ".format(self.name)
|
||||
if len(roles) > 1:
|
||||
stmt += "{{ {0} }}".format(' '.join(roles))
|
||||
else:
|
||||
cdef:
|
||||
list roles = list(str(r) for r in self.roles)
|
||||
str stmt = "user {0} roles ".format(self.name)
|
||||
size_t count = len(roles)
|
||||
|
||||
if count == 1:
|
||||
stmt += roles[0]
|
||||
else:
|
||||
stmt += "{{ {0} }}".format(' '.join(roles))
|
||||
|
||||
if self._level:
|
||||
stmt += " level {0.mls_level} range {0.mls_range};".format(self)
|
||||
|
Loading…
Reference in New Issue
Block a user