InfoFlowAnalysisTab: add permission exclude option

2025-03-22 11:06:30 +00:00 · 2016-04-12 15:07:02 -04:00 · 2016-04-12 15:07:02 -04:00 · 897427e5da
commit 897427e5da
parent 7938a89e0d
2 changed files with 44 additions and 2 deletions
--- a/data/infoflow.ui
+++ b/data/infoflow.ui
@ -143,6 +143,20 @@
            </property>
           </widget>
          </item>
+          <item row="3" column="1">
+           <widget class="QPushButton" name="edit_permmap">
+            <property name="text">
+             <string>Edit...</string>
+            </property>
+           </widget>
+          </item>
+          <item row="3" column="0">
+           <widget class="QLabel" name="label_3">
+            <property name="text">
+             <string>Excluded Permissions:</string>
+            </property>
+           </widget>
+          </item>
         </layout>
        </widget>
       </item>
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@ -18,15 +18,18 @@
 #

 import logging
+import copy

 from PyQt5.QtCore import pyqtSignal, Qt, QObject, QStringListModel, QThread
 from PyQt5.QtGui import QPalette, QTextCursor
 from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, QScrollArea
 from setools import InfoFlowAnalysis
+from setools.exception import UnmappedClass, UnmappedPermission

 from ..logtosignal import LogHandlerToSignal
-from .excludetypes import ExcludeTypes
 from ..widget import SEToolsWidget
+from .excludetypes import ExcludeTypes
+from .permmapedit import PermissionMapEditor


 class InfoFlowAnalysisTab(SEToolsWidget, QScrollArea):
@ -39,7 +42,21 @@ class InfoFlowAnalysisTab(SEToolsWidget, QScrollArea):

    @perm_map.setter
    def perm_map(self, pmap):
-        self.query.perm_map = pmap
+        # copy permission map to keep enabled/disabled
+        # settings private to this map.
+        perm_map = copy.deepcopy(pmap)
+
+        # transfer enabled/disabled settings from
+        # current permission map, to the new map
+        for classname in self.query.perm_map.classes():
+            for mapping in self.query.perm_map.perms(classname):
+                try:
+                    perm_map.mapping(classname, mapping.perm).enabled = mapping.enabled
+                except (UnmappedClass, UnmappedPermission):
+                    pass
+
+        # apply updated permission map
+        self.query.perm_map = perm_map

    def __init__(self, parent, policy, perm_map):
        super(InfoFlowAnalysisTab, self).__init__(parent)
@ -63,6 +80,9 @@ class InfoFlowAnalysisTab(SEToolsWidget, QScrollArea):
        self.error_msg = QMessageBox(self)
        self.error_msg.setStandardButtons(QMessageBox.Ok)

+        # set up perm map editor
+        self.permmap_editor = PermissionMapEditor(self, False)
+
        # set up source/target autocompletion
        type_completion_list = [str(t) for t in self.policy.types()]
        type_completer_model = QStringListModel(self)
@ -119,6 +139,7 @@ class InfoFlowAnalysisTab(SEToolsWidget, QScrollArea):
        self.flows_out.toggled.connect(self.flows_out_toggled)
        self.min_perm_weight.valueChanged.connect(self.set_min_weight)
        self.exclude_types.clicked.connect(self.choose_excluded_types)
+        self.edit_permmap.clicked.connect(self.open_permmap_editor)

    #
    # Analysis mode
@ -194,6 +215,13 @@ class InfoFlowAnalysisTab(SEToolsWidget, QScrollArea):
        chooser = ExcludeTypes(self, self.policy)
        chooser.show()

+    def open_permmap_editor(self):
+        self.permmap_editor.show(self.perm_map)
+
+    def apply_permmap(self, pmap):
+        # used only by permission map editor
+        self.query.perm_map = pmap
+
    #
    # Results runner
    #