Implement an enumeration for fs_use_* ruletype.

2025-03-19 17:53:56 +00:00 · 2016-09-03 16:44:07 -04:00 · 2016-09-03 16:44:07 -04:00 · 8ea292f934
commit 8ea292f934
parent 3178745ffc
5 changed files with 25 additions and 16 deletions
--- a/setools/fsusequery.py
+++ b/setools/fsusequery.py
@ -21,6 +21,7 @@ import re

 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
 from .mixins import MatchContext
+from .policyrep import FSUseRuletype
 from .query import PolicyQuery
 from .util import match_regex

@ -58,7 +59,7 @@ class FSUseQuery(MatchContext, PolicyQuery):
                    No effect if not using set operations.
    """

-    ruletype = CriteriaSetDescriptor(lookup_function="validate_fs_use_ruletype")
+    ruletype = CriteriaSetDescriptor(enum_class=FSUseRuletype)
    fs = CriteriaDescriptor("fs_regex")
    fs_regex = False

--- a/setools/policyrep/init.py
+++ b/setools/policyrep/init.py
@ -23,6 +23,7 @@

 from . import exception
 from .netcontext import PortconProtocol, PortconRange
+from .fscontext import FSUseRuletype
 from .mlsrule import MLSRuletype
 from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange
 from .rbacrule import RBACRuletype
--- a/setools/policyrep/fscontext.py
+++ b/setools/policyrep/fscontext.py
@ -1,4 +1,5 @@
 # Copyright 2014, 2016, Tresys Technology, LLC
+# Copyright 2016, Chris PeBenito <pebenito@ieee.org>
 #
 # This file is part of SETools.
 #
@ -22,15 +23,16 @@ from . import exception
 from . import qpol
 from . import symbol
 from . import context
+from .util import PolicyEnum


 def validate_ruletype(t):
    """Validate fs_use_* rule types."""
-    if t not in ["fs_use_xattr", "fs_use_trans", "fs_use_task"]:
+    try:
+        return FSUseRuletype.lookup(t)
+    except KeyError:
        raise exception.InvalidFSUseType("{0} is not a valid fs_use_* type.".format(t))

-    return t
-

 def fs_use_factory(policy, name):
    """Factory function for creating fs_use_* objects."""
@ -131,16 +133,20 @@ class Genfscon(FSContext):
        return self.qpol_symbol.path(self.policy)


-class FSUse(FSContext):
-
-    """A fs_use_* statement."""
+class FSUseRuletype(PolicyEnum):

+    """Enumeration of fs_use_* rule types."""
    # there are more rule types, but modern SELinux
    # only supports these three.
-    _ruletype_to_text = {
-        qpol.QPOL_FS_USE_XATTR: 'fs_use_xattr',
-        qpol.QPOL_FS_USE_TRANS: 'fs_use_trans',
-        qpol.QPOL_FS_USE_TASK: 'fs_use_task'}
+
+    fs_use_xattr = qpol.QPOL_FS_USE_XATTR
+    fs_use_trans = qpol.QPOL_FS_USE_TRANS
+    fs_use_task = qpol.QPOL_FS_USE_TASK
+
+
+class FSUse(FSContext):
+
+    """An fs_use_* statement."""

    def __str__(self):
        return "{0.ruletype} {0.fs} {0.context};".format(self)
@ -151,4 +157,4 @@ class FSUse(FSContext):
    @property
    def ruletype(self):
        """The rule type for this fs_use_* statement."""
-        return self._ruletype_to_text[self.qpol_symbol.behavior(self.policy)]
+        return FSUseRuletype(self.qpol_symbol.behavior(self.policy))
--- a/setoolsgui/fsusemodel.py
+++ b/setoolsgui/fsusemodel.py
@ -35,7 +35,7 @@ class FSUseTableModel(SEToolsTableModel):

            if role == Qt.DisplayRole:
                if col == 0:
-                    return rule.ruletype
+                    return rule.ruletype.name
                elif col == 1:
                    return rule.fs
                elif col == 2:
--- a/tests/diff.py
+++ b/tests/diff.py
@ -20,6 +20,7 @@ import unittest
 from socket import IPPROTO_TCP, IPPROTO_UDP

 from setools import SELinuxPolicy, PolicyDifference
+from setools import FSUseRuletype as FSURT
 from setools import MLSRuletype as MRT
 from setools import RBACRuletype as RRT
 from setools import TERuletype as TRT
@ -1007,7 +1008,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))

        rule = l[0]
-        self.assertEqual("fs_use_xattr", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_xattr, rule.ruletype)
        self.assertEqual("added_fsuse", rule.fs)
        self.assertEqual("system:object_r:system:s0", rule.context)

@ -1017,7 +1018,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))

        rule = l[0]
-        self.assertEqual("fs_use_task", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_task, rule.ruletype)
        self.assertEqual("removed_fsuse", rule.fs)
        self.assertEqual("system:object_r:system:s0", rule.context)

@ -1027,7 +1028,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))

        rule, added_context, removed_context = l[0]
-        self.assertEqual("fs_use_trans", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_trans, rule.ruletype)
        self.assertEqual("modified_fsuse", rule.fs)
        self.assertEqual("added_user:object_r:system:s1", added_context)
        self.assertEqual("removed_user:object_r:system:s0", removed_context)