Implement an enumeration for fs_use_* ruletype.

2025-03-25 04:26:28 +00:00 · 2016-09-03 16:44:07 -04:00 · 2016-09-03 16:44:07 -04:00 · 8ea292f934
commit 8ea292f934
parent 3178745ffc
5 changed files with 25 additions and 16 deletions
--- a/setools/fsusequery.py
+++ b/setools/fsusequery.py
@ -21,6 +21,7 @@ import re
 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
 from .mixins import MatchContext
 from .policyrep import FSUseRuletype
 from .query import PolicyQuery
 from .util import match_regex
@ -58,7 +59,7 @@ class FSUseQuery(MatchContext, PolicyQuery):
                    No effect if not using set operations.
    """
-    ruletype = CriteriaSetDescriptor(lookup_function="validate_fs_use_ruletype")
+    ruletype = CriteriaSetDescriptor(enum_class=FSUseRuletype)
    fs = CriteriaDescriptor("fs_regex")
    fs_regex = False
--- a/setools/policyrep/init.py
+++ b/setools/policyrep/init.py
@ -23,6 +23,7 @@
 from . import exception
 from .netcontext import PortconProtocol, PortconRange
 from .fscontext import FSUseRuletype
 from .mlsrule import MLSRuletype
 from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange
 from .rbacrule import RBACRuletype
--- a/setools/policyrep/fscontext.py
+++ b/setools/policyrep/fscontext.py
@ -1,4 +1,5 @@
 # Copyright 2014, 2016, Tresys Technology, LLC
 # Copyright 2016, Chris PeBenito <pebenito@ieee.org>
 #
 # This file is part of SETools.
 #
@ -22,15 +23,16 @@ from . import exception
 from . import qpol
 from . import symbol
 from . import context
 from .util import PolicyEnum
 def validate_ruletype(t):
    """Validate fs_use_* rule types."""
-    if t not in ["fs_use_xattr", "fs_use_trans", "fs_use_task"]:
+    try:
        return FSUseRuletype.lookup(t)
    except KeyError:
        raise exception.InvalidFSUseType("{0} is not a valid fs_use_* type.".format(t))
    return t
 def fs_use_factory(policy, name):
    """Factory function for creating fs_use_* objects."""
@ -131,16 +133,20 @@ class Genfscon(FSContext):
        return self.qpol_symbol.path(self.policy)
-class FSUse(FSContext):
+class FSUseRuletype(PolicyEnum):
    """A fs_use_* statement."""
    """Enumeration of fs_use_* rule types."""
    # there are more rule types, but modern SELinux
    # only supports these three.
-    _ruletype_to_text = {
+
-        qpol.QPOL_FS_USE_XATTR: 'fs_use_xattr',
+    fs_use_xattr = qpol.QPOL_FS_USE_XATTR
-        qpol.QPOL_FS_USE_TRANS: 'fs_use_trans',
+    fs_use_trans = qpol.QPOL_FS_USE_TRANS
-        qpol.QPOL_FS_USE_TASK: 'fs_use_task'}
+    fs_use_task = qpol.QPOL_FS_USE_TASK
 class FSUse(FSContext):
    """An fs_use_* statement."""
    def __str__(self):
        return "{0.ruletype} {0.fs} {0.context};".format(self)
@ -151,4 +157,4 @@ class FSUse(FSContext):
    @property
    def ruletype(self):
        """The rule type for this fs_use_* statement."""
-        return self._ruletype_to_text[self.qpol_symbol.behavior(self.policy)]
+        return FSUseRuletype(self.qpol_symbol.behavior(self.policy))
--- a/setoolsgui/fsusemodel.py
+++ b/setoolsgui/fsusemodel.py
@ -35,7 +35,7 @@ class FSUseTableModel(SEToolsTableModel):
            if role == Qt.DisplayRole:
                if col == 0:
-                    return rule.ruletype
+                    return rule.ruletype.name
                elif col == 1:
                    return rule.fs
                elif col == 2:
--- a/tests/diff.py
+++ b/tests/diff.py
@ -20,6 +20,7 @@ import unittest
 from socket import IPPROTO_TCP, IPPROTO_UDP
 from setools import SELinuxPolicy, PolicyDifference
 from setools import FSUseRuletype as FSURT
 from setools import MLSRuletype as MRT
 from setools import RBACRuletype as RRT
 from setools import TERuletype as TRT
@ -1007,7 +1008,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))
        rule = l[0]
-        self.assertEqual("fs_use_xattr", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_xattr, rule.ruletype)
        self.assertEqual("added_fsuse", rule.fs)
        self.assertEqual("system:object_r:system:s0", rule.context)
@ -1017,7 +1018,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))
        rule = l[0]
-        self.assertEqual("fs_use_task", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_task, rule.ruletype)
        self.assertEqual("removed_fsuse", rule.fs)
        self.assertEqual("system:object_r:system:s0", rule.context)
@ -1027,7 +1028,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
        self.assertEqual(1, len(l))
        rule, added_context, removed_context = l[0]
-        self.assertEqual("fs_use_trans", rule.ruletype)
+        self.assertEqual(FSURT.fs_use_trans, rule.ruletype)
        self.assertEqual("modified_fsuse", rule.fs)
        self.assertEqual("added_user:object_r:system:s1", added_context)
        self.assertEqual("removed_user:object_r:system:s0", removed_context)