RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-17 20:55:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revise policyrep exceptions.

Browse Source 
Add exception for objects that have no corresponding statement, such
as conditional expressions and MLS ranges.

Rename InvalidRuleUse to RuleUseError.
This commit is contained in:
Chris PeBenito 2015-03-12 12:45:20 -04:00
parent cab5f8958b
commit a24a59ee08
10 changed files with 55 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
setools/policyrep/boolcond.py
View File

@ -164,3 +164,6 @@ class ConditionalExpr(symbol.PolicySymbol):
bools.add(boolean_factory(self.policy, expr_node.get_boolean(self.policy)))
return bools
def statement(self):
raise symbol.NoStatement

3
setools/policyrep/context.py
View File

@ -67,3 +67,6 @@ class Context(symbol.PolicySymbol):
return mls.range_factory(self.policy, self.qpol_symbol.range(self.policy))
else:
raise mls.MLSDisabled("MLS is disabled, the context has no range.")
def statement(self):
raise symbol.NoStatement

6
setools/policyrep/mls.py
View File

@ -375,6 +375,9 @@ class Level(BaseMLSLevel):
"""The sensitivity of the level."""
return sensitivity_factory(self.policy, self.qpol_symbol.sens_name(self.policy))
def statement(self):
return symbol.NoStatement
class Range(symbol.PolicySymbol):
@ -414,3 +417,6 @@ class Range(symbol.PolicySymbol):
def low(self):
"""The low end/current level of this range."""
return level_factory(self.policy, self.qpol_symbol.low_level(self.policy))
def statement(self):
raise symbol.NoStatement

4
setools/policyrep/rbacrule.py
View File

@ -53,13 +53,13 @@ class RoleAllow(rule.PolicyRule):
@property
def tclass(self):
"""The rule's object class."""
raise rule.InvalidRuleUse(
raise rule.RuleUseError(
"Role allow rules do not have an object class.")
@property
def default(self):
"""The rule's default role."""
raise rule.InvalidRuleUse(
raise rule.RuleUseError(
"Role allow rules do not have a default role.")

2
setools/policyrep/rule.py
View File

@ -21,7 +21,7 @@ from . import symbol
from . import objclass
class InvalidRuleUse(Exception):
class RuleUseError(symbol.SymbolUseError):
"""
Exception when getting incorrect parameters for a rule. For

19
setools/policyrep/symbol.py
View File

@ -28,6 +28,25 @@ class InvalidSymbol(Exception):
pass
class NoStatement(Exception):
"""
Exception for objects that have no inherent statement, such
as conditional expressions and MLS ranges.
"""
pass
class SymbolUseError(Exception):
"""
Exception for incorrectly using a symbol. Typically this is
for classes with strong similarities, but with slight variances in
functionality, e.g. allow vs type_transition rules.
"""
pass
class PolicySymbol(object):
"""This is a base class for all policy objects."""

12
setools/policyrep/terule.py
View File

@ -105,11 +105,11 @@ class AVRule(BaseTERule):
@property
def default(self):
"""The rule's default type."""
raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype))
raise rule.RuleUseError("{0} rules do not have a default type.".format(self.ruletype))
@property
def filename(self):
raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype))
raise rule.RuleUseError("{0} rules do not have file names".format(self.ruletype))
class TERule(BaseTERule):
@ -121,7 +121,7 @@ class TERule(BaseTERule):
try:
rule_string += " \"{0}\";".format(self.filename)
except (TERuleNoFilename, rule.InvalidRuleUse):
except (TERuleNoFilename, rule.RuleUseError):
# invalid use for type_change/member
rule_string += ";"
@ -135,7 +135,7 @@ class TERule(BaseTERule):
@property
def perms(self):
"""The rule's permission set."""
raise rule.InvalidRuleUse(
raise rule.RuleUseError(
"{0} rules do not have a permission set.".format(self.ruletype))
@property
@ -144,7 +144,7 @@ class TERule(BaseTERule):
try:
return typeattr.type_factory(self.policy, self.qpol_symbol.default_type(self.policy))
except AttributeError:
raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype))
raise rule.RuleUseError("{0} rules do not have a default type.".format(self.ruletype))
@property
def filename(self):
@ -155,4 +155,4 @@ class TERule(BaseTERule):
if self.ruletype == "type_transition":
raise TERuleNoFilename
else:
raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype))
raise rule.RuleUseError("{0} rules do not have file names".format(self.ruletype))

6
setools/rbacrulequery.py
View File

@ -18,7 +18,7 @@
#
import re
from .policyrep.rule import InvalidRuleUse
from .policyrep.rule import RuleUseError
from .policyrep.typeattr import InvalidType
from . import rulequery
@ -104,7 +104,7 @@ class RBACRuleQuery(rulequery.RuleQuery):
try:
if not self._match_object_class(r.tclass):
continue
except InvalidRuleUse:
except RuleUseError:
continue
#
@ -117,7 +117,7 @@ class RBACRuleQuery(rulequery.RuleQuery):
self.default_cmp,
self.default_regex):
continue
except InvalidRuleUse:
except RuleUseError:
continue
# if we get here, we have matched all available criteria

6
setools/terulequery.py
View File

@ -18,7 +18,7 @@
#
import re
from .policyrep.rule import InvalidRuleUse, RuleNotConditional
from .policyrep.rule import RuleUseError, RuleNotConditional
from . import mixins
from . import rulequery
@ -118,7 +118,7 @@ class TERuleQuery(mixins.MatchPermission, rulequery.RuleQuery):
try:
if not self._match_perms(r.perms):
continue
except InvalidRuleUse:
except RuleUseError:
continue
#
@ -131,7 +131,7 @@ class TERuleQuery(mixins.MatchPermission, rulequery.RuleQuery):
self.default_cmp,
self.default_regex):
continue
except InvalidRuleUse:
except RuleUseError:
continue
#

18
tests/rbacrulequery.py
View File

@ -19,7 +19,7 @@ import unittest
from setools import SELinuxPolicy
from setools.rbacrulequery import RBACRuleQuery
from setools.policyrep.rule import InvalidRuleUse, RuleNotConditional
from setools.policyrep.rule import RuleUseError, RuleNotConditional
class RBACRuleQueryTest(unittest.TestCase):
@ -48,8 +48,8 @@ class RBACRuleQueryTest(unittest.TestCase):
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test1s")
self.assertEqual(r[0].target, "test1t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleUseError, getattr, r[0], "tclass")
self.assertRaises(RuleUseError, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
self.assertEqual(r[1].ruletype, "role_transition")
@ -70,8 +70,8 @@ class RBACRuleQueryTest(unittest.TestCase):
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test2s1")
self.assertEqual(r[0].target, "test2t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleUseError, getattr, r[0], "tclass")
self.assertRaises(RuleUseError, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_010_target_direct(self):
@ -85,8 +85,8 @@ class RBACRuleQueryTest(unittest.TestCase):
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test10s")
self.assertEqual(r[0].target, "test10t")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleUseError, getattr, r[0], "tclass")
self.assertRaises(RuleUseError, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_011_target_direct_regex(self):
@ -100,8 +100,8 @@ class RBACRuleQueryTest(unittest.TestCase):
self.assertEqual(r[0].ruletype, "allow")
self.assertEqual(r[0].source, "test11s")
self.assertEqual(r[0].target, "test11t1")
self.assertRaises(InvalidRuleUse, getattr, r[0], "tclass")
self.assertRaises(InvalidRuleUse, getattr, r[0], "default")
self.assertRaises(RuleUseError, getattr, r[0], "tclass")
self.assertRaises(RuleUseError, getattr, r[0], "default")
self.assertRaises(RuleNotConditional, getattr, r[0], "conditional")
def test_020_class(self):