SELinuxPolicy: Create enumerations for handle_unknown and target_platform.

2025-03-25 04:26:28 +00:00 · 2016-11-11 13:58:43 -05:00 · 2016-11-11 13:58:43 -05:00 · c0ebad8d15
commit c0ebad8d15
parent 85f9a32125
5 changed files with 35 additions and 21 deletions
--- a/setools/init.py
+++ b/setools/init.py
@ -30,8 +30,8 @@ import logging
 # Python classes for policy representation
 from . import policyrep
 from .policyrep import SELinuxPolicy, BoundsRuletype, ConstraintRuletype, DefaultRuletype, \
-                       DefaultRangeValue, DefaultValue, FSUseRuletype, MLSRuletype, \
-                       NodeconIPVersion, PortconProtocol, RBACRuletype, TERuletype
+                       DefaultRangeValue, DefaultValue, FSUseRuletype, HandleUnknown, MLSRuletype, \
+                       NodeconIPVersion, PolicyTarget, PortconProtocol, RBACRuletype, TERuletype

 # Exceptions
 from . import exception
--- a/setools/policyrep/init.py
+++ b/setools/policyrep/init.py
@ -31,6 +31,6 @@ from .fscontext import FSUseRuletype
 from .mlsrule import MLSRuletype
 from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange
 from .rbacrule import RBACRuletype
-from .selinuxpolicy import SELinuxPolicy
+from .selinuxpolicy import SELinuxPolicy, HandleUnknown, PolicyTarget
 from .terule import IoctlSet, TERuletype
 from .xencontext import IomemconRange, IoportconRange
--- a/setools/policyrep/qpol.i
+++ b/setools/policyrep/qpol.i
@ -196,6 +196,11 @@ typedef enum qpol_capability
    return NULL;
  }
 }
+%constant int QPOL_TARGET_SELINUX = SEPOL_TARGET_SELINUX;
+%constant int QPOL_TARGET_XEN = SEPOL_TARGET_XEN;
+%constant int QPOL_DENY_UNKNOWN = SEPOL_DENY_UNKNOWN;
+%constant int QPOL_REJECT_UNKNOWN = SEPOL_REJECT_UNKNOWN;
+%constant int QPOL_ALLOW_UNKNOWN = SEPOL_ALLOW_UNKNOWN;
 %extend qpol_policy {
    qpol_policy(const char *path, const int options, PyObject *py_callback) {
        qpol_policy_t *p;
@ -218,27 +223,17 @@ typedef enum qpol_capability
        return (int) v;
    };

-    const char *handle_unknown () {
+    int handle_unknown () {
        unsigned int h;
        qpol_policy_get_policy_handle_unknown(self, &h);
-
-        switch (h) {
-            case SEPOL_DENY_UNKNOWN: return "deny";
-            case SEPOL_REJECT_UNKNOWN: return "reject";
-            case SEPOL_ALLOW_UNKNOWN: return "allow";
-            default: return "unknown";
-        }
+        return h;
    };

    /* This is whether SELinux or XEN policy */
-    const char *target_platform () {
+    int target_platform () {
        int t;
        (void)qpol_policy_get_target_platform(self, &t);
-        switch (t) {
-            case SEPOL_TARGET_SELINUX: return "selinux";
-            case SEPOL_TARGET_XEN: return "xen";
-            default: return "unknown";
-        }
+        return t;
    };

    int capability (qpol_capability_e cap) {
--- a/setools/policyrep/selinuxpolicy.py
+++ b/setools/policyrep/selinuxpolicy.py
@ -69,6 +69,25 @@ from . import netcontext
 # Xen
 from . import xencontext

+from .util import PolicyEnum
+
+
+class PolicyTarget(PolicyEnum):
+
+    """Enumeration of policy targets."""
+
+    selinux = qpol.QPOL_TARGET_SELINUX
+    xen = qpol.QPOL_TARGET_XEN
+
+
+class HandleUnknown(PolicyEnum):
+
+    """Enumeration of handle unknown settings."""
+
+    deny = qpol.QPOL_DENY_UNKNOWN
+    allow = qpol.QPOL_ALLOW_UNKNOWN
+    reject = qpol.QPOL_REJECT_UNKNOWN
+

 class SELinuxPolicy(object):

@ -156,7 +175,7 @@ class SELinuxPolicy(object):
    @property
    def handle_unknown(self):
        """The handle unknown permissions setting (allow,deny,reject)"""
-        return self.policy.handle_unknown()
+        return HandleUnknown(self.policy.handle_unknown())

    @property
    def mls(self):
@ -171,7 +190,7 @@ class SELinuxPolicy(object):
    @property
    def target_platform(self):
        """The policy platform (selinux or xen)"""
-        return self.policy.target_platform()
+        return PolicyTarget(self.policy.target_platform())

    #
    # Policy statistics
--- a/tests/policyrep/selinuxpolicy.py
+++ b/tests/policyrep/selinuxpolicy.py
@ -23,7 +23,7 @@ import subprocess
 import tempfile
 import unittest

-from setools import SELinuxPolicy
+from setools import SELinuxPolicy, HandleUnknown
 from setools.policyrep.exception import InvalidPolicy


@ -81,7 +81,7 @@ class SELinuxPolicyTest(unittest.TestCase):

    def test_010_handle_unknown(self):
        """SELinuxPolicy: handle unknown setting."""
-        self.assertEqual(self.p_binary.handle_unknown, "reject")
+        self.assertEqual(self.p_binary.handle_unknown, HandleUnknown.reject)

    def test_011_mls(self):
        """SELinuxPolicy: MLS status."""