RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-11 03:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

SELinuxPolicy: Create enumerations for handle_unknown and target_platform.

Browse Source
This commit is contained in:
Chris PeBenito 2016-11-11 13:58:43 -05:00
parent 85f9a32125
commit c0ebad8d15
5 changed files with 35 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
setools/__init__.py
View File

@ -30,8 +30,8 @@ import logging
# Python classes for policy representation # Python classes for policy representation
from . import policyrep from . import policyrep
from .policyrep import SELinuxPolicy, BoundsRuletype, ConstraintRuletype, DefaultRuletype, \ from .policyrep import SELinuxPolicy, BoundsRuletype, ConstraintRuletype, DefaultRuletype, \
DefaultRangeValue, DefaultValue, FSUseRuletype, MLSRuletype, \ DefaultRangeValue, DefaultValue, FSUseRuletype, HandleUnknown, MLSRuletype, \
NodeconIPVersion, PortconProtocol, RBACRuletype, TERuletype NodeconIPVersion, PolicyTarget, PortconProtocol, RBACRuletype, TERuletype
# Exceptions # Exceptions
from . import exception from . import exception

2
setools/policyrep/__init__.py
View File

@ -31,6 +31,6 @@ from .fscontext import FSUseRuletype
from .mlsrule import MLSRuletype from .mlsrule import MLSRuletype
from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange from .netcontext import NodeconIPVersion, PortconProtocol, PortconRange
from .rbacrule import RBACRuletype from .rbacrule import RBACRuletype
from .selinuxpolicy import SELinuxPolicy from .selinuxpolicy import SELinuxPolicy, HandleUnknown, PolicyTarget
from .terule import IoctlSet, TERuletype from .terule import IoctlSet, TERuletype
from .xencontext import IomemconRange, IoportconRange from .xencontext import IomemconRange, IoportconRange

23
setools/policyrep/qpol.i
View File

@ -196,6 +196,11 @@ typedef enum qpol_capability
return NULL; return NULL;
} }
} }
%constant int QPOL_TARGET_SELINUX = SEPOL_TARGET_SELINUX;
%constant int QPOL_TARGET_XEN = SEPOL_TARGET_XEN;
%constant int QPOL_DENY_UNKNOWN = SEPOL_DENY_UNKNOWN;
%constant int QPOL_REJECT_UNKNOWN = SEPOL_REJECT_UNKNOWN;
%constant int QPOL_ALLOW_UNKNOWN = SEPOL_ALLOW_UNKNOWN;
%extend qpol_policy { %extend qpol_policy {
qpol_policy(const char *path, const int options, PyObject *py_callback) { qpol_policy(const char *path, const int options, PyObject *py_callback) {
qpol_policy_t *p; qpol_policy_t *p;
@ -218,27 +223,17 @@ typedef enum qpol_capability
return (int) v; return (int) v;
}; };
const char *handle_unknown () { int handle_unknown () {
unsigned int h; unsigned int h;
qpol_policy_get_policy_handle_unknown(self, &h); qpol_policy_get_policy_handle_unknown(self, &h);
return h;
switch (h) {
case SEPOL_DENY_UNKNOWN: return "deny";
case SEPOL_REJECT_UNKNOWN: return "reject";
case SEPOL_ALLOW_UNKNOWN: return "allow";
default: return "unknown";
}
}; };
/* This is whether SELinux or XEN policy */ /* This is whether SELinux or XEN policy */
const char *target_platform () { int target_platform () {
int t; int t;
(void)qpol_policy_get_target_platform(self, &t); (void)qpol_policy_get_target_platform(self, &t);
switch (t) { return t;
case SEPOL_TARGET_SELINUX: return "selinux";
case SEPOL_TARGET_XEN: return "xen";
default: return "unknown";
}
}; };
int capability (qpol_capability_e cap) { int capability (qpol_capability_e cap) {

23
setools/policyrep/selinuxpolicy.py
View File

@ -69,6 +69,25 @@ from . import netcontext
# Xen # Xen
from . import xencontext from . import xencontext
from .util import PolicyEnum
class PolicyTarget(PolicyEnum):
"""Enumeration of policy targets."""
selinux = qpol.QPOL_TARGET_SELINUX
xen = qpol.QPOL_TARGET_XEN
class HandleUnknown(PolicyEnum):
"""Enumeration of handle unknown settings."""
deny = qpol.QPOL_DENY_UNKNOWN
allow = qpol.QPOL_ALLOW_UNKNOWN
reject = qpol.QPOL_REJECT_UNKNOWN
class SELinuxPolicy(object): class SELinuxPolicy(object):
@ -156,7 +175,7 @@ class SELinuxPolicy(object):
@property @property
def handle_unknown(self): def handle_unknown(self):
"""The handle unknown permissions setting (allow,deny,reject)""" """The handle unknown permissions setting (allow,deny,reject)"""
return self.policy.handle_unknown() return HandleUnknown(self.policy.handle_unknown())
@property @property
def mls(self): def mls(self):
@ -171,7 +190,7 @@ class SELinuxPolicy(object):
@property @property
def target_platform(self): def target_platform(self):
"""The policy platform (selinux or xen)""" """The policy platform (selinux or xen)"""
return self.policy.target_platform() return PolicyTarget(self.policy.target_platform())
# #
# Policy statistics # Policy statistics

4
tests/policyrep/selinuxpolicy.py
View File

@ -23,7 +23,7 @@ import subprocess
import tempfile import tempfile
import unittest import unittest
from setools import SELinuxPolicy from setools import SELinuxPolicy, HandleUnknown
from setools.policyrep.exception import InvalidPolicy from setools.policyrep.exception import InvalidPolicy
@ -81,7 +81,7 @@ class SELinuxPolicyTest(unittest.TestCase):
def test_010_handle_unknown(self): def test_010_handle_unknown(self):
"""SELinuxPolicy: handle unknown setting.""" """SELinuxPolicy: handle unknown setting."""
self.assertEqual(self.p_binary.handle_unknown, "reject") self.assertEqual(self.p_binary.handle_unknown, HandleUnknown.reject)
def test_011_mls(self): def test_011_mls(self):
"""SELinuxPolicy: MLS status.""" """SELinuxPolicy: MLS status."""