Implement ObjClass and Common classes.

2025-03-19 17:53:56 +00:00 · 2014-07-24 09:37:30 -04:00 · 2014-07-24 09:37:30 -04:00 · c419b9c3f0
commit c419b9c3f0
parent ef7b9add4c
2 changed files with 94 additions and 2 deletions
--- a/libapol/policyrep/init.py
+++ b/libapol/policyrep/init.py
@ -79,6 +79,23 @@ class SELinuxPolicy(object):
    #
    # Policy components generators
    #
+
+    def classes(self):
+        """Generator which yields all object classes."""
+
+        qiter = self.policy.get_class_iter()
+        while not qiter.end():
+            yield objclass.ObjClass(self.policy, qpol.qpol_class_from_void(qiter.get_item()))
+            qiter.next()
+
+    def commons(self):
+        """Generator which yields all commons."""
+
+        qiter = self.policy.get_common_iter()
+        while not qiter.end():
+            yield objclass.Common(self.policy, qpol.qpol_common_from_void(qiter.get_item()))
+            qiter.next()
+
    def types(self):
        """Generator which yields all types."""

--- a/libapol/policyrep/objclass.py
+++ b/libapol/policyrep/objclass.py
@ -23,10 +23,85 @@ import setools.qpol as qpol
 class Common(symbol.PolicySymbol):

    """A common permission set."""
+
+    def __contains__(self, other):
+        piter = self.qpol_symbol.get_perm_iter(self.policy)
+
+        while not piter.end():
+            if other == qpol.to_str(piter.get_item()):
+                return True
+
+            piter.next()
+
+        return False
+
+    @property
+    def perms(self):
+        """The list of the common's permissions."""
+
+        piter = self.qpol_symbol.get_perm_iter(self.policy)
+        p = []
+
+        while not piter.end():
+            p.append(qpol.to_str(piter.get_item()))
+            piter.next()
+
+        return p
+
+    def statement(self):
+        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
+
+    @property
+    def value(self):
+        """
+        The value of the common.
+
+        This is a low-level policy detail exposed so that commons can
+        be sorted based on their policy declaration order instead of
+        by their name.  This has no other use.
+
+        Example usage: sorted(policy.commons(), key=lambda k: k.value)
+        """
+        return self.qpol_symbol.get_value(self.policy)
+
+
+class NoCommon(symbol.InvalidSymbol):
+
+    """
+    Exception when a class does not inherit a common permission set.
+    """
    pass


-class ObjClass(symbol.PolicySymbol):
+class ObjClass(Common):

    """An object class."""
-    pass
+
+    @property
+    def common(self):
+        """
+        The common that the object class inherits.
+
+        Exceptions:
+        NoCommon    The object class does not inherit a common.
+        """
+
+        try:
+            return Common(self.policy, self.qpol_symbol.get_common(self.policy))
+        except symbol.InvalidSymbol:
+            raise NoCommon("{0} does not inherit a common.".format(self))
+
+    def statement(self):
+        stmt = "class {0}\n".format(self)
+
+        try:
+            stmt += "inherits {0}\n".format(self.common)
+        except NoCommon:
+            pass
+
+        # a class that inherits may not have additional permissions
+        perms = self.perms
+        if len(perms) > 0:
+            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(perms))
+
+        return stmt