RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-01-28 18:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add an enabled field for permissions in permission maps.

Browse Source 
Change to regular dictionaries so when a map is paired with a particular
policy, it must be explicitly checked for unmapped permissions, as
permission maps are otherwise policy-agnostic.
This commit is contained in:
Chris PeBenito 2015-02-15 17:21:47 -05:00
parent 5983b87d5f
commit cd3f932f77
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
setools/permmap.py
View File

@ -1,4 +1,4 @@
# Copyright 2014, Tresys Technology, LLC # Copyright 2014-2015, Tresys Technology, LLC
# #
# This file is part of SETools. # This file is part of SETools.
# #
@ -16,8 +16,6 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
from collections import defaultdict
from . import policyrep from . import policyrep
@ -57,7 +55,7 @@ class PermissionMap(object):
num_classes = 0 num_classes = 0
state = 1 state = 1
self.permmap = defaultdict(lambda: defaultdict(lambda: ('u', 1))) self.permmap = dict()
for line_num, line in enumerate(fd, start=1): for line_num, line in enumerate(fd, start=1):
entry = line.split() entry = line.split()
@ -103,6 +101,7 @@ class PermissionMap(object):
"{0}:{1}:Number of permissions must be 1-32: {2}". "{0}:{1}:Number of permissions must be 1-32: {2}".
format(permmapfile, line_num, entry[2])) format(permmapfile, line_num, entry[2]))
self.permmap[class_name] = dict()
class_count += 1 class_count += 1
perm_count = 0 perm_count = 0
state = 3 state = 3
@ -128,8 +127,9 @@ class PermissionMap(object):
"{0}:{1}:Permission weight must be 1-10: {2}". "{0}:{1}:Permission weight must be 1-10: {2}".
format(permmapfile, line_num, entry[2])) format(permmapfile, line_num, entry[2]))
self.permmap[class_name][perm_name] = ( self.permmap[class_name][perm_name] = {'direction': flow_direction,
flow_direction, weight) 'weight': weight,
'enabled': True}
perm_count += 1 perm_count += 1
if perm_count >= num_perms: if perm_count >= num_perms:
@ -157,12 +157,15 @@ class PermissionMap(object):
for perm_name in rule.perms: for perm_name in rule.perms:
mapping = self.permmap[class_name][perm_name] mapping = self.permmap[class_name][perm_name]
if mapping[0] == "r": if not mapping['enabled']:
read_weight = max(read_weight, mapping[1]) continue
elif mapping[0] == "w":
write_weight = max(write_weight, mapping[1]) if mapping['direction'] == "r":
elif mapping[0] == "b": read_weight = max(read_weight, mapping['weight'])
read_weight = max(read_weight, mapping[1]) elif mapping['direction'] == "w":
write_weight = max(write_weight, mapping[1]) write_weight = max(write_weight, mapping['weight'])
elif mapping['direction'] == "b":
read_weight = max(read_weight, mapping['weight'])
write_weight = max(write_weight, mapping['weight'])
return (read_weight, write_weight) return (read_weight, write_weight)