RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-23 23:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make range matching a generic function.

Browse Source 
Move port range matching algorithm out of PortconQuery so it can be
used for matching MLS ranges.
This commit is contained in:
Chris PeBenito 2015-02-19 12:50:35 -05:00
parent 79aa06a14f
commit cf601f08fd
2 changed files with 48 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
setools/portconquery.py
View File

@ -1,4 +1,4 @@
# Copyright 2014, Tresys Technology, LLC
# Copyright 2014-2005, Tresys Technology, LLC
#
# This file is part of SETools.
#
@ -84,33 +84,14 @@ class PortconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
for p in self.policy.portcons():
if any(self.ports):
low, high = p.ports
if self.overlap:
if not (
(low <= self.ports[0] <= high) or (
low <= self.ports[1] <= high) or (
self.ports[0] <= low and high <= self.ports[1])):
continue
elif self.subset:
if self.proper:
if not ((low < self.ports[0] and self.ports[1] <= high) or (
low <= self.ports[0] and self.ports[1] < high)):
continue
else:
if not (low <= self.ports[0] and self.ports[1] <= high):
continue
elif self.superset:
if self.proper:
if not ((self.ports[0] < low and high <= self.ports[1]) or (
self.ports[0] <= low and high < self.ports[1])):
continue
else:
if not (self.ports[0] <= low and high <= self.ports[1]):
continue
else:
if not (self.ports[0] == low and self.ports[1] == high):
continue
if not self._match_range(
p.ports,
self.ports,
self.subset,
self.overlap,
self.superset,
self.proper):
continue
if self.protocol and self.protocol != p.protocol:
continue

40
setools/query.py
View File

@ -1,4 +1,4 @@
# Copyright 2014, Tresys Technology, LLC
# Copyright 2014-2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
@ -98,6 +98,44 @@ class PolicyQuery(object):
else:
return PolicyQuery._match_set(obj, set(criteria), equal)
@staticmethod
def _match_range(obj, criteria, subset, overlap, superset, proper):
"""
Match ranges of objects.
obj A 2-tuple of the range to match.
criteria A 2-tuple of the criteria to match.
subset If true, the criteria will match if it is a subset obj's range.
overlap If true, the criteria will match if it overlaps any of the obj's range.
superset If true, the criteria will match if it is a superset of the obj's range.
proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
# use nicer names to make the below conditions easier to read.
obj_low = obj[0]
obj_high = obj[1]
crit_low = criteria[0]
crit_high = criteria[1]
if overlap:
return ((obj_low <= crit_low <= obj_high) or (
obj_low <= crit_high <= obj_high) or (
crit_low <= obj_low and obj_high <= crit_high))
elif subset:
if proper:
return ((obj_low < crit_low and crit_high <= obj_high) or (
obj_low <= crit_low and crit_high < obj_high))
else:
return (obj_low <= crit_low and crit_high <= obj_high)
elif superset:
if proper:
return ((crit_low < obj_low and obj_high <= crit_high) or (
crit_low <= obj_low and obj_high < crit_high))
else:
return (crit_low <= obj_low and obj_high <= crit_high)
else:
return (crit_low == obj_low and obj_high == crit_high)
def results(self):
"""
Generator which returns the matches for the query. This method