RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-29 23:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Constraint/Validatetrans: Refactor to load attributes on construction.

Browse Source
This commit is contained in:
Chris PeBenito 2018-08-08 15:38:04 -04:00
parent d0012dacaa
commit ded09017d6
2 changed files with 103 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
setools/policyrep/constraint.pxi
View File

@ -39,6 +39,11 @@ cdef class BaseConstraint(PolicySymbol):
sepol.constraint_node_t *handle
readonly object ruletype
readonly object tclass
list _postfix_expression
list _infix_expression
readonly frozenset users
readonly frozenset roles
readonly frozenset types
def __str__(self):
raise NotImplementedError
@ -65,6 +70,7 @@ cdef class BaseConstraint(PolicySymbol):
Return: list
"""
if self._infix_expression is None:
_precedence = {
"not": 4,
"and": 2,
@ -83,7 +89,7 @@ cdef class BaseConstraint(PolicySymbol):
"l1", "l2",
"h1", "h2"]
# qpol representation is in postfix notation. This code
# sepol representation is in postfix notation. This code
# converts it to infix notation. Parentheses are added
# to ensure correct expressions, though they may end up
# being overused. Set previous operator at start to the
@ -118,7 +124,9 @@ cdef class BaseConstraint(PolicySymbol):
prev_op_precedence = _precedence[op]
return self._flatten_expression(stack)
self._infix_expression = self._flatten_expression(stack)
return self._infix_expression
def postfix_expression(self):
"""
@ -126,41 +134,7 @@ cdef class BaseConstraint(PolicySymbol):
Return: list
"""
expression = []
for expr_node in ConstraintExprIterator.factory(self.policy, self.handle.expr):
expression.extend(expr_node())
return expression
@property
def roles(self):
"""The roles used in the expression."""
roles = set()
for expr_node in ConstraintExprIterator.factory(self.policy, self.handle.expr):
if expr_node.roles:
roles.update(expr_node.names)
return roles
@property
def types(self):
"""The types and type attributes used in the expression."""
types = set()
for expr_node in ConstraintExprIterator.factory(self.policy, self.handle.expr):
if expr_node.types:
types.update(expr_node.names)
return types
@property
def users(self):
"""The users used in the expression."""
users = set()
for expr_node in ConstraintExprIterator.factory(self.policy, self.handle.expr):
if expr_node.users:
users.update(expr_node.names)
return users
return self._postfix_expression
#
# Internal functions
@ -198,20 +172,41 @@ cdef class Constraint(BaseConstraint):
"""A constraint rule (constrain/mlsconstrain)."""
cdef readonly frozenset perms
@staticmethod
cdef factory(SELinuxPolicy policy, ObjClass tclass, sepol.constraint_node_t *symbol):
"""Factory function for creating Constraint objects."""
c = Constraint()
cdef:
Constraint c = Constraint.__new__(Constraint)
list users = []
list roles = []
list types = []
c.policy = policy
c.handle = symbol
c.tclass = tclass
c.perms = frozenset(PermissionVectorIterator.factory(policy, tclass, symbol.permissions))
c.ruletype = ConstraintRuletype.constrain
c._postfix_expression = []
for expr_node in ConstraintExprIterator.factory(policy, symbol.expr):
if expr_node.mls:
c.ruletype = ConstraintRuletype.mlsconstrain
break
else:
c.ruletype = ConstraintRuletype.constrain
if expr_node.types:
types.extend(expr_node.names)
elif expr_node.roles:
roles.extend(expr_node.names)
elif expr_node.users:
users.extend(expr_node.names)
c._postfix_expression.extend(expr_node())
c.users = frozenset(users)
c.roles = frozenset(roles)
c.types = frozenset(types)
return c
@ -229,12 +224,6 @@ cdef class Constraint(BaseConstraint):
return rule_string
@property
def perms(self):
"""The constraint's permission set."""
return set(p for p in PermissionVectorIterator.factory(self.policy, self.tclass,
self.handle.permissions))
cdef class Validatetrans(BaseConstraint):
@ -243,17 +232,34 @@ cdef class Validatetrans(BaseConstraint):
@staticmethod
cdef factory(SELinuxPolicy policy, ObjClass tclass, sepol.constraint_node_t *symbol):
"""Factory function for creating Validatetrans objects."""
v = Validatetrans()
cdef:
Validatetrans v = Validatetrans.__new__(Validatetrans)
list users = []
list roles = []
list types = []
v.policy = policy
v.handle = symbol
v.tclass = tclass
v.ruletype = ConstraintRuletype.validatetrans
v._postfix_expression = []
for expr_node in ConstraintExprIterator.factory(policy, symbol.expr):
if expr_node.mls:
v.ruletype = ConstraintRuletype.mlsvalidatetrans
break
else:
v.ruletype = ConstraintRuletype.validatetrans
if expr_node.types:
types.extend(expr_node.names)
elif expr_node.roles:
roles.extend(expr_node.names)
elif expr_node.users:
users.extend(expr_node.names)
v._postfix_expression.extend(expr_node())
v.users = frozenset(users)
v.roles = frozenset(roles)
v.types = frozenset(types)
return v

2
setools/policyrep/typeattr.pxi
View File

@ -94,9 +94,9 @@ cdef class Type(BaseType):
return _type_cache[<uintptr_t>symbol]
except KeyError:
t = Type.__new__(Type)
_type_cache[<uintptr_t>symbol] = t
t.policy = policy
t.handle = symbol
_type_cache[<uintptr_t>symbol] = t
t.value = symbol.s.value
t.name = policy.type_value_to_name(symbol.s.value - 1)
t.ispermissive = <bint>symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE