Genfscon/Portcon: add classes to handle file type/protocol numbers

These new classes subclass int to override the string representation with the appropriate text from the policy. This allows programmatic uses of the values, but allows useful display of the values at any time, not just in the Genfscon/Portcon statement strings.
2025-02-22 15:16:58 +00:00 · 2016-01-11 13:20:24 -05:00 · 2016-01-11 13:20:24 -05:00 · ee1c0b3328
commit ee1c0b3328
parent d6e0d56fac
2 changed files with 43 additions and 13 deletions
--- a/setools/policyrep/fscontext.py
+++ b/setools/policyrep/fscontext.py
@ -1,4 +1,4 @@
-# Copyright 2014, Tresys Technology, LLC
+# Copyright 2014, 2016, Tresys Technology, LLC
 #
 # This file is part of SETools.
 #
@ -70,9 +70,18 @@ class FSContext(symbol.PolicySymbol):
        return str(self)


-class Genfscon(FSContext):
+class GenfsFiletype(int):

-    """A genfscon statement."""
+    """
+    A genfscon file type.
+
+    The possible values are equivalent to file type
+    values in the stat module, e.g. S_IFBLK, but
+    overrides the string representation with the
+    corresponding genfscon file type string
+    (-b, -c, etc.)  If the genfscon has no specific
+    file type, this is 0, (empty string).
+    """

    _filetype_to_text = {
        0: "",
@ -85,8 +94,15 @@ class Genfscon(FSContext):
        stat.S_IFSOCK: "-s"}

    def __str__(self):
-        return "genfscon {0.fs} {0.path} {1} {0.context}".format(
-            self, self._filetype_to_text[self.filetype])
+        return self._filetype_to_text[self]
+
+
+class Genfscon(FSContext):
+
+    """A genfscon statement."""
+
+    def __str__(self):
+        return "genfscon {0.fs} {0.path} {0.filetype} {0.context}".format(self)

    def __hash__(self):
        return hash("genfscon|{0.fs}|{0.path}|{0.filetype}".format(self))
@ -106,7 +122,7 @@ class Genfscon(FSContext):
    @property
    def filetype(self):
        """The file type (e.g. stat.S_IFBLK) for this genfscon statement."""
-        return self.qpol_symbol.object_class(self.policy)
+        return GenfsFiletype(self.qpol_symbol.object_class(self.policy))

    @property
    def path(self):
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@ -1,4 +1,4 @@
-# Copyright 2014, Tresys Technology, LLC
+# Copyright 2014, 2016, Tresys Technology, LLC
 #
 # This file is part of SETools.
 #
@ -129,21 +129,35 @@ class Nodecon(NetContext):
        return self.qpol_symbol.mask(self.policy)


-class Portcon(NetContext):
+class PortconProtocol(int):

-    """A portcon statement."""
+    """
+    A portcon protocol type.
+
+    The possible values are equivalent to protocol
+    values in the socket module, e.g. IPPROTO_TCP, but
+    overrides the string representation with the
+    corresponding protocol string (udp, tcp).
+    """

    _proto_to_text = {socket.IPPROTO_TCP: 'tcp',
                      socket.IPPROTO_UDP: 'udp'}

+    def __str__(self):
+        return self._proto_to_text[self]
+
+
+class Portcon(NetContext):
+
+    """A portcon statement."""
+
    def __str__(self):
        low, high = self.ports
-        proto = self._proto_to_text[self.protocol]

        if low == high:
-            return "portcon {0} {1} {2}".format(proto, low, self.context)
+            return "portcon {0.protocol} {1} {0.context}".format(self, low)
        else:
-            return "portcon {0} {1}-{2} {3}".format(proto, low, high, self.context)
+            return "portcon {0.protocol} {1}-{2} {0.context}".format(self, low, high)

    @property
    def protocol(self):
@ -151,7 +165,7 @@ class Portcon(NetContext):
        The protocol number for the portcon (socket.IPPROTO_TCP
        or socket.IPPROTO_UDP).
        """
-        return self.qpol_symbol.protocol(self.policy)
+        return PortconProtocol(self.qpol_symbol.protocol(self.policy))

    @property
    def ports(self):