policyrep: Move imports to libpolicyrep.pyx.

This commit is contained in:
Chris PeBenito 2018-08-10 14:44:37 -04:00
parent 3326339e10
commit fa984732e7
10 changed files with 28 additions and 38 deletions

View File

@ -17,11 +17,8 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from itertools import chain, product
from collections import namedtuple
truth_table_row = namedtuple("truth_table_row", ["values", "result"])
truth_table_row = collections.namedtuple("truth_table_row", ["values", "result"])
cdef dict _cond_cache = {}
@ -243,7 +240,7 @@ cdef class Conditional(PolicySymbol):
truth_table = []
# create a list of all combinations of T/F for each Boolean
truth_list = list(product([True, False], repeat=len(bools)))
truth_list = list(itertools.product([True, False], repeat=len(bools)))
for row in truth_list:
values = {bools[i]: row[i] for i in range(len(bools))}

View File

@ -26,6 +26,13 @@ from libc.stdlib cimport calloc, free
from libc.string cimport memcpy, memset, strerror
from posix.stat cimport S_IFBLK, S_IFCHR, S_IFDIR, S_IFIFO, S_IFREG, S_IFLNK, S_IFSOCK
import logging
import warnings
import itertools
import ipaddress
import collections
import enum
cimport sepol
cimport selinux

View File

@ -18,7 +18,6 @@
# <http://www.gnu.org/licenses/>.
#
# pylint: disable=protected-access
import itertools
cdef dict _cat_cache = {}
cdef dict _sens_cache = {}

View File

@ -17,7 +17,6 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import itertools
class MLSRuletype(PolicyEnum):

View File

@ -17,13 +17,8 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from collections import namedtuple
from ipaddress import ip_address, ip_network
import warnings
import logging
PortconRange = namedtuple("PortconRange", ["low", "high"])
PortconRange = collections.namedtuple("PortconRange", ["low", "high"])
#
# Classes
@ -138,12 +133,12 @@ cdef class Nodecon(Ocontext):
try:
# checkpolicy does not verify that no host bits are set,
# so strict will raise an exception if host bits are set.
n.network = ip_network(net_with_mask)
n.network = ipaddress.ip_network(net_with_mask)
except ValueError as ex:
log = logging.getLogger(__name__)
log.warning("Nodecon with network {} {} has host bits set. Analyses may have "
"unexpected results.".format(n._addr, n._mask))
n.network = ip_network(net_with_mask, strict=False)
n.network = ipaddress.ip_network(net_with_mask, strict=False)
return n

View File

@ -19,9 +19,6 @@
#
# pylint: disable=too-many-public-methods
import logging
from collections import Counter
class PolicyTarget(PolicyEnum):
@ -223,7 +220,7 @@ cdef class SELinuxPolicy:
cdef cache_constraint_counts(self):
"""Count all constraints in one iteration."""
if not self.constraint_counts:
self.constraint_counts = Counter(r.ruletype for r in self.constraints())
self.constraint_counts = collections.Counter(r.ruletype for r in self.constraints())
cdef cache_terule_counts(self):
"""Count all TE rules in one iteration."""
@ -387,7 +384,7 @@ cdef class SELinuxPolicy:
@property
def permission_count(self):
"""The number of permissions."""
return sum(len(c.perms) for c in chain(self.commons(), self.classes()))
return sum(len(c.perms) for c in itertools.chain(self.commons(), self.classes()))
@property
def permissives_count(self):
@ -549,7 +546,7 @@ cdef class SELinuxPolicy:
def lookup_type_or_attr(self, name):
"""Look up a type or type attribute by name."""
for t in chain(self.types(), self.typeattributes()):
for t in itertools.chain(self.types(), self.typeattributes()):
if t == name:
return t
@ -640,8 +637,8 @@ cdef class SELinuxPolicy:
def rbacrules(self):
"""Iterator over all RBAC rules."""
return chain(RoleAllowIterator.factory(self, self.handle.p.role_allow),
RoleTransitionIterator.factory(self, self.handle.p.role_tr))
return itertools.chain(RoleAllowIterator.factory(self, self.handle.p.role_allow),
RoleTransitionIterator.factory(self, self.handle.p.role_tr))
def terules(self):
"""Iterator over all type enforcement rules."""
@ -682,10 +679,12 @@ cdef class SELinuxPolicy:
def nodecons(self):
"""Iterator over all nodecon statements."""
return chain(NodeconIterator.factory(self, self.handle.p.ocontexts[sepol.OCON_NODE],
NodeconIPVersion.ipv4),
NodeconIterator.factory(self, self.handle.p.ocontexts[sepol.OCON_NODE6],
NodeconIPVersion.ipv6))
return itertools.chain(NodeconIterator.factory(self,
self.handle.p.ocontexts[sepol.OCON_NODE],
NodeconIPVersion.ipv4),
NodeconIterator.factory(self,
self.handle.p.ocontexts[sepol.OCON_NODE6],
NodeconIPVersion.ipv6))
def portcons(self):
"""Iterator over all portcon statements."""

View File

@ -17,7 +17,6 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import itertools
#
@ -557,7 +556,7 @@ cdef class TERuleIterator(PolicyIterator):
sepol.avtab_ptr_t node
uint32_t bucket = 0
count = Counter()
count = collections.Counter()
while bucket < self.table[0].nslot:
node = self.table[0].htable[bucket]
@ -640,7 +639,7 @@ cdef class ConditionalTERuleIterator(PolicyIterator):
"""
cdef sepol.cond_av_list_t *curr
count = Counter()
count = collections.Counter()
curr = self.head
while curr != NULL:

View File

@ -17,7 +17,6 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import warnings
#
# Cache objects

View File

@ -16,14 +16,11 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
import warnings
from enum import Enum
#
# Classes
#
class PolicyEnum(Enum):
class PolicyEnum(enum.Enum):
"""
Base class for policy enumerations.

View File

@ -17,10 +17,9 @@
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
from collections import namedtuple
IomemconRange = namedtuple("IomemconRange", ["low", "high"])
IoportconRange = namedtuple("IoportconRange", ["low", "high"])
IomemconRange = collections.namedtuple("IomemconRange", ["low", "high"])
IoportconRange = collections.namedtuple("IoportconRange", ["low", "high"])
#