mirror of
https://github.com/SELinuxProject/setools
synced 2025-03-18 08:35:19 +00:00
policyrep: Move imports to libpolicyrep.pyx.
This commit is contained in:
parent
3326339e10
commit
fa984732e7
@ -17,11 +17,8 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
from itertools import chain, product
|
||||
from collections import namedtuple
|
||||
|
||||
|
||||
truth_table_row = namedtuple("truth_table_row", ["values", "result"])
|
||||
truth_table_row = collections.namedtuple("truth_table_row", ["values", "result"])
|
||||
|
||||
cdef dict _cond_cache = {}
|
||||
|
||||
@ -243,7 +240,7 @@ cdef class Conditional(PolicySymbol):
|
||||
truth_table = []
|
||||
|
||||
# create a list of all combinations of T/F for each Boolean
|
||||
truth_list = list(product([True, False], repeat=len(bools)))
|
||||
truth_list = list(itertools.product([True, False], repeat=len(bools)))
|
||||
|
||||
for row in truth_list:
|
||||
values = {bools[i]: row[i] for i in range(len(bools))}
|
||||
|
@ -26,6 +26,13 @@ from libc.stdlib cimport calloc, free
|
||||
from libc.string cimport memcpy, memset, strerror
|
||||
from posix.stat cimport S_IFBLK, S_IFCHR, S_IFDIR, S_IFIFO, S_IFREG, S_IFLNK, S_IFSOCK
|
||||
|
||||
import logging
|
||||
import warnings
|
||||
import itertools
|
||||
import ipaddress
|
||||
import collections
|
||||
import enum
|
||||
|
||||
cimport sepol
|
||||
cimport selinux
|
||||
|
||||
|
@ -18,7 +18,6 @@
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# pylint: disable=protected-access
|
||||
import itertools
|
||||
|
||||
cdef dict _cat_cache = {}
|
||||
cdef dict _sens_cache = {}
|
||||
|
@ -17,7 +17,6 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
import itertools
|
||||
|
||||
|
||||
class MLSRuletype(PolicyEnum):
|
||||
|
@ -17,13 +17,8 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
from collections import namedtuple
|
||||
from ipaddress import ip_address, ip_network
|
||||
|
||||
import warnings
|
||||
import logging
|
||||
|
||||
PortconRange = namedtuple("PortconRange", ["low", "high"])
|
||||
PortconRange = collections.namedtuple("PortconRange", ["low", "high"])
|
||||
|
||||
#
|
||||
# Classes
|
||||
@ -138,12 +133,12 @@ cdef class Nodecon(Ocontext):
|
||||
try:
|
||||
# checkpolicy does not verify that no host bits are set,
|
||||
# so strict will raise an exception if host bits are set.
|
||||
n.network = ip_network(net_with_mask)
|
||||
n.network = ipaddress.ip_network(net_with_mask)
|
||||
except ValueError as ex:
|
||||
log = logging.getLogger(__name__)
|
||||
log.warning("Nodecon with network {} {} has host bits set. Analyses may have "
|
||||
"unexpected results.".format(n._addr, n._mask))
|
||||
n.network = ip_network(net_with_mask, strict=False)
|
||||
n.network = ipaddress.ip_network(net_with_mask, strict=False)
|
||||
|
||||
return n
|
||||
|
||||
|
@ -19,9 +19,6 @@
|
||||
#
|
||||
# pylint: disable=too-many-public-methods
|
||||
|
||||
import logging
|
||||
from collections import Counter
|
||||
|
||||
|
||||
class PolicyTarget(PolicyEnum):
|
||||
|
||||
@ -223,7 +220,7 @@ cdef class SELinuxPolicy:
|
||||
cdef cache_constraint_counts(self):
|
||||
"""Count all constraints in one iteration."""
|
||||
if not self.constraint_counts:
|
||||
self.constraint_counts = Counter(r.ruletype for r in self.constraints())
|
||||
self.constraint_counts = collections.Counter(r.ruletype for r in self.constraints())
|
||||
|
||||
cdef cache_terule_counts(self):
|
||||
"""Count all TE rules in one iteration."""
|
||||
@ -387,7 +384,7 @@ cdef class SELinuxPolicy:
|
||||
@property
|
||||
def permission_count(self):
|
||||
"""The number of permissions."""
|
||||
return sum(len(c.perms) for c in chain(self.commons(), self.classes()))
|
||||
return sum(len(c.perms) for c in itertools.chain(self.commons(), self.classes()))
|
||||
|
||||
@property
|
||||
def permissives_count(self):
|
||||
@ -549,7 +546,7 @@ cdef class SELinuxPolicy:
|
||||
|
||||
def lookup_type_or_attr(self, name):
|
||||
"""Look up a type or type attribute by name."""
|
||||
for t in chain(self.types(), self.typeattributes()):
|
||||
for t in itertools.chain(self.types(), self.typeattributes()):
|
||||
if t == name:
|
||||
return t
|
||||
|
||||
@ -640,8 +637,8 @@ cdef class SELinuxPolicy:
|
||||
|
||||
def rbacrules(self):
|
||||
"""Iterator over all RBAC rules."""
|
||||
return chain(RoleAllowIterator.factory(self, self.handle.p.role_allow),
|
||||
RoleTransitionIterator.factory(self, self.handle.p.role_tr))
|
||||
return itertools.chain(RoleAllowIterator.factory(self, self.handle.p.role_allow),
|
||||
RoleTransitionIterator.factory(self, self.handle.p.role_tr))
|
||||
|
||||
def terules(self):
|
||||
"""Iterator over all type enforcement rules."""
|
||||
@ -682,10 +679,12 @@ cdef class SELinuxPolicy:
|
||||
|
||||
def nodecons(self):
|
||||
"""Iterator over all nodecon statements."""
|
||||
return chain(NodeconIterator.factory(self, self.handle.p.ocontexts[sepol.OCON_NODE],
|
||||
NodeconIPVersion.ipv4),
|
||||
NodeconIterator.factory(self, self.handle.p.ocontexts[sepol.OCON_NODE6],
|
||||
NodeconIPVersion.ipv6))
|
||||
return itertools.chain(NodeconIterator.factory(self,
|
||||
self.handle.p.ocontexts[sepol.OCON_NODE],
|
||||
NodeconIPVersion.ipv4),
|
||||
NodeconIterator.factory(self,
|
||||
self.handle.p.ocontexts[sepol.OCON_NODE6],
|
||||
NodeconIPVersion.ipv6))
|
||||
|
||||
def portcons(self):
|
||||
"""Iterator over all portcon statements."""
|
||||
|
@ -17,7 +17,6 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
import itertools
|
||||
|
||||
|
||||
#
|
||||
@ -557,7 +556,7 @@ cdef class TERuleIterator(PolicyIterator):
|
||||
sepol.avtab_ptr_t node
|
||||
uint32_t bucket = 0
|
||||
|
||||
count = Counter()
|
||||
count = collections.Counter()
|
||||
|
||||
while bucket < self.table[0].nslot:
|
||||
node = self.table[0].htable[bucket]
|
||||
@ -640,7 +639,7 @@ cdef class ConditionalTERuleIterator(PolicyIterator):
|
||||
"""
|
||||
cdef sepol.cond_av_list_t *curr
|
||||
|
||||
count = Counter()
|
||||
count = collections.Counter()
|
||||
|
||||
curr = self.head
|
||||
while curr != NULL:
|
||||
|
@ -17,7 +17,6 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
import warnings
|
||||
|
||||
#
|
||||
# Cache objects
|
||||
|
@ -16,14 +16,11 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
import warnings
|
||||
|
||||
from enum import Enum
|
||||
|
||||
#
|
||||
# Classes
|
||||
#
|
||||
class PolicyEnum(Enum):
|
||||
class PolicyEnum(enum.Enum):
|
||||
|
||||
"""
|
||||
Base class for policy enumerations.
|
||||
|
@ -17,10 +17,9 @@
|
||||
# License along with SETools. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
from collections import namedtuple
|
||||
|
||||
IomemconRange = namedtuple("IomemconRange", ["low", "high"])
|
||||
IoportconRange = namedtuple("IoportconRange", ["low", "high"])
|
||||
IomemconRange = collections.namedtuple("IomemconRange", ["low", "high"])
|
||||
IoportconRange = collections.namedtuple("IoportconRange", ["low", "high"])
|
||||
|
||||
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user