Merge pull request #89 from pebenito/namedtuple-to-dataclass

diff/permmap: Replace named tuples with dataclasses.
This commit is contained in:
Chris PeBenito 2023-03-24 11:21:54 -04:00 committed by GitHub
commit fbce6e8324
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 297 additions and 182 deletions

57
sediff
View File

@ -131,8 +131,7 @@ try:
if diff.modified_properties or args.property: if diff.modified_properties or args.property:
print("Policy Properties ({0} Modified)".format(len(diff.modified_properties))) print("Policy Properties ({0} Modified)".format(len(diff.modified_properties)))
if not args.stats: if not args.stats:
for name, added, removed in sorted(diff.modified_properties, for name, added, removed in sorted(diff.modified_properties):
key=lambda x: x.property):
print(" * {0} +{1} -{2}".format(name, added, removed)) print(" * {0} +{1} -{2}".format(name, added, removed))
print() print()
del diff.modified_properties del diff.modified_properties
@ -475,8 +474,7 @@ try:
print(" - {0}".format(r)) print(" - {0}".format(r))
if diff.modified_levels and not args.stats: if diff.modified_levels and not args.stats:
print(" Modified Levels: {0}".format(len(diff.modified_levels))) print(" Modified Levels: {0}".format(len(diff.modified_levels)))
for level, added_categories, removed_categories, _ in sorted(diff.modified_levels, for level, added_categories, removed_categories, _ in sorted(diff.modified_levels):
key=lambda x: x.level):
change = [] change = []
if added_categories: if added_categories:
change.append("{0} Added Categories".format(len(added_categories))) change.append("{0} Added Categories".format(len(added_categories)))
@ -511,8 +509,7 @@ try:
if diff.modified_allows and not args.stats: if diff.modified_allows and not args.stats:
print(" Modified Allow Rules: {0}".format(len(diff.modified_allows))) print(" Modified Allow Rules: {0}".format(len(diff.modified_allows)))
for rule, added_perms, removed_perms, matched_perms in sorted(diff.modified_allows, for rule, added_perms, removed_perms, matched_perms in sorted(diff.modified_allows):
key=lambda x: x.rule):
perm_str = " ".join(chain((p for p in matched_perms), perm_str = " ".join(chain((p for p in matched_perms),
("+" + p for p in added_perms), ("+" + p for p in added_perms),
("-" + p for p in removed_perms))) ("-" + p for p in removed_perms)))
@ -551,7 +548,7 @@ try:
print(" Modified Allowxperm Rules: {0}".format(len(diff.modified_allowxperms))) print(" Modified Allowxperm Rules: {0}".format(len(diff.modified_allowxperms)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_allowxperms, key=lambda x: x.rule): diff.modified_allowxperms):
# Process the string representation of the sets # Process the string representation of the sets
# so hex representation and ranges are preserved. # so hex representation and ranges are preserved.
@ -609,7 +606,7 @@ try:
print(" Modified Neverallow Rules: {0}".format(len(diff.modified_neverallows))) print(" Modified Neverallow Rules: {0}".format(len(diff.modified_neverallows)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_neverallows, key=lambda x: x.rule): diff.modified_neverallows):
perm_str = " ".join(chain((p for p in matched_perms), perm_str = " ".join(chain((p for p in matched_perms),
("+" + p for p in added_perms), ("+" + p for p in added_perms),
("-" + p for p in removed_perms))) ("-" + p for p in removed_perms)))
@ -651,7 +648,7 @@ try:
len(diff.modified_neverallowxperms))) len(diff.modified_neverallowxperms)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_neverallowxperms, key=lambda x: x.rule): diff.modified_neverallowxperms):
# Process the string representation of the sets # Process the string representation of the sets
# so hex representation and ranges are preserved. # so hex representation and ranges are preserved.
@ -709,7 +706,7 @@ try:
print(" Modified Auditallow Rules: {0}".format(len(diff.modified_auditallows))) print(" Modified Auditallow Rules: {0}".format(len(diff.modified_auditallows)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_auditallows, key=lambda x: x.rule): diff.modified_auditallows):
perm_str = " ".join(chain((p for p in matched_perms), perm_str = " ".join(chain((p for p in matched_perms),
("+" + p for p in added_perms), ("+" + p for p in added_perms),
("-" + p for p in removed_perms))) ("-" + p for p in removed_perms)))
@ -751,7 +748,7 @@ try:
len(diff.modified_auditallowxperms))) len(diff.modified_auditallowxperms)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_auditallowxperms, key=lambda x: x.rule): diff.modified_auditallowxperms):
# Process the string representation of the sets # Process the string representation of the sets
# so hex representation and ranges are preserved. # so hex representation and ranges are preserved.
@ -809,7 +806,7 @@ try:
print(" Modified Dontaudit Rules: {0}".format(len(diff.modified_dontaudits))) print(" Modified Dontaudit Rules: {0}".format(len(diff.modified_dontaudits)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_dontaudits, key=lambda x: x.rule): diff.modified_dontaudits):
perm_str = " ".join(chain((p for p in matched_perms), perm_str = " ".join(chain((p for p in matched_perms),
("+" + p for p in added_perms), ("+" + p for p in added_perms),
("-" + p for p in removed_perms))) ("-" + p for p in removed_perms)))
@ -851,7 +848,7 @@ try:
len(diff.modified_dontauditxperms))) len(diff.modified_dontauditxperms)))
for rule, added_perms, removed_perms, matched_perms in sorted( for rule, added_perms, removed_perms, matched_perms in sorted(
diff.modified_dontauditxperms, key=lambda x: x.rule): diff.modified_dontauditxperms):
# Process the string representation of the sets # Process the string representation of the sets
# so hex representation and ranges are preserved. # so hex representation and ranges are preserved.
@ -911,8 +908,7 @@ try:
print(" Modified Type_transition Rules: {0}".format( print(" Modified Type_transition Rules: {0}".format(
len(diff.modified_type_transitions))) len(diff.modified_type_transitions)))
for rule, added_default, removed_default in sorted(diff.modified_type_transitions, for rule, added_default, removed_default in sorted(diff.modified_type_transitions):
key=lambda x: x.rule):
rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format( rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format(
rule, added_default, removed_default) rule, added_default, removed_default)
@ -951,8 +947,7 @@ try:
if diff.modified_type_changes and not args.stats: if diff.modified_type_changes and not args.stats:
print(" Modified Type_change Rules: {0}".format(len(diff.modified_type_changes))) print(" Modified Type_change Rules: {0}".format(len(diff.modified_type_changes)))
for rule, added_default, removed_default in sorted(diff.modified_type_changes, for rule, added_default, removed_default in sorted(diff.modified_type_changes):
key=lambda x: x.rule):
rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format( rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format(
rule, added_default, removed_default) rule, added_default, removed_default)
@ -991,8 +986,7 @@ try:
if diff.modified_type_members and not args.stats: if diff.modified_type_members and not args.stats:
print(" Modified Type_member Rules: {0}".format(len(diff.modified_type_members))) print(" Modified Type_member Rules: {0}".format(len(diff.modified_type_members)))
for rule, added_default, removed_default in sorted(diff.modified_type_members, for rule, added_default, removed_default in sorted(diff.modified_type_members):
key=lambda x: x.rule):
rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format( rule_string = "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format(
rule, added_default, removed_default) rule, added_default, removed_default)
@ -1055,8 +1049,7 @@ try:
print(" Modified Role_transition Rules: {0}".format( print(" Modified Role_transition Rules: {0}".format(
len(diff.modified_role_transitions))) len(diff.modified_role_transitions)))
for rule, added_default, removed_default in sorted(diff.modified_role_transitions, for rule, added_default, removed_default in sorted(diff.modified_role_transitions):
key=lambda x: x.rule):
rule_string = \ rule_string = \
"{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format( "{0.ruletype} {0.source} {0.target}:{0.tclass} +{1} -{2}".format(
rule, added_default, removed_default) rule, added_default, removed_default)
@ -1091,8 +1084,7 @@ try:
print(" Modified Range_transition Rules: {0}".format( print(" Modified Range_transition Rules: {0}".format(
len(diff.modified_range_transitions))) len(diff.modified_range_transitions)))
for rule, added_default, removed_default in sorted(diff.modified_range_transitions, for rule, added_default, removed_default in sorted(diff.modified_range_transitions):
key=lambda x: x.rule):
# added brackets around range change for clarity since ranges # added brackets around range change for clarity since ranges
# can have '-' and spaces. # can have '-' and spaces.
rule_string = \ rule_string = \
@ -1231,7 +1223,7 @@ try:
print(" - {0}".format(s.statement())) print(" - {0}".format(s.statement()))
if diff.modified_ibendportcons and not args.stats: if diff.modified_ibendportcons and not args.stats:
print(" Modified Ibendportcons: {0}".format(len(diff.modified_ibendportcons))) print(" Modified Ibendportcons: {0}".format(len(diff.modified_ibendportcons)))
for entry in sorted(diff.modified_ibendportcons, key=lambda x: x.rule): for entry in sorted(diff.modified_ibendportcons):
print(" * ibendportcon {0.rule.name} {0.rule.port} " print(" * ibendportcon {0.rule.name} {0.rule.port} "
"+[{0.added_context}] -[{0.removed_context}]".format(entry)) "+[{0.added_context}] -[{0.removed_context}]".format(entry))
@ -1256,7 +1248,7 @@ try:
print(" - {0}".format(s.statement())) print(" - {0}".format(s.statement()))
if diff.modified_ibpkeycons and not args.stats: if diff.modified_ibpkeycons and not args.stats:
print(" Modified Ibpkeycons: {0}".format(len(diff.modified_ibpkeycons))) print(" Modified Ibpkeycons: {0}".format(len(diff.modified_ibpkeycons)))
for entry in sorted(diff.modified_ibpkeycons, key=lambda x: x.rule): for entry in sorted(diff.modified_ibpkeycons):
if entry.rule.pkeys.low == entry.rule.pkeys.high: if entry.rule.pkeys.low == entry.rule.pkeys.high:
print(" * ibpkeycon {0.rule.subnet_prefix} {0.rule.pkeys.low:#x} " print(" * ibpkeycon {0.rule.subnet_prefix} {0.rule.pkeys.low:#x} "
"+[{0.added_context}] -[{0.removed_context}]".format(entry)) "+[{0.added_context}] -[{0.removed_context}]".format(entry))
@ -1286,7 +1278,7 @@ try:
print(" - {0}".format(s)) print(" - {0}".format(s))
if diff.modified_fs_uses and not args.stats: if diff.modified_fs_uses and not args.stats:
print(" Modified Fs_use: {0}".format(len(diff.modified_fs_uses))) print(" Modified Fs_use: {0}".format(len(diff.modified_fs_uses)))
for entry in sorted(diff.modified_fs_uses, key=lambda x: x.rule): for entry in sorted(diff.modified_fs_uses):
print(" * {0.ruletype} {0.fs} +[{1}] -[{2}];".format( print(" * {0.ruletype} {0.fs} +[{1}] -[{2}];".format(
entry.rule, entry.added_context, entry.removed_context)) entry.rule, entry.added_context, entry.removed_context))
@ -1311,7 +1303,7 @@ try:
print(" - {0}".format(s)) print(" - {0}".format(s))
if diff.modified_genfscons and not args.stats: if diff.modified_genfscons and not args.stats:
print(" Modified Genfscons: {0}".format(len(diff.modified_genfscons))) print(" Modified Genfscons: {0}".format(len(diff.modified_genfscons)))
for entry in sorted(diff.modified_genfscons, key=lambda x: x.rule): for entry in sorted(diff.modified_genfscons):
print(" * genfscon {0.fs} {0.path} {0.filetype} +[{1}] -[{2}];".format( print(" * genfscon {0.fs} {0.path} {0.filetype} +[{1}] -[{2}];".format(
entry.rule, entry.added_context, entry.removed_context)) entry.rule, entry.added_context, entry.removed_context))
@ -1336,7 +1328,7 @@ try:
print(" - {0}".format(n)) print(" - {0}".format(n))
if diff.modified_netifcons and not args.stats: if diff.modified_netifcons and not args.stats:
print(" Modified Netifcons: {0}".format(len(diff.modified_netifcons))) print(" Modified Netifcons: {0}".format(len(diff.modified_netifcons)))
for entry in sorted(diff.modified_netifcons, key=lambda x: x.rule): for entry in sorted(diff.modified_netifcons):
# This output is different than other statements because # This output is different than other statements because
# it becomes difficult to read if this was condensed # it becomes difficult to read if this was condensed
# into a single line, especially if both contexts # into a single line, especially if both contexts
@ -1379,7 +1371,7 @@ try:
print(" - {0}".format(n)) print(" - {0}".format(n))
if diff.modified_nodecons and not args.stats: if diff.modified_nodecons and not args.stats:
print(" Modified Nodecons: {0}".format(len(diff.modified_nodecons))) print(" Modified Nodecons: {0}".format(len(diff.modified_nodecons)))
for entry in sorted(diff.modified_nodecons, key=lambda x: x.rule): for entry in sorted(diff.modified_nodecons):
print(" * nodecon {0} +[{1.added_context}] -[{1.removed_context}];".format( print(" * nodecon {0} +[{1.added_context}] -[{1.removed_context}];".format(
entry.rule.network.with_netmask.replace("/", " "), entry)) entry.rule.network.with_netmask.replace("/", " "), entry))
@ -1404,8 +1396,7 @@ try:
print(" - {0}".format(n)) print(" - {0}".format(n))
if diff.modified_portcons and not args.stats: if diff.modified_portcons and not args.stats:
print(" Modified Portcons: {0}".format(len(diff.modified_portcons))) print(" Modified Portcons: {0}".format(len(diff.modified_portcons)))
for con, added_context, removed_context in sorted(diff.modified_portcons, for con, added_context, removed_context in sorted(diff.modified_portcons):
key=lambda x: x.rule):
low, high = con.ports low, high = con.ports
if low == high: if low == high:
print(" * portcon {0.protocol} {1} +[{2}] -[{3}];".format( print(" * portcon {0.protocol} {1} +[{2}] -[{3}];".format(
@ -1451,7 +1442,7 @@ try:
if diff.modified_defaults and not args.stats: if diff.modified_defaults and not args.stats:
print(" Modified Defaults: {0}".format(len(diff.modified_defaults))) print(" Modified Defaults: {0}".format(len(diff.modified_defaults)))
for default, added_default, removed_default, added_range, removed_range in sorted( for default, added_default, removed_default, added_range, removed_range in sorted(
diff.modified_defaults, key=lambda x: x.rule): diff.modified_defaults):
line = " * {0.ruletype} {0.tclass} ".format(default) line = " * {0.ruletype} {0.tclass} ".format(default)
if removed_default: if removed_default:
line += "+{0} -{1}".format(added_default, removed_default) line += "+{0} -{1}".format(added_default, removed_default)
@ -1488,7 +1479,7 @@ try:
if diff.modified_typebounds and not args.stats: if diff.modified_typebounds and not args.stats:
print(" Modified Typebounds: {0}".format(len(diff.modified_typebounds))) print(" Modified Typebounds: {0}".format(len(diff.modified_typebounds)))
for bound, added_bound, removed_bound in sorted( for bound, added_bound, removed_bound in sorted(
diff.modified_typebounds, key=lambda x: x.rule): diff.modified_typebounds):
print(" * {0.ruletype} +{1} -{2} {0.child};".format( print(" * {0.ruletype} +{1} -{2} {0.child};".format(
bound, added_bound, removed_bound)) bound, added_bound, removed_bound))

View File

@ -4,19 +4,20 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import SELinuxPolicy, Boolean from ..policyrep import SELinuxPolicy, Boolean
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .typing import SymbolCache from .typing import SymbolCache
_bool_cache: SymbolCache[Boolean] = defaultdict(dict) _bool_cache: SymbolCache[Boolean] = defaultdict(dict)
class ModifiedBoolean(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedBoolean(DifferenceResult):
"""Difference details for a modified Boolean.""" """Difference details for a modified Boolean."""

View File

@ -3,15 +3,18 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import cast, List, NamedTuple, Optional from dataclasses import dataclass
from typing import cast, List, Optional
from ..policyrep import Bounds, BoundsRuletype, Type from ..policyrep import Bounds, BoundsRuletype, Type
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
from .types import type_wrapper_factory from .types import type_wrapper_factory
class ModifiedBounds(NamedTuple): @dataclass(frozen=True)
class ModifiedBounds(DifferenceResult):
"""Difference details for a modified bounds rule.""" """Difference details for a modified bounds rule."""
@ -19,6 +22,9 @@ class ModifiedBounds(NamedTuple):
added_bound: Type added_bound: Type
removed_bound: Type removed_bound: Type
def __lt__(self, other) -> bool:
return self.rule < other.rule
class BoundsDifference(Difference): class BoundsDifference(Difference):

View File

@ -2,13 +2,15 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple, Set from dataclasses import dataclass
from typing import Set
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
class ModifiedCommon(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedCommon(DifferenceResult):
"""Difference details for a modified common permission set.""" """Difference details for a modified common permission set."""

View File

@ -2,15 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple, Optional from dataclasses import dataclass
from typing import Optional
from ..policyrep import Default, DefaultRuletype, DefaultValue, DefaultRangeValue, ObjClass from ..policyrep import Default, DefaultValue, DefaultRangeValue
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper, Wrapper from .difference import Difference, DifferenceResult, SymbolWrapper, Wrapper
class ModifiedDefault(NamedTuple): @dataclass(frozen=True)
class ModifiedDefault(DifferenceResult):
"""Difference details for a modified default_*.""" """Difference details for a modified default_*."""
@ -20,6 +22,9 @@ class ModifiedDefault(NamedTuple):
added_default_range: Optional[DefaultRangeValue] added_default_range: Optional[DefaultRangeValue]
removed_default_range: Optional[DefaultRangeValue] removed_default_range: Optional[DefaultRangeValue]
def __lt__(self, other) -> bool:
return self.rule < other.rule
class DefaultsDifference(Difference): class DefaultsDifference(Difference):

View File

@ -7,6 +7,7 @@ import logging
from abc import ABC, abstractmethod from abc import ABC, abstractmethod
from typing import Generic, Iterable, TypeVar from typing import Generic, Iterable, TypeVar
from ..mixins import TupleCompat
from ..policyrep import PolicyObject, PolicySymbol, SELinuxPolicy from ..policyrep import PolicyObject, PolicySymbol, SELinuxPolicy
@ -117,6 +118,13 @@ class Difference:
return added_items, removed_items, matched_items return added_items, removed_items, matched_items
class DifferenceResult(TupleCompat):
"""Base class for difference results"""
pass
T = TypeVar("T", bound=PolicyObject) T = TypeVar("T", bound=PolicyObject)

View File

@ -2,16 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, FSUse from ..policyrep import Context, FSUse
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedFSUse(NamedTuple): @dataclass(frozen=True)
class ModifiedFSUse(DifferenceResult):
"""Difference details for a modified fs_use_*.""" """Difference details for a modified fs_use_*."""
@ -19,6 +20,9 @@ class ModifiedFSUse(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class FSUsesDifference(Difference): class FSUsesDifference(Difference):

View File

@ -2,16 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, Genfscon from ..policyrep import Context, Genfscon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedGenfscon(NamedTuple): @dataclass(frozen=True)
class ModifiedGenfscon(DifferenceResult):
"""Difference details for a modified genfscons.""" """Difference details for a modified genfscons."""
@ -19,6 +20,9 @@ class ModifiedGenfscon(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class GenfsconsDifference(Difference): class GenfsconsDifference(Difference):

View File

@ -2,15 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, Ibendportcon from ..policyrep import Context, Ibendportcon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedIbendportcon(NamedTuple): @dataclass(frozen=True)
class ModifiedIbendportcon(DifferenceResult):
"""Difference details for a modified ibendportcon.""" """Difference details for a modified ibendportcon."""
@ -18,6 +20,9 @@ class ModifiedIbendportcon(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class IbendportconsDifference(Difference): class IbendportconsDifference(Difference):

View File

@ -2,16 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, Ibpkeycon from ..policyrep import Context, Ibpkeycon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedIbpkeycon(NamedTuple): @dataclass(frozen=True)
class ModifiedIbpkeycon(DifferenceResult):
"""Difference details for a modified ibpkeycon.""" """Difference details for a modified ibpkeycon."""
@ -19,6 +20,9 @@ class ModifiedIbpkeycon(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class IbpkeyconsDifference(Difference): class IbpkeyconsDifference(Difference):

View File

@ -2,16 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context from ..policyrep import Context
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
class ModifiedInitialSID(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedInitialSID(DifferenceResult):
"""Difference details for a modified initial SID.""" """Difference details for a modified initial SID."""

View File

@ -4,19 +4,21 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple, Set from dataclasses import dataclass
from typing import Set
from ..policyrep import Category, Level, LevelDecl, Range, Sensitivity from ..policyrep import Category, Level, LevelDecl, Range, Sensitivity
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper, Wrapper from .difference import Difference, DifferenceResult, SymbolWrapper, Wrapper
from .typing import SymbolCache from .typing import SymbolCache
_cats_cache: SymbolCache[Category] = defaultdict(dict) _cats_cache: SymbolCache[Category] = defaultdict(dict)
_sens_cache: SymbolCache[Sensitivity] = defaultdict(dict) _sens_cache: SymbolCache[Sensitivity] = defaultdict(dict)
class ModifiedCategory(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedCategory(DifferenceResult):
"""Difference details for a modified category.""" """Difference details for a modified category."""
@ -25,7 +27,8 @@ class ModifiedCategory(NamedTuple):
matched_aliases: Set[str] matched_aliases: Set[str]
class ModifiedSensitivity(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedSensitivity(DifferenceResult):
"""Difference details for a modified sensitivity.""" """Difference details for a modified sensitivity."""
@ -34,7 +37,8 @@ class ModifiedSensitivity(NamedTuple):
matched_aliases: Set[str] matched_aliases: Set[str]
class ModifiedLevelDecl(NamedTuple): @dataclass(frozen=True)
class ModifiedLevelDecl(DifferenceResult):
"""Difference details for a modified level declaration.""" """Difference details for a modified level declaration."""
@ -43,6 +47,9 @@ class ModifiedLevelDecl(NamedTuple):
removed_categories: Set[Category] removed_categories: Set[Category]
matched_categories: Set[Category] matched_categories: Set[Category]
def __lt__(self, other) -> bool:
return self.level < other.level
def category_wrapper_factory(category: Category) -> SymbolWrapper[Category]: def category_wrapper_factory(category: Category) -> SymbolWrapper[Category]:
""" """

View File

@ -4,19 +4,20 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import MLSRule, MLSRuletype, Range from ..policyrep import MLSRule, MLSRuletype, Range
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
from .mls import RangeWrapper from .mls import RangeWrapper
from .objclass import class_wrapper_factory from .objclass import class_wrapper_factory
from .types import type_or_attr_wrapper_factory from .types import type_or_attr_wrapper_factory
from .typing import RuleList from .typing import RuleList
class ModifiedMLSRule(NamedTuple): @dataclass(frozen=True)
class ModifiedMLSRule(DifferenceResult):
"""Difference details for a modified MLS rule.""" """Difference details for a modified MLS rule."""
@ -24,6 +25,9 @@ class ModifiedMLSRule(NamedTuple):
added_default: Range added_default: Range
removed_default: Range removed_default: Range
def __lt__(self, other) -> bool:
return self.rule < other.rule
class MLSRulesDifference(Difference): class MLSRulesDifference(Difference):

View File

@ -2,16 +2,18 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple, Optional from dataclasses import dataclass
from typing import Optional
from ..policyrep import Context, Netifcon from ..policyrep import Context, Netifcon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedNetifcon(NamedTuple): @dataclass(frozen=True)
class ModifiedNetifcon(DifferenceResult):
"""Difference details for a modified netifcon.""" """Difference details for a modified netifcon."""
@ -21,6 +23,9 @@ class ModifiedNetifcon(NamedTuple):
added_packet: Optional[Context] added_packet: Optional[Context]
removed_packet: Optional[Context] removed_packet: Optional[Context]
def __lt__(self, other) -> bool:
return self.rule < other.rule
class NetifconsDifference(Difference): class NetifconsDifference(Difference):

View File

@ -3,16 +3,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, Nodecon from ..policyrep import Context, Nodecon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedNodecon(NamedTuple): @dataclass(frozen=True)
class ModifiedNodecon(DifferenceResult):
"""Difference details for a modified netifcon.""" """Difference details for a modified netifcon."""
@ -20,6 +21,9 @@ class ModifiedNodecon(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class NodeconsDifference(Difference): class NodeconsDifference(Difference):

View File

@ -5,19 +5,21 @@
# #
from collections import defaultdict from collections import defaultdict
from contextlib import suppress from contextlib import suppress
from typing import NamedTuple, Set from dataclasses import dataclass
from typing import Set
from ..exception import NoCommon from ..exception import NoCommon
from ..policyrep import ObjClass from ..policyrep import ObjClass
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .typing import SymbolCache from .typing import SymbolCache
_class_cache: SymbolCache[ObjClass] = defaultdict(dict) _class_cache: SymbolCache[ObjClass] = defaultdict(dict)
class ModifiedObjClass(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedObjClass(DifferenceResult):
"""Difference details for a modified object class.""" """Difference details for a modified object class."""

View File

@ -2,16 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import Context, Portcon from ..policyrep import Context, Portcon
from .context import ContextWrapper from .context import ContextWrapper
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
class ModifiedPortcon(NamedTuple): @dataclass(frozen=True)
class ModifiedPortcon(DifferenceResult):
"""Difference details for a modified portcon.""" """Difference details for a modified portcon."""
@ -19,6 +20,9 @@ class ModifiedPortcon(NamedTuple):
added_context: Context added_context: Context
removed_context: Context removed_context: Context
def __lt__(self, other) -> bool:
return self.rule < other.rule
class PortconsDifference(Difference): class PortconsDifference(Difference):

View File

@ -2,15 +2,17 @@
# #
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import NamedTuple, Union from dataclasses import dataclass
from typing import Union
from ..policyrep import PolicyEnum from ..policyrep import PolicyEnum
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference from .difference import Difference, DifferenceResult
class ModifiedProperty(NamedTuple): @dataclass(frozen=True)
class ModifiedProperty(DifferenceResult):
"""Difference details for a modified policy property.""" """Difference details for a modified policy property."""
@ -18,6 +20,9 @@ class ModifiedProperty(NamedTuple):
added: Union[PolicyEnum, bool, int] added: Union[PolicyEnum, bool, int]
removed: Union[PolicyEnum, bool, int] removed: Union[PolicyEnum, bool, int]
def __lt__(self, other) -> bool:
return self.property < other.property
class PropertiesDifference(Difference): class PropertiesDifference(Difference):

View File

@ -4,19 +4,20 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple from dataclasses import dataclass
from ..policyrep import AnyRBACRule, RBACRuletype, Role, RoleAllow, RoleTransition from ..policyrep import AnyRBACRule, RBACRuletype, Role, RoleAllow, RoleTransition
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
from .objclass import class_wrapper_factory from .objclass import class_wrapper_factory
from .roles import role_wrapper_factory from .roles import role_wrapper_factory
from .types import type_or_attr_wrapper_factory from .types import type_or_attr_wrapper_factory
from .typing import RuleList from .typing import RuleList
class ModifiedRBACRule(NamedTuple): @dataclass(frozen=True)
class ModifiedRBACRule(DifferenceResult):
"""Difference details for a modified RBAC rule.""" """Difference details for a modified RBAC rule."""
@ -24,6 +25,9 @@ class ModifiedRBACRule(NamedTuple):
added_default: Role added_default: Role
removed_default: Role removed_default: Role
def __lt__(self, other) -> bool:
return self.rule < other.rule
class RBACRulesDifference(Difference): class RBACRulesDifference(Difference):

View File

@ -4,19 +4,21 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple, Set from dataclasses import dataclass
from typing import Set
from ..policyrep import Role, Type from ..policyrep import Role, Type
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .typing import SymbolCache from .typing import SymbolCache
from .types import type_wrapper_factory from .types import type_wrapper_factory
_roles_cache: SymbolCache[Role] = defaultdict(dict) _roles_cache: SymbolCache[Role] = defaultdict(dict)
class ModifiedRole(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedRole(DifferenceResult):
"""Difference details for a modified role.""" """Difference details for a modified role."""

View File

@ -5,16 +5,17 @@
# #
import logging import logging
from collections import defaultdict from collections import defaultdict
from dataclasses import dataclass
from sys import intern from sys import intern
from enum import Enum from enum import Enum
from typing import Any, Callable, Dict, Iterable, List, NamedTuple, Optional, Set, Tuple, Union from typing import Any, Callable, Dict, Iterable, List, Optional, Set, Tuple, Union
from ..exception import RuleNotConditional, RuleUseError, TERuleNoFilename from ..exception import RuleNotConditional, RuleUseError, TERuleNoFilename
from ..policyrep import AnyTERule, AVRule, AVRuleXperm, Conditional, IoctlSet, TERuletype, Type from ..policyrep import AnyTERule, AVRule, AVRuleXperm, Conditional, IoctlSet, TERuletype, Type
from .conditional import conditional_wrapper_factory from .conditional import conditional_wrapper_factory
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, Wrapper from .difference import Difference, DifferenceResult, Wrapper
from .types import type_wrapper_factory, type_or_attr_wrapper_factory from .types import type_wrapper_factory, type_or_attr_wrapper_factory
from .typing import RuleList from .typing import RuleList
from .objclass import class_wrapper_factory from .objclass import class_wrapper_factory
@ -23,7 +24,8 @@ TERULES_UNCONDITIONAL = intern("<<unconditional>>")
TERULES_UNCONDITIONAL_BLOCK = intern("True") TERULES_UNCONDITIONAL_BLOCK = intern("True")
class ModifiedAVRule(NamedTuple): @dataclass(frozen=True)
class ModifiedAVRule(DifferenceResult):
"""Difference details for a modified access vector rule.""" """Difference details for a modified access vector rule."""
@ -32,8 +34,12 @@ class ModifiedAVRule(NamedTuple):
removed_perms: Union[Set[str], IoctlSet] removed_perms: Union[Set[str], IoctlSet]
matched_perms: Union[Set[str], IoctlSet] matched_perms: Union[Set[str], IoctlSet]
def __lt__(self, other) -> bool:
return self.rule < other.rule
class ModifiedTERule(NamedTuple):
@dataclass(frozen=True)
class ModifiedTERule(DifferenceResult):
"""Difference details for a modified type_* rule.""" """Difference details for a modified type_* rule."""
@ -41,6 +47,9 @@ class ModifiedTERule(NamedTuple):
added_default: Type added_default: Type
removed_default: Type removed_default: Type
def __lt__(self, other) -> bool:
return self.rule < other.rule
# #
# Internal datastructure types # Internal datastructure types
@ -50,17 +59,20 @@ class Side(Enum):
right = 1 right = 1
class RuleDBSideDataRecord(NamedTuple): @dataclass
class RuleDBSideDataRecord:
perms: Set[str] perms: Set[str]
orig_rule: AVRule orig_rule: AVRule
class RuleDBSidesRecord(NamedTuple): @dataclass
class RuleDBSidesRecord:
left: Optional[RuleDBSideDataRecord] left: Optional[RuleDBSideDataRecord]
right: Optional[RuleDBSideDataRecord] right: Optional[RuleDBSideDataRecord]
class TypeDBRecord(NamedTuple): @dataclass
class TypeDBRecord:
left: Dict[str, Type] left: Dict[str, Type]
right: Dict[str, Type] right: Dict[str, Type]

View File

@ -4,18 +4,20 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple, Set from dataclasses import dataclass
from typing import Set
from ..policyrep import Type, TypeAttribute from ..policyrep import Type, TypeAttribute
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .typing import SymbolCache from .typing import SymbolCache
_typeattr_cache: SymbolCache[TypeAttribute] = defaultdict(dict) _typeattr_cache: SymbolCache[TypeAttribute] = defaultdict(dict)
class ModifiedTypeAttribute(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedTypeAttribute(DifferenceResult):
"""Difference details for a modified type attribute.""" """Difference details for a modified type attribute."""

View File

@ -4,19 +4,21 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple, Set, Union from dataclasses import dataclass
from typing import Set, Union
from ..policyrep import Type, TypeAttribute, TypeOrAttr from ..policyrep import Type, TypeAttribute, TypeOrAttr
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .typeattr import typeattr_wrapper_factory from .typeattr import typeattr_wrapper_factory
from .typing import SymbolCache from .typing import SymbolCache
_types_cache: SymbolCache[Type] = defaultdict(dict) _types_cache: SymbolCache[Type] = defaultdict(dict)
class ModifiedType(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedType(DifferenceResult):
"""Difference details for a modified type.""" """Difference details for a modified type."""

View File

@ -1,16 +1,20 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from typing import DefaultDict, Dict, List, Optional, TypeVar from typing import DefaultDict, Dict, List, Optional, TypeVar, Union
from ..policyrep import PolicyEnum, PolicyObject, SELinuxPolicy from ..policyrep import AnyConstraint, PolicyEnum, PolicyObject, PolicyRule, PolicySymbol, \
SELinuxPolicy
from .difference import Wrapper, SymbolWrapper from .difference import Wrapper, SymbolWrapper
T = TypeVar("T", bound=PolicyObject) PE = TypeVar("PE", bound=PolicyEnum)
U = TypeVar("U", bound=Wrapper) PO = TypeVar("PO", bound=PolicyObject)
Cache = DefaultDict[SELinuxPolicy, Dict[T, U]] PS = TypeVar("PS", bound=PolicySymbol)
SymbolCache = Cache[T, SymbolWrapper[T]] PR = TypeVar("PR", bound=Union[AnyConstraint, PolicyRule])
WR = TypeVar("WR", bound=Wrapper)
E = TypeVar("E", bound=PolicyEnum) Cache = DefaultDict[SELinuxPolicy, Dict[PO, WR]]
RuleList = Optional[DefaultDict[E, List[T]]] SymbolCache = Cache[PS, SymbolWrapper[PS]]
RuleList = Optional[DefaultDict[PE, List[PR]]]

View File

@ -4,13 +4,14 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
from collections import defaultdict from collections import defaultdict
from typing import NamedTuple, Set, Optional, Union from dataclasses import dataclass
from typing import Set, Optional, Union
from ..exception import MLSDisabled from ..exception import MLSDisabled
from ..policyrep import Level, Range, Role, User from ..policyrep import Level, Range, Role, User
from .descriptors import DiffResultDescriptor from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper from .difference import Difference, DifferenceResult, SymbolWrapper
from .mls import LevelWrapper, RangeWrapper from .mls import LevelWrapper, RangeWrapper
from .roles import role_wrapper_factory from .roles import role_wrapper_factory
from .typing import SymbolCache from .typing import SymbolCache
@ -18,7 +19,8 @@ from .typing import SymbolCache
_users_cache: SymbolCache[User] = defaultdict(dict) _users_cache: SymbolCache[User] = defaultdict(dict)
class ModifiedUser(NamedTuple): @dataclass(frozen=True, order=True)
class ModifiedUser(DifferenceResult):
"""Difference details for a modified user.""" """Difference details for a modified user."""

View File

@ -313,21 +313,21 @@ class InfoFlowAnalysis:
if rule.ruletype != TERuletype.allow: if rule.ruletype != TERuletype.allow:
continue continue
(rweight, wweight) = self.perm_map.rule_weight(cast(AVRule, rule)) weight = self.perm_map.rule_weight(cast(AVRule, rule))
for s, t in itertools.product(rule.source.expand(), rule.target.expand()): for s, t in itertools.product(rule.source.expand(), rule.target.expand()):
# only add flows if they actually flow # only add flows if they actually flow
# in or out of the source type type # in or out of the source type type
if s != t: if s != t:
if wweight: if weight.write:
edge = InfoFlowStep(self.G, s, t, create=True) edge = InfoFlowStep(self.G, s, t, create=True)
edge.rules.append(rule) edge.rules.append(rule)
edge.weight = wweight edge.weight = weight.write
if rweight: if weight.read:
edge = InfoFlowStep(self.G, t, s, create=True) edge = InfoFlowStep(self.G, t, s, create=True)
edge.rules.append(rule) edge.rules.append(rule)
edge.weight = rweight edge.weight = weight.read
self.rebuildgraph = False self.rebuildgraph = False
self.rebuildsubgraph = True self.rebuildsubgraph = True

View File

@ -4,9 +4,10 @@
# SPDX-License-Identifier: LGPL-2.1-only # SPDX-License-Identifier: LGPL-2.1-only
# #
# pylint: disable=attribute-defined-outside-init,no-member # pylint: disable=attribute-defined-outside-init,no-member
import re from dataclasses import astuple
from logging import Logger from logging import Logger
from typing import Any from typing import Any
import warnings
from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor, CriteriaPermissionSetDescriptor from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor, CriteriaPermissionSetDescriptor
from .policyrep import Context from .policyrep import Context
@ -233,3 +234,23 @@ class NetworkXGraphEdge:
return self.target return self.target
else: else:
raise IndexError(f"Invalid index (NetworkXGraphEdge only has 2 items): {index}") raise IndexError(f"Invalid index (NetworkXGraphEdge only has 2 items): {index}")
class TupleCompat:
"""Mixin for named tuple backwards compatibility for dataclasses."""
def __getitem__(self, key):
warnings.warn("Named tuple returns are deprecated, replaced with dataclasses.",
DeprecationWarning)
return astuple(self)[key]
def __iter__(self):
warnings.warn("Named tuple returns are deprecated, replaced with dataclasses.",
DeprecationWarning)
return iter(astuple(self))
def __len__(self):
warnings.warn("Named tuple returns are deprecated, replaced with dataclasses.",
DeprecationWarning)
return len(astuple(self))

View File

@ -6,12 +6,14 @@ import logging
import copy import copy
from collections import OrderedDict from collections import OrderedDict
from contextlib import suppress from contextlib import suppress
from typing import cast, Dict, Iterable, NamedTuple, Optional, Union from dataclasses import dataclass
from typing import cast, Dict, Iterable, Optional, Union
import pkg_resources import pkg_resources
from . import exception from . import exception
from .descriptors import PermissionMapDescriptor from .descriptors import PermissionMapDescriptor
from .mixins import TupleCompat
from .policyrep import AVRule, SELinuxPolicy, TERuletype from .policyrep import AVRule, SELinuxPolicy, TERuletype
INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u") INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u")
@ -19,7 +21,8 @@ MIN_WEIGHT = 1
MAX_WEIGHT = 10 MAX_WEIGHT = 10
class RuleWeight(NamedTuple): @dataclass
class RuleWeight(TupleCompat):
"""The read and write weights for a rule, given all of its permissions.""" """The read and write weights for a rule, given all of its permissions."""

View File

@ -5,9 +5,10 @@
# #
import os import os
import unittest import unittest
from dataclasses import astuple
from ipaddress import IPv6Address, IPv4Network, IPv6Network from ipaddress import IPv6Address, IPv4Network, IPv6Network
from setools import SELinuxPolicy, PolicyDifference, PortconProtocol from setools import PolicyDifference, PortconProtocol
from setools import BoundsRuletype as BRT from setools import BoundsRuletype as BRT
from setools import ConstraintRuletype as CRT from setools import ConstraintRuletype as CRT
from setools import DefaultRuletype as DRT from setools import DefaultRuletype as DRT
@ -275,7 +276,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.allow, rule.ruletype) self.assertEqual(TRT.allow, rule.ruletype)
self.assertEqual("modified_rule_add_perms", rule.source) self.assertEqual("modified_rule_add_perms", rule.source)
self.assertEqual("modified_rule_add_perms", rule.target) self.assertEqual("modified_rule_add_perms", rule.target)
@ -285,7 +286,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["hi_r"]), matched_perms) self.assertSetEqual(set(["hi_r"]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.allow, rule.ruletype) self.assertEqual(TRT.allow, rule.ruletype)
self.assertEqual("modified_rule_add_remove_perms", rule.source) self.assertEqual("modified_rule_add_remove_perms", rule.source)
self.assertEqual("modified_rule_add_remove_perms", rule.target) self.assertEqual("modified_rule_add_remove_perms", rule.target)
@ -295,7 +296,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["low_w"]), matched_perms) self.assertSetEqual(set(["low_w"]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.allow, rule.ruletype) self.assertEqual(TRT.allow, rule.ruletype)
self.assertEqual("modified_rule_remove_perms", rule.source) self.assertEqual("modified_rule_remove_perms", rule.source)
self.assertEqual("modified_rule_remove_perms", rule.target) self.assertEqual("modified_rule_remove_perms", rule.target)
@ -363,7 +364,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.auditallow, rule.ruletype) self.assertEqual(TRT.auditallow, rule.ruletype)
self.assertEqual("aa_modified_rule_add_perms", rule.source) self.assertEqual("aa_modified_rule_add_perms", rule.source)
self.assertEqual("aa_modified_rule_add_perms", rule.target) self.assertEqual("aa_modified_rule_add_perms", rule.target)
@ -373,7 +374,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["hi_r"]), matched_perms) self.assertSetEqual(set(["hi_r"]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.auditallow, rule.ruletype) self.assertEqual(TRT.auditallow, rule.ruletype)
self.assertEqual("aa_modified_rule_add_remove_perms", rule.source) self.assertEqual("aa_modified_rule_add_remove_perms", rule.source)
self.assertEqual("aa_modified_rule_add_remove_perms", rule.target) self.assertEqual("aa_modified_rule_add_remove_perms", rule.target)
@ -383,7 +384,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["low_w"]), matched_perms) self.assertSetEqual(set(["low_w"]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.auditallow, rule.ruletype) self.assertEqual(TRT.auditallow, rule.ruletype)
self.assertEqual("aa_modified_rule_remove_perms", rule.source) self.assertEqual("aa_modified_rule_remove_perms", rule.source)
self.assertEqual("aa_modified_rule_remove_perms", rule.target) self.assertEqual("aa_modified_rule_remove_perms", rule.target)
@ -451,7 +452,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.dontaudit, rule.ruletype) self.assertEqual(TRT.dontaudit, rule.ruletype)
self.assertEqual("da_modified_rule_add_perms", rule.source) self.assertEqual("da_modified_rule_add_perms", rule.source)
self.assertEqual("da_modified_rule_add_perms", rule.target) self.assertEqual("da_modified_rule_add_perms", rule.target)
@ -461,7 +462,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["hi_r"]), matched_perms) self.assertSetEqual(set(["hi_r"]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.dontaudit, rule.ruletype) self.assertEqual(TRT.dontaudit, rule.ruletype)
self.assertEqual("da_modified_rule_add_remove_perms", rule.source) self.assertEqual("da_modified_rule_add_remove_perms", rule.source)
self.assertEqual("da_modified_rule_add_remove_perms", rule.target) self.assertEqual("da_modified_rule_add_remove_perms", rule.target)
@ -471,7 +472,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set(["low_w"]), matched_perms) self.assertSetEqual(set(["low_w"]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.dontaudit, rule.ruletype) self.assertEqual(TRT.dontaudit, rule.ruletype)
self.assertEqual("da_modified_rule_remove_perms", rule.source) self.assertEqual("da_modified_rule_remove_perms", rule.source)
self.assertEqual("da_modified_rule_remove_perms", rule.target) self.assertEqual("da_modified_rule_remove_perms", rule.target)
@ -609,7 +610,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_type_transitions, key=lambda x: x.rule) lst = sorted(self.diff.modified_type_transitions, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_default, removed_default = lst[0] rule, added_default, removed_default = astuple(lst[0])
self.assertEqual(TRT.type_transition, rule.ruletype) self.assertEqual(TRT.type_transition, rule.ruletype)
self.assertEqual("tt_matched_source", rule.source) self.assertEqual("tt_matched_source", rule.source)
self.assertEqual("system", rule.target) self.assertEqual("system", rule.target)
@ -675,7 +676,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_type_changes, key=lambda x: x.rule) lst = sorted(self.diff.modified_type_changes, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_default, removed_default = lst[0] rule, added_default, removed_default = astuple(lst[0])
self.assertEqual(TRT.type_change, rule.ruletype) self.assertEqual(TRT.type_change, rule.ruletype)
self.assertEqual("tc_matched_source", rule.source) self.assertEqual("tc_matched_source", rule.source)
self.assertEqual("system", rule.target) self.assertEqual("system", rule.target)
@ -741,7 +742,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_type_members, key=lambda x: x.rule) lst = sorted(self.diff.modified_type_members, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_default, removed_default = lst[0] rule, added_default, removed_default = astuple(lst[0])
self.assertEqual(TRT.type_member, rule.ruletype) self.assertEqual(TRT.type_member, rule.ruletype)
self.assertEqual("tm_matched_source", rule.source) self.assertEqual("tm_matched_source", rule.source)
self.assertEqual("system", rule.target) self.assertEqual("system", rule.target)
@ -783,7 +784,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_range_transitions, key=lambda x: x.rule) lst = sorted(self.diff.modified_range_transitions, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_default, removed_default = lst[0] rule, added_default, removed_default = astuple(lst[0])
self.assertEqual(MRT.range_transition, rule.ruletype) self.assertEqual(MRT.range_transition, rule.ruletype)
self.assertEqual("rt_matched_source", rule.source) self.assertEqual("rt_matched_source", rule.source)
self.assertEqual("system", rule.target) self.assertEqual("system", rule.target)
@ -858,7 +859,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_role_transitions, key=lambda x: x.rule) lst = sorted(self.diff.modified_role_transitions, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_default, removed_default = lst[0] rule, added_default, removed_default = astuple(lst[0])
self.assertEqual(RRT.role_transition, rule.ruletype) self.assertEqual(RRT.role_transition, rule.ruletype)
self.assertEqual("role_tr_matched_source", rule.source) self.assertEqual("role_tr_matched_source", rule.source)
self.assertEqual("role_tr_matched_target", rule.target) self.assertEqual("role_tr_matched_target", rule.target)
@ -1035,7 +1036,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_fs_uses, key=lambda x: x.rule) lst = sorted(self.diff.modified_fs_uses, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_context, removed_context = lst[0] rule, added_context, removed_context = astuple(lst[0])
self.assertEqual(FSURT.fs_use_trans, rule.ruletype) self.assertEqual(FSURT.fs_use_trans, rule.ruletype)
self.assertEqual("modified_fsuse", rule.fs) self.assertEqual("modified_fsuse", rule.fs)
self.assertEqual("added_user:object_r:system:s1", added_context) self.assertEqual("added_user:object_r:system:s1", added_context)
@ -1079,7 +1080,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_genfscons, key=lambda x: x.rule) lst = sorted(self.diff.modified_genfscons, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
rule, added_context, removed_context = lst[0] rule, added_context, removed_context = astuple(lst[0])
self.assertEqual("modified_genfs", rule.fs) self.assertEqual("modified_genfs", rule.fs)
self.assertEqual("/", rule.path) self.assertEqual("/", rule.path)
self.assertEqual("added_user:object_r:system:s0", added_context) self.assertEqual("added_user:object_r:system:s0", added_context)
@ -1144,7 +1145,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# modified both contexts # modified both contexts
rule, added_context, removed_context, added_packet, removed_packet = lst[0] rule, added_context, removed_context, added_packet, removed_packet = astuple(lst[0])
self.assertEqual("mod_both_netif", rule.netif) self.assertEqual("mod_both_netif", rule.netif)
self.assertEqual("added_user:object_r:system:s0", added_context) self.assertEqual("added_user:object_r:system:s0", added_context)
self.assertEqual("removed_user:object_r:system:s0", removed_context) self.assertEqual("removed_user:object_r:system:s0", removed_context)
@ -1152,7 +1153,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual("removed_user:object_r:system:s0", removed_packet) self.assertEqual("removed_user:object_r:system:s0", removed_packet)
# modified context # modified context
rule, added_context, removed_context, added_packet, removed_packet = lst[1] rule, added_context, removed_context, added_packet, removed_packet = astuple(lst[1])
self.assertEqual("mod_ctx_netif", rule.netif) self.assertEqual("mod_ctx_netif", rule.netif)
self.assertEqual("added_user:object_r:system:s0", added_context) self.assertEqual("added_user:object_r:system:s0", added_context)
self.assertEqual("removed_user:object_r:system:s0", removed_context) self.assertEqual("removed_user:object_r:system:s0", removed_context)
@ -1160,7 +1161,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertIsNone(removed_packet) self.assertIsNone(removed_packet)
# modified packet context # modified packet context
rule, added_context, removed_context, added_packet, removed_packet = lst[2] rule, added_context, removed_context, added_packet, removed_packet = astuple(lst[2])
self.assertEqual("mod_pkt_netif", rule.netif) self.assertEqual("mod_pkt_netif", rule.netif)
self.assertIsNone(added_context) self.assertIsNone(added_context)
self.assertIsNone(removed_context) self.assertIsNone(removed_context)
@ -1218,13 +1219,13 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(2, len(lst)) self.assertEqual(2, len(lst))
# changed IPv4 # changed IPv4
nodecon, added_context, removed_context = lst[0] nodecon, added_context, removed_context = astuple(lst[0])
self.assertEqual(IPv4Network("123.0.0.0/8"), nodecon.network) self.assertEqual(IPv4Network("123.0.0.0/8"), nodecon.network)
self.assertEqual("modified_change_level:object_r:system:s2:c0", added_context) self.assertEqual("modified_change_level:object_r:system:s2:c0", added_context)
self.assertEqual("modified_change_level:object_r:system:s2:c1", removed_context) self.assertEqual("modified_change_level:object_r:system:s2:c1", removed_context)
# changed IPv6 # changed IPv6
nodecon, added_context, removed_context = lst[1] nodecon, added_context, removed_context = astuple(lst[1])
self.assertEqual(IPv6Network("ff03::/62"), nodecon.network) self.assertEqual(IPv6Network("ff03::/62"), nodecon.network)
self.assertEqual("modified_change_level:object_r:system:s2:c1", added_context) self.assertEqual("modified_change_level:object_r:system:s2:c1", added_context)
self.assertEqual("modified_change_level:object_r:system:s2:c0.c1", removed_context) self.assertEqual("modified_change_level:object_r:system:s2:c0.c1", removed_context)
@ -1274,13 +1275,13 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_portcons, key=lambda x: x.rule) lst = sorted(self.diff.modified_portcons, key=lambda x: x.rule)
self.assertEqual(2, len(lst)) self.assertEqual(2, len(lst))
portcon, added_context, removed_context = lst[0] portcon, added_context, removed_context = astuple(lst[0])
self.assertEqual(PortconProtocol.tcp, portcon.protocol) self.assertEqual(PortconProtocol.tcp, portcon.protocol)
self.assertTupleEqual((3024, 3026), portcon.ports) self.assertTupleEqual((3024, 3026), portcon.ports)
self.assertEqual("added_user:object_r:system:s1", added_context) self.assertEqual("added_user:object_r:system:s1", added_context)
self.assertEqual("removed_user:object_r:system:s0", removed_context) self.assertEqual("removed_user:object_r:system:s0", removed_context)
portcon, added_context, removed_context = lst[1] portcon, added_context, removed_context = astuple(lst[1])
self.assertEqual(PortconProtocol.udp, portcon.protocol) self.assertEqual(PortconProtocol.udp, portcon.protocol)
self.assertTupleEqual((3024, 3024), portcon.ports) self.assertTupleEqual((3024, 3024), portcon.ports)
self.assertEqual("added_user:object_r:system:s1", added_context) self.assertEqual("added_user:object_r:system:s1", added_context)
@ -1320,7 +1321,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_defaults, key=lambda x: x.rule) lst = sorted(self.diff.modified_defaults, key=lambda x: x.rule)
self.assertEqual(4, len(lst)) self.assertEqual(4, len(lst))
default, added_default, removed_default, added_range, removed_range = lst[0] default, added_default, removed_default, added_range, removed_range = astuple(lst[0])
self.assertEqual(DRT.default_range, default.ruletype) self.assertEqual(DRT.default_range, default.ruletype)
self.assertEqual("infoflow4", default.tclass) self.assertEqual("infoflow4", default.tclass)
self.assertEqual(DV.target, added_default) self.assertEqual(DV.target, added_default)
@ -1328,7 +1329,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertIsNone(added_range) self.assertIsNone(added_range)
self.assertIsNone(removed_range) self.assertIsNone(removed_range)
default, added_default, removed_default, added_range, removed_range = lst[1] default, added_default, removed_default, added_range, removed_range = astuple(lst[1])
self.assertEqual(DRT.default_range, default.ruletype) self.assertEqual(DRT.default_range, default.ruletype)
self.assertEqual("infoflow5", default.tclass) self.assertEqual("infoflow5", default.tclass)
self.assertIsNone(added_default) self.assertIsNone(added_default)
@ -1336,7 +1337,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(DRV.high, added_range) self.assertEqual(DRV.high, added_range)
self.assertEqual(DRV.low, removed_range) self.assertEqual(DRV.low, removed_range)
default, added_default, removed_default, added_range, removed_range = lst[2] default, added_default, removed_default, added_range, removed_range = astuple(lst[2])
self.assertEqual(DRT.default_range, default.ruletype) self.assertEqual(DRT.default_range, default.ruletype)
self.assertEqual("infoflow6", default.tclass) self.assertEqual("infoflow6", default.tclass)
self.assertEqual(DV.target, added_default) self.assertEqual(DV.target, added_default)
@ -1344,7 +1345,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(DRV.low, added_range) self.assertEqual(DRV.low, added_range)
self.assertEqual(DRV.high, removed_range) self.assertEqual(DRV.high, removed_range)
default, added_default, removed_default, added_range, removed_range = lst[3] default, added_default, removed_default, added_range, removed_range = astuple(lst[3])
self.assertEqual(DRT.default_type, default.ruletype) self.assertEqual(DRT.default_type, default.ruletype)
self.assertEqual("infoflow4", default.tclass) self.assertEqual("infoflow4", default.tclass)
self.assertEqual(DV.target, added_default) self.assertEqual(DV.target, added_default)
@ -1552,7 +1553,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
lst = sorted(self.diff.modified_typebounds, key=lambda x: x.rule) lst = sorted(self.diff.modified_typebounds, key=lambda x: x.rule)
self.assertEqual(1, len(lst)) self.assertEqual(1, len(lst))
bounds, added_bound, removed_bound = lst[0] bounds, added_bound, removed_bound = astuple(lst[0])
self.assertEqual(BRT.typebounds, bounds.ruletype) self.assertEqual(BRT.typebounds, bounds.ruletype)
self.assertEqual("mod_child", bounds.child) self.assertEqual("mod_child", bounds.child)
self.assertEqual("mod_parent_added", added_bound) self.assertEqual("mod_parent_added", added_bound)
@ -1593,7 +1594,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.allowxperm, rule.ruletype) self.assertEqual(TRT.allowxperm, rule.ruletype)
self.assertEqual("ax_modified_rule_add_perms", rule.source) self.assertEqual("ax_modified_rule_add_perms", rule.source)
self.assertEqual("ax_modified_rule_add_perms", rule.target) self.assertEqual("ax_modified_rule_add_perms", rule.target)
@ -1603,7 +1604,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0004]), matched_perms) self.assertSetEqual(set([0x0004]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.allowxperm, rule.ruletype) self.assertEqual(TRT.allowxperm, rule.ruletype)
self.assertEqual("ax_modified_rule_add_remove_perms", rule.source) self.assertEqual("ax_modified_rule_add_remove_perms", rule.source)
self.assertEqual("ax_modified_rule_add_remove_perms", rule.target) self.assertEqual("ax_modified_rule_add_remove_perms", rule.target)
@ -1613,7 +1614,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0008]), matched_perms) self.assertSetEqual(set([0x0008]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.allowxperm, rule.ruletype) self.assertEqual(TRT.allowxperm, rule.ruletype)
self.assertEqual("ax_modified_rule_remove_perms", rule.source) self.assertEqual("ax_modified_rule_remove_perms", rule.source)
self.assertEqual("ax_modified_rule_remove_perms", rule.target) self.assertEqual("ax_modified_rule_remove_perms", rule.target)
@ -1657,7 +1658,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.auditallowxperm, rule.ruletype) self.assertEqual(TRT.auditallowxperm, rule.ruletype)
self.assertEqual("aax_modified_rule_add_perms", rule.source) self.assertEqual("aax_modified_rule_add_perms", rule.source)
self.assertEqual("aax_modified_rule_add_perms", rule.target) self.assertEqual("aax_modified_rule_add_perms", rule.target)
@ -1667,7 +1668,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0004]), matched_perms) self.assertSetEqual(set([0x0004]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.auditallowxperm, rule.ruletype) self.assertEqual(TRT.auditallowxperm, rule.ruletype)
self.assertEqual("aax_modified_rule_add_remove_perms", rule.source) self.assertEqual("aax_modified_rule_add_remove_perms", rule.source)
self.assertEqual("aax_modified_rule_add_remove_perms", rule.target) self.assertEqual("aax_modified_rule_add_remove_perms", rule.target)
@ -1677,7 +1678,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0008]), matched_perms) self.assertSetEqual(set([0x0008]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.auditallowxperm, rule.ruletype) self.assertEqual(TRT.auditallowxperm, rule.ruletype)
self.assertEqual("aax_modified_rule_remove_perms", rule.source) self.assertEqual("aax_modified_rule_remove_perms", rule.source)
self.assertEqual("aax_modified_rule_remove_perms", rule.target) self.assertEqual("aax_modified_rule_remove_perms", rule.target)
@ -1791,7 +1792,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertEqual(3, len(lst)) self.assertEqual(3, len(lst))
# add permissions # add permissions
rule, added_perms, removed_perms, matched_perms = lst[0] rule, added_perms, removed_perms, matched_perms = astuple(lst[0])
self.assertEqual(TRT.dontauditxperm, rule.ruletype) self.assertEqual(TRT.dontauditxperm, rule.ruletype)
self.assertEqual("dax_modified_rule_add_perms", rule.source) self.assertEqual("dax_modified_rule_add_perms", rule.source)
self.assertEqual("dax_modified_rule_add_perms", rule.target) self.assertEqual("dax_modified_rule_add_perms", rule.target)
@ -1801,7 +1802,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0004]), matched_perms) self.assertSetEqual(set([0x0004]), matched_perms)
# add and remove permissions # add and remove permissions
rule, added_perms, removed_perms, matched_perms = lst[1] rule, added_perms, removed_perms, matched_perms = astuple(lst[1])
self.assertEqual(TRT.dontauditxperm, rule.ruletype) self.assertEqual(TRT.dontauditxperm, rule.ruletype)
self.assertEqual("dax_modified_rule_add_remove_perms", rule.source) self.assertEqual("dax_modified_rule_add_remove_perms", rule.source)
self.assertEqual("dax_modified_rule_add_remove_perms", rule.target) self.assertEqual("dax_modified_rule_add_remove_perms", rule.target)
@ -1811,7 +1812,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
self.assertSetEqual(set([0x0008]), matched_perms) self.assertSetEqual(set([0x0008]), matched_perms)
# remove permissions # remove permissions
rule, added_perms, removed_perms, matched_perms = lst[2] rule, added_perms, removed_perms, matched_perms = astuple(lst[2])
self.assertEqual(TRT.dontauditxperm, rule.ruletype) self.assertEqual(TRT.dontauditxperm, rule.ruletype)
self.assertEqual("dax_modified_rule_remove_perms", rule.source) self.assertEqual("dax_modified_rule_remove_perms", rule.source)
self.assertEqual("dax_modified_rule_remove_perms", rule.target) self.assertEqual("dax_modified_rule_remove_perms", rule.target)
@ -1844,7 +1845,7 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
rules = sorted(self.diff.modified_ibendportcons) rules = sorted(self.diff.modified_ibendportcons)
self.assertEqual(1, len(rules)) self.assertEqual(1, len(rules))
rule, added, removed = rules[0] rule, added, removed = astuple(rules[0])
self.assertEqual("modified", rule.name) self.assertEqual("modified", rule.name)
self.assertEqual(13, rule.port) self.assertEqual(13, rule.port)
self.assertEqual("modified_change_level:object_r:system:s2", added) self.assertEqual("modified_change_level:object_r:system:s2", added)
@ -1892,14 +1893,14 @@ class PolicyDifferenceTest(ValidateRule, unittest.TestCase):
rules = sorted(self.diff.modified_ibpkeycons) rules = sorted(self.diff.modified_ibpkeycons)
self.assertEqual(2, len(rules)) self.assertEqual(2, len(rules))
rule, added, removed = rules[0] rule, added, removed = astuple(rules[0])
self.assertEqual(IPv6Address("aaaa::"), rule.subnet_prefix) self.assertEqual(IPv6Address("aaaa::"), rule.subnet_prefix)
self.assertEqual(0xcccc, rule.pkeys.low) self.assertEqual(0xcccc, rule.pkeys.low)
self.assertEqual(0xdddd, rule.pkeys.high) self.assertEqual(0xdddd, rule.pkeys.high)
self.assertEqual("modified_change_level:object_r:system:s2:c0", added) self.assertEqual("modified_change_level:object_r:system:s2:c0", added)
self.assertEqual("modified_change_level:object_r:system:s2:c1", removed) self.assertEqual("modified_change_level:object_r:system:s2:c1", removed)
rule, added, removed = rules[1] rule, added, removed = astuple(rules[1])
self.assertEqual(IPv6Address("bbbb::"), rule.subnet_prefix) self.assertEqual(IPv6Address("bbbb::"), rule.subnet_prefix)
self.assertEqual(0xf, rule.pkeys.low) self.assertEqual(0xf, rule.pkeys.low)
self.assertEqual(0xf, rule.pkeys.high) self.assertEqual(0xf, rule.pkeys.high)
@ -2738,7 +2739,7 @@ class PolicyDifferenceTestMLStoStandard(unittest.TestCase):
"""MLSvsStandardDiff: MLS property modified only.""" """MLSvsStandardDiff: MLS property modified only."""
self.assertEqual(1, len(self.diff.modified_properties)) self.assertEqual(1, len(self.diff.modified_properties))
name, added, removed = self.diff.modified_properties[0] name, added, removed = astuple(self.diff.modified_properties[0])
self.assertEqual("MLS", name) self.assertEqual("MLS", name)
self.assertIs(False, added) self.assertIs(False, added)
self.assertIs(True, removed) self.assertIs(True, removed)

View File

@ -285,9 +285,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["med_r", "hi_r"]) rule.perms = set(["med_r", "hi_r"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 10) self.assertEqual(weight.read, 10)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_141_weight_write_only(self): def test_141_weight_write_only(self):
"""PermMap get weight of write-only rule.""" """PermMap get weight of write-only rule."""
@ -297,9 +297,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_w", "med_w"]) rule.perms = set(["low_w", "med_w"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 5) self.assertEqual(weight.write, 5)
def test_142_weight_both(self): def test_142_weight_both(self):
"""PermMap get weight of both rule.""" """PermMap get weight of both rule."""
@ -309,9 +309,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_r", "hi_w"]) rule.perms = set(["low_r", "hi_w"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 1) self.assertEqual(weight.read, 1)
self.assertEqual(w, 10) self.assertEqual(weight.write, 10)
def test_143_weight_none(self): def test_143_weight_none(self):
"""PermMap get weight of none rule.""" """PermMap get weight of none rule."""
@ -321,9 +321,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["null"]) rule.perms = set(["null"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_144_weight_unmapped_class(self): def test_144_weight_unmapped_class(self):
"""PermMap get weight of rule with unmapped class.""" """PermMap get weight of rule with unmapped class."""
@ -363,9 +363,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
permmap.exclude_permission("infoflow", "hi_r") permmap.exclude_permission("infoflow", "hi_r")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 5) self.assertEqual(weight.read, 5)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_148_weight_excluded_class(self): def test_148_weight_excluded_class(self):
"""PermMap get weight of a rule with excluded class.""" """PermMap get weight of a rule with excluded class."""
@ -376,9 +376,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
permmap.exclude_class("infoflow") permmap.exclude_class("infoflow")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_150_map_policy(self): def test_150_map_policy(self):
"""PermMap create mappings for classes/perms in a policy.""" """PermMap create mappings for classes/perms in a policy."""