TypeQuery needed the permisive matching support to be complete. This made
PermissiveQuery redundant.
Made the permissive state an option, so enforcing types could be queried.
This fix removes "error: label 'fail' defined but not used [-Werror=unused-label]"
compilation errors. Exceptions handlers (fail label) where defined in swig, but no
exceptions where raised in the function, causing the compilation error.
* break apart classes that are overloaded (e.g. TypeAttr)
* move object class member function out of Rule subclasses, into Rule.
* Fix SWIG wrapper to make class member function for rules to be consistent
* Restructure queries to only have one output
* Fix portcon help info to be clearer about specifying ports
* Cover all functions with exception handling
Fully compare the lists rather than only counting objects.
Also fix comparison problem in Nodecon and Genfscon. In libqpol, the all
genfscons/nodecons iterators allocate new objects, so the pointer
comparison in PolicySymbol fails.
Python 3.3's IPv6Network constructor does not support an expanded netmask
for specifying the network, only CIDR. Convert all netmasks to CIDR.
The code does not verify that the orignal expanded netmask from the policy
is correct; it counts all set bits in the netmask.
Also add IPv6 NodeconQuery unit tests.
We always want the rule_weight to work, even in the face of unmapped
permissions. Other functions, e.g. for handling permission map editing
and saving may raise an exception.
Infoflow now will create a complete graph for the policy and then create
a subgraph to filter out nodes based on excluded types and edges based on
minimum weight. The main graph will only need to be rebuilt if there is
a change in the permission map. While this is a little more expensive for
seinfoflow, it should make interactive analysis in apol faster since
repeatedly deriving a subgraph will be faster than repeatedly rebuilding
the entire graph.
Hash on the value since there are multiple levels of indirection to the
underlying object. Otherwise hashing keys never match up multiple
instances of a Python object that point to the same policy object.
Also add a repr function that will make debugging doable when dealing
with Symbol objects instead of string representations.
