RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-24 16:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
349 Commits 8 Branches 22 Tags 3.8 MiB
20ee139f3b
Commit Graph

349 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
c6a280e79a Add more info for libsepol patch. 
List known test failures seen without this patch.
 2015-03-31 09:31:56 -04:00
Chris PeBenito
bb1734e9e5 RangeFactoryTest: add test for high end of range being invalid 2015-03-29 09:40:15 -04:00
Chris PeBenito
e849bf26a9 Infoflow: move internal functions 
Also rename step generator function.
 2015-03-28 19:25:53 -04:00
Chris PeBenito
ba461e3fef DTA: move internal functions 2015-03-28 19:22:11 -04:00
Chris PeBenito
4f73368b7e DTA/InfoFlow: add unit tests for analysis functions 
The purpose is not to verify graph algorithm correctness. The purpose is to
verify everything is yielded correctly.
 2015-03-28 11:50:44 -04:00
Chris PeBenito
a64d20c36d InfoFlowAnalysis: add option for incoming infoflows 2015-03-28 11:42:00 -04:00
Chris PeBenito
708ccbbecd DTA: revise generators 
* Pull the edge attribute data once and pass it along to minimize risk of
  errors accessing edge data.
* Rename generators to be clear that they are generators
* __generate_entrypoints(): Each ruletype is populated; if there are no
  rules, then there is still an empty list. No need for extra checking.
* Clarify some docs
 2015-03-28 11:38:23 -04:00
Chris PeBenito
3e6a509ecb NodeconQueryTest: fix typo in messages 2015-03-27 13:22:12 -04:00
Chris PeBenito
2ea074e563 InfoFlowAnalysisTest: improve efficiency 
The main graph is never rebuilt since the perm map never changes.  This
mirrors how a user might interact. If in the future perm map changes
are introduced, the code should still cope.

Also one minor efficiency tweak in InfoFlowAnalysis. Don't bother removing
edges due to weight if it is set to 1 since that includes everything.
 2015-03-27 12:30:43 -04:00
Chris PeBenito
c9c995e7f3 NodeconQueryTest: Change IP criteria to skip on Python < 3.3 2015-03-27 09:38:00 -04:00
Chris PeBenito
c6f11ca80e DTA: add error testing on the interface. 2015-03-27 09:15:15 -04:00
Chris PeBenito
758865e3a9 InfoFlow tests: fix disconnected node tests 
The no_flow type wasn't ever in the graph.
 2015-03-27 09:07:48 -04:00
Chris PeBenito
84217f0d73 DTA/InfoFlow: change exclude to handle None 
This is a little clearer than having an empty list, from the caller side.
 2015-03-27 09:06:16 -04:00
Chris PeBenito
ec9de08ac6 InfoFlowAnalysis: Add interface error tests. 
Unconvered 2 minor NetworkX error path bugs:
networkx/networkx#1430
networkx/networkx#1433
 2015-03-26 14:48:29 -04:00
Chris PeBenito
87d89c6dd1 symbol: change InvalidSymbol to inherit ValueError. 2015-03-26 11:10:18 -04:00
Chris PeBenito
cb18f4c21f InfoFlowAnalysis: change set_perm_map() to only take map objects. 
Remove this handling from the analysis code.  It now expects a permission
map to be passed in, and won't handle a string.
 2015-03-26 11:05:19 -04:00
Chris PeBenito
c224995eeb Fully configure logging in CLI tools. 2015-03-25 13:40:03 -04:00
Chris PeBenito
0fc61b0a54 Add initial sid lookup functions. 2015-03-25 13:25:07 -04:00
Chris PeBenito
7b1f462567 SELinuxPolicy: add functions for validating rule types. 2015-03-24 16:12:18 -04:00
Chris PeBenito
f274677c28 DTA/Infoflow: fix catching of NetworkX no path exception. 
Since the functions are generators, the exception isn't hit until the
generator is iterated.
 2015-03-23 14:46:50 -04:00
Chris PeBenito
64cda06216 DTA/Infoflow: additional logging. 2015-03-23 14:42:55 -04:00
Chris PeBenito
286adab308 qpol.i: add missing out-of-memory check for qpol_log_callback() 2015-03-22 14:34:21 -04:00
Chris PeBenito
402c6d1c6f seinfo: add useful expanded info for attributes 2015-03-22 11:46:44 -04:00
Chris PeBenito
11fdaa7ad6 Route libqpol meessages through Python logging. 
Does not include errors from the lex/yacc.
 2015-03-21 16:23:59 -04:00
Chris PeBenito
f2d334c691 LevelFactoryTest: add extra test for category range parse error. 
Such as: s0:c0.c2.c4
 2015-03-20 12:03:09 -04:00
Chris PeBenito
a4ab5b64d5 Implement logging in all Queries. 2015-03-20 12:02:13 -04:00
Chris PeBenito
3d1c8af0c1 Remove rule type combination parser error. 
It is possible to have a match across all three types of rules:
* same target type for (type|role|range)_transition
* regex, e.g. sysadm_(r|t)
 2015-03-20 11:54:08 -04:00
Chris PeBenito
b7ae7520a7 Add --common option to seinfo for CommonQuery. 2015-03-20 11:50:25 -04:00
Chris PeBenito
ea01e19215 PortconQuery: fix naming of port range options 2015-03-20 10:28:57 -04:00
Chris PeBenito
d6d2b9cf85 Add SELinuxPolicy.__repr__() and .__str__(). 
Start using it for logging.
 2015-03-19 15:24:52 -04:00
Chris PeBenito
1dd17a0718 Remove unnecessary option defaults in CLI tools. 2015-03-19 15:20:37 -04:00
Chris PeBenito
f216d7cf24 setools.*: standardize queries to None defaults instead of empty strings. 
Clearer intent and nicer for logging output.  Removes unnecessary type
conversions.
 2015-03-19 14:03:36 -04:00
Chris PeBenito
de716ba6a5 Add logging. 
Not comprehensive yet. Only planning to do setools pkg (not policyrep),
with the exception being the SELinuxPolicy class in policyrep.

Avoids performance-critical paths.  Use only info and debug so in normal
cases the user only sees messages if they ask for it (e.g. -v).
 2015-03-19 08:07:23 -04:00
Chris PeBenito
97c80f22a5 InfoFlowAnalysis: map all permissions from the policy. 2015-03-18 10:33:44 -04:00
Chris PeBenito
712138178f PermissionMap: implement policy mapping function. 
Also add unit tests for parsing functions.

closes #23
 2015-03-18 10:16:15 -04:00
Chris PeBenito
ed35d206d9 Change unit tests to use setUpClass for opening policies. 2015-03-18 09:44:16 -04:00
Chris PeBenito
6e02b24c13 No coverage for PolicySymbol.__hash__() error path. 2015-03-17 14:49:57 -04:00
Chris PeBenito
6653c8b130 Misc whitespace fixes. 2015-03-16 13:54:03 -04:00
Chris PeBenito
5312074aa5 Remove unnecessary bool conversion for SELinuxPolicy.mls. 2015-03-16 10:47:48 -04:00
Chris PeBenito
4ecd6d00a5 Implement TypeAttributeQuery. 
closes #13
closes #14
 2015-03-16 10:46:33 -04:00
Chris PeBenito
39898d9572 Fix dereferencing in policyrep.typeattr factories. 
Qpol already dereferences aliases internally.
 2015-03-16 10:40:53 -04:00
Chris PeBenito
f4b1b68195 Rename type attribute interfaces. 
Make sure they reflect that they are for type rather than role attributes.
 2015-03-16 10:38:43 -04:00
Chris PeBenito
606bda30a9 Fix ConstraintQuery docs. 2015-03-16 10:27:52 -04:00
Chris PeBenito
46392c752b Add tests for MLS factory functions on MLS-disabled policy. 2015-03-15 15:01:46 -04:00
Chris PeBenito
757a16750b Fix qpol_context_get_range() not to segfault on MLS-disabled policy. 
Correspondingly fix MLS object factories to immediately check if MLS is
disabled and short circuit if so.
 2015-03-15 12:37:24 -04:00
Chris PeBenito
e3f2a98c43 Merge validatetrans into constraints in policyrep. 2015-03-14 14:52:58 -04:00
Chris PeBenito
3c8afd93e2 Reorder seinfo options. 2015-03-13 13:00:55 -04:00
Chris PeBenito
659ae2b7b2 Implement ValidatetransQuery. 
Still needs unit tests.
 2015-03-12 13:45:42 -04:00
Chris PeBenito
a24a59ee08 Revise policyrep exceptions. 
Add exception for objects that have no corresponding statement, such
as conditional expressions and MLS ranges.

Rename InvalidRuleUse to RuleUseError.
 2015-03-12 12:45:20 -04:00
Chris PeBenito
cab5f8958b Rename type or type attribute lookup interfaces. 
Also the corresponding factory function.
 2015-03-12 10:55:18 -04:00