RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-02-23 15:47:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
223 Commits 8 Branches 22 Tags 3.8 MiB
f7f0b96a6b
Commit Graph

223 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris PeBenito
f7f0b96a6b Fix conditional rules in SELinuxPolicy test policy. 
Adjust so no optimization can be made (with a theoretical future
optimizing compiler)
 2015-03-04 12:16:50 -05:00
Chris PeBenito
af3c5b5e3e Add SELinuxPolicy test cases. 
Created a test policy with prime number counts of everything so there
should be no accidental correct answers.
 2015-03-03 13:18:29 -05:00
Chris PeBenito
95d67e013d Remove unnecessary permissive types generator in SELinuxPolicy. 2015-03-03 13:14:18 -05:00
Chris PeBenito
7e8ea8438c Implement level and range criteria for UserQuery. 2015-03-02 09:15:22 -05:00
Chris PeBenito
43c438f14e Lookup objects in Queries as much as possible. 
Eliminates many string conversions and informs user immediately that
something is wrong when they enter e.g. an invalid type.
 2015-03-01 15:27:56 -05:00
Chris PeBenito
02a64002de Fix class_factory exception for invalid object classes. 2015-03-01 15:14:22 -05:00
Chris PeBenito
e3059e3c48 Look up object classes in RuleQuery 
First step in switching all queries to use objects instead of strings.

The main attributes in each query (e.g. self.tclass, self.source, etc.)
will store what was set in the setters, so they can be returned via
future getters. The _cmp (e.g. self.tclass_cmp) attribute will be used
for any comparisons.

This also will eliminate unnecessary string conversions during comparisons.
 2015-03-01 12:06:54 -05:00
Chris PeBenito
f472d6c912 Break up tests in policrep/mls. 2015-02-28 10:59:53 -05:00
Chris PeBenito
1352888dc0 Add additional DTA and infoflow rules for self loop testing. 
An edge from a node going back to itself should be ignored.
 2015-02-28 10:11:13 -05:00
Chris PeBenito
1748982ff3 DTA: ignore non-transitioning transition rules 
Ignore rules like these:

allow eggs_t eggs_t:process transition;
allow eggs_t eggs_t:process dyntransition;

as they don't actually do any transitioning. They unnecessarily inflate the
graph with self loops.
 2015-02-27 14:59:40 -05:00
Chris PeBenito
cdeeb7a92b Fix BaseMLSLevel incomp operator logic. 2015-02-27 11:18:52 -05:00
Chris PeBenito
9e629776f4 Documentation fixes 2015-02-26 12:57:11 -05:00
Chris PeBenito
09eb317996 Remove redundant hashing functions for MLSCategory and MLSSensitivity. 2015-02-26 12:56:13 -05:00
Chris PeBenito
59c74167f2 Rearrange MLS class functions. 2015-02-26 09:00:50 -05:00
Chris PeBenito
1a4292c199 Add contains to MLSRange 
Determine if a level is within a range.
 2015-02-26 08:50:28 -05:00
Chris PeBenito
62a51ccf75 Add hashing functions for MLS objects. 2015-02-26 08:27:58 -05:00
Chris PeBenito
175b7c167f Implement range matching in MLSRuleQuery. 
Skip adding all of the range matching options in sesearch for now, as it
already has a large number of CLI options.

closes #5
 2015-02-25 14:17:38 -05:00
Chris PeBenito
4d19fb964b Remove bad MLSRuleQuery options in sesearch. 
MLSRuleQuery doesn't support indirection because range_transition rules
are always expanded (they never have attributes) in a binary policy.
 2015-02-25 14:16:23 -05:00
Chris PeBenito
12e8c77a13 Add __eq__string comparison fallback for Sensitivity, Level, and Range 2015-02-25 14:14:21 -05:00
Chris PeBenito
9939f5241e Implement MLS range tests on several context-based queries. 2015-02-24 15:50:08 -05:00
Chris PeBenito
fa02fdfbb5 ContextQuery: implement range matching criteria. 
Implement unit tests on FSUseQuery for initial testing.

closes #22
 2015-02-24 09:44:12 -05:00
Chris PeBenito
0b72591b45 Fix lt/gt operations for levels. 2015-02-24 09:37:15 -05:00
Chris PeBenito
455802b7eb Fix handling of range lookups with spaces in them. 
This is to handle ranges with spaces such as "s0:c1 - s0:c0.c255".
 2015-02-23 16:18:12 -05:00
Chris PeBenito
a3870ba5aa Fix .travis.yml. 2015-02-23 08:57:53 -05:00
Chris PeBenito
f37809937c Add patch to libsepol to fix semantic level issue. 2015-02-23 08:48:21 -05:00
Chris PeBenito
fd8aff429d Add misc additional MLS policyrep pieces. 2015-02-22 09:45:09 -05:00
Chris PeBenito
a44a82a8a1 Fix compile error. 2015-02-22 09:43:15 -05:00
Chris PeBenito
a8d7f740b2 Change range constructor to use regular levels instead of semantic ones. 
This affords better error reporting since levels can be invalid for
several reasons.

* Fix memory leak in qpol_semantic_level
* Add unit tests
 2015-02-22 09:24:39 -05:00
Chris PeBenito
9c7ece4ad2 Fix PEP8 issue. 2015-02-21 17:56:22 -05:00
Chris PeBenito
926da1f675 Change libqpol message output. 
Changing ERR/WARN/INFO did not catch error output from libsepol.
 2015-02-21 17:50:19 -05:00
Chris PeBenito
4953ebdcc4 Implement MLS range lookup. 2015-02-21 16:43:32 -05:00
Chris PeBenito
2dd517b4b3 Implement MLS level lookup. 2015-02-21 15:09:52 -05:00
Chris PeBenito
880582fe73 Improve MLS object representation. 
Focused on completeness of the objects, particularly for comparing
levels.

Also leveraged qpol_level_t (level declaration) for MLSSensitivity since
qpol doesn't have a sensitivity object, and there is a 1:1 correspondence
between sensitivity declarations and level statements.
 2015-02-20 10:35:23 -05:00
Chris PeBenito
cf601f08fd Make range matching a generic function. 
Move port range matching algorithm out of PortconQuery so it can be
used for matching MLS ranges.
 2015-02-19 12:50:35 -05:00
Chris PeBenito
79aa06a14f Remove unnecessary Common value function. 2015-02-19 12:43:32 -05:00
Chris PeBenito
2d4b8869b2 Word around bug with the tox deps handling. 
It fails using {[testenv]deps}, when it hits "py27: mock".
 2015-02-16 16:55:08 -05:00
Chris PeBenito
ceb6736962 Implement included/excluded classes/permissions in PermissionMap. 
closes #24
 2015-02-16 16:31:18 -05:00
Chris PeBenito
a6c3784f4d Only run pyXX-coverage instead of pyXX,pyXX-coverage. 
Coverage report already runs unit tests.
 2015-02-16 09:02:29 -05:00
Chris PeBenito
2a13de5736 Merge pull request #48 from kamino/automating-tests-with-tox 
Automating tests with tox
 2015-02-16 08:59:20 -05:00
Fernand Lone-Sang
9bbbf40230 modified initial config for travis-ci 
The following has been removed:

- HTML report, as it is not used at all and may require to define more
  environment

The following has been added:

- py27, py33, py34 specific coverage reports

NOTES:

- It is possible to use environment generators (http://tox.readthedocs.org/en/latest/config.html#generating-environments-conditional-settings)
  but this will make the implicit mode run more modes by default.
- As referenced at https://bitbucket.org/hpk42/tox/issue/120/substitution-breaks-for-commands,
  substitution for commands does not work yet. If substitution for commands is
  implemented someday, the tox.ini file would be simpler.
 2015-02-16 11:13:29 +01:00
Fernand Lone-Sang
35d7964d3c Using tox with travis-ci 
Coupling tox with travis-ci enables to have a consistent testing environment
either locally and remotely. Furthermore, tox allows to test differents
environments (python2 and python3) automatically.
 2015-02-16 09:43:21 +01:00
Fernand Lone-Sang
ad154e0410 ignore coverage-generated files 2015-02-16 09:43:21 +01:00
Fernand Lone-Sang
ba1869f658 add tox configuration file 
From the project webpage:

"""
Tox is a generic virtualenv management and test command line tool you can use
for:

- checking your package installs correctly with different Python versions and
  interpreters
- running your tests in each of the environments, configuring your test tool of
  choice
- acting as a frontend to Continuous Integration servers, greatly reducing
  boilerplate and merging CI and shell-based testing.
"""
 2015-02-16 09:43:21 +01:00
Chris PeBenito
cd3f932f77 Add an enabled field for permissions in permission maps. 
Change to regular dictionaries so when a map is paired with a particular
policy, it must be explicitly checked for unmapped permissions, as
permission maps are otherwise policy-agnostic.
 2015-02-15 17:21:47 -05:00
Chris PeBenito
5983b87d5f Add Constraint and Validatetrans class docs. 2015-02-15 17:17:58 -05:00
Chris PeBenito
a08873765c Improve readability of Constraint expression rendering. 
Fix all four constraint rule classes; (mls)validatetrans statements now
render correctly.
 2015-02-14 17:19:58 -05:00
Chris PeBenito
7bacae7596 Improve readability of ConditionalExpression rendering code. 2015-02-14 17:17:52 -05:00
Chris PeBenito
2f44b599ca Reflow lines with new max line length. 
Undo past whitespace fixes that are now unnecessary now that the max
line length increased to 100.
 2015-02-14 10:40:38 -05:00
Chris PeBenito
f73e1d2850 Fix parameter moving errors in sesearch. 2015-02-14 10:33:18 -05:00
Chris PeBenito
12a778192c PEP8 fix for Symbol.__ne__(). 2015-02-13 15:10:26 -05:00