RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-22 12:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sepolicy: update some users of search() to use setools directly

Browse Source 
search() is an overly complex wrapper around setools, several users are
simplified by just directly using setools.

Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2016-09-22 23:17:29 +08:00 committed by Stephen Smalley
parent cf6bd6ae04
commit 18410c86f7
1 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
policycoreutils/sepolicy/sepolicy/__init__.py
View File

@ -460,12 +460,12 @@ def get_all_entrypoints():
def get_entrypoint_types(setype): def get_entrypoint_types(setype):
entrypoints = [] q = setools.TERuleQuery(_pol,
try: ruletype=[ALLOW],
entrypoints = map(lambda x: x['target'], filter(lambda x: x['source'] == setype, search([ALLOW], {'source': setype, 'permlist': ['entrypoint'], 'class': 'file'}))) source=setype,
except TypeError: tclass=["file"],
pass perms=["entrypoint"])
return entrypoints return [str(x.target) for x in q.results() if x.source == setype]
def get_init_transtype(path): def get_init_transtype(path):
@ -481,14 +481,19 @@ def get_init_transtype(path):
def get_init_entrypoint(transtype): def get_init_entrypoint(transtype):
try: q = setools.TERuleQuery(_pol,
entrypoints = filter(lambda x: x['transtype'] == transtype, search([TRANSITION], {'source': "init_t", 'class': 'process'})) ruletype=["type_transition"],
if len(entrypoints) == 0: source="init_t",
return None tclass=["process"])
return entrypoints[0]["target"] entrypoints = []
except TypeError: for i in q.results():
pass try:
return None if i.default == transtype:
entrypoints.append(i.target)
except AttributeError:
continue
return entrypoints
def get_init_entrypoint_target(entrypoint): def get_init_entrypoint_target(entrypoint):
@ -551,13 +556,17 @@ def get_all_role_allows():
if role_allows: if role_allows:
return role_allows return role_allows
role_allows = {} role_allows = {}
for r in search([ROLE_ALLOW]):
if r["source"] == "system_r" or r["target"] == "system_r": q = setools.RBACRuleQuery(_pol, ruletype='allow')
for r in q.results():
src = str(r.source)
tgt = str(r.target)
if src == "system_r" or tgt == "system_r":
continue continue
if r["source"] in role_allows: if src in role_allows:
role_allows[r["source"]].append(r["target"]) role_allows[src].append(tgt)
else: else:
role_allows[r["source"]] = [r["target"]] role_allows[src] = [tgt]
return role_allows return role_allows