mirror of
https://github.com/SELinuxProject/selinux
synced 2025-03-05 17:57:34 +00:00
python: Import specific modules from setools for less deps
Import the setools classes needed for Python bindings from specific setools modules in order to reduce the dependency footprint of the Python bindings. Importing the top-level module causes all setools modules to be loaded which includes the modules that require networkx. SELinux packages belong to the group of core system packages on Gentoo Linux. It is desirable to keep the system set as small as possible, and the dependency between setools and networkx seems to be the easiest link to break without major loss of functionality. Signed-off-by: Michał Górny <mgorny@gentoo.org>
This commit is contained in:
Michał Górny
James Carter
parent
8c21eeeace
commit
ba23ba0683
@ -31,7 +31,8 @@ import socket
|
||||
from semanage import *
|
||||
PROGNAME = "policycoreutils"
|
||||
import sepolicy
|
||||
import setools
|
||||
from setools.policyrep import SELinuxPolicy
|
||||
from setools.typequery import TypeQuery
|
||||
import ipaddress
|
||||
|
||||
try:
|
||||
@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords):
|
||||
def __init__(self, args = None):
|
||||
semanageRecords.__init__(self, args)
|
||||
try:
|
||||
q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
|
||||
q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
|
||||
self.valid_types = sorted(str(t) for t in q.results())
|
||||
except:
|
||||
pass
|
||||
@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords):
|
||||
def __init__(self, args = None):
|
||||
semanageRecords.__init__(self, args)
|
||||
try:
|
||||
q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
|
||||
q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
|
||||
self.valid_types = set(str(t) for t in q.results())
|
||||
except:
|
||||
pass
|
||||
|
||||
@ -4,7 +4,6 @@
|
||||
|
||||
import errno
|
||||
import selinux
|
||||
import setools
|
||||
import glob
|
||||
import sepolgen.defaults as defaults
|
||||
import sepolgen.interfaces as interfaces
|
||||
@ -13,6 +12,17 @@ import os
|
||||
import re
|
||||
import gzip
|
||||
|
||||
from setools.boolquery import BoolQuery
|
||||
from setools.portconquery import PortconQuery
|
||||
from setools.policyrep import SELinuxPolicy
|
||||
from setools.objclassquery import ObjClassQuery
|
||||
from setools.rbacrulequery import RBACRuleQuery
|
||||
from setools.rolequery import RoleQuery
|
||||
from setools.terulequery import TERuleQuery
|
||||
from setools.typeattrquery import TypeAttributeQuery
|
||||
from setools.typequery import TypeQuery
|
||||
from setools.userquery import UserQuery
|
||||
|
||||
PROGNAME = "policycoreutils"
|
||||
try:
|
||||
import gettext
|
||||
@ -168,7 +178,7 @@ def policy(policy_file):
|
||||
global _pol
|
||||
|
||||
try:
|
||||
_pol = setools.SELinuxPolicy(policy_file)
|
||||
_pol = SELinuxPolicy(policy_file)
|
||||
except:
|
||||
raise ValueError(_("Failed to read %s policy file") % policy_file)
|
||||
|
||||
@ -188,7 +198,7 @@ def info(setype, name=None):
|
||||
init_policy()
|
||||
|
||||
if setype == TYPE:
|
||||
q = setools.TypeQuery(_pol)
|
||||
q = TypeQuery(_pol)
|
||||
q.name = name
|
||||
results = list(q.results())
|
||||
|
||||
@ -206,7 +216,7 @@ def info(setype, name=None):
|
||||
} for x in results)
|
||||
|
||||
elif setype == ROLE:
|
||||
q = setools.RoleQuery(_pol)
|
||||
q = RoleQuery(_pol)
|
||||
if name:
|
||||
q.name = name
|
||||
|
||||
@ -217,7 +227,7 @@ def info(setype, name=None):
|
||||
} for x in q.results())
|
||||
|
||||
elif setype == ATTRIBUTE:
|
||||
q = setools.TypeAttributeQuery(_pol)
|
||||
q = TypeAttributeQuery(_pol)
|
||||
if name:
|
||||
q.name = name
|
||||
|
||||
@ -227,7 +237,7 @@ def info(setype, name=None):
|
||||
} for x in q.results())
|
||||
|
||||
elif setype == PORT:
|
||||
q = setools.PortconQuery(_pol)
|
||||
q = PortconQuery(_pol)
|
||||
if name:
|
||||
ports = [int(i) for i in name.split("-")]
|
||||
if len(ports) == 2:
|
||||
@ -251,7 +261,7 @@ def info(setype, name=None):
|
||||
} for x in q.results())
|
||||
|
||||
elif setype == USER:
|
||||
q = setools.UserQuery(_pol)
|
||||
q = UserQuery(_pol)
|
||||
if name:
|
||||
q.name = name
|
||||
|
||||
@ -268,7 +278,7 @@ def info(setype, name=None):
|
||||
} for x in q.results())
|
||||
|
||||
elif setype == BOOLEAN:
|
||||
q = setools.BoolQuery(_pol)
|
||||
q = BoolQuery(_pol)
|
||||
if name:
|
||||
q.name = name
|
||||
|
||||
@ -278,7 +288,7 @@ def info(setype, name=None):
|
||||
} for x in q.results())
|
||||
|
||||
elif setype == TCLASS:
|
||||
q = setools.ObjClassQuery(_pol)
|
||||
q = ObjClassQuery(_pol)
|
||||
if name:
|
||||
q.name = name
|
||||
|
||||
@ -372,11 +382,11 @@ def search(types, seinfo=None):
|
||||
tertypes.append(DONTAUDIT)
|
||||
|
||||
if len(tertypes) > 0:
|
||||
q = setools.TERuleQuery(_pol,
|
||||
ruletype=tertypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
q = TERuleQuery(_pol,
|
||||
ruletype=tertypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
|
||||
if PERMS in seinfo:
|
||||
q.perms = seinfo[PERMS]
|
||||
@ -385,11 +395,11 @@ def search(types, seinfo=None):
|
||||
|
||||
if TRANSITION in types:
|
||||
rtypes = ['type_transition', 'type_change', 'type_member']
|
||||
q = setools.TERuleQuery(_pol,
|
||||
ruletype=rtypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
q = TERuleQuery(_pol,
|
||||
ruletype=rtypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
|
||||
if PERMS in seinfo:
|
||||
q.perms = seinfo[PERMS]
|
||||
@ -398,11 +408,11 @@ def search(types, seinfo=None):
|
||||
|
||||
if ROLE_ALLOW in types:
|
||||
ratypes = ['allow']
|
||||
q = setools.RBACRuleQuery(_pol,
|
||||
ruletype=ratypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
q = RBACRuleQuery(_pol,
|
||||
ruletype=ratypes,
|
||||
source=source,
|
||||
target=target,
|
||||
tclass=tclass)
|
||||
|
||||
for r in q.results():
|
||||
toret.append({'source': str(r.source),
|
||||
@ -720,11 +730,11 @@ def get_all_entrypoints():
|
||||
|
||||
|
||||
def get_entrypoint_types(setype):
|
||||
q = setools.TERuleQuery(_pol,
|
||||
ruletype=[ALLOW],
|
||||
source=setype,
|
||||
tclass=["file"],
|
||||
perms=["entrypoint"])
|
||||
q = TERuleQuery(_pol,
|
||||
ruletype=[ALLOW],
|
||||
source=setype,
|
||||
tclass=["file"],
|
||||
perms=["entrypoint"])
|
||||
return [str(x.target) for x in q.results() if x.source == setype]
|
||||
|
||||
|
||||
@ -739,10 +749,10 @@ def get_init_transtype(path):
|
||||
|
||||
|
||||
def get_init_entrypoint(transtype):
|
||||
q = setools.TERuleQuery(_pol,
|
||||
ruletype=["type_transition"],
|
||||
source="init_t",
|
||||
tclass=["process"])
|
||||
q = TERuleQuery(_pol,
|
||||
ruletype=["type_transition"],
|
||||
source="init_t",
|
||||
tclass=["process"])
|
||||
entrypoints = []
|
||||
for i in q.results():
|
||||
try:
|
||||
@ -754,10 +764,10 @@ def get_init_entrypoint(transtype):
|
||||
return entrypoints
|
||||
|
||||
def get_init_entrypoints_str():
|
||||
q = setools.TERuleQuery(_pol,
|
||||
ruletype=["type_transition"],
|
||||
source="init_t",
|
||||
tclass=["process"])
|
||||
q = TERuleQuery(_pol,
|
||||
ruletype=["type_transition"],
|
||||
source="init_t",
|
||||
tclass=["process"])
|
||||
entrypoints = {}
|
||||
for i in q.results():
|
||||
try:
|
||||
@ -837,7 +847,7 @@ def get_all_role_allows():
|
||||
return role_allows
|
||||
role_allows = {}
|
||||
|
||||
q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
|
||||
q = RBACRuleQuery(_pol, ruletype=[ALLOW])
|
||||
for r in q.results():
|
||||
src = str(r.source)
|
||||
tgt = str(r.target)
|
||||
@ -923,7 +933,7 @@ def get_all_roles():
|
||||
if not _pol:
|
||||
init_policy()
|
||||
|
||||
q = setools.RoleQuery(_pol)
|
||||
q = RoleQuery(_pol)
|
||||
roles = [str(x) for x in q.results() if str(x) != "object_r"]
|
||||
return roles
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user