RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-04 23:39:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

RuleWeight: Change to dataclass.

Browse Source 
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2023-03-24 11:16:01 -04:00
parent 450f94875a
commit 02e70efcb0
3 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
setools/infoflow.py
View File

@ -313,21 +313,21 @@ class InfoFlowAnalysis:
if rule.ruletype != TERuletype.allow: if rule.ruletype != TERuletype.allow:
continue continue
(rweight, wweight) = self.perm_map.rule_weight(cast(AVRule, rule)) weight = self.perm_map.rule_weight(cast(AVRule, rule))
for s, t in itertools.product(rule.source.expand(), rule.target.expand()): for s, t in itertools.product(rule.source.expand(), rule.target.expand()):
# only add flows if they actually flow # only add flows if they actually flow
# in or out of the source type type # in or out of the source type type
if s != t: if s != t:
if wweight: if weight.write:
edge = InfoFlowStep(self.G, s, t, create=True) edge = InfoFlowStep(self.G, s, t, create=True)
edge.rules.append(rule) edge.rules.append(rule)
edge.weight = wweight edge.weight = weight.write
if rweight: if weight.read:
edge = InfoFlowStep(self.G, t, s, create=True) edge = InfoFlowStep(self.G, t, s, create=True)
edge.rules.append(rule) edge.rules.append(rule)
edge.weight = rweight edge.weight = weight.read
self.rebuildgraph = False self.rebuildgraph = False
self.rebuildsubgraph = True self.rebuildsubgraph = True

7
setools/permmap.py
View File

@ -6,12 +6,14 @@ import logging
import copy import copy
from collections import OrderedDict from collections import OrderedDict
from contextlib import suppress from contextlib import suppress
from typing import cast, Dict, Iterable, NamedTuple, Optional, Union from dataclasses import dataclass
from typing import cast, Dict, Iterable, Optional, Union
import pkg_resources import pkg_resources
from . import exception from . import exception
from .descriptors import PermissionMapDescriptor from .descriptors import PermissionMapDescriptor
from .mixins import TupleCompat
from .policyrep import AVRule, SELinuxPolicy, TERuletype from .policyrep import AVRule, SELinuxPolicy, TERuletype
INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u") INFOFLOW_DIRECTIONS = ("r", "w", "b", "n", "u")
@ -19,7 +21,8 @@ MIN_WEIGHT = 1
MAX_WEIGHT = 10 MAX_WEIGHT = 10
class RuleWeight(NamedTuple): @dataclass
class RuleWeight(TupleCompat):
"""The read and write weights for a rule, given all of its permissions.""" """The read and write weights for a rule, given all of its permissions."""

36
tests/test_permmap.py
View File

@ -285,9 +285,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["med_r", "hi_r"]) rule.perms = set(["med_r", "hi_r"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 10) self.assertEqual(weight.read, 10)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_141_weight_write_only(self): def test_141_weight_write_only(self):
"""PermMap get weight of write-only rule.""" """PermMap get weight of write-only rule."""
@ -297,9 +297,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_w", "med_w"]) rule.perms = set(["low_w", "med_w"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 5) self.assertEqual(weight.write, 5)
def test_142_weight_both(self): def test_142_weight_both(self):
"""PermMap get weight of both rule.""" """PermMap get weight of both rule."""
@ -309,9 +309,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["low_r", "hi_w"]) rule.perms = set(["low_r", "hi_w"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 1) self.assertEqual(weight.read, 1)
self.assertEqual(w, 10) self.assertEqual(weight.write, 10)
def test_143_weight_none(self): def test_143_weight_none(self):
"""PermMap get weight of none rule.""" """PermMap get weight of none rule."""
@ -321,9 +321,9 @@ class PermissionMapTest(unittest.TestCase):
rule.perms = set(["null"]) rule.perms = set(["null"])
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_144_weight_unmapped_class(self): def test_144_weight_unmapped_class(self):
"""PermMap get weight of rule with unmapped class.""" """PermMap get weight of rule with unmapped class."""
@ -363,9 +363,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
permmap.exclude_permission("infoflow", "hi_r") permmap.exclude_permission("infoflow", "hi_r")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 5) self.assertEqual(weight.read, 5)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_148_weight_excluded_class(self): def test_148_weight_excluded_class(self):
"""PermMap get weight of a rule with excluded class.""" """PermMap get weight of a rule with excluded class."""
@ -376,9 +376,9 @@ class PermissionMapTest(unittest.TestCase):
permmap = PermissionMap("tests/perm_map") permmap = PermissionMap("tests/perm_map")
permmap.exclude_class("infoflow") permmap.exclude_class("infoflow")
r, w = permmap.rule_weight(rule) weight = permmap.rule_weight(rule)
self.assertEqual(r, 0) self.assertEqual(weight.read, 0)
self.assertEqual(w, 0) self.assertEqual(weight.write, 0)
def test_150_map_policy(self): def test_150_map_policy(self):
"""PermMap create mappings for classes/perms in a policy.""" """PermMap create mappings for classes/perms in a policy."""