diff --git a/sedta b/sedta index a559527..1d83b1c 100755 --- a/sedta +++ b/sedta @@ -70,12 +70,10 @@ parser = argparse.ArgumentParser( description="SELinux policy domain transition analysis tool.", epilog="If no analysis is selected, all forward transitions out of the source will be printed.") parser.add_argument("--version", action="version", version=setools.__version__) -parser.add_argument( - "-p", "--policy", help="Path to SELinux policy to analyze.", required=True) -parser.add_argument( - "-s", "--source", help="Source type of the analysis.", required=True, default="") -parser.add_argument( - "-t", "--target", help="Target type of the analysis.", default="") +parser.add_argument("-p", "--policy", help="Path to SELinux policy to analyze.", required=True) +parser.add_argument("-s", "--source", help="Source type of the analysis.", + required=True, default="") +parser.add_argument("-t", "--target", help="Target type of the analysis.", default="") parser.add_argument("--stats", action="store_true", help="Display statistics at the end of the analysis.") @@ -88,8 +86,7 @@ alg.add_argument("-A", "--all_paths", type=int, metavar="MAX_STEPS", opts = parser.add_argument_group("Analysis options") opts.add_argument("-r", "--reverse", action="store_true", default=False, help="Perform a reverse DTA.") -opts.add_argument( - "exclude", help="List of excluded types in the analysis.", nargs="*") +opts.add_argument("exclude", help="List of excluded types in the analysis.", nargs="*") args = parser.parse_args() diff --git a/seinfo b/seinfo index 915fc1b..9bec9c2 100755 --- a/seinfo +++ b/seinfo @@ -105,8 +105,7 @@ try: if args.initialsidquery or args.all: if isinstance(args.initialsidquery, str): - q = setools.initsidquery.InitialSIDQuery( - p, name=args.initialsidquery) + q = setools.initsidquery.InitialSIDQuery(p, name=args.initialsidquery) else: q = setools.initsidquery.InitialSIDQuery(p) components.append(("Initial SIDs", q)) @@ -139,16 +138,14 @@ try: try: ports = [int(i) for i in args.portconquery.split("-")] except: - parser.error( - "Enter a port number or range, e.g. 22 or 6000-6020") + parser.error("Enter a port number or range, e.g. 22 or 6000-6020") if len(ports) == 2: q.set_ports((ports[0], ports[1])) elif len(ports) == 1: q.set_ports((ports[0], ports[0])) else: - parser.error( - "Enter a port number or range, e.g. 22 or 6000-6020") + parser.error("Enter a port number or range, e.g. 22 or 6000-6020") else: q = setools.portconquery.PortconQuery(p) diff --git a/sesearch b/sesearch index 4847f22..477d895 100755 --- a/sesearch +++ b/sesearch @@ -101,8 +101,7 @@ if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes: parser.error("At least one rule type must be specified.") if (args.tertypes or args.mlsrtypes) and args.rbacrtypes: - parser.error( - "TE/MLS rule searches cannot be mixed with RBAC rule searches.") + parser.error("TE/MLS rule searches cannot be mixed with RBAC rule searches.") try: p = setools.SELinuxPolicy(args.policy) diff --git a/setools/contextquery.py b/setools/contextquery.py index a9231be..1033564 100644 --- a/setools/contextquery.py +++ b/setools/contextquery.py @@ -73,8 +73,7 @@ class ContextQuery(query.PolicyQuery): return False if range_: - raise NotImplementedError( - "Context range queries are not yet implemented.") + raise NotImplementedError return True diff --git a/setools/dta.py b/setools/dta.py index f542267..d9a6e16 100644 --- a/setools/dta.py +++ b/setools/dta.py @@ -350,8 +350,7 @@ class DomainTransitionAnalysis(object): entrypoint = defaultdict(lambda: defaultdict(list)) # hash table keyed on (domain, entrypoint, target domain) - type_trans = defaultdict( - lambda: defaultdict(lambda: defaultdict(list))) + type_trans = defaultdict(lambda: defaultdict(lambda: defaultdict(list))) for r in self.policy.terules(): if r.ruletype == "allow": @@ -362,16 +361,12 @@ class DomainTransitionAnalysis(object): if r.tclass == "process": if "transition" in perms: - for s, t in itertools.product( - r.source.expand(), - r.target.expand()): + for s, t in itertools.product(r.source.expand(), r.target.expand()): self.__add_edge(s, t) self.G[s][t]['transition'].append(r) if "dyntransition" in perms: - for s, t in itertools.product( - r.source.expand(), - r.target.expand()): + for s, t in itertools.product(r.source.expand(), r.target.expand()): self.__add_edge(s, t) self.G[s][t]['dyntransition'].append(r) @@ -391,9 +386,7 @@ class DomainTransitionAnalysis(object): execute[s][t].append(r) if "entrypoint" in perms: - for s, t in itertools.product( - r.source.expand(), - r.target.expand()): + for s, t in itertools.product(r.source.expand(), r.target.expand()): entrypoint[s][t].append(r) elif r.ruletype == "type_transition": @@ -401,9 +394,7 @@ class DomainTransitionAnalysis(object): continue d = r.default - for s, t in itertools.product( - r.source.expand(), - r.target.expand()): + for s, t in itertools.product(r.source.expand(), r.target.expand()): type_trans[s][t][d].append(r) invalid_edge = [] @@ -433,8 +424,7 @@ class DomainTransitionAnalysis(object): self.G[s][t]['execute'][m] += execute[s][m] if type_trans[s][m][t]: - self.G[s][t]['type_transition'][ - m] += type_trans[s][m][t] + self.G[s][t]['type_transition'][m] += type_trans[s][m][t] if s in setexec: self.G[s][t]['setexec'] += setexec[s] diff --git a/setools/infoflow.py b/setools/infoflow.py index 8125f9c..e10c10a 100644 --- a/setools/infoflow.py +++ b/setools/infoflow.py @@ -280,8 +280,7 @@ class InfoFlowAnalysis(object): edgecap = self.G.edge[source][target]['capacity'] self.G.edge[source][target]['capacity'] = max(edgecap, weight) else: - self.G.add_edge( - source, target, capacity=weight, weight=1, rules=[rule]) + self.G.add_edge(source, target, capacity=weight, weight=1, rules=[rule]) def _build_graph(self): self.G.clear() diff --git a/setools/nodeconquery.py b/setools/nodeconquery.py index edb1e5b..6c6df7c 100644 --- a/setools/nodeconquery.py +++ b/setools/nodeconquery.py @@ -78,8 +78,7 @@ class NodeconQuery(contextquery.ContextQuery): except NameError: # pragma: no cover # Should never actually hit this since the self.network # setter raises the same exception. - raise RuntimeError( - "IP address/network functions require Python 3.3+.") + raise RuntimeError("IP address/network functions require Python 3.3+.") # Python 3.3's IPv6Network constructor does not support # expanded netmasks, only CIDR numbers. Convert netmask @@ -142,8 +141,7 @@ class NodeconQuery(contextquery.ContextQuery): try: self.network = ipaddress.ip_network(net) except NameError: # pragma: no cover - raise RuntimeError( - "IP address/network functions require Python 3.3+.") + raise RuntimeError("IP address/network functions require Python 3.3+.") else: # ensure self.network is set self.network = None diff --git a/setools/objclassquery.py b/setools/objclassquery.py index 5487b0a..420e5f4 100644 --- a/setools/objclassquery.py +++ b/setools/objclassquery.py @@ -56,10 +56,7 @@ class ObjClassQuery(compquery.ComponentQuery): self.policy = policy self.set_name(name, regex=name_regex) self.set_common(common, regex=common_regex) - self.set_perms(perms, - regex=perms_regex, - equal=perms_equal, - indirect=perms_indirect) + self.set_perms(perms, regex=perms_regex, equal=perms_equal, indirect=perms_indirect) def results(self): """Generator which yields all matching object classes.""" diff --git a/setools/policyrep/__init__.py b/setools/policyrep/__init__.py index 006ee82..8e3fd71 100644 --- a/setools/policyrep/__init__.py +++ b/setools/policyrep/__init__.py @@ -69,8 +69,7 @@ class SELinuxPolicy(object): try: self.policy = qpol.qpol_policy_t(policyfile, 0) except OSError as err: - raise OSError( - "Error opening policy file \"{0}\": {1}".format(policyfile, err)) + raise OSError("Error opening policy file \"{0}\": {1}".format(policyfile, err)) # # Policy properties diff --git a/setools/policyrep/terule.py b/setools/policyrep/terule.py index 0112810..818cb2a 100644 --- a/setools/policyrep/terule.py +++ b/setools/policyrep/terule.py @@ -105,13 +105,11 @@ class AVRule(BaseTERule): @property def default(self): """The rule's default type.""" - raise rule.InvalidRuleUse( - "{0} rules do not have a default type.".format(self.ruletype)) + raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype)) @property def filename(self): - raise rule.InvalidRuleUse( - "{0} rules do not have file names".format(self.ruletype)) + raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype)) class TERule(BaseTERule): @@ -146,8 +144,7 @@ class TERule(BaseTERule): try: return typeattr.type_factory(self.policy, self.qpol_symbol.default_type(self.policy)) except AttributeError: - raise rule.InvalidRuleUse( - "{0} rules do not have a default type.".format(self.ruletype)) + raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype)) @property def filename(self): @@ -158,5 +155,4 @@ class TERule(BaseTERule): if self.ruletype == "type_transition": raise TERuleNoFilename else: - raise rule.InvalidRuleUse( - "{0} rules do not have file names".format(self.ruletype)) + raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype)) diff --git a/setools/policyrep/typeattr.py b/setools/policyrep/typeattr.py index 2acfc46..527b769 100644 --- a/setools/policyrep/typeattr.py +++ b/setools/policyrep/typeattr.py @@ -48,8 +48,7 @@ def attribute_factory(qpol_policy, name): qpol_symbol = _symbol_lookup(qpol_policy, name) if not qpol_symbol.isattr(qpol_policy): - raise TypeError( - "{0} is not an attribute".format(qpol_symbol.name(qpol_policy))) + raise TypeError("{0} is not an attribute".format(qpol_symbol.name(qpol_policy))) return TypeAttribute(qpol_policy, qpol_symbol) @@ -60,14 +59,12 @@ def type_factory(qpol_policy, name, deref=False): qpol_symbol = _symbol_lookup(qpol_policy, name) if qpol_symbol.isattr(qpol_policy): - raise TypeError( - "{0} is a not an attribute type".format(qpol_symbol.name(qpol_policy))) + raise TypeError("{0} is a not an attribute type".format(qpol_symbol.name(qpol_policy))) elif qpol_symbol.isalias(qpol_policy): if deref: qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol) else: - raise TypeError( - "{0} is an alias.".format(qpol_symbol.name(qpol_policy))) + raise TypeError("{0} is an alias.".format(qpol_symbol.name(qpol_policy))) return Type(qpol_policy, qpol_symbol) @@ -81,8 +78,7 @@ def typeattr_factory(qpol_policy, name, deref=False): if deref: qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol) else: - raise TypeError( - "{0} is an alias.".format(qpol_symbol.name(qpol_policy))) + raise TypeError("{0} is an alias.".format(qpol_symbol.name(qpol_policy))) if qpol_symbol.isattr(qpol_policy): return TypeAttribute(qpol_policy, qpol_symbol) @@ -163,13 +159,11 @@ class TypeAttribute(BaseType): def attributes(self): """Generator that yields all attributes for this type.""" - raise TypeError( - "{0} is an attribute, thus does not have attributes.".format(self)) + raise TypeError("{0} is an attribute, thus does not have attributes.".format(self)) def aliases(self): """Generator that yields all aliases for this type.""" - raise TypeError( - "{0} is an attribute, thus does not have aliases.".format(self)) + raise TypeError("{0} is an attribute, thus does not have aliases.".format(self)) def statement(self): return "attribute {0};".format(self) diff --git a/setools/portconquery.py b/setools/portconquery.py index 42d0941..6474168 100644 --- a/setools/portconquery.py +++ b/setools/portconquery.py @@ -94,23 +94,19 @@ class PortconQuery(compquery.ComponentQuery, contextquery.ContextQuery): continue elif self.subset: if self.proper: - if not ( - (low < self.ports[0] and self.ports[1] <= high) or ( - low <= self.ports[0] and self.ports[1] < high)): + if not ((low < self.ports[0] and self.ports[1] <= high) or ( + low <= self.ports[0] and self.ports[1] < high)): continue else: - if not ( - low <= self.ports[0] and self.ports[1] <= high): + if not (low <= self.ports[0] and self.ports[1] <= high): continue elif self.superset: if self.proper: - if not ( - (self.ports[0] < low and high <= self.ports[1]) or ( - self.ports[0] <= low and high < self.ports[1])): + if not ((self.ports[0] < low and high <= self.ports[1]) or ( + self.ports[0] <= low and high < self.ports[1])): continue else: - if not ( - self.ports[0] <= low and high <= self.ports[1]): + if not (self.ports[0] <= low and high <= self.ports[1]): continue else: if not (self.ports[0] == low and self.ports[1] == high): @@ -157,8 +153,7 @@ class PortconQuery(compquery.ComponentQuery, contextquery.ContextQuery): pending_ports = (int(ports[0]), int(ports[1])) if (pending_ports[0] < 0 or pending_ports[1] < 0): - raise ValueError( - "Port numbers must be positive: {0[0]}-{0[1]}".format(ports)) + raise ValueError("Port numbers must be positive: {0[0]}-{0[1]}".format(ports)) if (pending_ports[0] > pending_ports[1]): raise ValueError(