RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-07 18:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reflow lines with new max line length.

Browse Source 
Undo past whitespace fixes that are now unnecessary now that the max
line length increased to 100.
This commit is contained in:
Chris PeBenito 2015-02-14 10:40:38 -05:00
parent f73e1d2850
commit 2f44b599ca
12 changed files with 38 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sedta
View File

@ -70,12 +70,10 @@ parser = argparse.ArgumentParser(
description="SELinux policy domain transition analysis tool.", description="SELinux policy domain transition analysis tool.",
epilog="If no analysis is selected, all forward transitions out of the source will be printed.") epilog="If no analysis is selected, all forward transitions out of the source will be printed.")
parser.add_argument("--version", action="version", version=setools.__version__) parser.add_argument("--version", action="version", version=setools.__version__)
parser.add_argument( parser.add_argument("-p", "--policy", help="Path to SELinux policy to analyze.", required=True)
"-p", "--policy", help="Path to SELinux policy to analyze.", required=True) parser.add_argument("-s", "--source", help="Source type of the analysis.",
parser.add_argument( required=True, default="")
"-s", "--source", help="Source type of the analysis.", required=True, default="") parser.add_argument("-t", "--target", help="Target type of the analysis.", default="")
parser.add_argument(
"-t", "--target", help="Target type of the analysis.", default="")
parser.add_argument("--stats", action="store_true", parser.add_argument("--stats", action="store_true",
help="Display statistics at the end of the analysis.") help="Display statistics at the end of the analysis.")
@ -88,8 +86,7 @@ alg.add_argument("-A", "--all_paths", type=int, metavar="MAX_STEPS",
opts = parser.add_argument_group("Analysis options") opts = parser.add_argument_group("Analysis options")
opts.add_argument("-r", "--reverse", action="store_true", default=False, opts.add_argument("-r", "--reverse", action="store_true", default=False,
help="Perform a reverse DTA.") help="Perform a reverse DTA.")
opts.add_argument( opts.add_argument("exclude", help="List of excluded types in the analysis.", nargs="*")
"exclude", help="List of excluded types in the analysis.", nargs="*")
args = parser.parse_args() args = parser.parse_args()

9
seinfo
View File

@ -105,8 +105,7 @@ try:
if args.initialsidquery or args.all: if args.initialsidquery or args.all:
if isinstance(args.initialsidquery, str): if isinstance(args.initialsidquery, str):
q = setools.initsidquery.InitialSIDQuery( q = setools.initsidquery.InitialSIDQuery(p, name=args.initialsidquery)
p, name=args.initialsidquery)
else: else:
q = setools.initsidquery.InitialSIDQuery(p) q = setools.initsidquery.InitialSIDQuery(p)
components.append(("Initial SIDs", q)) components.append(("Initial SIDs", q))
@ -139,16 +138,14 @@ try:
try: try:
ports = [int(i) for i in args.portconquery.split("-")] ports = [int(i) for i in args.portconquery.split("-")]
except: except:
parser.error( parser.error("Enter a port number or range, e.g. 22 or 6000-6020")
"Enter a port number or range, e.g. 22 or 6000-6020")
if len(ports) == 2: if len(ports) == 2:
q.set_ports((ports[0], ports[1])) q.set_ports((ports[0], ports[1]))
elif len(ports) == 1: elif len(ports) == 1:
q.set_ports((ports[0], ports[0])) q.set_ports((ports[0], ports[0]))
else: else:
parser.error( parser.error("Enter a port number or range, e.g. 22 or 6000-6020")
"Enter a port number or range, e.g. 22 or 6000-6020")
else: else:
q = setools.portconquery.PortconQuery(p) q = setools.portconquery.PortconQuery(p)

3
sesearch
View File

@ -101,8 +101,7 @@ if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes:
parser.error("At least one rule type must be specified.") parser.error("At least one rule type must be specified.")
if (args.tertypes or args.mlsrtypes) and args.rbacrtypes: if (args.tertypes or args.mlsrtypes) and args.rbacrtypes:
parser.error( parser.error("TE/MLS rule searches cannot be mixed with RBAC rule searches.")
"TE/MLS rule searches cannot be mixed with RBAC rule searches.")
try: try:
p = setools.SELinuxPolicy(args.policy) p = setools.SELinuxPolicy(args.policy)

3
setools/contextquery.py
View File

@ -73,8 +73,7 @@ class ContextQuery(query.PolicyQuery):
return False return False
if range_: if range_:
raise NotImplementedError( raise NotImplementedError
"Context range queries are not yet implemented.")
return True return True

22
setools/dta.py
View File

@ -350,8 +350,7 @@ class DomainTransitionAnalysis(object):
entrypoint = defaultdict(lambda: defaultdict(list)) entrypoint = defaultdict(lambda: defaultdict(list))
# hash table keyed on (domain, entrypoint, target domain) # hash table keyed on (domain, entrypoint, target domain)
type_trans = defaultdict( type_trans = defaultdict(lambda: defaultdict(lambda: defaultdict(list)))
lambda: defaultdict(lambda: defaultdict(list)))
for r in self.policy.terules(): for r in self.policy.terules():
if r.ruletype == "allow": if r.ruletype == "allow":
@ -362,16 +361,12 @@ class DomainTransitionAnalysis(object):
if r.tclass == "process": if r.tclass == "process":
if "transition" in perms: if "transition" in perms:
for s, t in itertools.product( for s, t in itertools.product(r.source.expand(), r.target.expand()):
r.source.expand(),
r.target.expand()):
self.__add_edge(s, t) self.__add_edge(s, t)
self.G[s][t]['transition'].append(r) self.G[s][t]['transition'].append(r)
if "dyntransition" in perms: if "dyntransition" in perms:
for s, t in itertools.product( for s, t in itertools.product(r.source.expand(), r.target.expand()):
r.source.expand(),
r.target.expand()):
self.__add_edge(s, t) self.__add_edge(s, t)
self.G[s][t]['dyntransition'].append(r) self.G[s][t]['dyntransition'].append(r)
@ -391,9 +386,7 @@ class DomainTransitionAnalysis(object):
execute[s][t].append(r) execute[s][t].append(r)
if "entrypoint" in perms: if "entrypoint" in perms:
for s, t in itertools.product( for s, t in itertools.product(r.source.expand(), r.target.expand()):
r.source.expand(),
r.target.expand()):
entrypoint[s][t].append(r) entrypoint[s][t].append(r)
elif r.ruletype == "type_transition": elif r.ruletype == "type_transition":
@ -401,9 +394,7 @@ class DomainTransitionAnalysis(object):
continue continue
d = r.default d = r.default
for s, t in itertools.product( for s, t in itertools.product(r.source.expand(), r.target.expand()):
r.source.expand(),
r.target.expand()):
type_trans[s][t][d].append(r) type_trans[s][t][d].append(r)
invalid_edge = [] invalid_edge = []
@ -433,8 +424,7 @@ class DomainTransitionAnalysis(object):
self.G[s][t]['execute'][m] += execute[s][m] self.G[s][t]['execute'][m] += execute[s][m]
if type_trans[s][m][t]: if type_trans[s][m][t]:
self.G[s][t]['type_transition'][ self.G[s][t]['type_transition'][m] += type_trans[s][m][t]
m] += type_trans[s][m][t]
if s in setexec: if s in setexec:
self.G[s][t]['setexec'] += setexec[s] self.G[s][t]['setexec'] += setexec[s]

3
setools/infoflow.py
View File

@ -280,8 +280,7 @@ class InfoFlowAnalysis(object):
edgecap = self.G.edge[source][target]['capacity'] edgecap = self.G.edge[source][target]['capacity']
self.G.edge[source][target]['capacity'] = max(edgecap, weight) self.G.edge[source][target]['capacity'] = max(edgecap, weight)
else: else:
self.G.add_edge( self.G.add_edge(source, target, capacity=weight, weight=1, rules=[rule])
source, target, capacity=weight, weight=1, rules=[rule])
def _build_graph(self): def _build_graph(self):
self.G.clear() self.G.clear()

6
setools/nodeconquery.py
View File

@ -78,8 +78,7 @@ class NodeconQuery(contextquery.ContextQuery):
except NameError: # pragma: no cover except NameError: # pragma: no cover
# Should never actually hit this since the self.network # Should never actually hit this since the self.network
# setter raises the same exception. # setter raises the same exception.
raise RuntimeError( raise RuntimeError("IP address/network functions require Python 3.3+.")
"IP address/network functions require Python 3.3+.")
# Python 3.3's IPv6Network constructor does not support # Python 3.3's IPv6Network constructor does not support
# expanded netmasks, only CIDR numbers. Convert netmask # expanded netmasks, only CIDR numbers. Convert netmask
@ -142,8 +141,7 @@ class NodeconQuery(contextquery.ContextQuery):
try: try:
self.network = ipaddress.ip_network(net) self.network = ipaddress.ip_network(net)
except NameError: # pragma: no cover except NameError: # pragma: no cover
raise RuntimeError( raise RuntimeError("IP address/network functions require Python 3.3+.")
"IP address/network functions require Python 3.3+.")
else: else:
# ensure self.network is set # ensure self.network is set
self.network = None self.network = None

5
setools/objclassquery.py
View File

@ -56,10 +56,7 @@ class ObjClassQuery(compquery.ComponentQuery):
self.policy = policy self.policy = policy
self.set_name(name, regex=name_regex) self.set_name(name, regex=name_regex)
self.set_common(common, regex=common_regex) self.set_common(common, regex=common_regex)
self.set_perms(perms, self.set_perms(perms, regex=perms_regex, equal=perms_equal, indirect=perms_indirect)
regex=perms_regex,
equal=perms_equal,
indirect=perms_indirect)
def results(self): def results(self):
"""Generator which yields all matching object classes.""" """Generator which yields all matching object classes."""

3
setools/policyrep/__init__.py
View File

@ -69,8 +69,7 @@ class SELinuxPolicy(object):
try: try:
self.policy = qpol.qpol_policy_t(policyfile, 0) self.policy = qpol.qpol_policy_t(policyfile, 0)
except OSError as err: except OSError as err:
raise OSError( raise OSError("Error opening policy file \"{0}\": {1}".format(policyfile, err))
"Error opening policy file \"{0}\": {1}".format(policyfile, err))
# #
# Policy properties # Policy properties

12
setools/policyrep/terule.py
View File

@ -105,13 +105,11 @@ class AVRule(BaseTERule):
@property @property
def default(self): def default(self):
"""The rule's default type.""" """The rule's default type."""
raise rule.InvalidRuleUse( raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype))
"{0} rules do not have a default type.".format(self.ruletype))
@property @property
def filename(self): def filename(self):
raise rule.InvalidRuleUse( raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype))
"{0} rules do not have file names".format(self.ruletype))
class TERule(BaseTERule): class TERule(BaseTERule):
@ -146,8 +144,7 @@ class TERule(BaseTERule):
try: try:
return typeattr.type_factory(self.policy, self.qpol_symbol.default_type(self.policy)) return typeattr.type_factory(self.policy, self.qpol_symbol.default_type(self.policy))
except AttributeError: except AttributeError:
raise rule.InvalidRuleUse( raise rule.InvalidRuleUse("{0} rules do not have a default type.".format(self.ruletype))
"{0} rules do not have a default type.".format(self.ruletype))
@property @property
def filename(self): def filename(self):
@ -158,5 +155,4 @@ class TERule(BaseTERule):
if self.ruletype == "type_transition": if self.ruletype == "type_transition":
raise TERuleNoFilename raise TERuleNoFilename
else: else:
raise rule.InvalidRuleUse( raise rule.InvalidRuleUse("{0} rules do not have file names".format(self.ruletype))
"{0} rules do not have file names".format(self.ruletype))

18
setools/policyrep/typeattr.py
View File

@ -48,8 +48,7 @@ def attribute_factory(qpol_policy, name):
qpol_symbol = _symbol_lookup(qpol_policy, name) qpol_symbol = _symbol_lookup(qpol_policy, name)
if not qpol_symbol.isattr(qpol_policy): if not qpol_symbol.isattr(qpol_policy):
raise TypeError( raise TypeError("{0} is not an attribute".format(qpol_symbol.name(qpol_policy)))
"{0} is not an attribute".format(qpol_symbol.name(qpol_policy)))
return TypeAttribute(qpol_policy, qpol_symbol) return TypeAttribute(qpol_policy, qpol_symbol)
@ -60,14 +59,12 @@ def type_factory(qpol_policy, name, deref=False):
qpol_symbol = _symbol_lookup(qpol_policy, name) qpol_symbol = _symbol_lookup(qpol_policy, name)
if qpol_symbol.isattr(qpol_policy): if qpol_symbol.isattr(qpol_policy):
raise TypeError( raise TypeError("{0} is a not an attribute type".format(qpol_symbol.name(qpol_policy)))
"{0} is a not an attribute type".format(qpol_symbol.name(qpol_policy)))
elif qpol_symbol.isalias(qpol_policy): elif qpol_symbol.isalias(qpol_policy):
if deref: if deref:
qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol) qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol)
else: else:
raise TypeError( raise TypeError("{0} is an alias.".format(qpol_symbol.name(qpol_policy)))
"{0} is an alias.".format(qpol_symbol.name(qpol_policy)))
return Type(qpol_policy, qpol_symbol) return Type(qpol_policy, qpol_symbol)
@ -81,8 +78,7 @@ def typeattr_factory(qpol_policy, name, deref=False):
if deref: if deref:
qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol) qpol_symbol = _dereference_alias(qpol_policy, qpol_symbol)
else: else:
raise TypeError( raise TypeError("{0} is an alias.".format(qpol_symbol.name(qpol_policy)))
"{0} is an alias.".format(qpol_symbol.name(qpol_policy)))
if qpol_symbol.isattr(qpol_policy): if qpol_symbol.isattr(qpol_policy):
return TypeAttribute(qpol_policy, qpol_symbol) return TypeAttribute(qpol_policy, qpol_symbol)
@ -163,13 +159,11 @@ class TypeAttribute(BaseType):
def attributes(self): def attributes(self):
"""Generator that yields all attributes for this type.""" """Generator that yields all attributes for this type."""
raise TypeError( raise TypeError("{0} is an attribute, thus does not have attributes.".format(self))
"{0} is an attribute, thus does not have attributes.".format(self))
def aliases(self): def aliases(self):
"""Generator that yields all aliases for this type.""" """Generator that yields all aliases for this type."""
raise TypeError( raise TypeError("{0} is an attribute, thus does not have aliases.".format(self))
"{0} is an attribute, thus does not have aliases.".format(self))
def statement(self): def statement(self):
return "attribute {0};".format(self) return "attribute {0};".format(self)

15
setools/portconquery.py
View File

@ -94,23 +94,19 @@ class PortconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
continue continue
elif self.subset: elif self.subset:
if self.proper: if self.proper:
if not ( if not ((low < self.ports[0] and self.ports[1] <= high) or (
(low < self.ports[0] and self.ports[1] <= high) or (
low <= self.ports[0] and self.ports[1] < high)): low <= self.ports[0] and self.ports[1] < high)):
continue continue
else: else:
if not ( if not (low <= self.ports[0] and self.ports[1] <= high):
low <= self.ports[0] and self.ports[1] <= high):
continue continue
elif self.superset: elif self.superset:
if self.proper: if self.proper:
if not ( if not ((self.ports[0] < low and high <= self.ports[1]) or (
(self.ports[0] < low and high <= self.ports[1]) or (
self.ports[0] <= low and high < self.ports[1])): self.ports[0] <= low and high < self.ports[1])):
continue continue
else: else:
if not ( if not (self.ports[0] <= low and high <= self.ports[1]):
self.ports[0] <= low and high <= self.ports[1]):
continue continue
else: else:
if not (self.ports[0] == low and self.ports[1] == high): if not (self.ports[0] == low and self.ports[1] == high):
@ -157,8 +153,7 @@ class PortconQuery(compquery.ComponentQuery, contextquery.ContextQuery):
pending_ports = (int(ports[0]), int(ports[1])) pending_ports = (int(ports[0]), int(ports[1]))
if (pending_ports[0] < 0 or pending_ports[1] < 0): if (pending_ports[0] < 0 or pending_ports[1] < 0):
raise ValueError( raise ValueError("Port numbers must be positive: {0[0]}-{0[1]}".format(ports))
"Port numbers must be positive: {0[0]}-{0[1]}".format(ports))
if (pending_ports[0] > pending_ports[1]): if (pending_ports[0] > pending_ports[1]):
raise ValueError( raise ValueError(