RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-23 15:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

BaseTERule: add function for expanding rules.

Browse Source 
Also add new classes ExpandedAVRule and ExpandedTERule correspondingly.
This commit is contained in:
Chris PeBenito 2016-01-02 17:59:10 -05:00
parent 16756d21d6
commit 574aea8452
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
setools/policyrep/terule.py
View File

@ -16,6 +16,8 @@
# License along with SETools. If not, see # License along with SETools. If not, see
# <http://www.gnu.org/licenses/>. # <http://www.gnu.org/licenses/>.
# #
import itertools
from . import exception from . import exception
from . import qpol from . import qpol
from . import rule from . import rule
@ -34,6 +36,30 @@ def te_rule_factory(policy, symbol):
raise TypeError("TE rules cannot be looked-up.") raise TypeError("TE rules cannot be looked-up.")
def expanded_te_rule_factory(original, source, target):
"""
Factory function for creating expanded TE rules.
original The TE rule the expanded rule originates from.
source The source type of the expanded rule.
target The target type of the expanded rule.
"""
if isinstance(original, AVRule):
rule = ExpandedAVRule(original.policy, original.qpol_symbol)
elif isinstance(original, TERule):
rule = ExpandedTERule(original.policy, original.qpol_symbol)
elif isinstance(original, (ExpandedAVRule, ExpandedTERule)):
return original
else:
raise TypeError("The original rule must be a TE rule class.")
rule.source = source
rule.target = target
rule.origin = original
return rule
def validate_ruletype(types): def validate_ruletype(types):
"""Validate TE Rule types.""" """Validate TE Rule types."""
for t in types: for t in types:
@ -82,6 +108,11 @@ class BaseTERule(rule.PolicyRule):
# ValueError: The rule is not conditional # ValueError: The rule is not conditional
raise exception.RuleNotConditional raise exception.RuleNotConditional
def expand(self):
"""Expand the rule into an equivalent set of rules without attributes."""
for s, t in itertools.product(self.source.expand(), self.target.expand()):
yield expanded_te_rule_factory(self, s, t)
class AVRule(BaseTERule): class AVRule(BaseTERule):
@ -180,3 +211,21 @@ class TERule(BaseTERule):
else: else:
raise exception.RuleUseError("{0} rules do not have file names". raise exception.RuleUseError("{0} rules do not have file names".
format(self.ruletype)) format(self.ruletype))
class ExpandedAVRule(AVRule):
"""An expanded access vector type enforcement rule."""
source = None
target = None
origin = None
class ExpandedTERule(TERule):
"""An expanded type_* type enforcement rule."""
source = None
target = None
origin = None