policyrep: Convert net contexts to factory methods. Add iterators.

2025-03-11 07:18:15 +00:00 · 2018-02-11 10:35:26 -05:00 · 2018-02-11 10:35:26 -05:00 · 9ea0caa4f2
commit 9ea0caa4f2
parent 9df377d689
2 changed files with 80 additions and 87 deletions
--- a/setools/policyrep/netcontext.pxi
+++ b/setools/policyrep/netcontext.pxi
@ -25,66 +25,6 @@ import logging

 PortconRange = namedtuple("PortconRange", ["low", "high"])

-
-#
-# Netifcon factory functions
-#
-cdef inline netifcon_iterator_factory(SELinuxPolicy policy, sepol.ocontext_t *head):
-    """Factory function for creating Netifcon iterators."""
-    i = NetifconIterator()
-    i.policy = policy
-    i.head = i.curr = head
-    return i
-
-
-cdef inline Netifcon netifcon_factory(SELinuxPolicy policy, sepol.ocontext_t *symbol):
-    """Factory function for creating Netifcon objects."""
-    n = Netifcon()
-    n.policy = policy
-    n.handle = symbol
-    return n
-
-
-#
-# Nodecon factory functions
-#
-cdef inline nodecon_iterator_factory(SELinuxPolicy policy, sepol.ocontext_t *head, ip_version):
-    """Factory function for creating Nodecon iterators."""
-    i = NodeconIterator()
-    i.policy = policy
-    i.head = i.curr = head
-    i.ip_version = ip_version
-    return i
-
-
-cdef inline Nodecon nodecon_factory(SELinuxPolicy policy, sepol.ocontext_t *symbol, ip_version):
-    """Factory function for creating Nodecon objects."""
-    n = Nodecon()
-    n.policy = policy
-    n.handle = symbol
-    n.ip_version = ip_version
-    return n
-
-
-#
-# Portcon factory functions
-#
-cdef inline portcon_iterator_factory(SELinuxPolicy policy, sepol.ocontext_t *head):
-    """Factory function for creating Portcon iterators."""
-    i = PortconIterator()
-    i.policy = policy
-    i.head = i.curr = head
-    return i
-
-
-cdef inline Portcon portcon_factory(SELinuxPolicy policy, sepol.ocontext_t *symbol):
-    """Factory function for creating Portcon objects."""
-    p = Portcon()
-    p.policy = policy
-    p.handle = symbol
-    return p
-
-
 #
 # Classes
 #
@ -92,6 +32,14 @@ cdef class Netifcon(Ocontext):

    """A netifcon statement."""

+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *symbol):
+        """Factory function for creating Netifcon objects."""
+        n = Netifcon()
+        n.policy = policy
+        n.handle = symbol
+        return n
+
    def __str__(self):
        return "netifcon {0.netif} {0.context} {0.packet}".format(self)

@ -113,15 +61,6 @@ cdef class Netifcon(Ocontext):
        return context_factory(self.policy, <const qpol_context_t *> &self.handle.context[1])


-cdef class NetifconIterator(OcontextIterator):
-
-    """Iterator for netifcon statements in the policy."""
-
-    def __next__(self):
-        super().__next__()
-        return netifcon_factory(self.policy, self.ocon)
-
-
 class NodeconIPVersion(PolicyEnum):

    """Nodecon IP Version"""
@ -136,6 +75,15 @@ cdef class Nodecon(Ocontext):

    cdef readonly object ip_version

+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *symbol, ip_version):
+        """Factory function for creating Nodecon objects."""
+        n = Nodecon()
+        n.policy = policy
+        n.handle = symbol
+        n.ip_version = ip_version
+        return n
+
    def __str__(self):
        return "nodecon {1} {0.context}".format(self, self.network.with_netmask.replace("/", " "))

@ -231,17 +179,6 @@ cdef class Nodecon(Ocontext):
            return ip_network(net_with_mask, strict=False)


-cdef class NodeconIterator(OcontextIterator):
-
-    """Iterator for nodecon statements in the policy."""
-
-    cdef object ip_version
-
-    def __next__(self):
-        super().__next__()
-        return nodecon_factory(self.policy, self.ocon, self.ip_version)
-
-
 class PortconProtocol(PolicyEnum):

    """A portcon protocol type."""
@ -255,6 +192,14 @@ cdef class Portcon(Ocontext):

    """A portcon statement."""

+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *symbol):
+        """Factory function for creating Portcon objects."""
+        p = Portcon()
+        p.policy = policy
+        p.handle = symbol
+        return p
+
    def __str__(self):
        low, high = self.ports

@ -289,10 +234,58 @@ cdef class Portcon(Ocontext):
        return PortconProtocol(self.handle.u.port.protocol)


+#
+# Iterators
+#
+cdef class NetifconIterator(OcontextIterator):
+
+    """Iterator for netifcon statements in the policy."""
+
+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *head):
+        """Factory function for creating Netifcon iterators."""
+        i = NetifconIterator()
+        i.policy = policy
+        i.head = i.curr = head
+        return i
+
+    def __next__(self):
+        super().__next__()
+        return Netifcon.factory(self.policy, self.ocon)
+
+
+cdef class NodeconIterator(OcontextIterator):
+
+    """Iterator for nodecon statements in the policy."""
+
+    cdef object ip_version
+
+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *head, ip_version):
+        """Factory function for creating Nodecon iterators."""
+        i = NodeconIterator()
+        i.policy = policy
+        i.head = i.curr = head
+        i.ip_version = ip_version
+        return i
+
+    def __next__(self):
+        super().__next__()
+        return Nodecon.factory(self.policy, self.ocon, self.ip_version)
+
+
 cdef class PortconIterator(OcontextIterator):

    """Iterator for portcon statements in the policy."""

+    @staticmethod
+    cdef factory(SELinuxPolicy policy, sepol.ocontext_t *head):
+        """Factory function for creating Portcon iterators."""
+        i = PortconIterator()
+        i.policy = policy
+        i.head = i.curr = head
+        return i
+
    def __next__(self):
        super().__next__()
-        return portcon_factory(self.policy, self.ocon)
+        return Portcon.factory(self.policy, self.ocon)
--- a/setools/policyrep/selinuxpolicy.pxi
+++ b/setools/policyrep/selinuxpolicy.pxi
@ -679,18 +679,18 @@ cdef class SELinuxPolicy:

    def netifcons(self):
        """Iterator over all netifcon statements."""
-        return netifcon_iterator_factory(self, self.handle.p.p.ocontexts[sepol.OCON_NETIF])
+        return NetifconIterator.factory(self, self.handle.p.p.ocontexts[sepol.OCON_NETIF])

    def nodecons(self):
        """Iterator over all nodecon statements."""
-        return chain(nodecon_iterator_factory(self, self.handle.p.p.ocontexts[sepol.OCON_NODE],
-                                              NodeconIPVersion.ipv4),
-                     nodecon_iterator_factory(self, self.handle.p.p.ocontexts[sepol.OCON_NODE6],
-                                              NodeconIPVersion.ipv6))
+        return chain(NodeconIterator.factory(self, self.handle.p.p.ocontexts[sepol.OCON_NODE],
+                                             NodeconIPVersion.ipv4),
+                     NodeconIterator.factory(self, self.handle.p.p.ocontexts[sepol.OCON_NODE6],
+                                             NodeconIPVersion.ipv6))

    def portcons(self):
        """Iterator over all portcon statements."""
-        return portcon_iterator_factory(self, self.handle.p.p.ocontexts[sepol.OCON_PORT])
+        return PortconIterator.factory(self, self.handle.p.p.ocontexts[sepol.OCON_PORT])

    #
    # Xen labeling iterators