RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-04-01 14:48:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
302 Commits 8 Branches 22 Tags 3.8 MiB
a659c87b50
Commit Graph

153 Commits

Author SHA1 Message Date
Chris PeBenito
e849bf26a9 Infoflow: move internal functions 
Also rename step generator function.
 2015-03-28 19:25:53 -04:00
Chris PeBenito
ba461e3fef DTA: move internal functions 2015-03-28 19:22:11 -04:00
Chris PeBenito
a64d20c36d InfoFlowAnalysis: add option for incoming infoflows 2015-03-28 11:42:00 -04:00
Chris PeBenito
708ccbbecd DTA: revise generators 
* Pull the edge attribute data once and pass it along to minimize risk of
  errors accessing edge data.
* Rename generators to be clear that they are generators
* __generate_entrypoints(): Each ruletype is populated; if there are no
  rules, then there is still an empty list. No need for extra checking.
* Clarify some docs
 2015-03-28 11:38:23 -04:00
Chris PeBenito
2ea074e563 InfoFlowAnalysisTest: improve efficiency 
The main graph is never rebuilt since the perm map never changes.  This
mirrors how a user might interact. If in the future perm map changes
are introduced, the code should still cope.

Also one minor efficiency tweak in InfoFlowAnalysis. Don't bother removing
edges due to weight if it is set to 1 since that includes everything.
 2015-03-27 12:30:43 -04:00
Chris PeBenito
c9c995e7f3 NodeconQueryTest: Change IP criteria to skip on Python < 3.3 2015-03-27 09:38:00 -04:00
Chris PeBenito
c6f11ca80e DTA: add error testing on the interface. 2015-03-27 09:15:15 -04:00
Chris PeBenito
84217f0d73 DTA/InfoFlow: change exclude to handle None 
This is a little clearer than having an empty list, from the caller side.
 2015-03-27 09:06:16 -04:00
Chris PeBenito
ec9de08ac6 InfoFlowAnalysis: Add interface error tests. 
Unconvered 2 minor NetworkX error path bugs:
2015-03-26 14:48:29 -04:00
Chris PeBenito
87d89c6dd1 symbol: change InvalidSymbol to inherit ValueError. 2015-03-26 11:10:18 -04:00
Chris PeBenito
cb18f4c21f InfoFlowAnalysis: change set_perm_map() to only take map objects. 
Remove this handling from the analysis code.  It now expects a permission
map to be passed in, and won't handle a string.
 2015-03-26 11:05:19 -04:00
Chris PeBenito
0fc61b0a54 Add initial sid lookup functions. 2015-03-25 13:25:07 -04:00
Chris PeBenito
7b1f462567 SELinuxPolicy: add functions for validating rule types. 2015-03-24 16:12:18 -04:00
Chris PeBenito
f274677c28 DTA/Infoflow: fix catching of NetworkX no path exception. 
Since the functions are generators, the exception isn't hit until the
generator is iterated.
 2015-03-23 14:46:50 -04:00
Chris PeBenito
64cda06216 DTA/Infoflow: additional logging. 2015-03-23 14:42:55 -04:00
Chris PeBenito
286adab308 qpol.i: add missing out-of-memory check for qpol_log_callback() 2015-03-22 14:34:21 -04:00
Chris PeBenito
11fdaa7ad6 Route libqpol meessages through Python logging. 
Does not include errors from the lex/yacc.
 2015-03-21 16:23:59 -04:00
Chris PeBenito
a4ab5b64d5 Implement logging in all Queries. 2015-03-20 12:02:13 -04:00
Chris PeBenito
ea01e19215 PortconQuery: fix naming of port range options 2015-03-20 10:28:57 -04:00
Chris PeBenito
d6d2b9cf85 Add SELinuxPolicy.__repr__() and .__str__(). 
Start using it for logging.
 2015-03-19 15:24:52 -04:00
Chris PeBenito
f216d7cf24 setools.*: standardize queries to None defaults instead of empty strings. 
Clearer intent and nicer for logging output.  Removes unnecessary type
conversions.
 2015-03-19 14:03:36 -04:00
Chris PeBenito
de716ba6a5 Add logging. 
Not comprehensive yet. Only planning to do setools pkg (not policyrep),
with the exception being the SELinuxPolicy class in policyrep.

Avoids performance-critical paths.  Use only info and debug so in normal
cases the user only sees messages if they ask for it (e.g. -v).
 2015-03-19 08:07:23 -04:00
Chris PeBenito
97c80f22a5 InfoFlowAnalysis: map all permissions from the policy. 2015-03-18 10:33:44 -04:00
Chris PeBenito
712138178f PermissionMap: implement policy mapping function. 
Also add unit tests for parsing functions.

closes
2015-03-18 10:16:15 -04:00
Chris PeBenito
6e02b24c13 No coverage for PolicySymbol.__hash__() error path. 2015-03-17 14:49:57 -04:00
Chris PeBenito
6653c8b130 Misc whitespace fixes. 2015-03-16 13:54:03 -04:00
Chris PeBenito
5312074aa5 Remove unnecessary bool conversion for SELinuxPolicy.mls. 2015-03-16 10:47:48 -04:00
Chris PeBenito
4ecd6d00a5 Implement TypeAttributeQuery. 
closes 
closes
2015-03-16 10:46:33 -04:00
Chris PeBenito
39898d9572 Fix dereferencing in policyrep.typeattr factories. 
Qpol already dereferences aliases internally.
 2015-03-16 10:40:53 -04:00
Chris PeBenito
f4b1b68195 Rename type attribute interfaces. 
Make sure they reflect that they are for type rather than role attributes.
 2015-03-16 10:38:43 -04:00
Chris PeBenito
606bda30a9 Fix ConstraintQuery docs. 2015-03-16 10:27:52 -04:00
Chris PeBenito
757a16750b Fix qpol_context_get_range() not to segfault on MLS-disabled policy. 
Correspondingly fix MLS object factories to immediately check if MLS is
disabled and short circuit if so.
 2015-03-15 12:37:24 -04:00
Chris PeBenito
e3f2a98c43 Merge validatetrans into constraints in policyrep. 2015-03-14 14:52:58 -04:00
Chris PeBenito
659ae2b7b2 Implement ValidatetransQuery. 
Still needs unit tests.
 2015-03-12 13:45:42 -04:00
Chris PeBenito
a24a59ee08 Revise policyrep exceptions. 
Add exception for objects that have no corresponding statement, such
as conditional expressions and MLS ranges.

Rename InvalidRuleUse to RuleUseError.
 2015-03-12 12:45:20 -04:00
Chris PeBenito
cab5f8958b Rename type or type attribute lookup interfaces. 
Also the corresponding factory function.
 2015-03-12 10:55:18 -04:00
Chris PeBenito
14aa57c669 Implement role/type/user criteria unit tests for ConstraintQuery 
closes 
closes 
closes
2015-03-12 09:27:36 -04:00
Chris PeBenito
2f9999752d Implement role, type, and user criteria for ConstraintQuery 
Still needs unit tests.
, ,
2015-03-11 15:10:19 -04:00
Chris PeBenito
b0e48757af Change symbol hashing key to the object's name. 
This will make it possible to use set logic in PolicyDifference based
on name.
 2015-03-10 14:43:58 -04:00
Chris PeBenito
28409b6cb8 Implement role, type, and user attributes for BaseConstraint. 
Returns sets since typically the result is 0-5 items.  It also squashes
instances where a symbol appears more than once, e.g. refpolicy
UBAC constraints (system_u).
 2015-03-09 11:19:12 -04:00
Chris PeBenito
168793f886 Misc cleanup in policyrep. 
Move code, fix docs.
 2015-03-08 14:51:46 -04:00
Chris PeBenito
8812f02411 Implement part of ConstraintQuery. 
Still requires criteria on the constraint expression.

closes 
closes
2015-03-08 14:50:43 -04:00
Chris PeBenito
a696a5a43c Implement alias matching, class matching, and permission matching mixins. 2015-03-08 12:12:48 -04:00
Chris PeBenito
781d2d0a03 Implement ComponentQuery._match_name() 
Simplifies sublcasses.  Since the attributes are already set in the
ComponentQuery name setter, this abstracts away those details from the
subclasses.
 2015-03-08 12:07:44 -04:00
Chris PeBenito
e7f4caf1a6 Remove unnecessary inheritance in PortconQuery. 2015-03-08 11:46:24 -04:00
Chris PeBenito
ac19359b71 Implement SensitivityQuery 
closes 
closes
2015-03-07 11:16:59 -05:00
Chris PeBenito
0aacb700da Fix alias handling for sensitivities and categories. 
If there are aliases, qpol includes those in the counts.
 2015-03-07 11:06:24 -05:00
Chris PeBenito
61a3c020e5 Add missing docs for UserQuery.__init__() 2015-03-07 09:49:57 -05:00
Chris PeBenito
17758ad5e9 Clean up imports 2015-03-07 09:45:17 -05:00
Chris PeBenito
e55764700c Refactor MLS-related objects. 
Drop the "MLS" prepended to category, sensitivity, level, and range
objects.
 2015-03-07 09:39:01 -05:00