From patchwork Thu Sep 22 15:17:30 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Zaman X-Patchwork-Id: 9345531 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 61E896077A for ; Thu, 22 Sep 2016 15:21:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52EC11FF27 for ; Thu, 22 Sep 2016 15:21:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 47ABD2AB8E; Thu, 22 Sep 2016 15:21:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_SORBS_SPAM,T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6510F1FF27 for ; Thu, 22 Sep 2016 15:21:08 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,378,1470700800"; d="scan'208";a="17864570" IronPort-PHdr: =?us-ascii?q?9a23=3AldszqhGBDIhXWpoC8hvnqJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75o8uwAkXT6L1XgUPTWs2DsrQf2rCQ6/yrCTFIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD1YLvi6viptX6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?= =?us-ascii?q?5blitCLFOXmAvgtI/rpMYwuxlKv7od0+IIEeCjJ+VrBYBfWS8rN2Ez+d3DqQjI?= =?us-ascii?q?TQzJ4GAVFGoRjElmGQ/AuTPzRZD3+hnzs+N7kH2YNNbxS5gsVC6s7qFqTxmugy?= =?us-ascii?q?ACYW1quFrLg9B92foI6CmqoAZylsuNOIw=3D?= X-IPAS-Result: =?us-ascii?q?A2GcCQB+9uNX/wHyM5BeHQEFAQsBGQYMgn0TAQEBAQEeV3y?= =?us-ascii?q?mUgGKJIl+IAOBeIV1TAEBAQEBAQEBAgECWyeCMgQDEwV5Wz0CAQMBAg8oBgEBD?= =?us-ascii?q?CAMAgMJAQEXKQgIAwEtAwEFAQsRDgsFGAQBiCkBoH+BMj4yilaFMAEBBYgoCBC?= =?us-ascii?q?EF4p6EQGFeog7hX52ikuGJ4lBZYEHToccJYVvhwaIHDGBEVSDC4IHZQGFO3iBJ?= =?us-ascii?q?wEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 Sep 2016 15:20:41 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8MFKexD015983; Thu, 22 Sep 2016 11:20:41 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8MFIZO2125868 for ; Thu, 22 Sep 2016 11:18:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8MFIW5E015315 for ; Thu, 22 Sep 2016 11:18:35 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BiAgBR9eNXesHAVdFeHAEBBAEBCgEBgygTAQEBAQF1fLB3hXKEExyGAgKBaEwBAgEBAQEBAhMBAQkLDAgZhRECAQMSLgEBNwEPUTQBBQEcGSKIKQGhAIEyPjKKVoUwAQEFh38BAQEBAQEEAgEcCBCEF410C4MHiDuFfnaKS4YniUFlgQdOhxyGFIcGiBwxgRGDX4IHZQGHWgEBAQ X-IPAS-Result: A1BiAgBR9eNXesHAVdFeHAEBBAEBCgEBgygTAQEBAQF1fLB3hXKEExyGAgKBaEwBAgEBAQEBAhMBAQkLDAgZhRECAQMSLgEBNwEPUTQBBQEcGSKIKQGhAIEyPjKKVoUwAQEFh38BAQEBAQEEAgEcCBCEF410C4MHiDuFfnaKS4YniUFlgQdOhxyGFIcGiBwxgRGDX4IHZQGHWgEBAQ X-IronPort-AV: E=Sophos;i="5.30,378,1470715200"; d="scan'208";a="5722223" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 22 Sep 2016 11:18:34 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AqOEPexxSrqSVHJrXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0ekUIJqq85mqBkHD//Il1AaPBtSBraoYwLqL+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwu?= =?us-ascii?q?d76zQtKZ35n//tvx0qWbWx9Piju5bOE6BzSNhiKViPMrh5B/IL060BrDrygAUe?= =?us-ascii?q?1XwWR1OQDbxE6ktY/jtKJkpj9dv/Mn6t5oTbTxf6N+S6dRSjshLTMb/sru4DvK?= =?us-ascii?q?VgyJrkkVV2wQ2k5KChPC6jniU43/sy37sew70y6fa56lBYsoUCivuv84ACTjjz?= =?us-ascii?q?0KYmY0?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GdBQDJ9eNXesHAVdFeHAEBBAEBCgEBG?= =?us-ascii?q?QYMgn0TAQEBAQF1fKZTiiSFcoQTHIYCAoFoTAEBAQEBAQEBAgECEAEBCQsMCBk?= =?us-ascii?q?vgjIYghgCAQMSLgEBNwEPUTQBBQEcGSKIKQGhA4EyPjKKVoUwAQEFh38BAQEBA?= =?us-ascii?q?QEEAgEcCBCEF410C4MHiDuFfnaKS4YniUFlgQdOhxyGFIcGiBwxgRGDX4IHZQG?= =?us-ascii?q?HWgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0GdBQDJ9eNXesHAVdFeHAEBBAEBCgEBGQYMgn0TAQEBAQF?= =?us-ascii?q?1fKZTiiSFcoQTHIYCAoFoTAEBAQEBAQEBAgECEAEBCQsMCBkvgjIYghgCAQMSL?= =?us-ascii?q?gEBNwEPUTQBBQEcGSKIKQGhA4EyPjKKVoUwAQEFh38BAQEBAQEEAgEcCBCEF41?= =?us-ascii?q?0C4MHiDuFfnaKS4YniUFlgQdOhxyGFIcGiBwxgRGDX4IHZQGHWgEBAQ?= X-IronPort-AV: E=Sophos;i="5.30,378,1470700800"; d="scan'208";a="19469544" Received: from mail-pf0-f193.google.com ([209.85.192.193]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 22 Sep 2016 15:18:11 +0000 Received: by mail-pf0-f193.google.com with SMTP id n24so3940552pfb.3 for ; Thu, 22 Sep 2016 08:18:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DIIY5zacLIgPALEkf24lYIZjnSXjra2jRfPYV1z2dno=; b=x3dS83Hdznc/t3zPTPh0XtV7rHgv+SFznT9yzbf4wTqyGNeCnc7FA79LqYjzID7KxY TdarOq6Nk3QczqQFcrUTf8kT8XTId0JzrosDdhWLikg8xSSpc4bSfmOkQ8Ridmsnl8Pi ip3xJj6FuuwIiqP3yIphsl0jaKmanxoKv8EnG/wet0ZhSkGm3HkwrSUlKTlm2KVr4Fg5 7+wnTmhiGds4lPqgYYz0OVWEf8/VvSvcs7k4Nq/lAg49IT2Ynawpi/PaLdUlBe3SHSYc Wq8BxOiPovMMiCie/Y9CRvg5Y9dUmC2m4XlbyL4iCcvrKzCw53lnnLRPpQtDZVAmur9R P93Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DIIY5zacLIgPALEkf24lYIZjnSXjra2jRfPYV1z2dno=; b=a5RcJyu8sCOTruWFiqZHqSW0PxSw4xW744LdWJ0ERlj9fiq/2gshq47ZD1N36nX3AM QG3jeGv7WYu4OT4WIaDmMcP2sMxV3Gk2j6jwvCduqkgY1WTDWMVcJm91j0pzjv5DtMUA 5D8ejnG5v2n5Zyu6u1IJzk+T5srqe8cH+f96DNMcCwxYvHWzIB/fzKzYjc0b969E4pD/ MyqbFly0bHq7CJ9TZ/IZ7dLR/lxxAzBMqiCnJnHJLBx7zWlNRh23d+CZDvx62XESB408 jWd3pYGO9ZKeZgdyXG7wsOnzLdZLSo8+QWv0t/UD6VSINHibkHMDkhZJHym0EW7w3zZc 0Tig== X-Gm-Message-State: AE9vXwMsBmCXKBtxNVtw/YcR4wH689lkCbz3kpoyQS/yWPArWLO6kg+1Dt+RINVNwJcwgQ== X-Received: by 10.98.207.130 with SMTP id b124mr4121723pfg.113.1474557489889; Thu, 22 Sep 2016 08:18:09 -0700 (PDT) Received: from localhost ([2404:e800:e600:57b:e014:183:951f:342c]) by smtp.gmail.com with ESMTPSA id y9sm5016832pfk.2.2016.09.22.08.18.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Sep 2016 08:18:09 -0700 (PDT) From: Jason Zaman To: selinux@tycho.nsa.gov Subject: [PATCH 4/7] sepolicy: info() and search() will return generators Date: Thu, 22 Sep 2016 23:17:30 +0800 Message-Id: <1474557453-14379-5-git-send-email-jason@perfinion.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1474557453-14379-1-git-send-email-jason@perfinion.com> References: <1474557453-14379-1-git-send-email-jason@perfinion.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP The next patch will update info() and search() to use the setools4 api. setools4 makes heavy use of generators so info() and search() will as well. Pre-emptively update users to cast to a list where required. Signed-off-by: Jason Zaman --- policycoreutils/sandbox/sandbox | 2 +- policycoreutils/semanage/seobject.py | 9 +++-- policycoreutils/sepolicy/sepolicy/__init__.py | 51 +++++++++++---------------- 3 files changed, 26 insertions(+), 36 deletions(-) diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox index 4ed57c1..2628802 100644 --- a/policycoreutils/sandbox/sandbox +++ b/policycoreutils/sandbox/sandbox @@ -301,7 +301,7 @@ kill -TERM $WM_PID 2> /dev/null types = _(""" Policy defines the following types for use with the -t: \t%s -""") % "\n\t".join(sepolicy.info(sepolicy.ATTRIBUTE, "sandbox_type")[0]['types']) +""") % "\n\t".join(list(sepolicy.info(sepolicy.ATTRIBUTE, "sandbox_type"))[0]['types']) except RuntimeError: pass diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index 81dcd86..bb049c0 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -32,7 +32,6 @@ import socket from semanage import * PROGNAME = "policycoreutils" import sepolicy -sepolicy.gen_bool_dict() from IPy import IP try: @@ -1038,7 +1037,7 @@ class seluserRecords(semanageRecords): class portRecords(semanageRecords): try: - valid_types = sepolicy.info(sepolicy.ATTRIBUTE, "port_type")[0]["types"] + valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) except RuntimeError: valid_types = [] @@ -1313,7 +1312,7 @@ class portRecords(semanageRecords): class nodeRecords(semanageRecords): try: - valid_types = sepolicy.info(sepolicy.ATTRIBUTE, "node_type")[0]["types"] + valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"]) except RuntimeError: valid_types = [] @@ -1744,8 +1743,8 @@ class interfaceRecords(semanageRecords): class fcontextRecords(semanageRecords): try: - valid_types = sepolicy.info(sepolicy.ATTRIBUTE, "file_type")[0]["types"] - valid_types += sepolicy.info(sepolicy.ATTRIBUTE, "device_node")[0]["types"] + valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"]) + valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"]) valid_types.append("<>") except RuntimeError: valid_types = [] diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py index 37946f3..319cb34 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -217,7 +217,7 @@ def get_conditionals_format_text(cond): def get_types_from_attribute(attribute): - return info(ATTRIBUTE, attribute)[0]["types"] + return list(info(ATTRIBUTE, attribute))[0]["types"] def get_file_types(setype): @@ -236,7 +236,6 @@ def get_file_types(setype): def get_writable_files(setype): - all_attributes = get_all_attributes() file_types = get_all_file_types() all_writes = [] mpaths = {} @@ -420,7 +419,7 @@ def get_fcdict(fc_path=selinux.selinux_file_context_path()): def get_transitions_into(setype): try: return filter(lambda x: x["transtype"] == setype, search([TRANSITION], {'class': 'process'})) - except TypeError: + except (TypeError, AttributeError): pass return None @@ -428,7 +427,7 @@ def get_transitions_into(setype): def get_transitions(setype): try: return search([TRANSITION], {'source': setype, 'class': 'process'}) - except TypeError: + except (TypeError, AttributeError): pass return None @@ -436,7 +435,7 @@ def get_transitions(setype): def get_file_transitions(setype): try: return filter(lambda x: x['class'] != "process", search([TRANSITION], {'source': setype})) - except TypeError: + except (TypeError, AttributeError): pass return None @@ -471,11 +470,9 @@ def get_entrypoint_types(setype): def get_init_transtype(path): entrypoint = selinux.getfilecon(path)[1].split(":")[2] try: - entrypoints = filter(lambda x: x['target'] == entrypoint, search([TRANSITION], {'source': "init_t", 'class': 'process'})) - if len(entrypoints) == 0: - return None + entrypoints = list(filter(lambda x: x['target'] == entrypoint, search([TRANSITION], {'source': "init_t", 'class': 'process'}))) return entrypoints[0]["transtype"] - except TypeError: + except (TypeError, AttributeError, IndexError): pass return None @@ -499,8 +496,8 @@ def get_init_entrypoint(transtype): def get_init_entrypoint_target(entrypoint): try: entrypoints = map(lambda x: x['transtype'], search([TRANSITION], {'source': "init_t", 'target': entrypoint, 'class': 'process'})) - return entrypoints[0] - except TypeError: + return list(entrypoints)[0] + except (TypeError, IndexError): pass return None @@ -540,14 +537,14 @@ def get_methods(): def get_all_types(): global all_types if all_types is None: - all_types = map(lambda x: x['name'], info(TYPE)) + all_types = [x['name'] for x in info(TYPE)] return all_types def get_user_types(): global user_types if user_types is None: - user_types = info(ATTRIBUTE, "userdomain")[0]["types"] + user_types = list(list(info(ATTRIBUTE, "userdomain"))[0]["types"]) return user_types @@ -574,8 +571,7 @@ def get_all_role_allows(): def get_all_entrypoint_domains(): import re all_domains = [] - types = get_all_types() - types.sort() + types = sorted(get_all_types()) for i in types: m = re.findall("(.*)%s" % "_exec_t$", i) if len(m) > 0: @@ -588,7 +584,6 @@ def gen_interfaces(): import commands ifile = defaults.interface_info() headers = defaults.headers() - rebuild = False try: if os.stat(headers).st_mtime <= os.stat(ifile).st_mtime: return @@ -629,7 +624,7 @@ def gen_port_dict(): def get_all_domains(): global all_domains if not all_domains: - all_domains = info(ATTRIBUTE, "domain")[0]["types"] + all_domains = list(list(info(ATTRIBUTE, "domain"))[0]["types"]) return all_domains @@ -637,16 +632,16 @@ def get_all_roles(): global roles if roles: return roles - roles = map(lambda x: x['name'], info(ROLE)) - roles.remove("object_r") - roles.sort() + + q = setools.RoleQuery(_pol) + roles = [str(x) for x in q.results() if str(x) != "object_r"] return roles def get_selinux_users(): global selinux_user_list if not selinux_user_list: - selinux_user_list = info(USER) + selinux_user_list = list(info(USER)) for x in selinux_user_list: x['range'] = "".join(x['range'].split(" ")) return selinux_user_list @@ -671,17 +666,14 @@ def get_login_mappings(): def get_all_users(): - users = map(lambda x: x['name'], get_selinux_users()) - users.sort() - return users + return sorted(map(lambda x: x['name'], get_selinux_users())) def get_all_file_types(): global file_types if file_types: return file_types - file_types = info(ATTRIBUTE, "file_type")[0]["types"] - file_types.sort() + file_types = list(sorted(info(ATTRIBUTE, "file_type"))[0]["types"]) return file_types @@ -689,15 +681,14 @@ def get_all_port_types(): global port_types if port_types: return port_types - port_types = info(ATTRIBUTE, "port_type")[0]["types"] - port_types.sort() + port_types = list(sorted(info(ATTRIBUTE, "port_type"))[0]["types"]) return port_types def get_all_bools(): global bools if not bools: - bools = info(BOOLEAN) + bools = list(info(BOOLEAN)) return bools @@ -805,7 +796,7 @@ def get_description(f, markup=markup): def get_all_attributes(): global all_attributes if not all_attributes: - all_attributes = map(lambda x: x['name'], info(ATTRIBUTE)) + all_attributes = list(sorted(map(lambda x: x['name'], info(ATTRIBUTE)))) return all_attributes