From patchwork Thu Sep 22 15:17:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Zaman X-Patchwork-Id: 9345527 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 79EDD6077A for ; Thu, 22 Sep 2016 15:21:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BD001FF27 for ; Thu, 22 Sep 2016 15:21:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 60E7F2AB8E; Thu, 22 Sep 2016 15:21:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AB2F11FF27 for ; Thu, 22 Sep 2016 15:20:59 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,378,1470700800"; d="scan'208";a="17864543" IronPort-PHdr: =?us-ascii?q?9a23=3AprC3NxeD/GtZb9loSLZkhFTglGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc6+Yx7h7PlgxGXEQZ/co6odzbGH6ea4BSdQvN6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?= =?us-ascii?q?POO9QteU1JXtkbjusM2OKyxzxxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP?= =?us-ascii?q?5Xz247bXianhL7+9vitMU7q3cYhuglv/Jkfe26Ov1gDO8QMDNzKG0x5cv2pTHf?= =?us-ascii?q?XACP4T0aSWxQnR1WUCbf6xSvfJ7qtS2yhON40S/Sac//VrcycSyv9alqTh7vjm?= =?us-ascii?q?EMMDtvozKfsdB5kK8O+EHpnBd42YOBJdjNOQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EmBgB+9uNX/wHyM5BeHAEBBAEBCgEBGQYMgn0TAQEBAQE?= =?us-ascii?q?egVO6cyKBe4V1TAEBAQEBAQEBAgECWyeCMgQDEwV5Wz0CAQMBAg8oBgEBDCAMA?= =?us-ascii?q?gMJAQEXKQgIAwEtAwEFAQsRDgsFGAQBiCkBoH+BMj4yilaFMAEBBYgoCBCEF4p?= =?us-ascii?q?6EQFohRKIO4Z0ikuPaGWBB4dqJYVvhwaIHDGBEVSDC4IHZQGFO3iBJwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 Sep 2016 15:20:34 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8MFKWiR015901; Thu, 22 Sep 2016 11:20:33 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8MFIPw3125862 for ; Thu, 22 Sep 2016 11:18:25 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8MFIKYM015304 for ; Thu, 22 Sep 2016 11:18:25 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BgAgBR9eNXesLAVdFeHAEBBAEBCgEBgygTAQEBAQGBcbZphBOGHgKBaEwBAgEBAQEBAhMBAQkLDAgZhRECAQMSLgEBNwEPUTQBBQEcGSKIKQGhAIEyPjKKVoUwAQEFh38BAQEBAQEEAgEcCBCEF4t0ggALgweIO4Z0ikuPaGWBB4dqhhSHBogcMYERg1+CB2UBh1oBAQE X-IPAS-Result: A1BgAgBR9eNXesLAVdFeHAEBBAEBCgEBgygTAQEBAQGBcbZphBOGHgKBaEwBAgEBAQEBAhMBAQkLDAgZhRECAQMSLgEBNwEPUTQBBQEcGSKIKQGhAIEyPjKKVoUwAQEFh38BAQEBAQEEAgEcCBCEF4t0ggALgweIO4Z0ikuPaGWBB4dqhhSHBogcMYERg1+CB2UBh1oBAQE X-IronPort-AV: E=Sophos;i="5.30,378,1470715200"; d="scan'208";a="5722220" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 22 Sep 2016 11:18:24 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A4RiXaB0Q7CjzxjBismDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segVKPad9pjvdHbS+e9qxAeQG96KsbQc16GG7ujJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?= =?us-ascii?q?fbWvXNaOxJTqn8mJuLTrKz1SgzS8Zb4gZD6Xli728vcsvI15N6wqwQHIqHYbM8?= =?us-ascii?q?5fxGdvOE7B102kvpT4r9Zf9HFLtvYg8dNQebnrdKQ/C7pDBXIpNH5mytfssEzh?= =?us-ascii?q?RBCI4DMuW2AflFIcAQHe6xfSRprrvCr8t+17niKdOJulHvgPRT2+4vIzG1fTgy?= =?us-ascii?q?AdOmth/Q=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EoBADJ9eNXesLAVdFeHAEBBAEBCgEBG?= =?us-ascii?q?QYMgn0TAQEBAQGBcbZphBOCFIQKAoFoTAEBAQEBAQEBAgECEAEBCQsMCBkvgjI?= =?us-ascii?q?YgQBbPQIBAxIuAQE3AQ9RNAEFARwZIogpAaEDgTI+MopWhTABAQWHfwEBAQEBA?= =?us-ascii?q?QQCARwIEIQXi3SCAAuDB4g7hnSKS49oZYEHh2qGFIcGiBwxgRGDX4IHZQGHWgE?= =?us-ascii?q?BAQ?= X-IPAS-Result: =?us-ascii?q?A0EoBADJ9eNXesLAVdFeHAEBBAEBCgEBGQYMgn0TAQEBAQG?= =?us-ascii?q?BcbZphBOCFIQKAoFoTAEBAQEBAQEBAgECEAEBCQsMCBkvgjIYgQBbPQIBAxIuA?= =?us-ascii?q?QE3AQ9RNAEFARwZIogpAaEDgTI+MopWhTABAQWHfwEBAQEBAQQCARwIEIQXi3S?= =?us-ascii?q?CAAuDB4g7hnSKS49oZYEHh2qGFIcGiBwxgRGDX4IHZQGHWgEBAQ?= X-IronPort-AV: E=Sophos;i="5.30,378,1470700800"; d="scan'208";a="19469537" Received: from mail-pf0-f194.google.com ([209.85.192.194]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 22 Sep 2016 15:18:07 +0000 Received: by mail-pf0-f194.google.com with SMTP id n24so3940485pfb.3 for ; Thu, 22 Sep 2016 08:18:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qeMv/TyHhi1KaCZrg+kAgIFswg8biSW7tkKH21YX7w0=; b=K6Oii7CQZYoZ8n8KgCtN0XSZXsekUMQYYBC9L9XmCG/qNppXjTEcI+F9wpAAGjfsuq U+IRfQ14S8OQ5kg+1bKXvQoG1YnOdyKwMpcJhkrPEVXj/Y2m9hlrzoBjbMh06TH2/lHD 3LL4N0YY7xl1+DbaZmh5ewYR6aZYEpgK2NOys7nAKeaKrEh1gb1/w/cb32Yl7ZwANR6L jp8cwbLLKXmNNtCMmtnJ8UDhLUc645XaE/UrI4Z5io+n8r+wTuk+/E6MyfvY2Wzae9ZJ E4LaHPHzO6otHNO5lCEeylQh/eHX7wJ/Rndis9ju4zHNMwD4qy0hkp+2rKynv+q8NCJz hVhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qeMv/TyHhi1KaCZrg+kAgIFswg8biSW7tkKH21YX7w0=; b=i5ixc60Cd6rU/dRatiRb9HseJ9cRD3a3Hk0k5DJ1fJJjftnUcG9fMUVZzEaNphiTFr QOcnPsOI/7QELmtK6l6Lz72FwmfV1esWOeYlu1YNHUDL+RpPwTiYSNzxCXQz14Yq/HkJ Aj/g44anrKqzIWzS7jWmQP8DE2D2wVaL+qZghXDZuX6BVvDBBBfby7gDotCpd6IRJL5l g7R9CO9s7zIH69kOHSRMIn5U0phTBgUhtPh38WrVmshow5l+HxPSqgFhBlZ9wID28MLq hP/aXNPatxXPuhnCuDyB/I0AI4EXE+W0FkNlejXITUK78ShjK2tzhAllX+fgK8zIV3a4 FIzA== X-Gm-Message-State: AE9vXwMTNy9TGSOQB3OqBCn/gyuvu9emE/WlAzljMjSagrcRIVCl8+OXCZ7wZoxzH/sJkQ== X-Received: by 10.98.216.6 with SMTP id e6mr4217878pfg.106.1474557486031; Thu, 22 Sep 2016 08:18:06 -0700 (PDT) Received: from localhost ([2404:e800:e600:57b:e014:183:951f:342c]) by smtp.gmail.com with ESMTPSA id y11sm3103098pfa.4.2016.09.22.08.18.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Sep 2016 08:18:05 -0700 (PDT) From: Jason Zaman To: selinux@tycho.nsa.gov Subject: [PATCH 3/7] sepolicy: update some users of search() to use setools directly Date: Thu, 22 Sep 2016 23:17:29 +0800 Message-Id: <1474557453-14379-4-git-send-email-jason@perfinion.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1474557453-14379-1-git-send-email-jason@perfinion.com> References: <1474557453-14379-1-git-send-email-jason@perfinion.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP search() is an overly complex wrapper around setools, several users are simplified by just directly using setools. Signed-off-by: Jason Zaman --- policycoreutils/sepolicy/sepolicy/__init__.py | 47 ++++++++++++++++----------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py index f24750a..37946f3 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -460,12 +460,12 @@ def get_all_entrypoints(): def get_entrypoint_types(setype): - entrypoints = [] - try: - entrypoints = map(lambda x: x['target'], filter(lambda x: x['source'] == setype, search([ALLOW], {'source': setype, 'permlist': ['entrypoint'], 'class': 'file'}))) - except TypeError: - pass - return entrypoints + q = setools.TERuleQuery(_pol, + ruletype=[ALLOW], + source=setype, + tclass=["file"], + perms=["entrypoint"]) + return [str(x.target) for x in q.results() if x.source == setype] def get_init_transtype(path): @@ -481,14 +481,19 @@ def get_init_transtype(path): def get_init_entrypoint(transtype): - try: - entrypoints = filter(lambda x: x['transtype'] == transtype, search([TRANSITION], {'source': "init_t", 'class': 'process'})) - if len(entrypoints) == 0: - return None - return entrypoints[0]["target"] - except TypeError: - pass - return None + q = setools.TERuleQuery(_pol, + ruletype=["type_transition"], + source="init_t", + tclass=["process"]) + entrypoints = [] + for i in q.results(): + try: + if i.default == transtype: + entrypoints.append(i.target) + except AttributeError: + continue + + return entrypoints def get_init_entrypoint_target(entrypoint): @@ -551,13 +556,17 @@ def get_all_role_allows(): if role_allows: return role_allows role_allows = {} - for r in search([ROLE_ALLOW]): - if r["source"] == "system_r" or r["target"] == "system_r": + + q = setools.RBACRuleQuery(_pol, ruletype='allow') + for r in q.results(): + src = str(r.source) + tgt = str(r.target) + if src == "system_r" or tgt == "system_r": continue - if r["source"] in role_allows: - role_allows[r["source"]].append(r["target"]) + if src in role_allows: + role_allows[src].append(tgt) else: - role_allows[r["source"]] = [r["target"]] + role_allows[src] = [tgt] return role_allows