calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'af2dafed0a'
${ noResults }
gentoo-overlay/sys-apps/selinux-python/files/selinux-python-3.2-optional...

272 lines
8.8 KiB
Raw Blame History

Avoid importing networkx which ends up having a Fortran (and other large)
dependencies.
https://bugs.gentoo.org/809038
https://github.com/SELinuxProject/selinux/commit/ba23ba068364ab11ff51f52bd1e20e3c63798a62
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Wed, 25 Aug 2021 11:19:40 +0200
Subject: [PATCH] python: Import specific modules from setools for less deps
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Import the setools classes needed for Python bindings from specific
setools modules in order to reduce the dependency footprint
of the Python bindings. Importing the top-level module causes all
setools modules to be loaded which includes the modules that require
networkx.
SELinux packages belong to the group of core system packages on Gentoo
Linux. It is desirable to keep the system set as small as possible,
and the dependency between setools and networkx seems to be the easiest
link to break without major loss of functionality.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
--- a/semanage/seobject.py
+++ b/semanage/seobject.py
@@ -31,7 +31,8 @@
from semanage import *
PROGNAME = "policycoreutils"
import sepolicy
-import setools
+from setools.policyrep import SELinuxPolicy
+from setools.typequery import TypeQuery
import ipaddress
try:
@@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
+ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
self.valid_types = sorted(str(t) for t in q.results())
except:
pass
@@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
+ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
self.valid_types = set(str(t) for t in q.results())
except:
pass
--- a/sepolicy/sepolicy/__init__.py
+++ b/sepolicy/sepolicy/__init__.py
@@ -4,7 +4,6 @@
import errno
import selinux
-import setools
import glob
import sepolgen.defaults as defaults
import sepolgen.interfaces as interfaces
@@ -13,6 +12,17 @@
import re
import gzip
+from setools.boolquery import BoolQuery
+from setools.portconquery import PortconQuery
+from setools.policyrep import SELinuxPolicy
+from setools.objclassquery import ObjClassQuery
+from setools.rbacrulequery import RBACRuleQuery
+from setools.rolequery import RoleQuery
+from setools.terulequery import TERuleQuery
+from setools.typeattrquery import TypeAttributeQuery
+from setools.typequery import TypeQuery
+from setools.userquery import UserQuery
+
PROGNAME = "policycoreutils"
try:
import gettext
@@ -168,7 +178,7 @@ def policy(policy_file):
global _pol
try:
- _pol = setools.SELinuxPolicy(policy_file)
+ _pol = SELinuxPolicy(policy_file)
except:
raise ValueError(_("Failed to read %s policy file") % policy_file)
@@ -188,7 +198,7 @@ def info(setype, name=None):
init_policy()
if setype == TYPE:
- q = setools.TypeQuery(_pol)
+ q = TypeQuery(_pol)
q.name = name
results = list(q.results())
@@ -206,7 +216,7 @@ def info(setype, name=None):
} for x in results)
elif setype == ROLE:
- q = setools.RoleQuery(_pol)
+ q = RoleQuery(_pol)
if name:
q.name = name
@@ -217,7 +227,7 @@ def info(setype, name=None):
} for x in q.results())
elif setype == ATTRIBUTE:
- q = setools.TypeAttributeQuery(_pol)
+ q = TypeAttributeQuery(_pol)
if name:
q.name = name
@@ -227,7 +237,7 @@ def info(setype, name=None):
} for x in q.results())
elif setype == PORT:
- q = setools.PortconQuery(_pol)
+ q = PortconQuery(_pol)
if name:
ports = [int(i) for i in name.split("-")]
if len(ports) == 2:
@@ -251,7 +261,7 @@ def info(setype, name=None):
} for x in q.results())
elif setype == USER:
- q = setools.UserQuery(_pol)
+ q = UserQuery(_pol)
if name:
q.name = name
@@ -268,7 +278,7 @@ def info(setype, name=None):
} for x in q.results())
elif setype == BOOLEAN:
- q = setools.BoolQuery(_pol)
+ q = BoolQuery(_pol)
if name:
q.name = name
@@ -278,7 +288,7 @@ def info(setype, name=None):
} for x in q.results())
elif setype == TCLASS:
- q = setools.ObjClassQuery(_pol)
+ q = ObjClassQuery(_pol)
if name:
q.name = name
@@ -372,11 +382,11 @@ def search(types, seinfo=None):
tertypes.append(DONTAUDIT)
if len(tertypes) > 0:
- q = setools.TERuleQuery(_pol,
- ruletype=tertypes,
- source=source,
- target=target,
- tclass=tclass)
+ q = TERuleQuery(_pol,
+ ruletype=tertypes,
+ source=source,
+ target=target,
+ tclass=tclass)
if PERMS in seinfo:
q.perms = seinfo[PERMS]
@@ -385,11 +395,11 @@ def search(types, seinfo=None):
if TRANSITION in types:
rtypes = ['type_transition', 'type_change', 'type_member']
- q = setools.TERuleQuery(_pol,
- ruletype=rtypes,
- source=source,
- target=target,
- tclass=tclass)
+ q = TERuleQuery(_pol,
+ ruletype=rtypes,
+ source=source,
+ target=target,
+ tclass=tclass)
if PERMS in seinfo:
q.perms = seinfo[PERMS]
@@ -398,11 +408,11 @@ def search(types, seinfo=None):
if ROLE_ALLOW in types:
ratypes = ['allow']
- q = setools.RBACRuleQuery(_pol,
- ruletype=ratypes,
- source=source,
- target=target,
- tclass=tclass)
+ q = RBACRuleQuery(_pol,
+ ruletype=ratypes,
+ source=source,
+ target=target,
+ tclass=tclass)
for r in q.results():
toret.append({'source': str(r.source),
@@ -720,11 +730,11 @@ def get_all_entrypoints():
def get_entrypoint_types(setype):
- q = setools.TERuleQuery(_pol,
- ruletype=[ALLOW],
- source=setype,
- tclass=["file"],
- perms=["entrypoint"])
+ q = TERuleQuery(_pol,
+ ruletype=[ALLOW],
+ source=setype,
+ tclass=["file"],
+ perms=["entrypoint"])
return [str(x.target) for x in q.results() if x.source == setype]
@@ -739,10 +749,10 @@ def get_init_transtype(path):
def get_init_entrypoint(transtype):
- q = setools.TERuleQuery(_pol,
- ruletype=["type_transition"],
- source="init_t",
- tclass=["process"])
+ q = TERuleQuery(_pol,
+ ruletype=["type_transition"],
+ source="init_t",
+ tclass=["process"])
entrypoints = []
for i in q.results():
try:
@@ -754,10 +764,10 @@ def get_init_entrypoint(transtype):
return entrypoints
def get_init_entrypoints_str():
- q = setools.TERuleQuery(_pol,
- ruletype=["type_transition"],
- source="init_t",
- tclass=["process"])
+ q = TERuleQuery(_pol,
+ ruletype=["type_transition"],
+ source="init_t",
+ tclass=["process"])
entrypoints = {}
for i in q.results():
try:
@@ -837,7 +847,7 @@ def get_all_role_allows():
return role_allows
role_allows = {}
- q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
+ q = RBACRuleQuery(_pol, ruletype=[ALLOW])
for r in q.results():
src = str(r.source)
tgt = str(r.target)
@@ -923,7 +933,7 @@ def get_all_roles():
if not _pol:
init_policy()
- q = setools.RoleQuery(_pol)
+ q = RoleQuery(_pol)
roles = [str(x) for x in q.results() if str(x) != "object_r"]
return roles
Reference in new issue View Git Blame Copy Permalink