On Wed, Aug 25, 2021 at 5:27 AM Michał Górny <mgorny@xxxxxxxxxx> wrote:
>
> Import the setools classes needed for Python bindings from specific
> setools modules in order to reduce the dependency footprint
> of the Python bindings. Importing the top-level module causes all
> setools modules to be loaded which includes the modules that require
> networkx.
>
> SELinux packages belong to the group of core system packages on Gentoo
> Linux. It is desirable to keep the system set as small as possible,
> and the dependency between setools and networkx seems to be the easiest
> link to break without major loss of functionality.
>
> Signed-off-by: Michał Górny <mgorny@xxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> python/semanage/seobject.py | 7 ++-
> python/sepolicy/sepolicy/__init__.py | 88 ++++++++++++++++------------
> 2 files changed, 53 insertions(+), 42 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 6a14f7b4..21adbf6e 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -31,7 +31,8 @@ import socket
> from semanage import *
> PROGNAME = "policycoreutils"
> import sepolicy
> -import setools
> +from setools.policyrep import SELinuxPolicy
> +from setools.typequery import TypeQuery
> import ipaddress
>
> try:
> @@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords):
> def __init__(self, args = None):
> semanageRecords.__init__(self, args)
> try:
> - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
> + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
> self.valid_types = sorted(str(t) for t in q.results())
> except:
> pass
> @@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords):
> def __init__(self, args = None):
> semanageRecords.__init__(self, args)
> try:
> - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
> + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
> self.valid_types = set(str(t) for t in q.results())
> except:
> pass
> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
> index 9338603e..e8654abb 100644
> --- a/python/sepolicy/sepolicy/__init__.py
> +++ b/python/sepolicy/sepolicy/__init__.py
> @@ -4,7 +4,6 @@
>
> import errno
> import selinux
> -import setools
> import glob
> import sepolgen.defaults as defaults
> import sepolgen.interfaces as interfaces
> @@ -13,6 +12,17 @@ import os
> import re
> import gzip
>
> +from setools.boolquery import BoolQuery
> +from setools.portconquery import PortconQuery
> +from setools.policyrep import SELinuxPolicy
> +from setools.objclassquery import ObjClassQuery
> +from setools.rbacrulequery import RBACRuleQuery
> +from setools.rolequery import RoleQuery
> +from setools.terulequery import TERuleQuery
> +from setools.typeattrquery import TypeAttributeQuery
> +from setools.typequery import TypeQuery
> +from setools.userquery import UserQuery
> +
> PROGNAME = "policycoreutils"
> try:
> import gettext
> @@ -168,7 +178,7 @@ def policy(policy_file):
> global _pol
>
> try:
> - _pol = setools.SELinuxPolicy(policy_file)
> + _pol = SELinuxPolicy(policy_file)
> except:
> raise ValueError(_("Failed to read %s policy file") % policy_file)
>
> @@ -188,7 +198,7 @@ def info(setype, name=None):
> init_policy()
>
> if setype == TYPE:
> - q = setools.TypeQuery(_pol)
> + q = TypeQuery(_pol)
> q.name = name
> results = list(q.results())
>
> @@ -206,7 +216,7 @@ def info(setype, name=None):
> } for x in results)
>
> elif setype == ROLE:
> - q = setools.RoleQuery(_pol)
> + q = RoleQuery(_pol)
> if name:
> q.name = name
>
> @@ -217,7 +227,7 @@ def info(setype, name=None):
> } for x in q.results())
>
> elif setype == ATTRIBUTE:
> - q = setools.TypeAttributeQuery(_pol)
> + q = TypeAttributeQuery(_pol)
> if name:
> q.name = name
>
> @@ -227,7 +237,7 @@ def info(setype, name=None):
> } for x in q.results())
>
> elif setype == PORT:
> - q = setools.PortconQuery(_pol)
> + q = PortconQuery(_pol)
> if name:
> ports = [int(i) for i in name.split("-")]
> if len(ports) == 2:
> @@ -251,7 +261,7 @@ def info(setype, name=None):
> } for x in q.results())
>
> elif setype == USER:
> - q = setools.UserQuery(_pol)
> + q = UserQuery(_pol)
> if name:
> q.name = name
>
> @@ -268,7 +278,7 @@ def info(setype, name=None):
> } for x in q.results())
>
> elif setype == BOOLEAN:
> - q = setools.BoolQuery(_pol)
> + q = BoolQuery(_pol)
> if name:
> q.name = name
>
> @@ -278,7 +288,7 @@ def info(setype, name=None):
> } for x in q.results())
>
> elif setype == TCLASS:
> - q = setools.ObjClassQuery(_pol)
> + q = ObjClassQuery(_pol)
> if name:
> q.name = name
>
> @@ -372,11 +382,11 @@ def search(types, seinfo=None):
> tertypes.append(DONTAUDIT)
>
> if len(tertypes) > 0:
> - q = setools.TERuleQuery(_pol,
> - ruletype=tertypes,
> - source=source,
> - target=target,
> - tclass=tclass)
> + q = TERuleQuery(_pol,
> + ruletype=tertypes,
> + source=source,
> + target=target,
> + tclass=tclass)
>
> if PERMS in seinfo:
> q.perms = seinfo[PERMS]
> @@ -385,11 +395,11 @@ def search(types, seinfo=None):
>
> if TRANSITION in types:
> rtypes = ['type_transition', 'type_change', 'type_member']
> - q = setools.TERuleQuery(_pol,
> - ruletype=rtypes,
> - source=source,
> - target=target,
> - tclass=tclass)
> + q = TERuleQuery(_pol,
> + ruletype=rtypes,
> + source=source,
> + target=target,
> + tclass=tclass)
>
> if PERMS in seinfo:
> q.perms = seinfo[PERMS]
> @@ -398,11 +408,11 @@ def search(types, seinfo=None):
>
> if ROLE_ALLOW in types:
> ratypes = ['allow']
> - q = setools.RBACRuleQuery(_pol,
> - ruletype=ratypes,
> - source=source,
> - target=target,
> - tclass=tclass)
> + q = RBACRuleQuery(_pol,
> + ruletype=ratypes,
> + source=source,
> + target=target,
> + tclass=tclass)
>
> for r in q.results():
> toret.append({'source': str(r.source),
> @@ -720,11 +730,11 @@ def get_all_entrypoints():
>
>
> def get_entrypoint_types(setype):
> - q = setools.TERuleQuery(_pol,
> - ruletype=[ALLOW],
> - source=setype,
> - tclass=["file"],
> - perms=["entrypoint"])
> + q = TERuleQuery(_pol,
> + ruletype=[ALLOW],
> + source=setype,
> + tclass=["file"],
> + perms=["entrypoint"])
> return [str(x.target) for x in q.results() if x.source == setype]
>
>
> @@ -739,10 +749,10 @@ def get_init_transtype(path):
>
>
> def get_init_entrypoint(transtype):
> - q = setools.TERuleQuery(_pol,
> - ruletype=["type_transition"],
> - source="init_t",
> - tclass=["process"])
> + q = TERuleQuery(_pol,
> + ruletype=["type_transition"],
> + source="init_t",
> + tclass=["process"])
> entrypoints = []
> for i in q.results():
> try:
> @@ -754,10 +764,10 @@ def get_init_entrypoint(transtype):
> return entrypoints
>
> def get_init_entrypoints_str():
> - q = setools.TERuleQuery(_pol,
> - ruletype=["type_transition"],
> - source="init_t",
> - tclass=["process"])
> + q = TERuleQuery(_pol,
> + ruletype=["type_transition"],
> + source="init_t",
> + tclass=["process"])
> entrypoints = {}
> for i in q.results():
> try:
> @@ -837,7 +847,7 @@ def get_all_role_allows():
> return role_allows
> role_allows = {}
>
> - q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
> + q = RBACRuleQuery(_pol, ruletype=[ALLOW])
> for r in q.results():
> src = str(r.source)
> tgt = str(r.target)
> @@ -923,7 +933,7 @@ def get_all_roles():
> if not _pol:
> init_policy()
>
> - q = setools.RoleQuery(_pol)
> + q = RoleQuery(_pol)
> roles = [str(x) for x in q.results() if str(x) != "object_r"]
> return roles
>
> --
> 2.33.0
>
