On Tue, Aug 31, 2021 at 6:38 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Aug 25, 2021 at 5:27 AM Michał Górny <mgorny@xxxxxxxxxx> wrote:
> >
> > Import the setools classes needed for Python bindings from specific
> > setools modules in order to reduce the dependency footprint
> > of the Python bindings. Importing the top-level module causes all
> > setools modules to be loaded which includes the modules that require
> > networkx.
> >
> > SELinux packages belong to the group of core system packages on Gentoo
> > Linux. It is desirable to keep the system set as small as possible,
> > and the dependency between setools and networkx seems to be the easiest
> > link to break without major loss of functionality.
> >
> > Signed-off-by: Michał Górny <mgorny@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > python/semanage/seobject.py | 7 ++-
> > python/sepolicy/sepolicy/__init__.py | 88 ++++++++++++++++------------
> > 2 files changed, 53 insertions(+), 42 deletions(-)
> >
> > diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> > index 6a14f7b4..21adbf6e 100644
> > --- a/python/semanage/seobject.py
> > +++ b/python/semanage/seobject.py
> > @@ -31,7 +31,8 @@ import socket
> > from semanage import *
> > PROGNAME = "policycoreutils"
> > import sepolicy
> > -import setools
> > +from setools.policyrep import SELinuxPolicy
> > +from setools.typequery import TypeQuery
> > import ipaddress
> >
> > try:
> > @@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords):
> > def __init__(self, args = None):
> > semanageRecords.__init__(self, args)
> > try:
> > - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
> > + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
> > self.valid_types = sorted(str(t) for t in q.results())
> > except:
> > pass
> > @@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords):
> > def __init__(self, args = None):
> > semanageRecords.__init__(self, args)
> > try:
> > - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
> > + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
> > self.valid_types = set(str(t) for t in q.results())
> > except:
> > pass
> > diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
> > index 9338603e..e8654abb 100644
> > --- a/python/sepolicy/sepolicy/__init__.py
> > +++ b/python/sepolicy/sepolicy/__init__.py
> > @@ -4,7 +4,6 @@
> >
> > import errno
> > import selinux
> > -import setools
> > import glob
> > import sepolgen.defaults as defaults
> > import sepolgen.interfaces as interfaces
> > @@ -13,6 +12,17 @@ import os
> > import re
> > import gzip
> >
> > +from setools.boolquery import BoolQuery
> > +from setools.portconquery import PortconQuery
> > +from setools.policyrep import SELinuxPolicy
> > +from setools.objclassquery import ObjClassQuery
> > +from setools.rbacrulequery import RBACRuleQuery
> > +from setools.rolequery import RoleQuery
> > +from setools.terulequery import TERuleQuery
> > +from setools.typeattrquery import TypeAttributeQuery
> > +from setools.typequery import TypeQuery
> > +from setools.userquery import UserQuery
> > +
> > PROGNAME = "policycoreutils"
> > try:
> > import gettext
> > @@ -168,7 +178,7 @@ def policy(policy_file):
> > global _pol
> >
> > try:
> > - _pol = setools.SELinuxPolicy(policy_file)
> > + _pol = SELinuxPolicy(policy_file)
> > except:
> > raise ValueError(_("Failed to read %s policy file") % policy_file)
> >
> > @@ -188,7 +198,7 @@ def info(setype, name=None):
> > init_policy()
> >
> > if setype == TYPE:
> > - q = setools.TypeQuery(_pol)
> > + q = TypeQuery(_pol)
> > q.name = name
> > results = list(q.results())
> >
> > @@ -206,7 +216,7 @@ def info(setype, name=None):
> > } for x in results)
> >
> > elif setype == ROLE:
> > - q = setools.RoleQuery(_pol)
> > + q = RoleQuery(_pol)
> > if name:
> > q.name = name
> >
> > @@ -217,7 +227,7 @@ def info(setype, name=None):
> > } for x in q.results())
> >
> > elif setype == ATTRIBUTE:
> > - q = setools.TypeAttributeQuery(_pol)
> > + q = TypeAttributeQuery(_pol)
> > if name:
> > q.name = name
> >
> > @@ -227,7 +237,7 @@ def info(setype, name=None):
> > } for x in q.results())
> >
> > elif setype == PORT:
> > - q = setools.PortconQuery(_pol)
> > + q = PortconQuery(_pol)
> > if name:
> > ports = [int(i) for i in name.split("-")]
> > if len(ports) == 2:
> > @@ -251,7 +261,7 @@ def info(setype, name=None):
> > } for x in q.results())
> >
> > elif setype == USER:
> > - q = setools.UserQuery(_pol)
> > + q = UserQuery(_pol)
> > if name:
> > q.name = name
> >
> > @@ -268,7 +278,7 @@ def info(setype, name=None):
> > } for x in q.results())
> >
> > elif setype == BOOLEAN:
> > - q = setools.BoolQuery(_pol)
> > + q = BoolQuery(_pol)
> > if name:
> > q.name = name
> >
> > @@ -278,7 +288,7 @@ def info(setype, name=None):
> > } for x in q.results())
> >
> > elif setype == TCLASS:
> > - q = setools.ObjClassQuery(_pol)
> > + q = ObjClassQuery(_pol)
> > if name:
> > q.name = name
> >
> > @@ -372,11 +382,11 @@ def search(types, seinfo=None):
> > tertypes.append(DONTAUDIT)
> >
> > if len(tertypes) > 0:
> > - q = setools.TERuleQuery(_pol,
> > - ruletype=tertypes,
> > - source=source,
> > - target=target,
> > - tclass=tclass)
> > + q = TERuleQuery(_pol,
> > + ruletype=tertypes,
> > + source=source,
> > + target=target,
> > + tclass=tclass)
> >
> > if PERMS in seinfo:
> > q.perms = seinfo[PERMS]
> > @@ -385,11 +395,11 @@ def search(types, seinfo=None):
> >
> > if TRANSITION in types:
> > rtypes = ['type_transition', 'type_change', 'type_member']
> > - q = setools.TERuleQuery(_pol,
> > - ruletype=rtypes,
> > - source=source,
> > - target=target,
> > - tclass=tclass)
> > + q = TERuleQuery(_pol,
> > + ruletype=rtypes,
> > + source=source,
> > + target=target,
> > + tclass=tclass)
> >
> > if PERMS in seinfo:
> > q.perms = seinfo[PERMS]
> > @@ -398,11 +408,11 @@ def search(types, seinfo=None):
> >
> > if ROLE_ALLOW in types:
> > ratypes = ['allow']
> > - q = setools.RBACRuleQuery(_pol,
> > - ruletype=ratypes,
> > - source=source,
> > - target=target,
> > - tclass=tclass)
> > + q = RBACRuleQuery(_pol,
> > + ruletype=ratypes,
> > + source=source,
> > + target=target,
> > + tclass=tclass)
> >
> > for r in q.results():
> > toret.append({'source': str(r.source),
> > @@ -720,11 +730,11 @@ def get_all_entrypoints():
> >
> >
> > def get_entrypoint_types(setype):
> > - q = setools.TERuleQuery(_pol,
> > - ruletype=[ALLOW],
> > - source=setype,
> > - tclass=["file"],
> > - perms=["entrypoint"])
> > + q = TERuleQuery(_pol,
> > + ruletype=[ALLOW],
> > + source=setype,
> > + tclass=["file"],
> > + perms=["entrypoint"])
> > return [str(x.target) for x in q.results() if x.source == setype]
> >
> >
> > @@ -739,10 +749,10 @@ def get_init_transtype(path):
> >
> >
> > def get_init_entrypoint(transtype):
> > - q = setools.TERuleQuery(_pol,
> > - ruletype=["type_transition"],
> > - source="init_t",
> > - tclass=["process"])
> > + q = TERuleQuery(_pol,
> > + ruletype=["type_transition"],
> > + source="init_t",
> > + tclass=["process"])
> > entrypoints = []
> > for i in q.results():
> > try:
> > @@ -754,10 +764,10 @@ def get_init_entrypoint(transtype):
> > return entrypoints
> >
> > def get_init_entrypoints_str():
> > - q = setools.TERuleQuery(_pol,
> > - ruletype=["type_transition"],
> > - source="init_t",
> > - tclass=["process"])
> > + q = TERuleQuery(_pol,
> > + ruletype=["type_transition"],
> > + source="init_t",
> > + tclass=["process"])
> > entrypoints = {}
> > for i in q.results():
> > try:
> > @@ -837,7 +847,7 @@ def get_all_role_allows():
> > return role_allows
> > role_allows = {}
> >
> > - q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
> > + q = RBACRuleQuery(_pol, ruletype=[ALLOW])
> > for r in q.results():
> > src = str(r.source)
> > tgt = str(r.target)
> > @@ -923,7 +933,7 @@ def get_all_roles():
> > if not _pol:
> > init_policy()
> >
> > - q = setools.RoleQuery(_pol)
> > + q = RoleQuery(_pol)
> > roles = [str(x) for x in q.results() if str(x) != "object_r"]
> > return roles
> >
> > --
> > 2.33.0
> >
