diff options
Diffstat (limited to 'lib/python2.7/site-packages/setools/dta.py')
| -rwxr-xr-x[-rw-r--r--] | lib/python2.7/site-packages/setools/dta.py | 59 |
1 files changed, 38 insertions, 21 deletions
diff --git a/lib/python2.7/site-packages/setools/dta.py b/lib/python2.7/site-packages/setools/dta.py index 53328f4..b16838d 100644..100755 --- a/lib/python2.7/site-packages/setools/dta.py +++ b/lib/python2.7/site-packages/setools/dta.py @@ -54,7 +54,7 @@ class DomainTransitionAnalysis(object): Parameter: policy The policy to analyze. """ - self.log = logging.getLogger(self.__class__.__name__) + self.log = logging.getLogger(__name__) self.policy = policy self.exclude = exclude @@ -82,7 +82,7 @@ class DomainTransitionAnalysis(object): if types: self._exclude = [self.policy.lookup_type(t) for t in types] else: - self._exclude = None + self._exclude = [] self.rebuildsubgraph = True @@ -107,7 +107,7 @@ class DomainTransitionAnalysis(object): if self.rebuildsubgraph: self._build_subgraph() - self.log.info("Generating one shortest path from {0} to {1}...".format(s, t)) + self.log.info("Generating one domain transition path from {0} to {1}...".format(s, t)) try: yield self.__generate_steps(nx.shortest_path(self.subG, s, t)) @@ -143,7 +143,8 @@ class DomainTransitionAnalysis(object): if self.rebuildsubgraph: self._build_subgraph() - self.log.info("Generating all paths from {0} to {1}, max len {2}...".format(s, t, maxlen)) + self.log.info("Generating all domain transition paths from {0} to {1}, max length {2}...". + format(s, t, maxlen)) try: for path in nx.all_simple_paths(self.subG, s, t, maxlen): @@ -175,7 +176,8 @@ class DomainTransitionAnalysis(object): if self.rebuildsubgraph: self._build_subgraph() - self.log.info("Generating all shortest paths from {0} to {1}...".format(s, t)) + self.log.info("Generating all shortest domain transition paths from {0} to {1}...". + format(s, t)) try: for path in nx.all_shortest_paths(self.subG, s, t): @@ -207,7 +209,7 @@ class DomainTransitionAnalysis(object): if self.rebuildsubgraph: self._build_subgraph() - self.log.info("Generating all transitions {1} {0}". + self.log.info("Generating all domain transitions {1} {0}". format(s, "in to" if self.reverse else "out from")) try: @@ -247,21 +249,21 @@ class DomainTransitionAnalysis(object): @staticmethod def __generate_entrypoints(edge): """ - Generator which yields the entrypoint, execute, and + Creates a list of entrypoint, execute, and type_transition rules for each entrypoint. Parameter: data The dictionary of entrypoints. - Yield: tuple(type, entry, exec, trans) + Return: list of tuple(type, entry, exec, trans) type The entrypoint type. entry The list of entrypoint rules. exec The list of execute rules. trans The list of type_transition rules. """ - for e in edge.entrypoint: - yield entrypoint_output(e, edge.entrypoint[e], edge.execute[e], edge.type_transition[e]) + return [entrypoint_output(e, edge.entrypoint[e], edge.execute[e], edge.type_transition[e]) + for e in edge.entrypoint] def __generate_steps(self, path): """ @@ -361,7 +363,7 @@ class DomainTransitionAnalysis(object): self.G.clear() self.G.name = "Domain transition graph for {0}.".format(self.policy) - self.log.info("Building graph from {0}...".format(self.policy)) + self.log.info("Building domain transition graph from {0}...".format(self.policy)) # hash tables keyed on domain type setexec = defaultdict(list) @@ -500,7 +502,10 @@ class DomainTransitionAnalysis(object): self.rebuildgraph = False self.rebuildsubgraph = True - self.log.info("Completed building graph.") + self.log.info("Completed building domain transition graph.") + self.log.debug("Graph stats: nodes: {0}, edges: {1}.".format( + nx.number_of_nodes(self.G), + nx.number_of_edges(self.G))) def __remove_excluded_entrypoints(self): invalid_edges = [] @@ -535,7 +540,7 @@ class DomainTransitionAnalysis(object): if self.rebuildgraph: self._build_graph() - self.log.info("Building subgraph.") + self.log.info("Building domain transition subgraph.") self.log.debug("Excluding {0}".format(self.exclude)) self.log.debug("Reverse {0}".format(self.reverse)) @@ -553,7 +558,10 @@ class DomainTransitionAnalysis(object): self.__remove_excluded_entrypoints() self.rebuildsubgraph = False - self.log.info("Completed building subgraph.") + self.log.info("Completed building domain transition subgraph.") + self.log.debug("Subgraph stats: nodes: {0}, edges: {1}.".format( + nx.number_of_nodes(self.subG), + nx.number_of_edges(self.subG))) class Edge(object): @@ -562,6 +570,7 @@ class Edge(object): A graph edge. Also used for returning domain transition steps. Parameters: + graph The NetworkX graph. source The source type of the edge. target The target tyep of the edge. @@ -583,12 +592,6 @@ class Edge(object): self.source = source self.target = target - # a bit of a hack to make Edges work - # in NetworkX functions that work on - # 2-tuples of (source, target) - # (see __getitem__ below) - self.st_tuple = (source, target) - if not self.G.has_edge(source, target): if not create: raise ValueError("Edge does not exist in graph") @@ -603,4 +606,18 @@ class Edge(object): self.setcurrent = None def __getitem__(self, key): - return self.st_tuple[key] + # This is implemented so this object can be used in NetworkX + # functions that operate on (source, target) tuples + if isinstance(key, slice): + return [self._index_to_item(i) for i in range(* key.indices(2))] + else: + return self._index_to_item(key) + + def _index_to_item(self, index): + """Return source or target based on index.""" + if index == 0: + return self.source + elif index == 1: + return self.target + else: + raise IndexError("Invalid index (edges only have 2 items): {0}".format(index)) |