...

# Copyright 2015, Tresys Technology, LLC
# Copyright 2018, Chris PeBenito <pebenito@ieee.org>
#
# SPDX-License-Identifier: LGPL-2.1-only
#
from collections import defaultdict
from contextlib import suppress
from typing import NamedTuple, Set

from ..exception import NoCommon
from ..policyrep import ObjClass

from .descriptors import DiffResultDescriptor
from .difference import Difference, SymbolWrapper
from .typing import SymbolCache

_class_cache: SymbolCache[ObjClass] = defaultdict(dict)

class ModifiedObjClass(NamedTuple):

"""Difference details for a modified object class."""

added_perms: Set[str]
    removed_perms: Set[str]
    matched_perms: Set[str]

def class_wrapper_factory(class_: ObjClass) -> SymbolWrapper[ObjClass]:
    """
    Wrap class from the specified policy.

This caches results to prevent duplicate wrapper
    objects in memory.
    """

try:
        return _class_cache[class_.policy][class_]
    except KeyError:
        c = SymbolWrapper(class_)
        _class_cache[class_.policy][class_] = c
        return c

class ObjClassDifference(Difference):

"""
    Determine the difference in object classes
    between two policies.
    """

added_classes = DiffResultDescriptor("diff_classes")
    removed_classes = DiffResultDescriptor("diff_classes")
    modified_classes = DiffResultDescriptor("diff_classes")

def diff_classes(self) -> None:
        """Generate the difference in object classes between the policies."""

self.log.info(
            "Generating class differences from {0.left_policy} to {0.right_policy}".format(self))

self.added_classes, self.removed_classes, matched_classes = self._set_diff(
            (SymbolWrapper(c) for c in self.left_policy.classes()),
            (SymbolWrapper(c) for c in self.right_policy.classes()))

self.modified_classes = dict()

for left_class, right_class in matched_classes:
            # Criteria for modified classes
            # 1. change to permissions (inherited common is expanded)

left_perms = left_class.perms
            with suppress(NoCommon):
                left_perms |= left_class.common.perms

right_perms = right_class.perms
            with suppress(NoCommon):
                right_perms |= right_class.common.perms

added_perms, removed_perms, matched_perms = self._set_diff(left_perms,
                                                                       right_perms,
                                                                       unwrap=False)

if added_perms or removed_perms:
                self.modified_classes[left_class] = ModifiedObjClass(added_perms,
                                                                     removed_perms,
                                                                     matched_perms)

#
    # Internal functions
    #
    def _reset_diff(self) -> None:
        """Reset diff results on policy changes."""
        self.log.debug("Resetting object class differences")
        self.added_classes = None
        self.removed_classes = None
        self.modified_classes = None

.	Edit
..	Edit
__init__.py	Edit
__pycache__	Edit
bool.py	Edit
bounds.py	Edit
commons.py	Edit
conditional.py	Edit
constraints.py	Edit
context.py	Edit
default.py	Edit
descriptors.py	Edit
difference.py	Edit
fsuse.py	Edit
genfscon.py	Edit
ibendportcon.py	Edit
ibpkeycon.py	Edit
initsid.py	Edit
mls.py	Edit
mlsrules.py	Edit
netifcon.py	Edit
nodecon.py	Edit
objclass.py	Edit
polcap.py	Edit
portcon.py	Edit
properties.py	Edit
rbacrules.py	Edit
roles.py	Edit
terules.py	Edit
typeattr.py	Edit
types.py	Edit
typing.py	Edit
users.py	Edit