Avoid importing networkx which ends up having a Fortran (and other large) dependencies. https://bugs.gentoo.org/809038 https://github.com/SELinuxProject/selinux/commit/ba23ba068364ab11ff51f52bd1e20e3c63798a62 From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Date: Wed, 25 Aug 2021 11:19:40 +0200 Subject: [PATCH] python: Import specific modules from setools for less deps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Import the setools classes needed for Python bindings from specific setools modules in order to reduce the dependency footprint of the Python bindings. Importing the top-level module causes all setools modules to be loaded which includes the modules that require networkx. SELinux packages belong to the group of core system packages on Gentoo Linux. It is desirable to keep the system set as small as possible, and the dependency between setools and networkx seems to be the easiest link to break without major loss of functionality. Signed-off-by: Michał Górny --- a/semanage/seobject.py +++ b/semanage/seobject.py @@ -31,7 +31,8 @@ from semanage import * PROGNAME = "policycoreutils" import sepolicy -import setools +from setools.policyrep import SELinuxPolicy +from setools.typequery import TypeQuery import ipaddress try: @@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords): def __init__(self, args = None): semanageRecords.__init__(self, args) try: - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) self.valid_types = sorted(str(t) for t in q.results()) except: pass @@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords): def __init__(self, args = None): semanageRecords.__init__(self, args) try: - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) + q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) self.valid_types = set(str(t) for t in q.results()) except: pass --- a/sepolicy/sepolicy/__init__.py +++ b/sepolicy/sepolicy/__init__.py @@ -4,7 +4,6 @@ import errno import selinux -import setools import glob import sepolgen.defaults as defaults import sepolgen.interfaces as interfaces @@ -13,6 +12,17 @@ import re import gzip +from setools.boolquery import BoolQuery +from setools.portconquery import PortconQuery +from setools.policyrep import SELinuxPolicy +from setools.objclassquery import ObjClassQuery +from setools.rbacrulequery import RBACRuleQuery +from setools.rolequery import RoleQuery +from setools.terulequery import TERuleQuery +from setools.typeattrquery import TypeAttributeQuery +from setools.typequery import TypeQuery +from setools.userquery import UserQuery + PROGNAME = "policycoreutils" try: import gettext @@ -168,7 +178,7 @@ def policy(policy_file): global _pol try: - _pol = setools.SELinuxPolicy(policy_file) + _pol = SELinuxPolicy(policy_file) except: raise ValueError(_("Failed to read %s policy file") % policy_file) @@ -188,7 +198,7 @@ def info(setype, name=None): init_policy() if setype == TYPE: - q = setools.TypeQuery(_pol) + q = TypeQuery(_pol) q.name = name results = list(q.results()) @@ -206,7 +216,7 @@ def info(setype, name=None): } for x in results) elif setype == ROLE: - q = setools.RoleQuery(_pol) + q = RoleQuery(_pol) if name: q.name = name @@ -217,7 +227,7 @@ def info(setype, name=None): } for x in q.results()) elif setype == ATTRIBUTE: - q = setools.TypeAttributeQuery(_pol) + q = TypeAttributeQuery(_pol) if name: q.name = name @@ -227,7 +237,7 @@ def info(setype, name=None): } for x in q.results()) elif setype == PORT: - q = setools.PortconQuery(_pol) + q = PortconQuery(_pol) if name: ports = [int(i) for i in name.split("-")] if len(ports) == 2: @@ -251,7 +261,7 @@ def info(setype, name=None): } for x in q.results()) elif setype == USER: - q = setools.UserQuery(_pol) + q = UserQuery(_pol) if name: q.name = name @@ -268,7 +278,7 @@ def info(setype, name=None): } for x in q.results()) elif setype == BOOLEAN: - q = setools.BoolQuery(_pol) + q = BoolQuery(_pol) if name: q.name = name @@ -278,7 +288,7 @@ def info(setype, name=None): } for x in q.results()) elif setype == TCLASS: - q = setools.ObjClassQuery(_pol) + q = ObjClassQuery(_pol) if name: q.name = name @@ -372,11 +382,11 @@ def search(types, seinfo=None): tertypes.append(DONTAUDIT) if len(tertypes) > 0: - q = setools.TERuleQuery(_pol, - ruletype=tertypes, - source=source, - target=target, - tclass=tclass) + q = TERuleQuery(_pol, + ruletype=tertypes, + source=source, + target=target, + tclass=tclass) if PERMS in seinfo: q.perms = seinfo[PERMS] @@ -385,11 +395,11 @@ def search(types, seinfo=None): if TRANSITION in types: rtypes = ['type_transition', 'type_change', 'type_member'] - q = setools.TERuleQuery(_pol, - ruletype=rtypes, - source=source, - target=target, - tclass=tclass) + q = TERuleQuery(_pol, + ruletype=rtypes, + source=source, + target=target, + tclass=tclass) if PERMS in seinfo: q.perms = seinfo[PERMS] @@ -398,11 +408,11 @@ def search(types, seinfo=None): if ROLE_ALLOW in types: ratypes = ['allow'] - q = setools.RBACRuleQuery(_pol, - ruletype=ratypes, - source=source, - target=target, - tclass=tclass) + q = RBACRuleQuery(_pol, + ruletype=ratypes, + source=source, + target=target, + tclass=tclass) for r in q.results(): toret.append({'source': str(r.source), @@ -720,11 +730,11 @@ def get_all_entrypoints(): def get_entrypoint_types(setype): - q = setools.TERuleQuery(_pol, - ruletype=[ALLOW], - source=setype, - tclass=["file"], - perms=["entrypoint"]) + q = TERuleQuery(_pol, + ruletype=[ALLOW], + source=setype, + tclass=["file"], + perms=["entrypoint"]) return [str(x.target) for x in q.results() if x.source == setype] @@ -739,10 +749,10 @@ def get_init_transtype(path): def get_init_entrypoint(transtype): - q = setools.TERuleQuery(_pol, - ruletype=["type_transition"], - source="init_t", - tclass=["process"]) + q = TERuleQuery(_pol, + ruletype=["type_transition"], + source="init_t", + tclass=["process"]) entrypoints = [] for i in q.results(): try: @@ -754,10 +764,10 @@ def get_init_entrypoint(transtype): return entrypoints def get_init_entrypoints_str(): - q = setools.TERuleQuery(_pol, - ruletype=["type_transition"], - source="init_t", - tclass=["process"]) + q = TERuleQuery(_pol, + ruletype=["type_transition"], + source="init_t", + tclass=["process"]) entrypoints = {} for i in q.results(): try: @@ -837,7 +847,7 @@ def get_all_role_allows(): return role_allows role_allows = {} - q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW]) + q = RBACRuleQuery(_pol, ruletype=[ALLOW]) for r in q.results(): src = str(r.source) tgt = str(r.target) @@ -923,7 +933,7 @@ def get_all_roles(): if not _pol: init_policy() - q = setools.RoleQuery(_pol) + q = RoleQuery(_pol) roles = [str(x) for x in q.results() if str(x) != "object_r"] return roles