From 4e6f6c95cfe7ca4a3a9d9e0dbd6e23e4bac2449c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 18 Nov 2021 13:59:08 +0100
Subject: [PATCH] Make seinfo output predictable

There are few places where frozenset is used. Given that frozenset is an unordered
collection the output generated from this is unpredictable.

The following command outputs are fixed using sorted() on frozensets:

    seinfo --constrain
    seinfo --common
    seinfo -c -x
    seinfo -r -x
    seinfo -u -x

Fixes: https://github.com/SELinuxProject/setools/issues/65

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 setools/policyrep/constraint.pxi | 2 +-
 setools/policyrep/objclass.pxi   | 4 ++--
 setools/policyrep/role.pxi       | 2 +-
 setools/policyrep/user.pxi       | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
index d5221a1..77c3e2e 100644
--- a/setools/policyrep/constraint.pxi
+++ b/setools/policyrep/constraint.pxi
@@ -66,7 +66,7 @@ cdef class Constraint(BaseConstraint):
 
     def statement(self):
         if len(self.perms) > 1:
-            perms = "{{ {0} }}".format(' '.join(self.perms))
+            perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
         else:
             # convert to list since sets cannot be indexed
             perms = list(self.perms)[0]
diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
index b7ec7b7..8ed2be5 100644
--- a/setools/policyrep/objclass.pxi
+++ b/setools/policyrep/objclass.pxi
@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
         return other in self.perms
 
     def statement(self):
-        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
+        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
 
 
 cdef class ObjClass(PolicySymbol):
@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
 
         # a class that inherits may not have additional permissions
         if len(self.perms) > 0:
-            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
+            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
 
         return stmt
 
diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
index 9a0dd39..3af8a3f 100644
--- a/setools/policyrep/role.pxi
+++ b/setools/policyrep/role.pxi
@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
         if count == 1:
             stmt += " types {0}".format(types[0])
         else:
-            stmt += " types {{ {0} }}".format(' '.join(types))
+            stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
 
         stmt += ";"
         return stmt
diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
index 9c82aa9..e37af29 100644
--- a/setools/policyrep/user.pxi
+++ b/setools/policyrep/user.pxi
@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
         if count == 1:
             stmt += roles[0]
         else:
-            stmt += "{{ {0} }}".format(' '.join(roles))
+            stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
 
         if self._level:
             stmt += " level {0.mls_level} range {0.mls_range};".format(self)
-- 
2.30.2