apparmor.d/pkg/prebuild/directive/exec.go

75 lines
1.7 KiB
Go
Raw Permalink Normal View History

2024-03-21 23:07:41 +01:00
// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only
// TODO: Local variables in profile header need to be resolved
2024-03-21 23:07:41 +01:00
package directive
import (
"fmt"
"slices"
2024-03-21 23:07:41 +01:00
"strings"
"github.com/roddhjav/apparmor.d/pkg/aa"
"github.com/roddhjav/apparmor.d/pkg/prebuild"
2024-03-21 23:07:41 +01:00
)
type Exec struct {
prebuild.Base
2024-03-21 23:07:41 +01:00
}
func init() {
RegisterDirective(&Exec{
Base: prebuild.Base{
Keyword: "exec",
Msg: "Exec directive applied",
2024-09-26 23:05:47 +02:00
Help: []string{"[P|U|p|u|PU|pu|] profiles..."},
2024-03-21 23:07:41 +01:00
},
})
2024-03-21 23:07:41 +01:00
}
func (d Exec) Apply(opt *Option, profileRaw string) (string, error) {
if len(opt.ArgList) == 0 {
return "", fmt.Errorf("No profile to exec")
}
2024-03-21 23:07:41 +01:00
transition := "Px"
transitions := []string{"P", "U", "p", "u", "PU", "pu"}
t := opt.ArgList[0]
if slices.Contains(transitions, t) {
transition = t + "x"
delete(opt.ArgMap, t)
}
rules := aa.Rules{}
for name := range opt.ArgMap {
profiletoTransition := prebuild.RootApparmord.Join(name).MustReadFileAsString()
dstProfile := aa.DefaultTunables()
if _, err := dstProfile.Parse(profiletoTransition); err != nil {
return "", err
}
if err := dstProfile.Resolve(); err != nil {
return "", err
}
for _, variable := range dstProfile.Preamble.GetVariables() {
2024-03-21 23:07:41 +01:00
if variable.Name == "exec_path" {
for _, v := range variable.Values {
rules = append(rules, &aa.File{
Path: v,
Access: []string{transition},
})
2024-03-21 23:07:41 +01:00
}
break
2024-03-21 23:07:41 +01:00
}
}
}
2024-05-05 00:54:39 +02:00
aa.IndentationLevel = strings.Count(
strings.SplitN(opt.Raw, Keyword, 1)[0], aa.Indentation,
)
rules = rules.Sort()
new := rules.String()
new = new[:len(new)-1]
return strings.Replace(profileRaw, opt.Raw, new, -1), nil
2024-03-21 23:07:41 +01:00
}