2023-05-06 14:01:07 +02:00
|
|
|
// apparmor.d - Full set of apparmor profiles
|
2024-02-07 00:16:21 +01:00
|
|
|
// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
2023-05-06 14:01:07 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
package prebuild
|
|
|
|
|
|
|
|
import (
|
2023-12-15 20:14:32 +01:00
|
|
|
"strings"
|
|
|
|
|
2023-05-06 14:01:07 +02:00
|
|
|
"github.com/arduino/go-paths-helper"
|
2023-12-15 20:14:32 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/logging"
|
2024-03-26 00:37:13 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
|
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
2024-03-21 23:13:00 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
|
2024-03-26 00:37:13 +01:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
|
2024-04-02 18:48:03 +02:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/util"
|
2023-05-06 14:01:07 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
2024-03-26 00:37:13 +01:00
|
|
|
// Define the tasks applied by default
|
|
|
|
prepare.Register(
|
|
|
|
"synchronise",
|
|
|
|
"ignore",
|
|
|
|
"merge",
|
|
|
|
"configure",
|
|
|
|
"setflags",
|
|
|
|
"systemd-default",
|
|
|
|
)
|
2023-12-15 20:14:32 +01:00
|
|
|
|
2024-03-26 00:37:13 +01:00
|
|
|
// Build tasks applied by default
|
|
|
|
builder.Register("userspace")
|
2024-03-30 19:17:55 +01:00
|
|
|
builder.Register("dev")
|
2023-12-15 20:14:32 +01:00
|
|
|
|
2024-03-26 00:37:13 +01:00
|
|
|
switch cfg.Distribution {
|
|
|
|
case "ubuntu":
|
|
|
|
if cfg.Release["VERSION_CODENAME"] == "noble" {
|
|
|
|
builder.Register("abi3")
|
2024-03-26 19:07:48 +01:00
|
|
|
cfg.Overwrite.Enabled = true
|
2024-03-26 00:37:13 +01:00
|
|
|
}
|
2024-04-06 00:44:43 +02:00
|
|
|
case "whonix":
|
|
|
|
cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
|
|
|
|
/etc/apparmor.d/home.tor-browser.firefox
|
|
|
|
/etc/apparmor.d/tunables/home.d/anondist
|
|
|
|
/etc/apparmor.d/tunables/home.d/live-mode
|
|
|
|
/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist
|
|
|
|
/etc/apparmor.d/usr.bin.hexchat
|
|
|
|
/etc/apparmor.d/usr.bin.sdwdate
|
|
|
|
/etc/apparmor.d/usr.bin.systemcheck
|
|
|
|
/etc/apparmor.d/usr.bin.timesanitycheck
|
|
|
|
/etc/apparmor.d/usr.bin.url_to_unixtime
|
|
|
|
/etc/apparmor.d/whonix-firewall
|
|
|
|
`
|
2023-12-15 23:11:25 +01:00
|
|
|
}
|
2023-12-15 20:14:32 +01:00
|
|
|
}
|
|
|
|
|
2023-05-06 14:01:07 +02:00
|
|
|
func Prepare() error {
|
2024-03-26 00:37:13 +01:00
|
|
|
for _, task := range prepare.Prepares {
|
|
|
|
msg, err := task.Apply()
|
2023-12-15 20:14:32 +01:00
|
|
|
if err != nil {
|
2023-05-06 14:01:07 +02:00
|
|
|
return err
|
|
|
|
}
|
2024-03-26 00:37:13 +01:00
|
|
|
logging.Success("%s", task.Message())
|
|
|
|
logging.Indent = " "
|
|
|
|
for _, line := range msg {
|
|
|
|
if strings.Contains(line, "not found") {
|
|
|
|
logging.Warning("%s", line)
|
|
|
|
} else {
|
|
|
|
logging.Bullet("%s", line)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
logging.Indent = ""
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Build() error {
|
2024-03-26 00:37:13 +01:00
|
|
|
files, _ := cfg.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories())
|
2023-05-06 14:01:07 +02:00
|
|
|
for _, file := range files {
|
|
|
|
if !file.Exist() {
|
|
|
|
continue
|
|
|
|
}
|
2024-04-02 18:48:03 +02:00
|
|
|
profile, err := util.ReadFile(file)
|
2024-03-10 15:24:59 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2024-03-26 00:37:13 +01:00
|
|
|
for _, b := range builder.Builds {
|
2024-05-25 23:30:20 +02:00
|
|
|
profile, err = b.Apply(profile)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
profile, err = directive.Run(file, profile)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
|
|
|
if err := file.WriteFile([]byte(profile)); err != nil {
|
2024-03-10 15:24:59 +01:00
|
|
|
return err
|
2023-05-06 14:01:07 +02:00
|
|
|
}
|
|
|
|
}
|
2024-03-26 00:37:13 +01:00
|
|
|
|
|
|
|
logging.Success("Build tasks:")
|
|
|
|
logging.Indent = " "
|
|
|
|
for _, task := range builder.Builds {
|
|
|
|
logging.Bullet("%s", task.Message())
|
|
|
|
}
|
|
|
|
logging.Indent = ""
|
|
|
|
logging.Success("Directives processed:")
|
|
|
|
logging.Indent = " "
|
|
|
|
for _, dir := range directive.Directives {
|
2024-03-27 22:38:18 +01:00
|
|
|
logging.Bullet("%s%s", directive.Keyword, dir.Name())
|
2024-03-26 00:37:13 +01:00
|
|
|
}
|
|
|
|
logging.Indent = ""
|
2023-05-06 14:01:07 +02:00
|
|
|
return nil
|
|
|
|
}
|