apparmor.d/pkg/prebuild/directive/exec.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package directive

import (
	"strings"

	"github.com/roddhjav/apparmor.d/pkg/aa"
	"golang.org/x/exp/slices"
)

type Exec struct {
	DirectiveBase
}

func init() {
	Directives["exec"] = &Exec{
		DirectiveBase: DirectiveBase{
			message: "Exec directive applied",
			usage:   `#aa:exec [P|U|p|u|PU|pu|] profiles_name...`,
		},
	}
}

func (d Exec) Apply(opt *Option, profile string) string {
	transition := "Px"
	transitions := []string{"P", "U", "p", "u", "PU", "pu"}
	t := opt.ArgList[0]
	if slices.Contains(transitions, t) {
		transition = t + "x"
		delete(opt.ArgMap, t)
	}

	p := &aa.AppArmorProfile{}
	for name := range opt.ArgMap {
		content, err := rootApparmord.Join(name).ReadFile()
		if err != nil {
			panic(err)
		}
		profiletoTransition := string(content)

		dstProfile := aa.DefaultTunables()
		dstProfile.ParseVariables(profiletoTransition)
		for _, variable := range dstProfile.Variables {
			if variable.Name == "exec_path" {
				for _, v := range variable.Values {
					p.Rules = append(p.Rules, &aa.File{
						Path:   v,
						Access: transition,
					})
				}
				break
			}
		}
	}
	p.Sort()
	rules := p.String()
	lenRules := len(rules)
	rules = rules[:lenRules-1]
	return strings.Replace(profile, opt.Raw, rules, -1)
}
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package directive`

			`import (`
			`"strings"`

			`"github.com/roddhjav/apparmor.d/pkg/aa"`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`"golang.org/x/exp/slices"`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`)`

			`type Exec struct {`
			`DirectiveBase`
			`}`

			`func init() {`
			`Directives["exec"] = &Exec{`
			`DirectiveBase: DirectiveBase{`
			`message: "Exec directive applied",`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			usage: `#aa:exec [P\|U\|p\|u\|PU\|pu\|] profiles_name...`,
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`},`
			`}`
			`}`

			`func (d Exec) Apply(opt *Option, profile string) string {`
			`transition := "Px"`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`transitions := []string{"P", "U", "p", "u", "PU", "pu"}`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`t := opt.ArgList[0]`
			`if slices.Contains(transitions, t) {`
			`transition = t + "x"`
			`delete(opt.ArgMap, t)`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`}`

build: exex directive: sort & cleanup generated rules. 2024-03-22 21:56:04 +01:00			`p := &aa.AppArmorProfile{}`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`for name := range opt.ArgMap {`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`content, err := rootApparmord.Join(name).ReadFile()`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`if err != nil {`
			`panic(err)`
			`}`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`profiletoTransition := string(content)`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`dstProfile := aa.DefaultTunables()`
			`dstProfile.ParseVariables(profiletoTransition)`
			`for _, variable := range dstProfile.Variables {`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`if variable.Name == "exec_path" {`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`for _, v := range variable.Values {`
			`p.Rules = append(p.Rules, &aa.File{`
			`Path: v,`
			`Access: transition,`
			`})`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`break`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`
			`}`
			`}`
build: exex directive: sort & cleanup generated rules. 2024-03-22 21:56:04 +01:00			`p.Sort()`
			`rules := p.String()`
			`lenRules := len(rules)`
			`rules = rules[:lenRules-1]`
			`return strings.Replace(profile, opt.Raw, rules, -1)`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`