apparmor.d/pkg/prebuild/directive/exec.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package directive

import (
	"strings"

	"github.com/roddhjav/apparmor.d/pkg/aa"
	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
	"golang.org/x/exp/slices"
)

type Exec struct {
	cfg.Base
}

func init() {
	RegisterDirective(&Exec{
		Base: cfg.Base{
			Keyword: "exec",
			Msg:     "Exec directive applied",
			Help:    `#aa:exec [P|U|p|u|PU|pu|] profiles...`,
		},
	})
}

func (d Exec) Apply(opt *Option, profile string) string {
	transition := "Px"
	transitions := []string{"P", "U", "p", "u", "PU", "pu"}
	t := opt.ArgList[0]
	if slices.Contains(transitions, t) {
		transition = t + "x"
		delete(opt.ArgMap, t)
	}

	p := &aa.AppArmorProfile{}
	for name := range opt.ArgMap {
		content, err := cfg.RootApparmord.Join(name).ReadFile()
		if err != nil {
			panic(err)
		}
		profiletoTransition := string(content)

		dstProfile := aa.DefaultTunables()
		dstProfile.ParseVariables(profiletoTransition)
		for _, variable := range dstProfile.Variables {
			if variable.Name == "exec_path" {
				for _, v := range variable.Values {
					p.Rules = append(p.Rules, &aa.File{
						Path:   v,
						Access: transition,
					})
				}
				break
			}
		}
	}
	p.Sort()
	rules := p.String()
	lenRules := len(rules)
	rules = rules[:lenRules-1]
	return strings.Replace(profile, opt.Raw, rules, -1)
}
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package directive`

			`import (`
			`"strings"`

			`"github.com/roddhjav/apparmor.d/pkg/aa"`
build: update directives with the new interface. 2024-03-25 23:40:25 +01:00			`"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`"golang.org/x/exp/slices"`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`)`

			`type Exec struct {`
build: update directives with the new interface. 2024-03-25 23:40:25 +01:00			`cfg.Base`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`

			`func init() {`
build: update directives with the new interface. 2024-03-25 23:40:25 +01:00			`RegisterDirective(&Exec{`
			`Base: cfg.Base{`
			`Keyword: "exec",`
			`Msg: "Exec directive applied",`
			Help: `#aa:exec [P\|U\|p\|u\|PU\|pu\|] profiles...`,
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`},`
build: update directives with the new interface. 2024-03-25 23:40:25 +01:00			`})`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`

			`func (d Exec) Apply(opt *Option, profile string) string {`
			`transition := "Px"`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`transitions := []string{"P", "U", "p", "u", "PU", "pu"}`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`t := opt.ArgList[0]`
			`if slices.Contains(transitions, t) {`
			`transition = t + "x"`
			`delete(opt.ArgMap, t)`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`}`

build: exex directive: sort & cleanup generated rules. 2024-03-22 21:56:04 +01:00			`p := &aa.AppArmorProfile{}`
build(directive): support both liust & map. 2024-03-23 18:41:10 +01:00			`for name := range opt.ArgMap {`
build: update directives with the new interface. 2024-03-25 23:40:25 +01:00			`content, err := cfg.RootApparmord.Join(name).ReadFile()`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`if err != nil {`
			`panic(err)`
			`}`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`profiletoTransition := string(content)`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`dstProfile := aa.DefaultTunables()`
			`dstProfile.ParseVariables(profiletoTransition)`
			`for _, variable := range dstProfile.Variables {`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`if variable.Name == "exec_path" {`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`for _, v := range variable.Values {`
			`p.Rules = append(p.Rules, &aa.File{`
			`Path: v,`
			`Access: transition,`
			`})`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`
build: exex directive: add support for transition. 2024-03-22 20:47:45 +01:00			`break`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`
			`}`
			`}`
build: exex directive: sort & cleanup generated rules. 2024-03-22 21:56:04 +01:00			`p.Sort()`
			`rules := p.String()`
			`lenRules := len(rules)`
			`rules = rules[:lenRules-1]`
			`return strings.Replace(profile, opt.Raw, rules, -1)`
feat(build): add the exec directive. 2024-03-21 23:07:41 +01:00			`}`