apparmor.d/pkg/aa/template.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package aa

import (
	"embed"
	"fmt"
	"strings"
	"text/template"
)

var (
	// Default indentation for apparmor profile (2 spaces)
	Indentation = "  "

	// The current indentation level
	IndentationLevel = 0

	//go:embed templates/*.j2
	//go:embed templates/rule/*.j2
	tmplFiles embed.FS

	// The functions available in the template
	tmplFunctionMap = template.FuncMap{
		"kindof":     kindOf,
		"join":       join,
		"cjoin":      cjoin,
		"indent":     indent,
		"overindent": indentDbus,
		"setindent":  setindent,
	}

	// The apparmor templates
	tmpl = generateTemplates([]Kind{
		// Global templates
		"apparmor", PROFILE, HAT, "rules",

		// Preamble templates
		ABI, ALIAS, INCLUDE, VARIABLE, COMMENT,

		// Rules templates
		ALL, RLIMIT, USERNS, CAPABILITY, NETWORK,
		MOUNT, REMOUNT, UMOUNT, PIVOTROOT, CHANGEPROFILE,
		MQUEUE, IOURING, UNIX, PTRACE, SIGNAL, DBUS,
		FILE, LINK,
	})

	// convert apparmor requested mask to apparmor access mode
	maskToAccess = map[string]string{
		"a":  "w",
		"c":  "w",
		"d":  "w",
		"wc": "w",
		"x":  "ix",
	}

	// The order the apparmor rules should be sorted
	ruleAlphabet = []Kind{
		INCLUDE,
		ALL,
		RLIMIT,
		USERNS,
		CAPABILITY,
		NETWORK,
		MOUNT,
		REMOUNT,
		UMOUNT,
		PIVOTROOT,
		CHANGEPROFILE,
		MQUEUE,
		IOURING,
		SIGNAL,
		PTRACE,
		UNIX,
		DBUS,
		FILE,
		LINK,
		PROFILE,
		HAT,
		"include_if_exists",
	}
	ruleWeights = generateWeights(ruleAlphabet)

	// The order the apparmor file rules should be sorted
	fileAlphabet = []string{
		"@{exec_path}",        // 1. entry point
		"@{sh_path}",          // 2.1 shells
		"@{coreutils_path}",   // 2.2 coreutils
		"@{open_path}",        // 2.3 binaries paths
		"@{bin}",              // 2.3 binaries
		"@{lib}",              // 2.4 libraries
		"/opt",                // 2.5 opt binaries & libraries
		"/usr/share",          // 3. shared data
		"/etc",                // 4. system configuration
		"/var",                // 5.1 system read/write data
		"/boot",               // 5.2 boot files
		"/home",               // 6.1 user data
		"@{HOME}",             // 6.2 home files
		"@{user_cache_dirs}",  // 7.1 user caches
		"@{user_config_dirs}", // 7.2 user config
		"@{user_share_dirs}",  // 7.3 user shared
		"/tmp",                // 8.1 Temporary data
		"@{tmp}",              // 8.1. User temporary data
		"/dev/shm",            // 8.2 Shared memory
		"@{run}",              // 8.3 Runtime data
		"@{sys}",              // 9. Sys files
		"@{PROC}",             // 10. Proc files
		"/dev",                // 11. Dev files
		"deny",                // 12. Deny rules
		"profile",             // 13. Subprofiles
	}
	fileWeights = generateWeights(fileAlphabet)

	// Some file rule should be sorted in the same group
	fileAlphabetGroups = map[string]string{
		"@{exec_path}":      "exec",
		"@{sh_path}":        "exec",
		"@{coreutils_path}": "exec",
		"@{open_path}":      "exec",
		"@{bin}":            "exec",
		"@{lib}":            "exec",
		"/opt":              "exec",
		"/home":             "home",
		"@{HOME}":           "home",
		"/tmp":              "tmp",
		"@{tmp}":            "tmp",
		"/dev/shm":          "tmp",
	}

	// The order AARE should be sorted
	stringAlphabet = []byte(
		"!\"#$%&'*(){}[]@+,-./:;<=>?\\^_`|~0123456789abcdefghijklmnopqrstuvwxyz",
	)
	stringWeights = generateWeights(stringAlphabet)

	// The order the rule values (access, type, domains, etc) should be sorted
	requirements        = map[Kind]requirement{}
	requirementsWeights map[Kind]map[string]map[string]int
)

func init() {
	requirementsWeights = generateRequirementsWeights(requirements)
}

func generateTemplates(names []Kind) map[Kind]*template.Template {
	res := make(map[Kind]*template.Template, len(names))
	base := template.New("").Funcs(tmplFunctionMap)
	base = template.Must(base.ParseFS(tmplFiles,
		"templates/*.j2", "templates/rule/*.j2",
	))
	for _, name := range names {
		t := template.Must(base.Clone())
		t = template.Must(t.Parse(
			fmt.Sprintf(`{{- template "%s" . -}}`, name),
		))
		res[name] = t
	}
	return res
}

func renderTemplate(name Kind, data any) string {
	var res strings.Builder
	template, ok := tmpl[name]
	if !ok {
		panic("template '" + name.String() + "' not found")
	}
	err := template.Execute(&res, data)
	if err != nil {
		panic(err)
	}
	return res.String()
}

func generateWeights[T comparable](alphabet []T) map[T]int {
	res := make(map[T]int, len(alphabet))
	for i, r := range alphabet {
		res[r] = i
	}
	return res
}

func generateRequirementsWeights(requirements map[Kind]requirement) map[Kind]map[string]map[string]int {
	res := make(map[Kind]map[string]map[string]int, len(requirements))
	for rule, req := range requirements {
		res[rule] = make(map[string]map[string]int, len(req))
		for key, values := range req {
			res[rule][key] = generateWeights(values)
		}
	}
	return res
}

func join(i any) string {
	switch i := i.(type) {
	case []string:
		return strings.Join(i, " ")
	case map[string]string:
		res := []string{}
		for k, v := range i {
			res = append(res, k+"="+v)
		}
		return strings.Join(res, " ")
	default:
		return i.(string)
	}
}

func cjoin(i any) string {
	switch i := i.(type) {
	case []string:
		if len(i) == 1 {
			return i[0]
		}
		return "(" + strings.Join(i, " ") + ")"
	case map[string]string:
		res := []string{}
		for k, v := range i {
			res = append(res, k+"="+v)
		}
		return "(" + strings.Join(res, " ") + ")"
	default:
		return i.(string)
	}
}

func kindOf(i Rule) string {
	if i == nil {
		return ""
	}
	return i.Kind().String()
}

func setindent(i string) string {
	switch i {
	case "++":
		IndentationLevel++
	case "--":
		IndentationLevel--
	}
	return ""
}

func indent(s string) string {
	return strings.Repeat(Indentation, IndentationLevel) + s
}

func indentDbus(s string) string {
	return strings.Join([]string{Indentation, s}, "     ")
}

func getLetterIn(alphabet []string, in string) string {
	for _, letter := range alphabet {
		if strings.HasPrefix(in, letter) {
			return letter
		}
	}
	return ""
}
feat(aa-log): add a new constructors for aa rules. 2023-08-18 00:05:07 +02:00			`// apparmor.d - Full set of apparmor profiles`
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
feat(aa-log): add a new constructors for aa rules. 2023-08-18 00:05:07 +02:00			`// SPDX-License-Identifier: GPL-2.0-only`

			`package aa`

			`import (`
feat(aa): add sub templates. 2023-09-29 21:28:56 +02:00			`"embed"`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`"fmt"`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`"strings"`
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00			`"text/template"`
feat(aa-log): add a new constructors for aa rules. 2023-08-18 00:05:07 +02:00			`)`

feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`var (`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`// Default indentation for apparmor profile (2 spaces)`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`Indentation = " "`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00
			`// The current indentation level`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`IndentationLevel = 0`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00
feat(aa): add sub templates. 2023-09-29 21:28:56 +02:00			`//go:embed templates/*.j2`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`//go:embed templates/rule/*.j2`
feat(aa): add sub templates. 2023-09-29 21:28:56 +02:00			`tmplFiles embed.FS`
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00
feat(aa): add sub templates. 2023-09-29 21:28:56 +02:00			`// The functions available in the template`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`tmplFunctionMap = template.FuncMap{`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`"kindof": kindOf,`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`"join": join,`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`"cjoin": cjoin,`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`"indent": indent,`
			`"overindent": indentDbus,`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`"setindent": setindent,`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`}`

feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`// The apparmor templates`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`tmpl = generateTemplates([]Kind{`
chore: cosmetic & fix. 2024-05-25 23:21:59 +02:00			`// Global templates`
fix: small fix & cleaning. 2024-10-12 21:11:45 +02:00			`"apparmor", PROFILE, HAT, "rules",`
chore: cosmetic & fix. 2024-05-25 23:21:59 +02:00
			`// Preamble templates`
fix: small fix & cleaning. 2024-10-12 21:11:45 +02:00			`ABI, ALIAS, INCLUDE, VARIABLE, COMMENT,`
chore: cosmetic & fix. 2024-05-25 23:21:59 +02:00
			`// Rules templates`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`ALL, RLIMIT, USERNS, CAPABILITY, NETWORK,`
			`MOUNT, REMOUNT, UMOUNT, PIVOTROOT, CHANGEPROFILE,`
			`MQUEUE, IOURING, UNIX, PTRACE, SIGNAL, DBUS,`
			`FILE, LINK,`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`})`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00
			`// convert apparmor requested mask to apparmor access mode`
feat(aa): ensure accesses are slice of string. 2024-04-23 22:17:25 +02:00			`maskToAccess = map[string]string{`
feat(aa): rewrite the toAccess function to parse, convert and verify the access values. 2024-05-25 23:14:43 +02:00			`"a": "w",`
			`"c": "w",`
			`"d": "w",`
			`"wc": "w",`
			`"x": "ix",`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`}`

feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`// The order the apparmor rules should be sorted`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`ruleAlphabet = []Kind{`
			`INCLUDE,`
			`ALL,`
			`RLIMIT,`
			`USERNS,`
			`CAPABILITY,`
			`NETWORK,`
			`MOUNT,`
			`REMOUNT,`
			`UMOUNT,`
			`PIVOTROOT,`
			`CHANGEPROFILE,`
			`MQUEUE,`
			`IOURING,`
			`SIGNAL,`
			`PTRACE,`
			`UNIX,`
			`DBUS,`
			`FILE,`
			`LINK,`
			`PROFILE,`
			`HAT,`
feat(aa): sort local include at the end of a profile. 2023-09-29 22:24:15 +02:00			`"include_if_exists",`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`}`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`ruleWeights = generateWeights(ruleAlphabet)`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00
			`// The order the apparmor file rules should be sorted`
			`fileAlphabet = []string{`
			`"@{exec_path}", // 1. entry point`
feat(aa-log): update shell paths. 2024-03-01 00:14:01 +01:00			`"@{sh_path}", // 2.1 shells`
feat(aa): rewrite rules formatting. 2024-06-20 00:30:36 +02:00			`"@{coreutils_path}", // 2.2 coreutils`
			`"@{open_path}", // 2.3 binaries paths`
			`"@{bin}", // 2.3 binaries`
			`"@{lib}", // 2.4 libraries`
			`"/opt", // 2.5 opt binaries & libraries`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`"/usr/share", // 3. shared data`
			`"/etc", // 4. system configuration`
feat(aa): use profile guideline to sort file rules. 2023-09-30 14:54:04 +02:00			`"/var", // 5.1 system read/write data`
			`"/boot", // 5.2 boot files`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`"/home", // 6.1 user data`
			`"@{HOME}", // 6.2 home files`
			`"@{user_cache_dirs}", // 7.1 user caches`
			`"@{user_config_dirs}", // 7.2 user config`
			`"@{user_share_dirs}", // 7.3 user shared`
			`"/tmp", // 8.1 Temporary data`
feat(aa): rewrite rules formatting. 2024-06-20 00:30:36 +02:00			`"@{tmp}", // 8.1. User temporary data`
			`"/dev/shm", // 8.2 Shared memory`
			`"@{run}", // 8.3 Runtime data`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`"@{sys}", // 9. Sys files`
			`"@{PROC}", // 10. Proc files`
			`"/dev", // 11. Dev files`
			`"deny", // 12. Deny rules`
feat(aa): cleanup, fix import and add some unit tests. 2024-05-05 15:19:25 +02:00			`"profile", // 13. Subprofiles`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`}`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`fileWeights = generateWeights(fileAlphabet)`

feat(aa): rewrite rules formatting. 2024-06-20 00:30:36 +02:00			`// Some file rule should be sorted in the same group`
			`fileAlphabetGroups = map[string]string{`
			`"@{exec_path}": "exec",`
			`"@{sh_path}": "exec",`
			`"@{coreutils_path}": "exec",`
			`"@{open_path}": "exec",`
			`"@{bin}": "exec",`
			`"@{lib}": "exec",`
			`"/opt": "exec",`
test(aa): add merge unit tests. 2024-06-23 11:42:18 +02:00			`"/home": "home",`
			`"@{HOME}": "home",`
feat(aa): rewrite rules formatting. 2024-06-20 00:30:36 +02:00			`"/tmp": "tmp",`
			`"@{tmp}": "tmp",`
			`"/dev/shm": "tmp",`
			`}`

feat(aa): rule interface: replace less & equal by the compare method. - set a new alphabet order to sort AARE based string. - unify compare function for all rules - handle some special sort order, eg: base include 2024-06-19 19:34:58 +02:00			`// The order AARE should be sorted`
			`stringAlphabet = []byte(`
feat(aa-log): minor improvment in rule generation & formatting. 2024-09-26 23:15:46 +02:00			"!\"#$%&'*(){}[]@+,-./:;<=>?\\^_`\|~0123456789abcdefghijklmnopqrstuvwxyz",
feat(aa): rule interface: replace less & equal by the compare method. - set a new alphabet order to sort AARE based string. - unify compare function for all rules - handle some special sort order, eg: base include 2024-06-19 19:34:58 +02:00			`)`
			`stringWeights = generateWeights(stringAlphabet)`

feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`// The order the rule values (access, type, domains, etc) should be sorted`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`requirements = map[Kind]requirement{}`
			`requirementsWeights map[Kind]map[string]map[string]int`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`)`

feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`func init() {`
			`requirementsWeights = generateRequirementsWeights(requirements)`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func generateTemplates(names []Kind) map[Kind]*template.Template {`
			`res := make(map[Kind]*template.Template, len(names))`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`base := template.New("").Funcs(tmplFunctionMap)`
			`base = template.Must(base.ParseFS(tmplFiles,`
			`"templates/.j2", "templates/rule/.j2",`
			`))`
			`for _, name := range names {`
			`t := template.Must(base.Clone())`
			`t = template.Must(t.Parse(`
			fmt.Sprintf(`{{- template "%s" . -}}`, name),
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`))`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`res[name] = t`
feat(aa): refractor template to allow multiple templates. 2024-04-17 19:02:41 +02:00			`}`
feat(aa): add sub templates. 2023-09-29 21:28:56 +02:00			`return res`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func renderTemplate(name Kind, data any) string {`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`var res strings.Builder`
			`template, ok := tmpl[name]`
			`if !ok {`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`panic("template '" + name.String() + "' not found")`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`
			`err := template.Execute(&res, data)`
			`if err != nil {`
			`panic(err)`
			`}`
			`return res.String()`
			`}`

feat(aa): rule interface: replace less & equal by the compare method. - set a new alphabet order to sort AARE based string. - unify compare function for all rules - handle some special sort order, eg: base include 2024-06-19 19:34:58 +02:00			`func generateWeights[T comparable](alphabet []T) map[T]int {`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`res := make(map[T]int, len(alphabet))`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`for i, r := range alphabet {`
			`res[r] = i`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`}`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`return res`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func generateRequirementsWeights(requirements map[Kind]requirement) map[Kind]map[string]map[string]int {`
			`res := make(map[Kind]map[string]map[string]int, len(requirements))`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`for rule, req := range requirements {`
			`res[rule] = make(map[string]map[string]int, len(req))`
			`for key, values := range req {`
			`res[rule][key] = generateWeights(values)`
			`}`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`}`
feat(aa): add requirements map. 2024-05-25 23:01:29 +02:00			`return res`
feat(aa-log): add profile sort & merge methods. 2023-09-25 01:17:41 +02:00			`}`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00
			`func join(i any) string {`
chore(aa): cosmetic. 2024-05-30 21:56:53 +02:00			`switch i := i.(type) {`
			`case []string:`
			`return strings.Join(i, " ")`
			`case map[string]string:`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`res := []string{}`
chore(aa): cosmetic. 2024-05-30 21:56:53 +02:00			`for k, v := range i {`
feat(aa-log): rewrite the profile template. 2023-09-25 01:15:51 +02:00			`res = append(res, k+"="+v)`
			`}`
			`return strings.Join(res, " ")`
			`default:`
			`return i.(string)`
			`}`
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00			`}`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`func cjoin(i any) string {`
chore(aa): cosmetic. 2024-05-30 21:56:53 +02:00			`switch i := i.(type) {`
			`case []string:`
			`if len(i) == 1 {`
			`return i[0]`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`
chore(aa): cosmetic. 2024-05-30 21:56:53 +02:00			`return "(" + strings.Join(i, " ") + ")"`
			`case map[string]string:`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`res := []string{}`
chore(aa): cosmetic. 2024-05-30 21:56:53 +02:00			`for k, v := range i {`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`res = append(res, k+"="+v)`
			`}`
			`return "(" + strings.Join(res, " ") + ")"`
			`default:`
			`return i.(string)`
			`}`
			`}`

feat(aa-log): minor improvment in rule generation & formatting. 2024-09-26 23:15:46 +02:00			`func kindOf(i Rule) string {`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`if i == nil {`
			`return ""`
			`}`
feat(aa-log): minor improvment in rule generation & formatting. 2024-09-26 23:15:46 +02:00			`return i.Kind().String()`
feat(aa-log): format rule before print. 2023-10-01 20:00:39 +02:00			`}`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`func setindent(i string) string {`
			`switch i {`
			`case "++":`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`IndentationLevel++`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`case "--":`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`IndentationLevel--`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`
			`return ""`
			`}`

feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00			`func indent(s string) string {`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`return strings.Repeat(Indentation, IndentationLevel) + s`
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00			`}`

			`func indentDbus(s string) string {`
feat(aa): rename identation variables. 2024-05-05 00:54:39 +02:00			`return strings.Join([]string{Indentation, s}, " ")`
feat(aa-log): add AppArmorProfile.String using a template. 2023-08-18 00:11:11 +02:00			`}`
feat(aa-log): format rule before print. 2023-10-01 20:00:39 +02:00
			`func getLetterIn(alphabet []string, in string) string {`
			`for _, letter := range alphabet {`
			`if strings.HasPrefix(in, letter) {`
			`return letter`
			`}`
			`}`
			`return ""`
			`}`