apparmor.d/pkg/aa/rules.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package aa

// Qualifier to apply extra settings to a rule
type Qualifier struct {
	Audit       bool
	AccessType  string
	Owner       bool
	NoNewPrivs  bool
	FileInherit bool
}

func NewQualifier(owner, noNewPrivs, fileInherit bool) Qualifier {
	return Qualifier{
		Audit:       false,
		AccessType:  "",
		Owner:       owner,
		NoNewPrivs:  noNewPrivs,
		FileInherit: fileInherit,
	}
}

func (r Qualifier) Less(other Qualifier) bool {
	if r.Audit == other.Audit {
		if r.AccessType == other.AccessType {
			return r.Owner
		}
		return r.AccessType < other.AccessType
	}
	return r.Audit
}

func (r Qualifier) Equals(other Qualifier) bool {
	return r.Audit == other.Audit && r.AccessType == other.AccessType &&
		r.Owner == other.Owner && r.NoNewPrivs == other.NoNewPrivs &&
		r.FileInherit == other.FileInherit
}

// Preamble specific rules

type Abi struct {
	Path    string
	IsMagic bool
}

func (r Abi) Less(other Abi) bool {
	if r.Path == other.Path {
		return r.IsMagic == other.IsMagic
	}
	return r.Path < other.Path
}

func (r Abi) Equals(other Abi) bool {
	return r.Path == other.Path && r.IsMagic == other.IsMagic
}

type Alias struct {
	Path          string
	RewrittenPath string
}

func (r Alias) Less(other Alias) bool {
	if r.Path == other.Path {
		return r.RewrittenPath < other.RewrittenPath
	}
	return r.Path < other.Path
}

func (r Alias) Equals(other Alias) bool {
	return r.Path == other.Path && r.RewrittenPath == other.RewrittenPath
}