apparmor.d/pkg/aa/preamble.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package aa

import (
	"fmt"
	"slices"
	"strings"
)

const (
	ABI      Kind = "abi"
	ALIAS    Kind = "alias"
	INCLUDE  Kind = "include"
	VARIABLE Kind = "variable"
	COMMENT  Kind = "comment"

	tokIFEXISTS = "if exists"
)

type Comment struct {
	RuleBase
}

func newComment(rule []string) (Rule, error) {
	base := newRule(rule)
	base.IsLineRule = true
	return &Comment{RuleBase: base}, nil
}

func (r *Comment) Validate() error {
	return nil
}

func (r *Comment) Less(other any) bool {
	return false
}

func (r *Comment) Equals(other any) bool {
	return false
}

func (r *Comment) String() string {
	return renderTemplate(r.Kind(), r)
}

func (r *Comment) IsPreamble() bool {
	return true
}

func (r *Comment) Constraint() constraint {
	return anyKind
}

func (r *Comment) Kind() Kind {
	return COMMENT
}

type Abi struct {
	RuleBase
	Path    string
	IsMagic bool
}

func newAbi(rule []string) (Rule, error) {
	var magic bool
	if len(rule) > 0 && rule[0] == ABI.Tok() {
		rule = rule[1:]
	}
	if len(rule) != 1 {
		return nil, fmt.Errorf("invalid abi format: %s", rule)
	}

	path := rule[0]
	switch {
	case path[0] == '"':
		magic = false
	case path[0] == '<':
		magic = true
	default:
		return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
	}
	return &Abi{
		RuleBase: newRule(rule),
		Path:     strings.Trim(path, "\"<>"),
		IsMagic:  magic,
	}, nil
}

func (r *Abi) Validate() error {
	return nil
}

func (r *Abi) Less(other any) bool {
	o, _ := other.(*Abi)
	if r.Path != o.Path {
		return r.Path < o.Path
	}
	return r.IsMagic == o.IsMagic
}

func (r *Abi) Equals(other any) bool {
	o, _ := other.(*Abi)
	return r.Path == o.Path && r.IsMagic == o.IsMagic
}

func (r *Abi) String() string {
	return renderTemplate(r.Kind(), r)
}

func (r *Abi) Constraint() constraint {
	return preambleKind
}

func (r *Abi) Kind() Kind {
	return ABI
}

type Alias struct {
	RuleBase
	Path          string
	RewrittenPath string
}

func newAlias(rule []string) (Rule, error) {
	if len(rule) > 0 && rule[0] == ALIAS.Tok() {
		rule = rule[1:]
	}
	if len(rule) != 3 {
		return nil, fmt.Errorf("invalid alias format: %s", rule)
	}
	if rule[1] != tokARROW {
		return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
	}
	return &Alias{
		RuleBase:      newRule(rule),
		Path:          rule[0],
		RewrittenPath: rule[2],
	}, nil
}

func (r *Alias) Validate() error {
	return nil
}

func (r Alias) Less(other any) bool {
	o, _ := other.(*Alias)
	if r.Path != o.Path {
		return r.Path < o.Path
	}
	return r.RewrittenPath < o.RewrittenPath
}

func (r Alias) Equals(other any) bool {
	o, _ := other.(*Alias)
	return r.Path == o.Path && r.RewrittenPath == o.RewrittenPath
}

func (r *Alias) String() string {
	return renderTemplate(r.Kind(), r)
}

func (r *Alias) Constraint() constraint {
	return preambleKind
}

func (r *Alias) Kind() Kind {
	return ALIAS
}

type Include struct {
	RuleBase
	IfExists bool
	Path     string
	IsMagic  bool
}

func newInclude(rule []string) (Rule, error) {
	var magic bool
	var ifexists bool

	if len(rule) > 0 && rule[0] == INCLUDE.Tok() {
		rule = rule[1:]
	}

	size := len(rule)
	if size == 0 {
		return nil, fmt.Errorf("invalid include format: %v", rule)
	}

	if size >= 3 && strings.Join(rule[:2], " ") == tokIFEXISTS {
		ifexists = true
		rule = rule[2:]
	}

	path := rule[0]
	switch {
	case path[0] == '"':
		magic = false
	case path[0] == '<':
		magic = true
	default:
		return nil, fmt.Errorf("invalid path format: %v", path)
	}
	return &Include{
		RuleBase: newRule(rule),
		IfExists: ifexists,
		Path:     strings.Trim(path, "\"<>"),
		IsMagic:  magic,
	}, nil
}

func (r *Include) Validate() error {
	return nil
}

func (r *Include) Less(other any) bool {
	o, _ := other.(*Include)
	if r.Path == o.Path {
		return r.Path < o.Path
	}
	if r.IsMagic != o.IsMagic {
		return r.IsMagic
	}
	return r.IfExists
}

func (r *Include) Equals(other any) bool {
	o, _ := other.(*Include)
	return r.Path == o.Path && r.IsMagic == o.IsMagic && r.IfExists == o.IfExists
}

func (r *Include) String() string {
	return renderTemplate(r.Kind(), r)
}

func (r *Include) Constraint() constraint {
	return anyKind
}

func (r *Include) Kind() Kind {
	return INCLUDE
}

type Variable struct {
	RuleBase
	Name   string
	Values []string
	Define bool
}

func newVariable(rule []string) (Rule, error) {
	var define bool
	var values []string
	if len(rule) < 3 {
		return nil, fmt.Errorf("invalid variable format: %v", rule)
	}

	name := strings.Trim(rule[0], VARIABLE.Tok()+"}")
	switch rule[1] {
	case tokEQUAL:
		define = true
		values = tokensStripComment(rule[2:])
	case tokPLUS:
		if rule[2] != tokEQUAL {
			return nil, fmt.Errorf("invalid operator in variable: %v", rule)
		}
		define = false
		values = tokensStripComment(rule[3:])
	default:
		return nil, fmt.Errorf("invalid operator in variable: %v", rule)
	}
	return &Variable{
		RuleBase: newRule(rule),
		Name:     name,
		Values:   values,
		Define:   define,
	}, nil
}

func (r *Variable) Validate() error {
	return nil
}

func (r *Variable) Less(other any) bool {
	o, _ := other.(*Variable)
	if r.Name != o.Name {
		return r.Name < o.Name
	}
	return len(r.Values) < len(o.Values)
}

func (r *Variable) Equals(other any) bool {
	o, _ := other.(*Variable)
	return r.Name == o.Name && slices.Equal(r.Values, o.Values)
}

func (r *Variable) String() string {
	return renderTemplate(r.Kind(), r)
}

func (r *Variable) Constraint() constraint {
	return preambleKind
}

func (r *Variable) Kind() Kind {
	return VARIABLE
}
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package aa`

			`import (`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`"fmt"`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`"slices"`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`"strings"`
chore: cosmetic & fix. 2024-05-25 23:21:59 +02:00			`)`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00
			`const (`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`ABI Kind = "abi"`
			`ALIAS Kind = "alias"`
			`INCLUDE Kind = "include"`
			`VARIABLE Kind = "variable"`
			`COMMENT Kind = "comment"`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`tokIFEXISTS = "if exists"`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`)`

feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`type Comment struct {`
			`RuleBase`
			`}`

feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`func newComment(rule []string) (Rule, error) {`
			`base := newRule(rule)`
			`base.IsLineRule = true`
			`return &Comment{RuleBase: base}, nil`
			`}`

feat(aa): add initial profile validation structure. 2024-05-25 23:36:39 +02:00			`func (r *Comment) Validate() error {`
			`return nil`
			`}`

feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`func (r *Comment) Less(other any) bool {`
			`return false`
			`}`

			`func (r *Comment) Equals(other any) bool {`
			`return false`
			`}`

			`func (r *Comment) String() string {`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`return renderTemplate(r.Kind(), r)`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`}`

			`func (r *Comment) IsPreamble() bool {`
			`return true`
			`}`

feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`func (r *Comment) Constraint() constraint {`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`return anyKind`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func (r *Comment) Kind() Kind {`
			`return COMMENT`
feat(aa): make preamble rule classic aa rules. 2024-05-05 00:25:55 +02:00			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`type Abi struct {`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`RuleBase`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`Path string`
			`IsMagic bool`
			`}`

feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`func newAbi(rule []string) (Rule, error) {`
			`var magic bool`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`if len(rule) > 0 && rule[0] == ABI.Tok() {`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`rule = rule[1:]`
			`}`
			`if len(rule) != 1 {`
			`return nil, fmt.Errorf("invalid abi format: %s", rule)`
			`}`

			`path := rule[0]`
			`switch {`
			`case path[0] == '"':`
			`magic = false`
			`case path[0] == '<':`
			`magic = true`
			`default:`
			`return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)`
			`}`
			`return &Abi{`
			`RuleBase: newRule(rule),`
			`Path: strings.Trim(path, "\"<>"),`
			`IsMagic: magic,`
			`}, nil`
			`}`

feat(aa): add initial profile validation structure. 2024-05-25 23:36:39 +02:00			`func (r *Abi) Validate() error {`
			`return nil`
			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`func (r *Abi) Less(other any) bool {`
			`o, _ := other.(*Abi)`
			`if r.Path != o.Path {`
			`return r.Path < o.Path`
			`}`
			`return r.IsMagic == o.IsMagic`
			`}`

			`func (r *Abi) Equals(other any) bool {`
			`o, _ := other.(*Abi)`
			`return r.Path == o.Path && r.IsMagic == o.IsMagic`
			`}`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`func (r *Abi) String() string {`
chore: cosmetic 2024-05-25 23:26:51 +02:00			`return renderTemplate(r.Kind(), r)`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`

feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`func (r *Abi) Constraint() constraint {`
			`return preambleKind`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func (r *Abi) Kind() Kind {`
			`return ABI`
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`type Alias struct {`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`RuleBase`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`Path string`
			`RewrittenPath string`
			`}`

feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`func newAlias(rule []string) (Rule, error) {`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`if len(rule) > 0 && rule[0] == ALIAS.Tok() {`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`rule = rule[1:]`
			`}`
			`if len(rule) != 3 {`
			`return nil, fmt.Errorf("invalid alias format: %s", rule)`
			`}`
			`if rule[1] != tokARROW {`
			`return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)`
			`}`
			`return &Alias{`
			`RuleBase: newRule(rule),`
			`Path: rule[0],`
			`RewrittenPath: rule[2],`
			`}, nil`
			`}`

feat(aa): add initial profile validation structure. 2024-05-25 23:36:39 +02:00			`func (r *Alias) Validate() error {`
			`return nil`
			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`func (r Alias) Less(other any) bool {`
			`o, _ := other.(*Alias)`
			`if r.Path != o.Path {`
			`return r.Path < o.Path`
			`}`
			`return r.RewrittenPath < o.RewrittenPath`
			`}`

			`func (r Alias) Equals(other any) bool {`
			`o, _ := other.(*Alias)`
			`return r.Path == o.Path && r.RewrittenPath == o.RewrittenPath`
			`}`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`func (r *Alias) String() string {`
chore: cosmetic 2024-05-25 23:26:51 +02:00			`return renderTemplate(r.Kind(), r)`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`

feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`func (r *Alias) Constraint() constraint {`
			`return preambleKind`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func (r *Alias) Kind() Kind {`
			`return ALIAS`
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`type Include struct {`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`RuleBase`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`IfExists bool`
			`Path string`
			`IsMagic bool`
			`}`

feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`func newInclude(rule []string) (Rule, error) {`
			`var magic bool`
			`var ifexists bool`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`if len(rule) > 0 && rule[0] == INCLUDE.Tok() {`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`rule = rule[1:]`
			`}`

			`size := len(rule)`
			`if size == 0 {`
			`return nil, fmt.Errorf("invalid include format: %v", rule)`
			`}`

			`if size >= 3 && strings.Join(rule[:2], " ") == tokIFEXISTS {`
			`ifexists = true`
			`rule = rule[2:]`
			`}`

			`path := rule[0]`
			`switch {`
			`case path[0] == '"':`
			`magic = false`
			`case path[0] == '<':`
			`magic = true`
			`default:`
			`return nil, fmt.Errorf("invalid path format: %v", path)`
			`}`
			`return &Include{`
			`RuleBase: newRule(rule),`
			`IfExists: ifexists,`
			`Path: strings.Trim(path, "\"<>"),`
			`IsMagic: magic,`
			`}, nil`
			`}`

feat(aa): add initial profile validation structure. 2024-05-25 23:36:39 +02:00			`func (r *Include) Validate() error {`
			`return nil`
			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`func (r *Include) Less(other any) bool {`
			`o, _ := other.(*Include)`
			`if r.Path == o.Path {`
			`return r.Path < o.Path`
			`}`
			`if r.IsMagic != o.IsMagic {`
			`return r.IsMagic`
			`}`
			`return r.IfExists`
			`}`

			`func (r *Include) Equals(other any) bool {`
			`o, _ := other.(*Include)`
			`return r.Path == o.Path && r.IsMagic == o.IsMagic && r.IfExists == o.IfExists`
			`}`

feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`func (r *Include) String() string {`
chore: cosmetic 2024-05-25 23:26:51 +02:00			`return renderTemplate(r.Kind(), r)`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`

feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`func (r *Include) Constraint() constraint {`
			`return anyKind`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func (r *Include) Kind() Kind {`
			`return INCLUDE`
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`}`

feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`type Variable struct {`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`RuleBase`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`Name string`
			`Values []string`
feat(aa): add define parameter for variables. 2024-04-23 22:18:44 +02:00			`Define bool`
			`}`

feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`func newVariable(rule []string) (Rule, error) {`
			`var define bool`
			`var values []string`
			`if len(rule) < 3 {`
			`return nil, fmt.Errorf("invalid variable format: %v", rule)`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`name := strings.Trim(rule[0], VARIABLE.Tok()+"}")`
feat(aa): parse apparmor preamble files. 2024-05-27 19:55:21 +02:00			`switch rule[1] {`
			`case tokEQUAL:`
			`define = true`
			`values = tokensStripComment(rule[2:])`
			`case tokPLUS:`
			`if rule[2] != tokEQUAL {`
			`return nil, fmt.Errorf("invalid operator in variable: %v", rule)`
			`}`
			`define = false`
			`values = tokensStripComment(rule[3:])`
			`default:`
			`return nil, fmt.Errorf("invalid operator in variable: %v", rule)`
			`}`
			`return &Variable{`
			`RuleBase: newRule(rule),`
			`Name: name,`
			`Values: values,`
			`Define: define,`
			`}, nil`
			`}`

feat(aa): add initial profile validation structure. 2024-05-25 23:36:39 +02:00			`func (r *Variable) Validate() error {`
			`return nil`
			`}`

feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`func (r *Variable) Less(other any) bool {`
			`o, _ := other.(*Variable)`
			`if r.Name != o.Name {`
			`return r.Name < o.Name`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`}`
feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`return len(r.Values) < len(o.Values)`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`}`

feat(aa): continue refractoring the aa structure. 2024-04-19 23:43:02 +02:00			`func (r *Variable) Equals(other any) bool {`
			`o, _ := other.(*Variable)`
			`return r.Name == o.Name && slices.Equal(r.Values, o.Values)`
feat(aa): improve apparmor struct. 2024-04-15 00:58:34 +02:00			`}`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00
			`func (r *Variable) String() string {`
feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`return renderTemplate(r.Kind(), r)`
feat(aa): add a string method to all rule struct. 2024-04-23 22:26:09 +02:00			`}`
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00
			`func (r *Variable) Constraint() constraint {`
			`return preambleKind`
			`}`

feat(aa): add the Kind struct to manage aa rules. 2024-05-28 19:15:22 +02:00			`func (r *Variable) Kind() Kind {`
			`return VARIABLE`
feat(aa): a Constraint and Kind method to the Rule interface. 2024-05-05 00:41:47 +02:00			`}`