2024-03-26 00:34:14 +01:00
|
|
|
// apparmor.d - Full set of apparmor profiles
|
|
|
|
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
|
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
|
|
|
package prepare
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"regexp"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
2024-04-02 18:48:03 +02:00
|
|
|
"github.com/roddhjav/apparmor.d/pkg/util"
|
2024-03-26 00:34:14 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
regFlags = regexp.MustCompile(`flags=\(([^)]+)\)`)
|
2024-09-10 19:13:48 +02:00
|
|
|
regProfileHeader = regexp.MustCompile(` {\n`)
|
2024-03-26 00:34:14 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
type SetFlags struct {
|
|
|
|
cfg.Base
|
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
RegisterTask(&SetFlags{
|
|
|
|
Base: cfg.Base{
|
|
|
|
Keyword: "setflags",
|
|
|
|
Msg: "Set flags on some profiles",
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p SetFlags) Apply() ([]string, error) {
|
|
|
|
res := []string{}
|
2024-03-26 19:07:48 +01:00
|
|
|
for _, name := range []string{"main", cfg.Distribution} {
|
|
|
|
for profile, flags := range cfg.Flags.Read(name) {
|
2024-03-26 00:34:14 +01:00
|
|
|
file := cfg.RootApparmord.Join(profile)
|
|
|
|
if !file.Exist() {
|
|
|
|
res = append(res, fmt.Sprintf("Profile %s not found, ignoring", profile))
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2024-03-26 19:07:48 +01:00
|
|
|
// Overwrite profile flags
|
|
|
|
if len(flags) > 0 {
|
2024-09-10 19:13:48 +02:00
|
|
|
flagsStr := " flags=(" + strings.Join(flags, ",") + ") {\n"
|
2024-04-02 18:48:03 +02:00
|
|
|
out, err := util.ReadFile(file)
|
2024-03-26 00:34:14 +01:00
|
|
|
if err != nil {
|
|
|
|
return res, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Remove all flags definition, then set manifest' flags
|
2024-04-02 18:48:03 +02:00
|
|
|
out = regFlags.ReplaceAllLiteralString(out, "")
|
2024-03-26 19:07:48 +01:00
|
|
|
out = regProfileHeader.ReplaceAllLiteralString(out, flagsStr)
|
2024-03-26 00:34:14 +01:00
|
|
|
if err := file.WriteFile([]byte(out)); err != nil {
|
|
|
|
return res, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2024-03-26 19:07:48 +01:00
|
|
|
res = append(res, cfg.FlagDir.Join(name+".flags").String())
|
2024-03-26 00:34:14 +01:00
|
|
|
}
|
|
|
|
return res, nil
|
|
|
|
}
|