diff --git a/pkg/prebuild/builder/abi.go b/pkg/prebuild/builder/abi.go index 4790ba4c..3b5183a6 100644 --- a/pkg/prebuild/builder/abi.go +++ b/pkg/prebuild/builder/abi.go @@ -30,6 +30,6 @@ func init() { }) } -func (b ABI3) Apply(profile string) string { - return regAbi4To3.Replace(profile) +func (b ABI3) Apply(profile string) (string, error) { + return regAbi4To3.Replace(profile), nil } diff --git a/pkg/prebuild/builder/complain.go b/pkg/prebuild/builder/complain.go index 3970e6df..ad1249c8 100644 --- a/pkg/prebuild/builder/complain.go +++ b/pkg/prebuild/builder/complain.go @@ -30,13 +30,13 @@ func init() { }) } -func (b Complain) Apply(profile string) string { +func (b Complain) Apply(profile string) (string, error) { flags := []string{} matches := regFlags.FindStringSubmatch(profile) if len(matches) != 0 { flags = strings.Split(matches[1], ",") if slices.Contains(flags, "complain") { - return profile + return profile, nil } } flags = append(flags, "complain") @@ -44,5 +44,5 @@ func (b Complain) Apply(profile string) string { // Remove all flags definition, then set manifest' flags profile = regFlags.ReplaceAllLiteralString(profile, "") - return regProfileHeader.ReplaceAllLiteralString(profile, strFlags) + return regProfileHeader.ReplaceAllLiteralString(profile, strFlags), nil } diff --git a/pkg/prebuild/builder/core.go b/pkg/prebuild/builder/core.go index b8dbcbc8..91f07c88 100644 --- a/pkg/prebuild/builder/core.go +++ b/pkg/prebuild/builder/core.go @@ -21,7 +21,7 @@ var ( // Main directive interface type Builder interface { cfg.BaseInterface - Apply(profile string) string + Apply(profile string) (string, error) } func Register(names ...string) { diff --git a/pkg/prebuild/builder/core_test.go b/pkg/prebuild/builder/core_test.go index b0c59e77..3d76e888 100644 --- a/pkg/prebuild/builder/core_test.go +++ b/pkg/prebuild/builder/core_test.go @@ -15,6 +15,7 @@ func TestBuilder_Apply(t *testing.T) { b Builder profile string want string + wantErr bool }{ { name: "abi3", @@ -237,7 +238,12 @@ func TestBuilder_Apply(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := tt.b.Apply(tt.profile); got != tt.want { + got, err := tt.b.Apply(tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("Builder.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("Builder.Apply() = %v, want %v", got, tt.want) } }) diff --git a/pkg/prebuild/builder/dev.go b/pkg/prebuild/builder/dev.go index e555e5d9..73020e3b 100644 --- a/pkg/prebuild/builder/dev.go +++ b/pkg/prebuild/builder/dev.go @@ -31,6 +31,6 @@ func init() { }) } -func (b Dev) Apply(profile string) string { - return regDev.Replace(profile) +func (b Dev) Apply(profile string) (string, error) { + return regDev.Replace(profile), nil } diff --git a/pkg/prebuild/builder/enforce.go b/pkg/prebuild/builder/enforce.go index a3bd2c1d..676ac1ef 100644 --- a/pkg/prebuild/builder/enforce.go +++ b/pkg/prebuild/builder/enforce.go @@ -24,16 +24,16 @@ func init() { }) } -func (b Enforce) Apply(profile string) string { +func (b Enforce) Apply(profile string) (string, error) { matches := regFlags.FindStringSubmatch(profile) if len(matches) == 0 { - return profile + return profile, nil } flags := strings.Split(matches[1], ",") idx := slices.Index(flags, "complain") if idx == -1 { - return profile + return profile, nil } flags = slices.Delete(flags, idx, idx+1) strFlags := "{" @@ -43,5 +43,5 @@ func (b Enforce) Apply(profile string) string { // Remove all flags definition, then set new flags profile = regFlags.ReplaceAllLiteralString(profile, "") - return regProfileHeader.ReplaceAllLiteralString(profile, strFlags) + return regProfileHeader.ReplaceAllLiteralString(profile, strFlags), nil } diff --git a/pkg/prebuild/builder/fsp.go b/pkg/prebuild/builder/fsp.go index 07bbbb8a..f118e149 100644 --- a/pkg/prebuild/builder/fsp.go +++ b/pkg/prebuild/builder/fsp.go @@ -28,6 +28,6 @@ func init() { }) } -func (b FullSystemPolicy) Apply(profile string) string { - return regFullSystemPolicy.Replace(profile) +func (b FullSystemPolicy) Apply(profile string) (string, error) { + return regFullSystemPolicy.Replace(profile), nil } diff --git a/pkg/prebuild/builder/userspace.go b/pkg/prebuild/builder/userspace.go index 702fd56d..8a95de7f 100644 --- a/pkg/prebuild/builder/userspace.go +++ b/pkg/prebuild/builder/userspace.go @@ -29,7 +29,7 @@ func init() { }) } -func (b Userspace) Apply(profile string) string { +func (b Userspace) Apply(profile string) (string, error) { p := aa.DefaultTunables() p.ParseVariables(profile) p.ResolveAttachments() @@ -37,7 +37,7 @@ func (b Userspace) Apply(profile string) string { matches := regAttachments.FindAllString(profile, -1) if len(matches) > 0 { strheader := strings.Replace(matches[0], "@{exec_path}", att, -1) - return regAttachments.ReplaceAllLiteralString(profile, strheader) + return regAttachments.ReplaceAllLiteralString(profile, strheader), nil } - return profile + return profile, nil } diff --git a/pkg/prebuild/directive/core.go b/pkg/prebuild/directive/core.go index e6f97e02..8c068981 100644 --- a/pkg/prebuild/directive/core.go +++ b/pkg/prebuild/directive/core.go @@ -26,7 +26,7 @@ var ( // Main directive interface type Directive interface { cfg.BaseInterface - Apply(opt *Option, profile string) string + Apply(opt *Option, profile string) (string, error) } // Directive options @@ -65,14 +65,18 @@ func RegisterDirective(d Directive) { Directives[d.Name()] = d } -func Run(file *paths.Path, profile string) string { +func Run(file *paths.Path, profile string) (string, error) { + var err error for _, match := range regDirective.FindAllStringSubmatch(profile, -1) { opt := NewOption(file, match) drtv, ok := Directives[opt.Name] if !ok { - panic(fmt.Sprintf("Unknown directive: %s", opt.Name)) + return "", fmt.Errorf("Unknown directive: %s", opt.Name) + } + profile, err = drtv.Apply(opt, profile) + if err != nil { + return "", err } - profile = drtv.Apply(opt, profile) } - return profile + return profile, nil } diff --git a/pkg/prebuild/directive/core_test.go b/pkg/prebuild/directive/core_test.go index c74192ff..676520d9 100644 --- a/pkg/prebuild/directive/core_test.go +++ b/pkg/prebuild/directive/core_test.go @@ -70,6 +70,7 @@ func TestRun(t *testing.T) { file *paths.Path profile string want string + wantErr bool }{ { name: "none", @@ -86,7 +87,12 @@ func TestRun(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := Run(tt.file, tt.profile); got != tt.want { + got, err := Run(tt.file, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("Run() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("Run() = %v, want %v", got, tt.want) } }) diff --git a/pkg/prebuild/directive/dbus.go b/pkg/prebuild/directive/dbus.go index f98105b5..dc7ac16d 100644 --- a/pkg/prebuild/directive/dbus.go +++ b/pkg/prebuild/directive/dbus.go @@ -50,10 +50,13 @@ func setInterfaces(rules map[string]string) []string { return interfaces } -func (d Dbus) Apply(opt *Option, profile string) string { +func (d Dbus) Apply(opt *Option, profile string) (string, error) { var r aa.Rules - action := d.sanityCheck(opt) + action, err := d.sanityCheck(opt) + if err != nil { + return "", err + } switch action { case "own": r = d.own(opt.ArgMap) @@ -68,26 +71,26 @@ func (d Dbus) Apply(opt *Option, profile string) string { lenDbus := len(generatedDbus) generatedDbus = generatedDbus[:lenDbus-1] profile = strings.Replace(profile, opt.Raw, generatedDbus, -1) - return profile + return profile, nil } -func (d Dbus) sanityCheck(opt *Option) string { +func (d Dbus) sanityCheck(opt *Option) (string, error) { if len(opt.ArgList) < 1 { - panic(fmt.Sprintf("Unknown dbus action: %s in %s", opt.Name, opt.File)) + return "", fmt.Errorf("Unknown dbus action: %s in %s", opt.Name, opt.File) } action := opt.ArgList[0] if action != "own" && action != "talk" { - panic(fmt.Sprintf("Unknown dbus action: %s in %s", opt.Name, opt.File)) + return "", fmt.Errorf("Unknown dbus action: %s in %s", opt.Name, opt.File) } if _, present := opt.ArgMap["name"]; !present { - panic(fmt.Sprintf("Missing name for 'dbus: %s' in %s", action, opt.File)) + return "", fmt.Errorf("Missing name for 'dbus: %s' in %s", action, opt.File) } if _, present := opt.ArgMap["bus"]; !present { - panic(fmt.Sprintf("Missing bus for '%s' in %s", opt.ArgMap["name"], opt.File)) + return "", fmt.Errorf("Missing bus for '%s' in %s", opt.ArgMap["name"], opt.File) } if _, present := opt.ArgMap["label"]; !present && action == "talk" { - panic(fmt.Sprintf("Missing label for '%s' in %s", opt.ArgMap["name"], opt.File)) + return "", fmt.Errorf("Missing label for '%s' in %s", opt.ArgMap["name"], opt.File) } // Set default values @@ -95,7 +98,7 @@ func (d Dbus) sanityCheck(opt *Option) string { opt.ArgMap["path"] = "/" + strings.Replace(opt.ArgMap["name"], ".", "/", -1) + "{,/**}" } opt.ArgMap["name"] += "{,.*}" - return action + return action, nil } func (d Dbus) own(rules map[string]string) aa.Rules { diff --git a/pkg/prebuild/directive/dbus_test.go b/pkg/prebuild/directive/dbus_test.go index 6d7c0594..65e55e78 100644 --- a/pkg/prebuild/directive/dbus_test.go +++ b/pkg/prebuild/directive/dbus_test.go @@ -38,6 +38,7 @@ func TestDbus_Apply(t *testing.T) { opt *Option profile string want string + wantErr bool }{ { name: "own", @@ -137,7 +138,12 @@ func TestDbus_Apply(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := Directives["dbus"].Apply(tt.opt, tt.profile); got != tt.want { + got, err := Directives["dbus"].Apply(tt.opt, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("Dbus.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("Dbus.Apply() = %v, want %v", got, tt.want) } }) diff --git a/pkg/prebuild/directive/exec.go b/pkg/prebuild/directive/exec.go index a7a8c736..0dc1aec6 100644 --- a/pkg/prebuild/directive/exec.go +++ b/pkg/prebuild/directive/exec.go @@ -27,7 +27,7 @@ func init() { }) } -func (d Exec) Apply(opt *Option, profileRaw string) string { +func (d Exec) Apply(opt *Option, profileRaw string) (string, error) { transition := "Px" transitions := []string{"P", "U", "p", "u", "PU", "pu"} t := opt.ArgList[0] @@ -60,5 +60,5 @@ func (d Exec) Apply(opt *Option, profileRaw string) string { rules.Sort() new := rules.String() new = new[:len(new)-1] - return strings.Replace(profileRaw, opt.Raw, new, -1) + return strings.Replace(profileRaw, opt.Raw, new, -1), nil } diff --git a/pkg/prebuild/directive/exec_test.go b/pkg/prebuild/directive/exec_test.go index de675033..f21544c0 100644 --- a/pkg/prebuild/directive/exec_test.go +++ b/pkg/prebuild/directive/exec_test.go @@ -18,6 +18,7 @@ func TestExec_Apply(t *testing.T) { opt *Option profile string want string + wantErr bool }{ { name: "exec", @@ -51,7 +52,12 @@ func TestExec_Apply(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { cfg.RootApparmord = tt.rootApparmord - if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want { + got, err := Directives["exec"].Apply(tt.opt, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("Exec.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("Exec.Apply() = |%v|, want |%v|", got, tt.want) } }) diff --git a/pkg/prebuild/directive/filter.go b/pkg/prebuild/directive/filter.go index b4cc54af..256b0660 100644 --- a/pkg/prebuild/directive/filter.go +++ b/pkg/prebuild/directive/filter.go @@ -41,12 +41,12 @@ func filterRuleForUs(opt *Option) bool { return slices.Contains(opt.ArgList, cfg.Distribution) || slices.Contains(opt.ArgList, cfg.Family) } -func filter(only bool, opt *Option, profile string) string { +func filter(only bool, opt *Option, profile string) (string, error) { if only && filterRuleForUs(opt) { - return profile + return profile, nil } if !only && !filterRuleForUs(opt) { - return profile + return profile, nil } inline := true @@ -64,13 +64,13 @@ func filter(only bool, opt *Option, profile string) string { regRemoveParagraph := regexp.MustCompile(`(?s)` + opt.Raw + `\n.*?\n\n`) profile = regRemoveParagraph.ReplaceAllString(profile, "") } - return profile + return profile, nil } -func (d FilterOnly) Apply(opt *Option, profile string) string { +func (d FilterOnly) Apply(opt *Option, profile string) (string, error) { return filter(true, opt, profile) } -func (d FilterExclude) Apply(opt *Option, profile string) string { +func (d FilterExclude) Apply(opt *Option, profile string) (string, error) { return filter(false, opt, profile) } diff --git a/pkg/prebuild/directive/filter_test.go b/pkg/prebuild/directive/filter_test.go index 4dbeca91..69e1bff9 100644 --- a/pkg/prebuild/directive/filter_test.go +++ b/pkg/prebuild/directive/filter_test.go @@ -18,6 +18,7 @@ func TestFilterOnly_Apply(t *testing.T) { opt *Option profile string want string + wantErr bool }{ { name: "inline", @@ -79,7 +80,12 @@ func TestFilterOnly_Apply(t *testing.T) { t.Run(tt.name, func(t *testing.T) { cfg.Distribution = tt.dist cfg.Family = tt.family - if got := Directives["only"].Apply(tt.opt, tt.profile); got != tt.want { + got, err := Directives["only"].Apply(tt.opt, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("FilterOnly.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("FilterOnly.Apply() = %v, want %v", got, tt.want) } }) @@ -94,6 +100,7 @@ func TestFilterExclude_Apply(t *testing.T) { opt *Option profile string want string + wantErr bool }{ { name: "inline", @@ -128,7 +135,12 @@ func TestFilterExclude_Apply(t *testing.T) { t.Run(tt.name, func(t *testing.T) { cfg.Distribution = tt.dist cfg.Family = tt.family - if got := Directives["exclude"].Apply(tt.opt, tt.profile); got != tt.want { + got, err := Directives["exclude"].Apply(tt.opt, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("FilterExclude.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("FilterExclude.Apply() = %v, want %v", got, tt.want) } }) diff --git a/pkg/prebuild/directive/stack.go b/pkg/prebuild/directive/stack.go index cb891acc..e0ab9d84 100644 --- a/pkg/prebuild/directive/stack.go +++ b/pkg/prebuild/directive/stack.go @@ -38,13 +38,13 @@ func init() { }) } -func (s Stack) Apply(opt *Option, profile string) string { +func (s Stack) Apply(opt *Option, profile string) (string, error) { res := "" for name := range opt.ArgMap { stackedProfile := util.MustReadFile(cfg.RootApparmord.Join(name)) m := regRules.FindStringSubmatch(stackedProfile) if len(m) < 2 { - panic(fmt.Sprintf("No profile found in %s", name)) + return "", fmt.Errorf("No profile found in %s", name) } stackedRules := m[1] stackedRules = regCleanStakedRules.Replace(stackedRules) @@ -54,9 +54,9 @@ func (s Stack) Apply(opt *Option, profile string) string { // Insert the stacked profile at the end of the current profile, remove the stack directive m := regEndOfRules.FindStringSubmatch(profile) if len(m) <= 1 { - panic(fmt.Sprintf("No end of rules found in %s", opt.File)) + return "", fmt.Errorf("No end of rules found in %s", opt.File) } profile = strings.Replace(profile, m[0], res+m[0], -1) profile = strings.Replace(profile, opt.Raw, "", -1) - return profile + return profile, nil } diff --git a/pkg/prebuild/directive/stack_test.go b/pkg/prebuild/directive/stack_test.go index 4d5a284a..47f1cb28 100644 --- a/pkg/prebuild/directive/stack_test.go +++ b/pkg/prebuild/directive/stack_test.go @@ -18,6 +18,7 @@ func TestStack_Apply(t *testing.T) { opt *Option profile string want string + wantErr bool }{ { name: "stack", @@ -68,7 +69,12 @@ profile parent @{exec_path} { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { cfg.RootApparmord = tt.rootApparmord - if got := Directives["stack"].Apply(tt.opt, tt.profile); got != tt.want { + got, err := Directives["stack"].Apply(tt.opt, tt.profile) + if (err != nil) != tt.wantErr { + t.Errorf("Stack.Apply() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { t.Errorf("Stack.Apply() = %v, want %v", got, tt.want) } }) diff --git a/pkg/prebuild/prebuild.go b/pkg/prebuild/prebuild.go index 4553156c..2dd57183 100644 --- a/pkg/prebuild/prebuild.go +++ b/pkg/prebuild/prebuild.go @@ -84,9 +84,15 @@ func Build() error { return err } for _, b := range builder.Builds { - profile = b.Apply(profile) + profile, err = b.Apply(profile) + if err != nil { + return err + } + } + profile, err = directive.Run(file, profile) + if err != nil { + return err } - profile = directive.Run(file, profile) if err := file.WriteFile([]byte(profile)); err != nil { return err }