mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
build: update directives with the new interface.
This commit is contained in:
Alexandre Pujol
parent
38e9e5f08e
commit
08d4110c2a
@ -10,36 +10,25 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/arduino/go-paths-helper"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
)
|
||||
|
||||
// Define the directive keyword globally
|
||||
const Keyword = "#aa:"
|
||||
|
||||
// Build the profiles with the following directive applied
|
||||
var Directives = map[string]Directive{}
|
||||
var (
|
||||
// Build the profiles with the following directive applied
|
||||
Directives = map[string]Directive{}
|
||||
|
||||
var regDirective = regexp.MustCompile(`(?m).*` + Keyword + `([a-z]*) (.*)`)
|
||||
regDirective = regexp.MustCompile(`(?m).*` + Keyword + `([a-z]*) (.*)`)
|
||||
)
|
||||
|
||||
// Main directive interface
|
||||
type Directive interface {
|
||||
Usage() string
|
||||
Message() string
|
||||
cfg.BaseInterface
|
||||
Apply(opt *Option, profile string) string
|
||||
}
|
||||
|
||||
type DirectiveBase struct {
|
||||
message string
|
||||
usage string
|
||||
}
|
||||
|
||||
func (d *DirectiveBase) Usage() string {
|
||||
return d.usage
|
||||
}
|
||||
|
||||
func (d *DirectiveBase) Message() string {
|
||||
return d.message
|
||||
}
|
||||
|
||||
// Directive options
|
||||
type Option struct {
|
||||
Name string
|
||||
@ -72,6 +61,10 @@ func NewOption(file *paths.Path, match []string) *Option {
|
||||
}
|
||||
}
|
||||
|
||||
func RegisterDirective(d Directive) {
|
||||
Directives[d.Name()] = d
|
||||
}
|
||||
|
||||
func Run(file *paths.Path, profile string) string {
|
||||
for _, match := range regDirective.FindAllStringSubmatch(profile, -1) {
|
||||
opt := NewOption(file, match)
|
||||
|
||||
@ -11,32 +11,6 @@ import (
|
||||
"github.com/arduino/go-paths-helper"
|
||||
)
|
||||
|
||||
func TestDirective_Usage(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
d Directive
|
||||
wantMessage string
|
||||
wantUsage string
|
||||
}{
|
||||
{
|
||||
name: "empty",
|
||||
d: Directives["stack"],
|
||||
wantMessage: "Stack directive applied",
|
||||
wantUsage: `#aa:stack profiles_name...`,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if got := tt.d.Usage(); got != tt.wantUsage {
|
||||
t.Errorf("Directive.Usage() = %v, want %v", got, tt.wantUsage)
|
||||
}
|
||||
if got := tt.d.Message(); got != tt.wantMessage {
|
||||
t.Errorf("Directive.Usage() = %v, want %v", got, tt.wantMessage)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewOption(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
||||
@ -18,6 +18,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/aa"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
)
|
||||
|
||||
var defaultInterfaces = []string{
|
||||
@ -26,17 +27,18 @@ var defaultInterfaces = []string{
|
||||
}
|
||||
|
||||
type Dbus struct {
|
||||
DirectiveBase
|
||||
cfg.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
Directives["dbus"] = &Dbus{
|
||||
DirectiveBase: DirectiveBase{
|
||||
message: "Dbus directive applied",
|
||||
usage: `#aa:dbus own bus=(system | session) name=<interface>
|
||||
#aa:dbus talk bus=(system | session) name=<interface> label=<profile_name>`,
|
||||
RegisterDirective(&Dbus{
|
||||
Base: cfg.Base{
|
||||
Keyword: "dbus",
|
||||
Msg: "Dbus directive applied",
|
||||
Help: `#aa:dbus own bus=<bus> name=<name> [interface=AARE] [path=AARE]
|
||||
#aa:dbus talk bus=<bus> name=<name> label=<profile> [interface=AARE] [path=AARE]`,
|
||||
},
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func setInterfaces(rules map[string]string) []string {
|
||||
|
||||
@ -8,20 +8,22 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/aa"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
type Exec struct {
|
||||
DirectiveBase
|
||||
cfg.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
Directives["exec"] = &Exec{
|
||||
DirectiveBase: DirectiveBase{
|
||||
message: "Exec directive applied",
|
||||
usage: `#aa:exec [P|U|p|u|PU|pu|] profiles_name...`,
|
||||
RegisterDirective(&Exec{
|
||||
Base: cfg.Base{
|
||||
Keyword: "exec",
|
||||
Msg: "Exec directive applied",
|
||||
Help: `#aa:exec [P|U|p|u|PU|pu|] profiles...`,
|
||||
},
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func (d Exec) Apply(opt *Option, profile string) string {
|
||||
@ -35,7 +37,7 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
||||
|
||||
p := &aa.AppArmorProfile{}
|
||||
for name := range opt.ArgMap {
|
||||
content, err := rootApparmord.Join(name).ReadFile()
|
||||
content, err := cfg.RootApparmord.Join(name).ReadFile()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/arduino/go-paths-helper"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
)
|
||||
|
||||
func TestExec_Apply(t *testing.T) {
|
||||
@ -49,7 +50,7 @@ func TestExec_Apply(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
rootApparmord = tt.rootApparmord
|
||||
cfg.RootApparmord = tt.rootApparmord
|
||||
if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||
t.Errorf("Exec.Apply() = %v, want %v", got, tt.want)
|
||||
}
|
||||
|
||||
@ -8,35 +8,37 @@ import (
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
oss "github.com/roddhjav/apparmor.d/pkg/os"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
type FilterOnly struct {
|
||||
DirectiveBase
|
||||
cfg.Base
|
||||
}
|
||||
|
||||
type FilterExclude struct {
|
||||
DirectiveBase
|
||||
cfg.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
Directives["only"] = &FilterOnly{
|
||||
DirectiveBase: DirectiveBase{
|
||||
message: "Only directive applied",
|
||||
usage: `#aa:only <dist or familly>`,
|
||||
RegisterDirective(&FilterOnly{
|
||||
Base: cfg.Base{
|
||||
Keyword: "only",
|
||||
Msg: "Only directive applied",
|
||||
Help: `#aa:only filters...`,
|
||||
},
|
||||
}
|
||||
Directives["exclude"] = &FilterExclude{
|
||||
DirectiveBase: DirectiveBase{
|
||||
message: "Exclude directive applied",
|
||||
usage: `#aa:exclude <dist or familly>`,
|
||||
})
|
||||
RegisterDirective(&FilterExclude{
|
||||
Base: cfg.Base{
|
||||
Keyword: "exclude",
|
||||
Msg: "Exclude directive applied",
|
||||
Help: `#aa:exclude filters...`,
|
||||
},
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func filterRuleForUs(opt *Option) bool {
|
||||
return slices.Contains(opt.ArgList, oss.Distribution) || slices.Contains(opt.ArgList, oss.Family)
|
||||
return slices.Contains(opt.ArgList, cfg.Distribution) || slices.Contains(opt.ArgList, cfg.Family)
|
||||
}
|
||||
|
||||
func filter(only bool, opt *Option, profile string) string {
|
||||
|
||||
@ -7,7 +7,7 @@ package directive
|
||||
import (
|
||||
"testing"
|
||||
|
||||
oss "github.com/roddhjav/apparmor.d/pkg/os"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
)
|
||||
|
||||
func TestFilterOnly_Apply(t *testing.T) {
|
||||
@ -77,8 +77,8 @@ func TestFilterOnly_Apply(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
oss.Distribution = tt.dist
|
||||
oss.Family = tt.family
|
||||
cfg.Distribution = tt.dist
|
||||
cfg.Family = tt.family
|
||||
if got := Directives["only"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||
t.Errorf("FilterOnly.Apply() = %v, want %v", got, tt.want)
|
||||
}
|
||||
@ -126,8 +126,8 @@ func TestFilterExclude_Apply(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
oss.Distribution = tt.dist
|
||||
oss.Family = tt.family
|
||||
cfg.Distribution = tt.dist
|
||||
cfg.Family = tt.family
|
||||
if got := Directives["exclude"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||
t.Errorf("FilterExclude.Apply() = %v, want %v", got, tt.want)
|
||||
}
|
||||
|
||||
@ -9,12 +9,10 @@ import (
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/arduino/go-paths-helper"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
var rootApparmord = paths.New(".build/apparmor.d")
|
||||
|
||||
var (
|
||||
regRules = regexp.MustCompile(`(?m)^profile.*{$((.|\n)*)}`)
|
||||
regEndOfRules = regexp.MustCompile(`(?m)([\t ]*include if exists <.*>\n)+}`)
|
||||
@ -27,22 +25,23 @@ var (
|
||||
)
|
||||
|
||||
type Stack struct {
|
||||
DirectiveBase
|
||||
cfg.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
Directives["stack"] = &Stack{
|
||||
DirectiveBase: DirectiveBase{
|
||||
message: "Stack directive applied",
|
||||
usage: `#aa:stack profiles_name...`,
|
||||
RegisterDirective(&Stack{
|
||||
Base: cfg.Base{
|
||||
Keyword: "stack",
|
||||
Msg: "Stack directive applied",
|
||||
Help: `#aa:stack profiles...`,
|
||||
},
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func (s Stack) Apply(opt *Option, profile string) string {
|
||||
res := ""
|
||||
for name := range opt.ArgMap {
|
||||
tmp, err := rootApparmord.Join(name).ReadFile()
|
||||
tmp, err := cfg.RootApparmord.Join(name).ReadFile()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/arduino/go-paths-helper"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
)
|
||||
|
||||
func TestStack_Apply(t *testing.T) {
|
||||
@ -66,7 +67,7 @@ profile parent @{exec_path} {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
rootApparmord = tt.rootApparmord
|
||||
cfg.RootApparmord = tt.rootApparmord
|
||||
if got := Directives["stack"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||
t.Errorf("Stack.Apply() = %v, want %v", got, tt.want)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user