feat(aa): ensure the prebuild jobs are working.

2025-01-18 08:58:15 +01:00 · 2024-05-29 21:12:54 +01:00 · 2024-05-29 21:12:54 +01:00 · 23eaa20fb7
commit 23eaa20fb7
parent fe4c86a245
5 changed files with 29 additions and 16 deletions
--- a/pkg/aa/resolve.go
+++ b/pkg/aa/resolve.go
@ -22,12 +22,12 @@ var (
 // Resolve resolves variables and includes definied in the profile preamble
 func (f *AppArmorProfileFile) Resolve() error {
 	// Resolve preamble includes
-	for _, include := range f.Preamble.GetIncludes() {
-		err := f.resolveInclude(include)
-		if err != nil {
-			return err
-		}
-	}
+	// for _, include := range f.Preamble.GetIncludes() {
+	// 	err := f.resolveInclude(include)
+	// 	if err != nil {
+	// 		return err
+	// 	}
+	// }

 	// Resolve variables
 	for _, variable := range f.Preamble.GetVariables() {
--- a/pkg/prebuild/builder/core.go
+++ b/pkg/prebuild/builder/core.go
@ -58,7 +58,7 @@ func Run(file *paths.Path, profile string) (string, error) {
 	for _, b := range Builds {
 		profile, err = b.Apply(opt, profile)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("%s %s: %w", b.Name(), opt.File, err)
 		}
 	}
 	return profile, nil
--- a/pkg/prebuild/builder/userspace.go
+++ b/pkg/prebuild/builder/userspace.go
@ -30,10 +30,21 @@ func init() {
 }

 func (b Userspace) Apply(opt *Option, profile string) (string, error) {
-	p := aa.DefaultTunables()
-	p.ParseVariables(profile)
-	p.ResolveAttachments()
-	att := p.NestAttachments()
+	if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("abstractions")); ok {
+		return profile, nil
+	}
+	if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("tunables")); ok {
+		return profile, nil
+	}
+
+	f := aa.DefaultTunables()
+	if err := f.Parse(profile); err != nil {
+		return "", err
+	}
+	if err := f.Resolve(); err != nil {
+		return "", err
+	}
+	att := f.GetDefaultProfile().GetAttachments()
 	matches := regAttachments.FindAllString(profile, -1)
 	if len(matches) > 0 {
 		strheader := strings.Replace(matches[0], "@{exec_path}", att, -1)
--- a/pkg/prebuild/directive/core.go
+++ b/pkg/prebuild/directive/core.go
@ -71,11 +71,11 @@ func Run(file *paths.Path, profile string) (string, error) {
 		opt := NewOption(file, match)
 		drtv, ok := Directives[opt.Name]
 		if !ok {
-			return "", fmt.Errorf("Unknown directive: %s", opt.Name)
+			return "", fmt.Errorf("Unknown directive '%s' in %s", opt.Name, opt.File)
 		}
 		profile, err = drtv.Apply(opt, profile)
 		if err != nil {
-			return "", err
+			return "", fmt.Errorf("%s %s: %w", drtv.Name(), opt.File, err)
 		}
 	}
 	return profile, nil
--- a/pkg/prebuild/directive/exec.go
+++ b/pkg/prebuild/directive/exec.go
@ -2,6 +2,8 @@
 // Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 // SPDX-License-Identifier: GPL-2.0-only

+// TODO: Local variables in profile header need to be resolved
+
 package directive

 import (
@ -40,8 +42,8 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) {
 	for name := range opt.ArgMap {
 		profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
 		dstProfile := aa.DefaultTunables()
-		dstProfile.ParseVariables(profiletoTransition)
-		for _, variable := range dstProfile.Variables {
+		dstProfile.Parse(profiletoTransition)
+		for _, variable := range dstProfile.Preamble.GetVariables() {
 			if variable.Name == "exec_path" {
 				for _, v := range variable.Values {
 					rules = append(rules, &aa.File{
@ -57,7 +59,7 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) {
 	aa.IndentationLevel = strings.Count(
 		strings.SplitN(opt.Raw, Keyword, 1)[0], aa.Indentation,
 	)
-	rules.Sort()
+	rules = rules.Sort()
 	new := rules.String()
 	new = new[:len(new)-1]
 	return strings.Replace(profileRaw, opt.Raw, new, -1), nil