feat(aa): sort local include at the end of a profile.

2024-11-14 23:43:56 +01:00 · 2023-09-29 21:24:15 +01:00 · 2023-09-29 21:24:15 +01:00 · 26d05f1869
commit 26d05f1869
parent bd4e9bb135
2 changed files with 7 additions and 1 deletions
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -128,6 +128,12 @@ func (p *AppArmorProfile) Sort() {
 		if typeOfI != typeOfJ {
 			valueOfI := typeToValue(typeOfI)
 			valueOfJ := typeToValue(typeOfJ)
+			if typeOfI == reflect.TypeOf((*Include)(nil)) && p.Rules[i].(*Include).IfExists {
+				valueOfI = "include_if_exists"
+			}
+			if typeOfJ == reflect.TypeOf((*Include)(nil)) && p.Rules[j].(*Include).IfExists {
+				valueOfJ = "include_if_exists"
+			}
 			return ruleWeights[valueOfI] < ruleWeights[valueOfJ]
 		}
 		return p.Rules[i].Less(p.Rules[j])
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@ -78,7 +78,7 @@ var (
 		"iouring",
 		"dbus",
 		"file",
-		"include_local",
+		"include_if_exists",
 	}
 	ruleWeights = map[string]int{}