From 272072d2a57465ebf90bf117239a30aedcb9694d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 25 Jun 2024 19:50:27 +0100 Subject: [PATCH] refractor(aa): rename base struct from RuleBase to Base --- pkg/aa/all.go | 8 ++++---- pkg/aa/apparmor_test.go | 10 +++++----- pkg/aa/base.go | 14 +++++++------- pkg/aa/blocks.go | 2 +- pkg/aa/capability.go | 6 +++--- pkg/aa/change_profile.go | 6 +++--- pkg/aa/data_test.go | 24 ++++++++++++------------ pkg/aa/dbus.go | 10 +++++----- pkg/aa/file.go | 16 ++++++++-------- pkg/aa/io_uring.go | 10 +++++----- pkg/aa/mount.go | 30 +++++++++++++++--------------- pkg/aa/mqueue.go | 10 +++++----- pkg/aa/network.go | 6 +++--- pkg/aa/parse_test.go | 38 +++++++++++++++++++------------------- pkg/aa/pivot_root.go | 6 +++--- pkg/aa/preamble.go | 34 +++++++++++++++++----------------- pkg/aa/profile.go | 2 +- pkg/aa/ptrace.go | 10 +++++----- pkg/aa/resolve_test.go | 2 +- pkg/aa/rlimit.go | 18 +++++++++--------- pkg/aa/signal.go | 14 +++++++------- pkg/aa/unix.go | 10 +++++----- pkg/aa/userns.go | 10 +++++----- pkg/logs/logs_test.go | 4 ++-- 24 files changed, 150 insertions(+), 150 deletions(-) diff --git a/pkg/aa/all.go b/pkg/aa/all.go index b3acb5d9..3004bbf9 100644 --- a/pkg/aa/all.go +++ b/pkg/aa/all.go @@ -9,11 +9,11 @@ const ( ) type All struct { - RuleBase + Base } func newAll(q Qualifier, rule rule) (Rule, error) { - return &All{RuleBase: newBase(rule)}, nil + return &All{Base: newBase(rule)}, nil } func (r *All) Validate() error { @@ -26,8 +26,8 @@ func (r *All) Compare(other Rule) int { func (r *All) Merge(other Rule) bool { o, _ := other.(*All) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } func (r *All) String() string { diff --git a/pkg/aa/apparmor_test.go b/pkg/aa/apparmor_test.go index 10cf366b..d7a22b5b 100644 --- a/pkg/aa/apparmor_test.go +++ b/pkg/aa/apparmor_test.go @@ -40,7 +40,7 @@ func TestAppArmorProfileFile_String(t *testing.T) { name: "foo", f: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, + &Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, nil, &Abi{IsMagic: true, Path: "abi/4.0"}, &Alias{Path: "/mnt/usr", RewrittenPath: "/usr"}, @@ -66,7 +66,7 @@ func TestAppArmorProfileFile_String(t *testing.T) { &Network{Domain: "inet", Type: "stream"}, &Network{Domain: "inet6", Type: "stream"}, &Mount{ - RuleBase: RuleBase{Comment: " failed perms check"}, + Base: Base{Comment: " failed perms check"}, MountConditions: MountConditions{ FsType: "fuse.portal", Options: []string{"rw", "rbind"}, @@ -204,9 +204,9 @@ func TestAppArmorProfileFile_Integration(t *testing.T) { name: "aa-status", f: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}}, - &Comment{RuleBase: RuleBase{Comment: " Copyright (C) 2021-2024 Alexandre Pujol ", IsLineRule: true}}, - &Comment{RuleBase: RuleBase{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}}, + &Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}}, + &Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol ", IsLineRule: true}}, + &Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}}, nil, &Abi{IsMagic: true, Path: "abi/3.0"}, &Include{IsMagic: true, Path: "tunables/global"}, diff --git a/pkg/aa/base.go b/pkg/aa/base.go index c0595426..6302a0fa 100644 --- a/pkg/aa/base.go +++ b/pkg/aa/base.go @@ -8,7 +8,7 @@ import ( "strings" ) -type RuleBase struct { +type Base struct { IsLineRule bool Comment string NoNewPrivs bool @@ -19,7 +19,7 @@ type RuleBase struct { Optional bool } -func newBase(rule rule) RuleBase { +func newBase(rule rule) Base { comment := "" fileInherit, noNewPrivs, optional := false, false, false @@ -44,7 +44,7 @@ func newBase(rule rule) RuleBase { optional = true comment = strings.Replace(comment, "optional: ", "", 1) } - return RuleBase{ + return Base{ Comment: comment, NoNewPrivs: noNewPrivs, FileInherit: fileInherit, @@ -52,7 +52,7 @@ func newBase(rule rule) RuleBase { } } -func newBaseFromLog(log map[string]string) RuleBase { +func newBaseFromLog(log map[string]string) Base { comment := "" fileInherit, noNewPrivs, optional := false, false, false @@ -70,7 +70,7 @@ func newBaseFromLog(log map[string]string) RuleBase { if log["info"] != "" { comment += " " + log["info"] } - return RuleBase{ + return Base{ IsLineRule: false, Comment: comment, NoNewPrivs: noNewPrivs, @@ -79,11 +79,11 @@ func newBaseFromLog(log map[string]string) RuleBase { } } -func (r RuleBase) Merge(other Rule) bool { +func (r Base) Merge(other Rule) bool { return false } -func (r *RuleBase) merge(other RuleBase) bool { +func (r *Base) merge(other Base) bool { if other.Comment != "" { r.Comment += " " + other.Comment } diff --git a/pkg/aa/blocks.go b/pkg/aa/blocks.go index b3ce0ba7..85f75495 100644 --- a/pkg/aa/blocks.go +++ b/pkg/aa/blocks.go @@ -10,7 +10,7 @@ const ( // Hat represents a single AppArmor hat. type Hat struct { - RuleBase + Base Name string Rules Rules } diff --git a/pkg/aa/capability.go b/pkg/aa/capability.go index f9f083f9..8a4d453b 100644 --- a/pkg/aa/capability.go +++ b/pkg/aa/capability.go @@ -26,7 +26,7 @@ func init() { } type Capability struct { - RuleBase + Base Qualifier Names []string } @@ -37,7 +37,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Capability{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Names: names, }, nil @@ -45,7 +45,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) { func newCapabilityFromLog(log map[string]string) Rule { return &Capability{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Names: Must(toValues(CAPABILITY, "name", log["capname"])), } diff --git a/pkg/aa/change_profile.go b/pkg/aa/change_profile.go index a6abb877..4fc35a32 100644 --- a/pkg/aa/change_profile.go +++ b/pkg/aa/change_profile.go @@ -18,7 +18,7 @@ func init() { } type ChangeProfile struct { - RuleBase + Base Qualifier ExecMode string Exec string @@ -49,7 +49,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) { } } return &ChangeProfile{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, ExecMode: mode, Exec: exec, @@ -59,7 +59,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) { func newChangeProfileFromLog(log map[string]string) Rule { return &ChangeProfile{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), ExecMode: log["mode"], Exec: log["exec"], diff --git a/pkg/aa/data_test.go b/pkg/aa/data_test.go index b4e24786..b96fd865 100644 --- a/pkg/aa/data_test.go +++ b/pkg/aa/data_test.go @@ -6,8 +6,8 @@ package aa var ( // Comment - comment1 = &Comment{RuleBase: RuleBase{Comment: "comment", IsLineRule: true}} - comment2 = &Comment{RuleBase: RuleBase{Comment: "another comment", IsLineRule: true}} + comment1 = &Comment{Base: Base{Comment: "comment", IsLineRule: true}} + comment2 = &Comment{Base: Base{Comment: "another comment", IsLineRule: true}} // Abi abi1 = &Abi{IsMagic: true, Path: "abi/4.0"} @@ -28,7 +28,7 @@ var ( // All all1 = &All{} - all2 = &All{RuleBase: RuleBase{Comment: "comment"}} + all2 = &All{Base: Base{Comment: "comment"}} // Rlimit rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"} @@ -94,13 +94,13 @@ var ( "flags": "rw, rbind", } mount1 = &Mount{ - RuleBase: RuleBase{Comment: " failed perms check"}, + Base: Base{Comment: " failed perms check"}, MountConditions: MountConditions{FsType: "overlay"}, Source: "overlay", MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/", } mount2 = &Mount{ - RuleBase: RuleBase{Comment: " failed perms check"}, + Base: Base{Comment: " failed perms check"}, MountConditions: MountConditions{Options: []string{"rw", "rbind"}}, Source: "/oldroot/dev/tty", MountPoint: "/newroot/dev/tty", @@ -238,9 +238,9 @@ var ( PeerLabel: "dbus-daemon", } unix2 = &Unix{ - RuleBase: RuleBase{FileInherit: true}, - Access: []string{"receive"}, - Type: "stream", + Base: Base{FileInherit: true}, + Access: []string{"receive"}, + Type: "stream", } // Dbus @@ -318,10 +318,10 @@ var ( } file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}} file2 = &File{ - RuleBase: RuleBase{NoNewPrivs: true}, - Owner: true, - Path: "@{PROC}/4163/cgroup", - Access: []string{"r"}, + Base: Base{NoNewPrivs: true}, + Owner: true, + Path: "@{PROC}/4163/cgroup", + Access: []string{"r"}, } // Link diff --git a/pkg/aa/dbus.go b/pkg/aa/dbus.go index f34b8e09..95b73153 100644 --- a/pkg/aa/dbus.go +++ b/pkg/aa/dbus.go @@ -21,7 +21,7 @@ func init() { } type Dbus struct { - RuleBase + Base Qualifier Access []string Bus string @@ -39,7 +39,7 @@ func newDbus(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Dbus{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Bus: rule.GetValuesAsString("bus"), @@ -61,7 +61,7 @@ func newDbusFromLog(log map[string]string) Rule { peerName = log["name"] } return &Dbus{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: []string{log["mask"]}, Bus: log["bus"], @@ -120,8 +120,8 @@ func (r *Dbus) Merge(other Rule) bool { r.Interface == o.Interface && r.Member == o.Member && r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/file.go b/pkg/aa/file.go index 56ae9c49..1955884c 100644 --- a/pkg/aa/file.go +++ b/pkg/aa/file.go @@ -38,7 +38,7 @@ func isOwner(log map[string]string) bool { } type File struct { - RuleBase + Base Qualifier Owner bool Path string @@ -76,7 +76,7 @@ func newFile(q Qualifier, rule rule) (Rule, error) { return nil, err } return &File{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Owner: owner, Path: path, @@ -94,7 +94,7 @@ func newFileFromLog(log map[string]string) Rule { return newLinkFromLog(log) } return &File{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Owner: isOwner(log), Path: log["name"], @@ -138,8 +138,8 @@ func (r *File) Merge(other Rule) bool { } if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } @@ -157,7 +157,7 @@ func (r *File) Kind() Kind { } type Link struct { - RuleBase + Base Qualifier Owner bool Subset bool @@ -190,7 +190,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) { } } return &Link{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Owner: owner, Subset: subset, @@ -201,7 +201,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) { func newLinkFromLog(log map[string]string) Rule { return &Link{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Owner: isOwner(log), Path: log["name"], diff --git a/pkg/aa/io_uring.go b/pkg/aa/io_uring.go index 4402f07a..40152cee 100644 --- a/pkg/aa/io_uring.go +++ b/pkg/aa/io_uring.go @@ -17,7 +17,7 @@ func init() { } type IOUring struct { - RuleBase + Base Qualifier Access []string Label string @@ -29,7 +29,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) { return nil, err } return &IOUring{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Label: rule.GetValuesAsString("label"), @@ -38,7 +38,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) { func newIOUringFromLog(log map[string]string) Rule { return &IOUring{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: Must(toAccess(IOURING, log["requested"])), Label: log["label"], @@ -71,8 +71,8 @@ func (r *IOUring) Merge(other Rule) bool { } if r.Label == o.Label { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/mount.go b/pkg/aa/mount.go index 272076d0..37f2aa3f 100644 --- a/pkg/aa/mount.go +++ b/pkg/aa/mount.go @@ -74,7 +74,7 @@ func (m *MountConditions) Merge(other MountConditions) bool { } type Mount struct { - RuleBase + Base Qualifier MountConditions Source string @@ -102,7 +102,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Mount{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, MountConditions: conditions, Source: src, @@ -112,7 +112,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) { func newMountFromLog(log map[string]string) Rule { return &Mount{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), MountConditions: newMountConditionsFromLog(log), Source: log["srcname"], @@ -150,8 +150,8 @@ func (r *Mount) Merge(other Rule) bool { } if r.Source == o.Source && r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } @@ -169,7 +169,7 @@ func (r *Mount) Kind() Kind { } type Umount struct { - RuleBase + Base Qualifier MountConditions MountPoint string @@ -186,7 +186,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Umount{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, MountConditions: conditions, MountPoint: mount, @@ -195,7 +195,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) { func newUmountFromLog(log map[string]string) Rule { return &Umount{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), MountConditions: newMountConditionsFromLog(log), MountPoint: log["name"], @@ -228,8 +228,8 @@ func (r *Umount) Merge(other Rule) bool { return false } if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } @@ -247,7 +247,7 @@ func (r *Umount) Kind() Kind { } type Remount struct { - RuleBase + Base Qualifier MountConditions MountPoint string @@ -265,7 +265,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Remount{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, MountConditions: conditions, MountPoint: mount, @@ -274,7 +274,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) { func newRemountFromLog(log map[string]string) Rule { return &Remount{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), MountConditions: newMountConditionsFromLog(log), MountPoint: log["name"], @@ -307,8 +307,8 @@ func (r *Remount) Merge(other Rule) bool { return false } if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/mqueue.go b/pkg/aa/mqueue.go index 889dcde6..67b0ad2f 100644 --- a/pkg/aa/mqueue.go +++ b/pkg/aa/mqueue.go @@ -23,7 +23,7 @@ func init() { } type Mqueue struct { - RuleBase + Base Qualifier Access []string Type string @@ -47,7 +47,7 @@ func newMqueue(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Mqueue{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Type: rule.GetValuesAsString("type"), @@ -64,7 +64,7 @@ func newMqueueFromLog(log map[string]string) Rule { mqueueType = "sysv" } return &Mqueue{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: Must(toAccess(MQUEUE, log["requested"])), Type: mqueueType, @@ -105,8 +105,8 @@ func (r *Mqueue) Merge(other Rule) bool { } if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/network.go b/pkg/aa/network.go index 38818de1..0820e187 100644 --- a/pkg/aa/network.go +++ b/pkg/aa/network.go @@ -58,7 +58,7 @@ func (r AddressExpr) Compare(other AddressExpr) int { } type Network struct { - RuleBase + Base Qualifier AddressExpr Domain string @@ -80,7 +80,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) { } } return &Network{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Domain: domain, Type: nType, @@ -90,7 +90,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) { func newNetworkFromLog(log map[string]string) Rule { return &Network{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), AddressExpr: newAddressExprFromLog(log), Domain: log["family"], diff --git a/pkg/aa/parse_test.go b/pkg/aa/parse_test.go index a1016b19..3bfc1eae 100644 --- a/pkg/aa/parse_test.go +++ b/pkg/aa/parse_test.go @@ -755,14 +755,14 @@ var ( @{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`, want: "\n\n\n", rules: Rules{ - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}}, &Include{ - RuleBase: RuleBase{Comment: " comment included"}, - IsMagic: true, Path: "tunables/global", + Base: Base{Comment: " comment included"}, + IsMagic: true, Path: "tunables/global", }, &Variable{ - RuleBase: RuleBase{Comment: " comment in variable"}, - Name: "lib_dirs", Define: true, + Base: Base{Comment: " comment in variable"}, + Name: "lib_dirs", Define: true, Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, }, }, @@ -862,14 +862,14 @@ var ( @{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`, apparmor: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}}, &Include{ - RuleBase: RuleBase{Comment: " comment included"}, - Path: "tunables/global", IsMagic: true, + Base: Base{Comment: " comment included"}, + Path: "tunables/global", IsMagic: true, }, &Variable{ - RuleBase: RuleBase{Comment: " comment in variable"}, - Name: "lib_dirs", Define: true, + Base: Base{Comment: " comment in variable"}, + Name: "lib_dirs", Define: true, Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, }, }, @@ -893,9 +893,9 @@ var ( `, apparmor: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " Simple test"}}, &Include{IsMagic: true, Path: "tunables/global"}, - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " { commented block }"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " { commented block }"}}, &Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true}, &Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true}, &Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}}, @@ -922,7 +922,7 @@ var ( raw: util.MustReadFile(testData.Join("string.aa")), apparmor: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, + &Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, &Include{IsMagic: true, Path: "tunables/global"}, &Variable{ Name: "exec_path", Define: true, @@ -961,7 +961,7 @@ var ( }, { &Mount{ - RuleBase: RuleBase{IsLineRule: false, Comment: " failed perms check"}, + Base: Base{IsLineRule: false, Comment: " failed perms check"}, MountConditions: MountConditions{ FsType: "fuse.portal", Options: []string{"rw", "rbind"}, @@ -1020,15 +1020,15 @@ var ( raw: util.MustReadFile(testData.Join("full.aa")), apparmor: &AppArmorProfileFile{ Preamble: Rules{ - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test profile with all rules used"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " Simple test profile with all rules used"}}, &Include{ - RuleBase: RuleBase{Comment: " a comment", Optional: true}, - IsMagic: true, Path: "tunables/global", + Base: Base{Comment: " a comment", Optional: true}, + IsMagic: true, Path: "tunables/global", }, &Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"}, &Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true}, &Variable{ - RuleBase: RuleBase{Comment: " another comment"}, Define: true, + Base: Base{Comment: " another comment"}, Define: true, Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, }, &Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true}, @@ -1152,7 +1152,7 @@ var ( }, }, { - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}}, &File{ Path: "\"/opt/Mullvad VPN/resources/*.so*\"", Access: []string{"m", "r"}, diff --git a/pkg/aa/pivot_root.go b/pkg/aa/pivot_root.go index cfa6833a..e0b8452c 100644 --- a/pkg/aa/pivot_root.go +++ b/pkg/aa/pivot_root.go @@ -9,7 +9,7 @@ import "fmt" const PIVOTROOT Kind = "pivot_root" type PivotRoot struct { - RuleBase + Base Qualifier OldRoot string NewRoot string @@ -32,7 +32,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) { } } return &PivotRoot{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, OldRoot: rule.GetValuesAsString("oldroot"), NewRoot: newroot, @@ -42,7 +42,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) { func newPivotRootFromLog(log map[string]string) Rule { return &PivotRoot{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), OldRoot: log["srcname"], NewRoot: log["name"], diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go index 4ad65fe9..fdff066c 100644 --- a/pkg/aa/preamble.go +++ b/pkg/aa/preamble.go @@ -20,13 +20,13 @@ const ( ) type Comment struct { - RuleBase + Base } func newComment(rule rule) (Rule, error) { base := newBase(rule) base.IsLineRule = true - return &Comment{RuleBase: base}, nil + return &Comment{Base: base}, nil } func (r *Comment) Validate() error { @@ -50,7 +50,7 @@ func (r *Comment) Kind() Kind { } type Abi struct { - RuleBase + Base Path string IsMagic bool } @@ -71,9 +71,9 @@ func newAbi(q Qualifier, rule rule) (Rule, error) { return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule) } return &Abi{ - RuleBase: newBase(rule), - Path: strings.Trim(path, "\"<>"), - IsMagic: magic, + Base: newBase(rule), + Path: strings.Trim(path, "\"<>"), + IsMagic: magic, }, nil } @@ -102,7 +102,7 @@ func (r *Abi) Kind() Kind { } type Alias struct { - RuleBase + Base Path string RewrittenPath string } @@ -115,7 +115,7 @@ func newAlias(q Qualifier, rule rule) (Rule, error) { return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule) } return &Alias{ - RuleBase: newBase(rule), + Base: newBase(rule), Path: rule.Get(0), RewrittenPath: rule.Get(2), }, nil @@ -146,7 +146,7 @@ func (r *Alias) Kind() Kind { } type Include struct { - RuleBase + Base IfExists bool Path string IsMagic bool @@ -177,7 +177,7 @@ func newInclude(rule rule) (Rule, error) { return nil, fmt.Errorf("invalid path format: %v", path) } return &Include{ - RuleBase: newBase(rule), + Base: newBase(rule), IfExists: ifexists, Path: strings.Trim(path, "\"<>"), IsMagic: magic, @@ -219,7 +219,7 @@ func (r *Include) Kind() Kind { } type Variable struct { - RuleBase + Base Name string Values []string Define bool @@ -245,10 +245,10 @@ func newVariable(rule rule) (Rule, error) { return nil, fmt.Errorf("invalid operator in variable: %v", rule) } return &Variable{ - RuleBase: newBase(rule), - Name: name, - Values: values, - Define: define, + Base: newBase(rule), + Name: name, + Values: values, + Define: define, }, nil } @@ -261,8 +261,8 @@ func (r *Variable) Merge(other Rule) bool { if r.Name == o.Name && r.Define == o.Define { r.Values = merge(r.Kind(), "access", r.Values, o.Values) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index a5ed8a6a..ae6e0145 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -30,7 +30,7 @@ func init() { // Profile represents a single AppArmor profile. type Profile struct { - RuleBase + Base Header Rules Rules } diff --git a/pkg/aa/ptrace.go b/pkg/aa/ptrace.go index 2c7f9f22..82883bb2 100644 --- a/pkg/aa/ptrace.go +++ b/pkg/aa/ptrace.go @@ -19,7 +19,7 @@ func init() { } type Ptrace struct { - RuleBase + Base Qualifier Access []string Peer string @@ -31,7 +31,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Ptrace{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Peer: rule.GetValuesAsString("peer"), @@ -40,7 +40,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) { func newPtraceFromLog(log map[string]string) Rule { return &Ptrace{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: Must(toAccess(PTRACE, log["requested_mask"])), Peer: log["peer"], @@ -62,8 +62,8 @@ func (r *Ptrace) Merge(other Rule) bool { } if r.Peer == o.Peer { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/resolve_test.go b/pkg/aa/resolve_test.go index 52168cc7..5c9c9026 100644 --- a/pkg/aa/resolve_test.go +++ b/pkg/aa/resolve_test.go @@ -31,7 +31,7 @@ func TestAppArmorProfileFile_resolveInclude(t *testing.T) { Preamble: Rules{ &Alias{Path: "/usr/", RewrittenPath: "/User/"}, &Alias{Path: "/lib/", RewrittenPath: "/Libraries/"}, - &Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " variable declarations for inclusion"}}, + &Comment{Base: Base{IsLineRule: true, Comment: " variable declarations for inclusion"}}, &Variable{ Name: "FOO", Define: true, Values: []string{ diff --git a/pkg/aa/rlimit.go b/pkg/aa/rlimit.go index 959ac4ee..f362d555 100644 --- a/pkg/aa/rlimit.go +++ b/pkg/aa/rlimit.go @@ -21,7 +21,7 @@ func init() { } type Rlimit struct { - RuleBase + Base Key string Op string Value string @@ -35,19 +35,19 @@ func newRlimit(q Qualifier, rule rule) (Rule, error) { return nil, fmt.Errorf("invalid rlimit format: %s", rule) } return &Rlimit{ - RuleBase: newBase(rule), - Key: rule.Get(1), - Op: rule.Get(2), - Value: rule.Get(3), + Base: newBase(rule), + Key: rule.Get(1), + Op: rule.Get(2), + Value: rule.Get(3), }, nil } func newRlimitFromLog(log map[string]string) Rule { return &Rlimit{ - RuleBase: newBaseFromLog(log), - Key: log["key"], - Op: log["op"], - Value: log["value"], + Base: newBaseFromLog(log), + Key: log["key"], + Op: log["op"], + Value: log["value"], } } diff --git a/pkg/aa/signal.go b/pkg/aa/signal.go index 097e8b82..aec7117a 100644 --- a/pkg/aa/signal.go +++ b/pkg/aa/signal.go @@ -32,7 +32,7 @@ func init() { } type Signal struct { - RuleBase + Base Qualifier Access []string Set []string @@ -49,7 +49,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Signal{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Set: set, @@ -59,7 +59,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) { func newSignalFromLog(log map[string]string) Rule { return &Signal{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: Must(toAccess(SIGNAL, log["requested_mask"])), Set: []string{log["signal"]}, @@ -86,12 +86,12 @@ func (r *Signal) Merge(other Rule) bool { switch { case r.Peer == o.Peer && compare(r.Set, o.Set) == 0: r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) case r.Peer == o.Peer && compare(r.Access, o.Access) == 0: r.Set = merge(r.Kind(), "set", r.Set, o.Set) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/unix.go b/pkg/aa/unix.go index 677330ec..490ad7f6 100644 --- a/pkg/aa/unix.go +++ b/pkg/aa/unix.go @@ -21,7 +21,7 @@ func init() { } type Unix struct { - RuleBase + Base Qualifier Access []string Type string @@ -40,7 +40,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) { return nil, err } return &Unix{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Access: accesses, Type: rule.GetValuesAsString("type"), @@ -56,7 +56,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) { func newUnixFromLog(log map[string]string) Rule { return &Unix{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Access: Must(toAccess(UNIX, log["requested_mask"])), Type: log["sock_type"], @@ -119,8 +119,8 @@ func (r *Unix) Merge(other Rule) bool { r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt && r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } return false } diff --git a/pkg/aa/userns.go b/pkg/aa/userns.go index 424911f0..7e3a7567 100644 --- a/pkg/aa/userns.go +++ b/pkg/aa/userns.go @@ -9,7 +9,7 @@ import "fmt" const USERNS Kind = "userns" type Userns struct { - RuleBase + Base Qualifier Create bool } @@ -28,7 +28,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) { return nil, fmt.Errorf("invalid userns format: %s", rule) } return &Userns{ - RuleBase: newBase(rule), + Base: newBase(rule), Qualifier: q, Create: create, }, nil @@ -36,7 +36,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) { func newUsernsFromLog(log map[string]string) Rule { return &Userns{ - RuleBase: newBaseFromLog(log), + Base: newBaseFromLog(log), Qualifier: newQualifierFromLog(log), Create: true, } @@ -56,8 +56,8 @@ func (r *Userns) Compare(other Rule) int { func (r *Userns) Merge(other Rule) bool { o, _ := other.(*Userns) - b := &r.RuleBase - return b.merge(o.RuleBase) + b := &r.Base + return b.merge(o.Base) } func (r *Userns) String() string { diff --git a/pkg/logs/logs_test.go b/pkg/logs/logs_test.go index aa5865ea..cc4b93ed 100644 --- a/pkg/logs/logs_test.go +++ b/pkg/logs/logs_test.go @@ -303,13 +303,13 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) { Header: aa.Header{Name: "kmod"}, Rules: aa.Rules{ &aa.Unix{ - RuleBase: aa.RuleBase{FileInherit: true}, + Base: aa.Base{FileInherit: true}, Access: []string{"send", "receive"}, Type: "stream", Protocol: "0", }, &aa.Unix{ - RuleBase: aa.RuleBase{FileInherit: true}, + Base: aa.Base{FileInherit: true}, Access: []string{"send", "receive"}, Type: "stream", Protocol: "0",