refractor(aa): rename base struct from RuleBase to Base

This commit is contained in:
Alexandre Pujol 2024-06-25 19:50:27 +01:00
parent 5b73923385
commit 272072d2a5
Failed to generate hash of commit
24 changed files with 150 additions and 150 deletions

View file

@ -9,11 +9,11 @@ const (
) )
type All struct { type All struct {
RuleBase Base
} }
func newAll(q Qualifier, rule rule) (Rule, error) { func newAll(q Qualifier, rule rule) (Rule, error) {
return &All{RuleBase: newBase(rule)}, nil return &All{Base: newBase(rule)}, nil
} }
func (r *All) Validate() error { func (r *All) Validate() error {
@ -26,8 +26,8 @@ func (r *All) Compare(other Rule) int {
func (r *All) Merge(other Rule) bool { func (r *All) Merge(other Rule) bool {
o, _ := other.(*All) o, _ := other.(*All)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
func (r *All) String() string { func (r *All) String() string {

View file

@ -40,7 +40,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
name: "foo", name: "foo",
f: &AppArmorProfileFile{ f: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, &Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
nil, nil,
&Abi{IsMagic: true, Path: "abi/4.0"}, &Abi{IsMagic: true, Path: "abi/4.0"},
&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"}, &Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},
@ -66,7 +66,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
&Network{Domain: "inet", Type: "stream"}, &Network{Domain: "inet", Type: "stream"},
&Network{Domain: "inet6", Type: "stream"}, &Network{Domain: "inet6", Type: "stream"},
&Mount{ &Mount{
RuleBase: RuleBase{Comment: " failed perms check"}, Base: Base{Comment: " failed perms check"},
MountConditions: MountConditions{ MountConditions: MountConditions{
FsType: "fuse.portal", FsType: "fuse.portal",
Options: []string{"rw", "rbind"}, Options: []string{"rw", "rbind"},
@ -204,9 +204,9 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
name: "aa-status", name: "aa-status",
f: &AppArmorProfileFile{ f: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}}, &Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
&Comment{RuleBase: RuleBase{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}}, &Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
&Comment{RuleBase: RuleBase{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}}, &Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
nil, nil,
&Abi{IsMagic: true, Path: "abi/3.0"}, &Abi{IsMagic: true, Path: "abi/3.0"},
&Include{IsMagic: true, Path: "tunables/global"}, &Include{IsMagic: true, Path: "tunables/global"},

View file

@ -8,7 +8,7 @@ import (
"strings" "strings"
) )
type RuleBase struct { type Base struct {
IsLineRule bool IsLineRule bool
Comment string Comment string
NoNewPrivs bool NoNewPrivs bool
@ -19,7 +19,7 @@ type RuleBase struct {
Optional bool Optional bool
} }
func newBase(rule rule) RuleBase { func newBase(rule rule) Base {
comment := "" comment := ""
fileInherit, noNewPrivs, optional := false, false, false fileInherit, noNewPrivs, optional := false, false, false
@ -44,7 +44,7 @@ func newBase(rule rule) RuleBase {
optional = true optional = true
comment = strings.Replace(comment, "optional: ", "", 1) comment = strings.Replace(comment, "optional: ", "", 1)
} }
return RuleBase{ return Base{
Comment: comment, Comment: comment,
NoNewPrivs: noNewPrivs, NoNewPrivs: noNewPrivs,
FileInherit: fileInherit, FileInherit: fileInherit,
@ -52,7 +52,7 @@ func newBase(rule rule) RuleBase {
} }
} }
func newBaseFromLog(log map[string]string) RuleBase { func newBaseFromLog(log map[string]string) Base {
comment := "" comment := ""
fileInherit, noNewPrivs, optional := false, false, false fileInherit, noNewPrivs, optional := false, false, false
@ -70,7 +70,7 @@ func newBaseFromLog(log map[string]string) RuleBase {
if log["info"] != "" { if log["info"] != "" {
comment += " " + log["info"] comment += " " + log["info"]
} }
return RuleBase{ return Base{
IsLineRule: false, IsLineRule: false,
Comment: comment, Comment: comment,
NoNewPrivs: noNewPrivs, NoNewPrivs: noNewPrivs,
@ -79,11 +79,11 @@ func newBaseFromLog(log map[string]string) RuleBase {
} }
} }
func (r RuleBase) Merge(other Rule) bool { func (r Base) Merge(other Rule) bool {
return false return false
} }
func (r *RuleBase) merge(other RuleBase) bool { func (r *Base) merge(other Base) bool {
if other.Comment != "" { if other.Comment != "" {
r.Comment += " " + other.Comment r.Comment += " " + other.Comment
} }

View file

@ -10,7 +10,7 @@ const (
// Hat represents a single AppArmor hat. // Hat represents a single AppArmor hat.
type Hat struct { type Hat struct {
RuleBase Base
Name string Name string
Rules Rules Rules Rules
} }

View file

@ -26,7 +26,7 @@ func init() {
} }
type Capability struct { type Capability struct {
RuleBase Base
Qualifier Qualifier
Names []string Names []string
} }
@ -37,7 +37,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Capability{ return &Capability{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Names: names, Names: names,
}, nil }, nil
@ -45,7 +45,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
func newCapabilityFromLog(log map[string]string) Rule { func newCapabilityFromLog(log map[string]string) Rule {
return &Capability{ return &Capability{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Names: Must(toValues(CAPABILITY, "name", log["capname"])), Names: Must(toValues(CAPABILITY, "name", log["capname"])),
} }

View file

@ -18,7 +18,7 @@ func init() {
} }
type ChangeProfile struct { type ChangeProfile struct {
RuleBase Base
Qualifier Qualifier
ExecMode string ExecMode string
Exec string Exec string
@ -49,7 +49,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
} }
} }
return &ChangeProfile{ return &ChangeProfile{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
ExecMode: mode, ExecMode: mode,
Exec: exec, Exec: exec,
@ -59,7 +59,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
func newChangeProfileFromLog(log map[string]string) Rule { func newChangeProfileFromLog(log map[string]string) Rule {
return &ChangeProfile{ return &ChangeProfile{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
ExecMode: log["mode"], ExecMode: log["mode"],
Exec: log["exec"], Exec: log["exec"],

View file

@ -6,8 +6,8 @@ package aa
var ( var (
// Comment // Comment
comment1 = &Comment{RuleBase: RuleBase{Comment: "comment", IsLineRule: true}} comment1 = &Comment{Base: Base{Comment: "comment", IsLineRule: true}}
comment2 = &Comment{RuleBase: RuleBase{Comment: "another comment", IsLineRule: true}} comment2 = &Comment{Base: Base{Comment: "another comment", IsLineRule: true}}
// Abi // Abi
abi1 = &Abi{IsMagic: true, Path: "abi/4.0"} abi1 = &Abi{IsMagic: true, Path: "abi/4.0"}
@ -28,7 +28,7 @@ var (
// All // All
all1 = &All{} all1 = &All{}
all2 = &All{RuleBase: RuleBase{Comment: "comment"}} all2 = &All{Base: Base{Comment: "comment"}}
// Rlimit // Rlimit
rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"} rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"}
@ -94,13 +94,13 @@ var (
"flags": "rw, rbind", "flags": "rw, rbind",
} }
mount1 = &Mount{ mount1 = &Mount{
RuleBase: RuleBase{Comment: " failed perms check"}, Base: Base{Comment: " failed perms check"},
MountConditions: MountConditions{FsType: "overlay"}, MountConditions: MountConditions{FsType: "overlay"},
Source: "overlay", Source: "overlay",
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/", MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
} }
mount2 = &Mount{ mount2 = &Mount{
RuleBase: RuleBase{Comment: " failed perms check"}, Base: Base{Comment: " failed perms check"},
MountConditions: MountConditions{Options: []string{"rw", "rbind"}}, MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
Source: "/oldroot/dev/tty", Source: "/oldroot/dev/tty",
MountPoint: "/newroot/dev/tty", MountPoint: "/newroot/dev/tty",
@ -238,7 +238,7 @@ var (
PeerLabel: "dbus-daemon", PeerLabel: "dbus-daemon",
} }
unix2 = &Unix{ unix2 = &Unix{
RuleBase: RuleBase{FileInherit: true}, Base: Base{FileInherit: true},
Access: []string{"receive"}, Access: []string{"receive"},
Type: "stream", Type: "stream",
} }
@ -318,7 +318,7 @@ var (
} }
file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}} file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}}
file2 = &File{ file2 = &File{
RuleBase: RuleBase{NoNewPrivs: true}, Base: Base{NoNewPrivs: true},
Owner: true, Owner: true,
Path: "@{PROC}/4163/cgroup", Path: "@{PROC}/4163/cgroup",
Access: []string{"r"}, Access: []string{"r"},

View file

@ -21,7 +21,7 @@ func init() {
} }
type Dbus struct { type Dbus struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Bus string Bus string
@ -39,7 +39,7 @@ func newDbus(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Dbus{ return &Dbus{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Bus: rule.GetValuesAsString("bus"), Bus: rule.GetValuesAsString("bus"),
@ -61,7 +61,7 @@ func newDbusFromLog(log map[string]string) Rule {
peerName = log["name"] peerName = log["name"]
} }
return &Dbus{ return &Dbus{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: []string{log["mask"]}, Access: []string{log["mask"]},
Bus: log["bus"], Bus: log["bus"],
@ -120,8 +120,8 @@ func (r *Dbus) Merge(other Rule) bool {
r.Interface == o.Interface && r.Member == o.Member && r.Interface == o.Interface && r.Member == o.Member &&
r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel { r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -38,7 +38,7 @@ func isOwner(log map[string]string) bool {
} }
type File struct { type File struct {
RuleBase Base
Qualifier Qualifier
Owner bool Owner bool
Path string Path string
@ -76,7 +76,7 @@ func newFile(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &File{ return &File{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Owner: owner, Owner: owner,
Path: path, Path: path,
@ -94,7 +94,7 @@ func newFileFromLog(log map[string]string) Rule {
return newLinkFromLog(log) return newLinkFromLog(log)
} }
return &File{ return &File{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Owner: isOwner(log), Owner: isOwner(log),
Path: log["name"], Path: log["name"],
@ -138,8 +138,8 @@ func (r *File) Merge(other Rule) bool {
} }
if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target { if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }
@ -157,7 +157,7 @@ func (r *File) Kind() Kind {
} }
type Link struct { type Link struct {
RuleBase Base
Qualifier Qualifier
Owner bool Owner bool
Subset bool Subset bool
@ -190,7 +190,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
} }
} }
return &Link{ return &Link{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Owner: owner, Owner: owner,
Subset: subset, Subset: subset,
@ -201,7 +201,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
func newLinkFromLog(log map[string]string) Rule { func newLinkFromLog(log map[string]string) Rule {
return &Link{ return &Link{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Owner: isOwner(log), Owner: isOwner(log),
Path: log["name"], Path: log["name"],

View file

@ -17,7 +17,7 @@ func init() {
} }
type IOUring struct { type IOUring struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Label string Label string
@ -29,7 +29,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &IOUring{ return &IOUring{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Label: rule.GetValuesAsString("label"), Label: rule.GetValuesAsString("label"),
@ -38,7 +38,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
func newIOUringFromLog(log map[string]string) Rule { func newIOUringFromLog(log map[string]string) Rule {
return &IOUring{ return &IOUring{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: Must(toAccess(IOURING, log["requested"])), Access: Must(toAccess(IOURING, log["requested"])),
Label: log["label"], Label: log["label"],
@ -71,8 +71,8 @@ func (r *IOUring) Merge(other Rule) bool {
} }
if r.Label == o.Label { if r.Label == o.Label {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -74,7 +74,7 @@ func (m *MountConditions) Merge(other MountConditions) bool {
} }
type Mount struct { type Mount struct {
RuleBase Base
Qualifier Qualifier
MountConditions MountConditions
Source string Source string
@ -102,7 +102,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Mount{ return &Mount{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
MountConditions: conditions, MountConditions: conditions,
Source: src, Source: src,
@ -112,7 +112,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
func newMountFromLog(log map[string]string) Rule { func newMountFromLog(log map[string]string) Rule {
return &Mount{ return &Mount{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
MountConditions: newMountConditionsFromLog(log), MountConditions: newMountConditionsFromLog(log),
Source: log["srcname"], Source: log["srcname"],
@ -150,8 +150,8 @@ func (r *Mount) Merge(other Rule) bool {
} }
if r.Source == o.Source && r.MountPoint == o.MountPoint && if r.Source == o.Source && r.MountPoint == o.MountPoint &&
mc.Merge(o.MountConditions) { mc.Merge(o.MountConditions) {
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }
@ -169,7 +169,7 @@ func (r *Mount) Kind() Kind {
} }
type Umount struct { type Umount struct {
RuleBase Base
Qualifier Qualifier
MountConditions MountConditions
MountPoint string MountPoint string
@ -186,7 +186,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Umount{ return &Umount{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
MountConditions: conditions, MountConditions: conditions,
MountPoint: mount, MountPoint: mount,
@ -195,7 +195,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
func newUmountFromLog(log map[string]string) Rule { func newUmountFromLog(log map[string]string) Rule {
return &Umount{ return &Umount{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
MountConditions: newMountConditionsFromLog(log), MountConditions: newMountConditionsFromLog(log),
MountPoint: log["name"], MountPoint: log["name"],
@ -228,8 +228,8 @@ func (r *Umount) Merge(other Rule) bool {
return false return false
} }
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }
@ -247,7 +247,7 @@ func (r *Umount) Kind() Kind {
} }
type Remount struct { type Remount struct {
RuleBase Base
Qualifier Qualifier
MountConditions MountConditions
MountPoint string MountPoint string
@ -265,7 +265,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Remount{ return &Remount{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
MountConditions: conditions, MountConditions: conditions,
MountPoint: mount, MountPoint: mount,
@ -274,7 +274,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
func newRemountFromLog(log map[string]string) Rule { func newRemountFromLog(log map[string]string) Rule {
return &Remount{ return &Remount{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
MountConditions: newMountConditionsFromLog(log), MountConditions: newMountConditionsFromLog(log),
MountPoint: log["name"], MountPoint: log["name"],
@ -307,8 +307,8 @@ func (r *Remount) Merge(other Rule) bool {
return false return false
} }
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -23,7 +23,7 @@ func init() {
} }
type Mqueue struct { type Mqueue struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Type string Type string
@ -47,7 +47,7 @@ func newMqueue(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Mqueue{ return &Mqueue{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Type: rule.GetValuesAsString("type"), Type: rule.GetValuesAsString("type"),
@ -64,7 +64,7 @@ func newMqueueFromLog(log map[string]string) Rule {
mqueueType = "sysv" mqueueType = "sysv"
} }
return &Mqueue{ return &Mqueue{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: Must(toAccess(MQUEUE, log["requested"])), Access: Must(toAccess(MQUEUE, log["requested"])),
Type: mqueueType, Type: mqueueType,
@ -105,8 +105,8 @@ func (r *Mqueue) Merge(other Rule) bool {
} }
if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name { if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -58,7 +58,7 @@ func (r AddressExpr) Compare(other AddressExpr) int {
} }
type Network struct { type Network struct {
RuleBase Base
Qualifier Qualifier
AddressExpr AddressExpr
Domain string Domain string
@ -80,7 +80,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
} }
} }
return &Network{ return &Network{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Domain: domain, Domain: domain,
Type: nType, Type: nType,
@ -90,7 +90,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
func newNetworkFromLog(log map[string]string) Rule { func newNetworkFromLog(log map[string]string) Rule {
return &Network{ return &Network{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
AddressExpr: newAddressExprFromLog(log), AddressExpr: newAddressExprFromLog(log),
Domain: log["family"], Domain: log["family"],

View file

@ -755,13 +755,13 @@ var (
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`, @{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
want: "\n\n\n", want: "\n\n\n",
rules: Rules{ rules: Rules{
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}}, &Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
&Include{ &Include{
RuleBase: RuleBase{Comment: " comment included"}, Base: Base{Comment: " comment included"},
IsMagic: true, Path: "tunables/global", IsMagic: true, Path: "tunables/global",
}, },
&Variable{ &Variable{
RuleBase: RuleBase{Comment: " comment in variable"}, Base: Base{Comment: " comment in variable"},
Name: "lib_dirs", Define: true, Name: "lib_dirs", Define: true,
Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
}, },
@ -862,13 +862,13 @@ var (
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`, @{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
apparmor: &AppArmorProfileFile{ apparmor: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}}, &Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
&Include{ &Include{
RuleBase: RuleBase{Comment: " comment included"}, Base: Base{Comment: " comment included"},
Path: "tunables/global", IsMagic: true, Path: "tunables/global", IsMagic: true,
}, },
&Variable{ &Variable{
RuleBase: RuleBase{Comment: " comment in variable"}, Base: Base{Comment: " comment in variable"},
Name: "lib_dirs", Define: true, Name: "lib_dirs", Define: true,
Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
}, },
@ -893,9 +893,9 @@ var (
`, `,
apparmor: &AppArmorProfileFile{ apparmor: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test"}}, &Comment{Base: Base{IsLineRule: true, Comment: " Simple test"}},
&Include{IsMagic: true, Path: "tunables/global"}, &Include{IsMagic: true, Path: "tunables/global"},
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " { commented block }"}}, &Comment{Base: Base{IsLineRule: true, Comment: " { commented block }"}},
&Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true}, &Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true},
&Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true}, &Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true},
&Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}}, &Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}},
@ -922,7 +922,7 @@ var (
raw: util.MustReadFile(testData.Join("string.aa")), raw: util.MustReadFile(testData.Join("string.aa")),
apparmor: &AppArmorProfileFile{ apparmor: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}}, &Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
&Include{IsMagic: true, Path: "tunables/global"}, &Include{IsMagic: true, Path: "tunables/global"},
&Variable{ &Variable{
Name: "exec_path", Define: true, Name: "exec_path", Define: true,
@ -961,7 +961,7 @@ var (
}, },
{ {
&Mount{ &Mount{
RuleBase: RuleBase{IsLineRule: false, Comment: " failed perms check"}, Base: Base{IsLineRule: false, Comment: " failed perms check"},
MountConditions: MountConditions{ MountConditions: MountConditions{
FsType: "fuse.portal", FsType: "fuse.portal",
Options: []string{"rw", "rbind"}, Options: []string{"rw", "rbind"},
@ -1020,15 +1020,15 @@ var (
raw: util.MustReadFile(testData.Join("full.aa")), raw: util.MustReadFile(testData.Join("full.aa")),
apparmor: &AppArmorProfileFile{ apparmor: &AppArmorProfileFile{
Preamble: Rules{ Preamble: Rules{
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test profile with all rules used"}}, &Comment{Base: Base{IsLineRule: true, Comment: " Simple test profile with all rules used"}},
&Include{ &Include{
RuleBase: RuleBase{Comment: " a comment", Optional: true}, Base: Base{Comment: " a comment", Optional: true},
IsMagic: true, Path: "tunables/global", IsMagic: true, Path: "tunables/global",
}, },
&Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"}, &Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"},
&Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true}, &Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true},
&Variable{ &Variable{
RuleBase: RuleBase{Comment: " another comment"}, Define: true, Base: Base{Comment: " another comment"}, Define: true,
Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"}, Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
}, },
&Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true}, &Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true},
@ -1152,7 +1152,7 @@ var (
}, },
}, },
{ {
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}}, &Comment{Base: Base{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}},
&File{ &File{
Path: "\"/opt/Mullvad VPN/resources/*.so*\"", Path: "\"/opt/Mullvad VPN/resources/*.so*\"",
Access: []string{"m", "r"}, Access: []string{"m", "r"},

View file

@ -9,7 +9,7 @@ import "fmt"
const PIVOTROOT Kind = "pivot_root" const PIVOTROOT Kind = "pivot_root"
type PivotRoot struct { type PivotRoot struct {
RuleBase Base
Qualifier Qualifier
OldRoot string OldRoot string
NewRoot string NewRoot string
@ -32,7 +32,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
} }
} }
return &PivotRoot{ return &PivotRoot{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
OldRoot: rule.GetValuesAsString("oldroot"), OldRoot: rule.GetValuesAsString("oldroot"),
NewRoot: newroot, NewRoot: newroot,
@ -42,7 +42,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
func newPivotRootFromLog(log map[string]string) Rule { func newPivotRootFromLog(log map[string]string) Rule {
return &PivotRoot{ return &PivotRoot{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
OldRoot: log["srcname"], OldRoot: log["srcname"],
NewRoot: log["name"], NewRoot: log["name"],

View file

@ -20,13 +20,13 @@ const (
) )
type Comment struct { type Comment struct {
RuleBase Base
} }
func newComment(rule rule) (Rule, error) { func newComment(rule rule) (Rule, error) {
base := newBase(rule) base := newBase(rule)
base.IsLineRule = true base.IsLineRule = true
return &Comment{RuleBase: base}, nil return &Comment{Base: base}, nil
} }
func (r *Comment) Validate() error { func (r *Comment) Validate() error {
@ -50,7 +50,7 @@ func (r *Comment) Kind() Kind {
} }
type Abi struct { type Abi struct {
RuleBase Base
Path string Path string
IsMagic bool IsMagic bool
} }
@ -71,7 +71,7 @@ func newAbi(q Qualifier, rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule) return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
} }
return &Abi{ return &Abi{
RuleBase: newBase(rule), Base: newBase(rule),
Path: strings.Trim(path, "\"<>"), Path: strings.Trim(path, "\"<>"),
IsMagic: magic, IsMagic: magic,
}, nil }, nil
@ -102,7 +102,7 @@ func (r *Abi) Kind() Kind {
} }
type Alias struct { type Alias struct {
RuleBase Base
Path string Path string
RewrittenPath string RewrittenPath string
} }
@ -115,7 +115,7 @@ func newAlias(q Qualifier, rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule) return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
} }
return &Alias{ return &Alias{
RuleBase: newBase(rule), Base: newBase(rule),
Path: rule.Get(0), Path: rule.Get(0),
RewrittenPath: rule.Get(2), RewrittenPath: rule.Get(2),
}, nil }, nil
@ -146,7 +146,7 @@ func (r *Alias) Kind() Kind {
} }
type Include struct { type Include struct {
RuleBase Base
IfExists bool IfExists bool
Path string Path string
IsMagic bool IsMagic bool
@ -177,7 +177,7 @@ func newInclude(rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid path format: %v", path) return nil, fmt.Errorf("invalid path format: %v", path)
} }
return &Include{ return &Include{
RuleBase: newBase(rule), Base: newBase(rule),
IfExists: ifexists, IfExists: ifexists,
Path: strings.Trim(path, "\"<>"), Path: strings.Trim(path, "\"<>"),
IsMagic: magic, IsMagic: magic,
@ -219,7 +219,7 @@ func (r *Include) Kind() Kind {
} }
type Variable struct { type Variable struct {
RuleBase Base
Name string Name string
Values []string Values []string
Define bool Define bool
@ -245,7 +245,7 @@ func newVariable(rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid operator in variable: %v", rule) return nil, fmt.Errorf("invalid operator in variable: %v", rule)
} }
return &Variable{ return &Variable{
RuleBase: newBase(rule), Base: newBase(rule),
Name: name, Name: name,
Values: values, Values: values,
Define: define, Define: define,
@ -261,8 +261,8 @@ func (r *Variable) Merge(other Rule) bool {
if r.Name == o.Name && r.Define == o.Define { if r.Name == o.Name && r.Define == o.Define {
r.Values = merge(r.Kind(), "access", r.Values, o.Values) r.Values = merge(r.Kind(), "access", r.Values, o.Values)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -30,7 +30,7 @@ func init() {
// Profile represents a single AppArmor profile. // Profile represents a single AppArmor profile.
type Profile struct { type Profile struct {
RuleBase Base
Header Header
Rules Rules Rules Rules
} }

View file

@ -19,7 +19,7 @@ func init() {
} }
type Ptrace struct { type Ptrace struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Peer string Peer string
@ -31,7 +31,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Ptrace{ return &Ptrace{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Peer: rule.GetValuesAsString("peer"), Peer: rule.GetValuesAsString("peer"),
@ -40,7 +40,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
func newPtraceFromLog(log map[string]string) Rule { func newPtraceFromLog(log map[string]string) Rule {
return &Ptrace{ return &Ptrace{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: Must(toAccess(PTRACE, log["requested_mask"])), Access: Must(toAccess(PTRACE, log["requested_mask"])),
Peer: log["peer"], Peer: log["peer"],
@ -62,8 +62,8 @@ func (r *Ptrace) Merge(other Rule) bool {
} }
if r.Peer == o.Peer { if r.Peer == o.Peer {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -31,7 +31,7 @@ func TestAppArmorProfileFile_resolveInclude(t *testing.T) {
Preamble: Rules{ Preamble: Rules{
&Alias{Path: "/usr/", RewrittenPath: "/User/"}, &Alias{Path: "/usr/", RewrittenPath: "/User/"},
&Alias{Path: "/lib/", RewrittenPath: "/Libraries/"}, &Alias{Path: "/lib/", RewrittenPath: "/Libraries/"},
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " variable declarations for inclusion"}}, &Comment{Base: Base{IsLineRule: true, Comment: " variable declarations for inclusion"}},
&Variable{ &Variable{
Name: "FOO", Define: true, Name: "FOO", Define: true,
Values: []string{ Values: []string{

View file

@ -21,7 +21,7 @@ func init() {
} }
type Rlimit struct { type Rlimit struct {
RuleBase Base
Key string Key string
Op string Op string
Value string Value string
@ -35,7 +35,7 @@ func newRlimit(q Qualifier, rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid rlimit format: %s", rule) return nil, fmt.Errorf("invalid rlimit format: %s", rule)
} }
return &Rlimit{ return &Rlimit{
RuleBase: newBase(rule), Base: newBase(rule),
Key: rule.Get(1), Key: rule.Get(1),
Op: rule.Get(2), Op: rule.Get(2),
Value: rule.Get(3), Value: rule.Get(3),
@ -44,7 +44,7 @@ func newRlimit(q Qualifier, rule rule) (Rule, error) {
func newRlimitFromLog(log map[string]string) Rule { func newRlimitFromLog(log map[string]string) Rule {
return &Rlimit{ return &Rlimit{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Key: log["key"], Key: log["key"],
Op: log["op"], Op: log["op"],
Value: log["value"], Value: log["value"],

View file

@ -32,7 +32,7 @@ func init() {
} }
type Signal struct { type Signal struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Set []string Set []string
@ -49,7 +49,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Signal{ return &Signal{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Set: set, Set: set,
@ -59,7 +59,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
func newSignalFromLog(log map[string]string) Rule { func newSignalFromLog(log map[string]string) Rule {
return &Signal{ return &Signal{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: Must(toAccess(SIGNAL, log["requested_mask"])), Access: Must(toAccess(SIGNAL, log["requested_mask"])),
Set: []string{log["signal"]}, Set: []string{log["signal"]},
@ -86,12 +86,12 @@ func (r *Signal) Merge(other Rule) bool {
switch { switch {
case r.Peer == o.Peer && compare(r.Set, o.Set) == 0: case r.Peer == o.Peer && compare(r.Set, o.Set) == 0:
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
case r.Peer == o.Peer && compare(r.Access, o.Access) == 0: case r.Peer == o.Peer && compare(r.Access, o.Access) == 0:
r.Set = merge(r.Kind(), "set", r.Set, o.Set) r.Set = merge(r.Kind(), "set", r.Set, o.Set)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -21,7 +21,7 @@ func init() {
} }
type Unix struct { type Unix struct {
RuleBase Base
Qualifier Qualifier
Access []string Access []string
Type string Type string
@ -40,7 +40,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
return nil, err return nil, err
} }
return &Unix{ return &Unix{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Access: accesses, Access: accesses,
Type: rule.GetValuesAsString("type"), Type: rule.GetValuesAsString("type"),
@ -56,7 +56,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
func newUnixFromLog(log map[string]string) Rule { func newUnixFromLog(log map[string]string) Rule {
return &Unix{ return &Unix{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Access: Must(toAccess(UNIX, log["requested_mask"])), Access: Must(toAccess(UNIX, log["requested_mask"])),
Type: log["sock_type"], Type: log["sock_type"],
@ -119,8 +119,8 @@ func (r *Unix) Merge(other Rule) bool {
r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt && r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt &&
r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr { r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr {
r.Access = merge(r.Kind(), "access", r.Access, o.Access) r.Access = merge(r.Kind(), "access", r.Access, o.Access)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
return false return false
} }

View file

@ -9,7 +9,7 @@ import "fmt"
const USERNS Kind = "userns" const USERNS Kind = "userns"
type Userns struct { type Userns struct {
RuleBase Base
Qualifier Qualifier
Create bool Create bool
} }
@ -28,7 +28,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
return nil, fmt.Errorf("invalid userns format: %s", rule) return nil, fmt.Errorf("invalid userns format: %s", rule)
} }
return &Userns{ return &Userns{
RuleBase: newBase(rule), Base: newBase(rule),
Qualifier: q, Qualifier: q,
Create: create, Create: create,
}, nil }, nil
@ -36,7 +36,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
func newUsernsFromLog(log map[string]string) Rule { func newUsernsFromLog(log map[string]string) Rule {
return &Userns{ return &Userns{
RuleBase: newBaseFromLog(log), Base: newBaseFromLog(log),
Qualifier: newQualifierFromLog(log), Qualifier: newQualifierFromLog(log),
Create: true, Create: true,
} }
@ -56,8 +56,8 @@ func (r *Userns) Compare(other Rule) int {
func (r *Userns) Merge(other Rule) bool { func (r *Userns) Merge(other Rule) bool {
o, _ := other.(*Userns) o, _ := other.(*Userns)
b := &r.RuleBase b := &r.Base
return b.merge(o.RuleBase) return b.merge(o.Base)
} }
func (r *Userns) String() string { func (r *Userns) String() string {

View file

@ -303,13 +303,13 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) {
Header: aa.Header{Name: "kmod"}, Header: aa.Header{Name: "kmod"},
Rules: aa.Rules{ Rules: aa.Rules{
&aa.Unix{ &aa.Unix{
RuleBase: aa.RuleBase{FileInherit: true}, Base: aa.Base{FileInherit: true},
Access: []string{"send", "receive"}, Access: []string{"send", "receive"},
Type: "stream", Type: "stream",
Protocol: "0", Protocol: "0",
}, },
&aa.Unix{ &aa.Unix{
RuleBase: aa.RuleBase{FileInherit: true}, Base: aa.Base{FileInherit: true},
Access: []string{"send", "receive"}, Access: []string{"send", "receive"},
Type: "stream", Type: "stream",
Protocol: "0", Protocol: "0",