mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
refractor(aa): rename base struct from RuleBase to Base
This commit is contained in:
parent
5b73923385
commit
272072d2a5
24 changed files with 150 additions and 150 deletions
|
@ -9,11 +9,11 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type All struct {
|
type All struct {
|
||||||
RuleBase
|
Base
|
||||||
}
|
}
|
||||||
|
|
||||||
func newAll(q Qualifier, rule rule) (Rule, error) {
|
func newAll(q Qualifier, rule rule) (Rule, error) {
|
||||||
return &All{RuleBase: newBase(rule)}, nil
|
return &All{Base: newBase(rule)}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *All) Validate() error {
|
func (r *All) Validate() error {
|
||||||
|
@ -26,8 +26,8 @@ func (r *All) Compare(other Rule) int {
|
||||||
|
|
||||||
func (r *All) Merge(other Rule) bool {
|
func (r *All) Merge(other Rule) bool {
|
||||||
o, _ := other.(*All)
|
o, _ := other.(*All)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *All) String() string {
|
func (r *All) String() string {
|
||||||
|
|
|
@ -40,7 +40,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
name: "foo",
|
name: "foo",
|
||||||
f: &AppArmorProfileFile{
|
f: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||||
nil,
|
nil,
|
||||||
&Abi{IsMagic: true, Path: "abi/4.0"},
|
&Abi{IsMagic: true, Path: "abi/4.0"},
|
||||||
&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},
|
&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},
|
||||||
|
@ -66,7 +66,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
||||||
&Network{Domain: "inet", Type: "stream"},
|
&Network{Domain: "inet", Type: "stream"},
|
||||||
&Network{Domain: "inet6", Type: "stream"},
|
&Network{Domain: "inet6", Type: "stream"},
|
||||||
&Mount{
|
&Mount{
|
||||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
Base: Base{Comment: " failed perms check"},
|
||||||
MountConditions: MountConditions{
|
MountConditions: MountConditions{
|
||||||
FsType: "fuse.portal",
|
FsType: "fuse.portal",
|
||||||
Options: []string{"rw", "rbind"},
|
Options: []string{"rw", "rbind"},
|
||||||
|
@ -204,9 +204,9 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
||||||
name: "aa-status",
|
name: "aa-status",
|
||||||
f: &AppArmorProfileFile{
|
f: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
|
&Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
|
||||||
&Comment{RuleBase: RuleBase{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
|
&Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
|
||||||
&Comment{RuleBase: RuleBase{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
|
&Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
|
||||||
nil,
|
nil,
|
||||||
&Abi{IsMagic: true, Path: "abi/3.0"},
|
&Abi{IsMagic: true, Path: "abi/3.0"},
|
||||||
&Include{IsMagic: true, Path: "tunables/global"},
|
&Include{IsMagic: true, Path: "tunables/global"},
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type RuleBase struct {
|
type Base struct {
|
||||||
IsLineRule bool
|
IsLineRule bool
|
||||||
Comment string
|
Comment string
|
||||||
NoNewPrivs bool
|
NoNewPrivs bool
|
||||||
|
@ -19,7 +19,7 @@ type RuleBase struct {
|
||||||
Optional bool
|
Optional bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func newBase(rule rule) RuleBase {
|
func newBase(rule rule) Base {
|
||||||
comment := ""
|
comment := ""
|
||||||
fileInherit, noNewPrivs, optional := false, false, false
|
fileInherit, noNewPrivs, optional := false, false, false
|
||||||
|
|
||||||
|
@ -44,7 +44,7 @@ func newBase(rule rule) RuleBase {
|
||||||
optional = true
|
optional = true
|
||||||
comment = strings.Replace(comment, "optional: ", "", 1)
|
comment = strings.Replace(comment, "optional: ", "", 1)
|
||||||
}
|
}
|
||||||
return RuleBase{
|
return Base{
|
||||||
Comment: comment,
|
Comment: comment,
|
||||||
NoNewPrivs: noNewPrivs,
|
NoNewPrivs: noNewPrivs,
|
||||||
FileInherit: fileInherit,
|
FileInherit: fileInherit,
|
||||||
|
@ -52,7 +52,7 @@ func newBase(rule rule) RuleBase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func newBaseFromLog(log map[string]string) RuleBase {
|
func newBaseFromLog(log map[string]string) Base {
|
||||||
comment := ""
|
comment := ""
|
||||||
fileInherit, noNewPrivs, optional := false, false, false
|
fileInherit, noNewPrivs, optional := false, false, false
|
||||||
|
|
||||||
|
@ -70,7 +70,7 @@ func newBaseFromLog(log map[string]string) RuleBase {
|
||||||
if log["info"] != "" {
|
if log["info"] != "" {
|
||||||
comment += " " + log["info"]
|
comment += " " + log["info"]
|
||||||
}
|
}
|
||||||
return RuleBase{
|
return Base{
|
||||||
IsLineRule: false,
|
IsLineRule: false,
|
||||||
Comment: comment,
|
Comment: comment,
|
||||||
NoNewPrivs: noNewPrivs,
|
NoNewPrivs: noNewPrivs,
|
||||||
|
@ -79,11 +79,11 @@ func newBaseFromLog(log map[string]string) RuleBase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r RuleBase) Merge(other Rule) bool {
|
func (r Base) Merge(other Rule) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *RuleBase) merge(other RuleBase) bool {
|
func (r *Base) merge(other Base) bool {
|
||||||
if other.Comment != "" {
|
if other.Comment != "" {
|
||||||
r.Comment += " " + other.Comment
|
r.Comment += " " + other.Comment
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ const (
|
||||||
|
|
||||||
// Hat represents a single AppArmor hat.
|
// Hat represents a single AppArmor hat.
|
||||||
type Hat struct {
|
type Hat struct {
|
||||||
RuleBase
|
Base
|
||||||
Name string
|
Name string
|
||||||
Rules Rules
|
Rules Rules
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Capability struct {
|
type Capability struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Names []string
|
Names []string
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Capability{
|
return &Capability{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Names: names,
|
Names: names,
|
||||||
}, nil
|
}, nil
|
||||||
|
@ -45,7 +45,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newCapabilityFromLog(log map[string]string) Rule {
|
func newCapabilityFromLog(log map[string]string) Rule {
|
||||||
return &Capability{
|
return &Capability{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Names: Must(toValues(CAPABILITY, "name", log["capname"])),
|
Names: Must(toValues(CAPABILITY, "name", log["capname"])),
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type ChangeProfile struct {
|
type ChangeProfile struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
ExecMode string
|
ExecMode string
|
||||||
Exec string
|
Exec string
|
||||||
|
@ -49,7 +49,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &ChangeProfile{
|
return &ChangeProfile{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
ExecMode: mode,
|
ExecMode: mode,
|
||||||
Exec: exec,
|
Exec: exec,
|
||||||
|
@ -59,7 +59,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newChangeProfileFromLog(log map[string]string) Rule {
|
func newChangeProfileFromLog(log map[string]string) Rule {
|
||||||
return &ChangeProfile{
|
return &ChangeProfile{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
ExecMode: log["mode"],
|
ExecMode: log["mode"],
|
||||||
Exec: log["exec"],
|
Exec: log["exec"],
|
||||||
|
|
|
@ -6,8 +6,8 @@ package aa
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// Comment
|
// Comment
|
||||||
comment1 = &Comment{RuleBase: RuleBase{Comment: "comment", IsLineRule: true}}
|
comment1 = &Comment{Base: Base{Comment: "comment", IsLineRule: true}}
|
||||||
comment2 = &Comment{RuleBase: RuleBase{Comment: "another comment", IsLineRule: true}}
|
comment2 = &Comment{Base: Base{Comment: "another comment", IsLineRule: true}}
|
||||||
|
|
||||||
// Abi
|
// Abi
|
||||||
abi1 = &Abi{IsMagic: true, Path: "abi/4.0"}
|
abi1 = &Abi{IsMagic: true, Path: "abi/4.0"}
|
||||||
|
@ -28,7 +28,7 @@ var (
|
||||||
|
|
||||||
// All
|
// All
|
||||||
all1 = &All{}
|
all1 = &All{}
|
||||||
all2 = &All{RuleBase: RuleBase{Comment: "comment"}}
|
all2 = &All{Base: Base{Comment: "comment"}}
|
||||||
|
|
||||||
// Rlimit
|
// Rlimit
|
||||||
rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"}
|
rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"}
|
||||||
|
@ -94,13 +94,13 @@ var (
|
||||||
"flags": "rw, rbind",
|
"flags": "rw, rbind",
|
||||||
}
|
}
|
||||||
mount1 = &Mount{
|
mount1 = &Mount{
|
||||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
Base: Base{Comment: " failed perms check"},
|
||||||
MountConditions: MountConditions{FsType: "overlay"},
|
MountConditions: MountConditions{FsType: "overlay"},
|
||||||
Source: "overlay",
|
Source: "overlay",
|
||||||
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
|
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
|
||||||
}
|
}
|
||||||
mount2 = &Mount{
|
mount2 = &Mount{
|
||||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
Base: Base{Comment: " failed perms check"},
|
||||||
MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
|
MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
|
||||||
Source: "/oldroot/dev/tty",
|
Source: "/oldroot/dev/tty",
|
||||||
MountPoint: "/newroot/dev/tty",
|
MountPoint: "/newroot/dev/tty",
|
||||||
|
@ -238,9 +238,9 @@ var (
|
||||||
PeerLabel: "dbus-daemon",
|
PeerLabel: "dbus-daemon",
|
||||||
}
|
}
|
||||||
unix2 = &Unix{
|
unix2 = &Unix{
|
||||||
RuleBase: RuleBase{FileInherit: true},
|
Base: Base{FileInherit: true},
|
||||||
Access: []string{"receive"},
|
Access: []string{"receive"},
|
||||||
Type: "stream",
|
Type: "stream",
|
||||||
}
|
}
|
||||||
|
|
||||||
// Dbus
|
// Dbus
|
||||||
|
@ -318,10 +318,10 @@ var (
|
||||||
}
|
}
|
||||||
file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}}
|
file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}}
|
||||||
file2 = &File{
|
file2 = &File{
|
||||||
RuleBase: RuleBase{NoNewPrivs: true},
|
Base: Base{NoNewPrivs: true},
|
||||||
Owner: true,
|
Owner: true,
|
||||||
Path: "@{PROC}/4163/cgroup",
|
Path: "@{PROC}/4163/cgroup",
|
||||||
Access: []string{"r"},
|
Access: []string{"r"},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Link
|
// Link
|
||||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Dbus struct {
|
type Dbus struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Bus string
|
Bus string
|
||||||
|
@ -39,7 +39,7 @@ func newDbus(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Dbus{
|
return &Dbus{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Bus: rule.GetValuesAsString("bus"),
|
Bus: rule.GetValuesAsString("bus"),
|
||||||
|
@ -61,7 +61,7 @@ func newDbusFromLog(log map[string]string) Rule {
|
||||||
peerName = log["name"]
|
peerName = log["name"]
|
||||||
}
|
}
|
||||||
return &Dbus{
|
return &Dbus{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: []string{log["mask"]},
|
Access: []string{log["mask"]},
|
||||||
Bus: log["bus"],
|
Bus: log["bus"],
|
||||||
|
@ -120,8 +120,8 @@ func (r *Dbus) Merge(other Rule) bool {
|
||||||
r.Interface == o.Interface && r.Member == o.Member &&
|
r.Interface == o.Interface && r.Member == o.Member &&
|
||||||
r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel {
|
r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,7 +38,7 @@ func isOwner(log map[string]string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
type File struct {
|
type File struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Owner bool
|
Owner bool
|
||||||
Path string
|
Path string
|
||||||
|
@ -76,7 +76,7 @@ func newFile(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &File{
|
return &File{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Owner: owner,
|
Owner: owner,
|
||||||
Path: path,
|
Path: path,
|
||||||
|
@ -94,7 +94,7 @@ func newFileFromLog(log map[string]string) Rule {
|
||||||
return newLinkFromLog(log)
|
return newLinkFromLog(log)
|
||||||
}
|
}
|
||||||
return &File{
|
return &File{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Owner: isOwner(log),
|
Owner: isOwner(log),
|
||||||
Path: log["name"],
|
Path: log["name"],
|
||||||
|
@ -138,8 +138,8 @@ func (r *File) Merge(other Rule) bool {
|
||||||
}
|
}
|
||||||
if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target {
|
if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -157,7 +157,7 @@ func (r *File) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Link struct {
|
type Link struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Owner bool
|
Owner bool
|
||||||
Subset bool
|
Subset bool
|
||||||
|
@ -190,7 +190,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &Link{
|
return &Link{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Owner: owner,
|
Owner: owner,
|
||||||
Subset: subset,
|
Subset: subset,
|
||||||
|
@ -201,7 +201,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newLinkFromLog(log map[string]string) Rule {
|
func newLinkFromLog(log map[string]string) Rule {
|
||||||
return &Link{
|
return &Link{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Owner: isOwner(log),
|
Owner: isOwner(log),
|
||||||
Path: log["name"],
|
Path: log["name"],
|
||||||
|
|
|
@ -17,7 +17,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type IOUring struct {
|
type IOUring struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Label string
|
Label string
|
||||||
|
@ -29,7 +29,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &IOUring{
|
return &IOUring{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Label: rule.GetValuesAsString("label"),
|
Label: rule.GetValuesAsString("label"),
|
||||||
|
@ -38,7 +38,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newIOUringFromLog(log map[string]string) Rule {
|
func newIOUringFromLog(log map[string]string) Rule {
|
||||||
return &IOUring{
|
return &IOUring{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: Must(toAccess(IOURING, log["requested"])),
|
Access: Must(toAccess(IOURING, log["requested"])),
|
||||||
Label: log["label"],
|
Label: log["label"],
|
||||||
|
@ -71,8 +71,8 @@ func (r *IOUring) Merge(other Rule) bool {
|
||||||
}
|
}
|
||||||
if r.Label == o.Label {
|
if r.Label == o.Label {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,7 +74,7 @@ func (m *MountConditions) Merge(other MountConditions) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Mount struct {
|
type Mount struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
MountConditions
|
MountConditions
|
||||||
Source string
|
Source string
|
||||||
|
@ -102,7 +102,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Mount{
|
return &Mount{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
MountConditions: conditions,
|
MountConditions: conditions,
|
||||||
Source: src,
|
Source: src,
|
||||||
|
@ -112,7 +112,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newMountFromLog(log map[string]string) Rule {
|
func newMountFromLog(log map[string]string) Rule {
|
||||||
return &Mount{
|
return &Mount{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
MountConditions: newMountConditionsFromLog(log),
|
MountConditions: newMountConditionsFromLog(log),
|
||||||
Source: log["srcname"],
|
Source: log["srcname"],
|
||||||
|
@ -150,8 +150,8 @@ func (r *Mount) Merge(other Rule) bool {
|
||||||
}
|
}
|
||||||
if r.Source == o.Source && r.MountPoint == o.MountPoint &&
|
if r.Source == o.Source && r.MountPoint == o.MountPoint &&
|
||||||
mc.Merge(o.MountConditions) {
|
mc.Merge(o.MountConditions) {
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -169,7 +169,7 @@ func (r *Mount) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Umount struct {
|
type Umount struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
MountConditions
|
MountConditions
|
||||||
MountPoint string
|
MountPoint string
|
||||||
|
@ -186,7 +186,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Umount{
|
return &Umount{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
MountConditions: conditions,
|
MountConditions: conditions,
|
||||||
MountPoint: mount,
|
MountPoint: mount,
|
||||||
|
@ -195,7 +195,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newUmountFromLog(log map[string]string) Rule {
|
func newUmountFromLog(log map[string]string) Rule {
|
||||||
return &Umount{
|
return &Umount{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
MountConditions: newMountConditionsFromLog(log),
|
MountConditions: newMountConditionsFromLog(log),
|
||||||
MountPoint: log["name"],
|
MountPoint: log["name"],
|
||||||
|
@ -228,8 +228,8 @@ func (r *Umount) Merge(other Rule) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -247,7 +247,7 @@ func (r *Umount) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Remount struct {
|
type Remount struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
MountConditions
|
MountConditions
|
||||||
MountPoint string
|
MountPoint string
|
||||||
|
@ -265,7 +265,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Remount{
|
return &Remount{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
MountConditions: conditions,
|
MountConditions: conditions,
|
||||||
MountPoint: mount,
|
MountPoint: mount,
|
||||||
|
@ -274,7 +274,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newRemountFromLog(log map[string]string) Rule {
|
func newRemountFromLog(log map[string]string) Rule {
|
||||||
return &Remount{
|
return &Remount{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
MountConditions: newMountConditionsFromLog(log),
|
MountConditions: newMountConditionsFromLog(log),
|
||||||
MountPoint: log["name"],
|
MountPoint: log["name"],
|
||||||
|
@ -307,8 +307,8 @@ func (r *Remount) Merge(other Rule) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,7 +23,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Mqueue struct {
|
type Mqueue struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Type string
|
Type string
|
||||||
|
@ -47,7 +47,7 @@ func newMqueue(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Mqueue{
|
return &Mqueue{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Type: rule.GetValuesAsString("type"),
|
Type: rule.GetValuesAsString("type"),
|
||||||
|
@ -64,7 +64,7 @@ func newMqueueFromLog(log map[string]string) Rule {
|
||||||
mqueueType = "sysv"
|
mqueueType = "sysv"
|
||||||
}
|
}
|
||||||
return &Mqueue{
|
return &Mqueue{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: Must(toAccess(MQUEUE, log["requested"])),
|
Access: Must(toAccess(MQUEUE, log["requested"])),
|
||||||
Type: mqueueType,
|
Type: mqueueType,
|
||||||
|
@ -105,8 +105,8 @@ func (r *Mqueue) Merge(other Rule) bool {
|
||||||
}
|
}
|
||||||
if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name {
|
if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,7 +58,7 @@ func (r AddressExpr) Compare(other AddressExpr) int {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Network struct {
|
type Network struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
AddressExpr
|
AddressExpr
|
||||||
Domain string
|
Domain string
|
||||||
|
@ -80,7 +80,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &Network{
|
return &Network{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Domain: domain,
|
Domain: domain,
|
||||||
Type: nType,
|
Type: nType,
|
||||||
|
@ -90,7 +90,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newNetworkFromLog(log map[string]string) Rule {
|
func newNetworkFromLog(log map[string]string) Rule {
|
||||||
return &Network{
|
return &Network{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
AddressExpr: newAddressExprFromLog(log),
|
AddressExpr: newAddressExprFromLog(log),
|
||||||
Domain: log["family"],
|
Domain: log["family"],
|
||||||
|
|
|
@ -755,14 +755,14 @@ var (
|
||||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
||||||
want: "\n\n\n",
|
want: "\n\n\n",
|
||||||
rules: Rules{
|
rules: Rules{
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||||
&Include{
|
&Include{
|
||||||
RuleBase: RuleBase{Comment: " comment included"},
|
Base: Base{Comment: " comment included"},
|
||||||
IsMagic: true, Path: "tunables/global",
|
IsMagic: true, Path: "tunables/global",
|
||||||
},
|
},
|
||||||
&Variable{
|
&Variable{
|
||||||
RuleBase: RuleBase{Comment: " comment in variable"},
|
Base: Base{Comment: " comment in variable"},
|
||||||
Name: "lib_dirs", Define: true,
|
Name: "lib_dirs", Define: true,
|
||||||
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -862,14 +862,14 @@ var (
|
||||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
||||||
apparmor: &AppArmorProfileFile{
|
apparmor: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||||
&Include{
|
&Include{
|
||||||
RuleBase: RuleBase{Comment: " comment included"},
|
Base: Base{Comment: " comment included"},
|
||||||
Path: "tunables/global", IsMagic: true,
|
Path: "tunables/global", IsMagic: true,
|
||||||
},
|
},
|
||||||
&Variable{
|
&Variable{
|
||||||
RuleBase: RuleBase{Comment: " comment in variable"},
|
Base: Base{Comment: " comment in variable"},
|
||||||
Name: "lib_dirs", Define: true,
|
Name: "lib_dirs", Define: true,
|
||||||
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -893,9 +893,9 @@ var (
|
||||||
`,
|
`,
|
||||||
apparmor: &AppArmorProfileFile{
|
apparmor: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " Simple test"}},
|
||||||
&Include{IsMagic: true, Path: "tunables/global"},
|
&Include{IsMagic: true, Path: "tunables/global"},
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " { commented block }"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " { commented block }"}},
|
||||||
&Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true},
|
&Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true},
|
||||||
&Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true},
|
&Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true},
|
||||||
&Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}},
|
&Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}},
|
||||||
|
@ -922,7 +922,7 @@ var (
|
||||||
raw: util.MustReadFile(testData.Join("string.aa")),
|
raw: util.MustReadFile(testData.Join("string.aa")),
|
||||||
apparmor: &AppArmorProfileFile{
|
apparmor: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||||
&Include{IsMagic: true, Path: "tunables/global"},
|
&Include{IsMagic: true, Path: "tunables/global"},
|
||||||
&Variable{
|
&Variable{
|
||||||
Name: "exec_path", Define: true,
|
Name: "exec_path", Define: true,
|
||||||
|
@ -961,7 +961,7 @@ var (
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
&Mount{
|
&Mount{
|
||||||
RuleBase: RuleBase{IsLineRule: false, Comment: " failed perms check"},
|
Base: Base{IsLineRule: false, Comment: " failed perms check"},
|
||||||
MountConditions: MountConditions{
|
MountConditions: MountConditions{
|
||||||
FsType: "fuse.portal",
|
FsType: "fuse.portal",
|
||||||
Options: []string{"rw", "rbind"},
|
Options: []string{"rw", "rbind"},
|
||||||
|
@ -1020,15 +1020,15 @@ var (
|
||||||
raw: util.MustReadFile(testData.Join("full.aa")),
|
raw: util.MustReadFile(testData.Join("full.aa")),
|
||||||
apparmor: &AppArmorProfileFile{
|
apparmor: &AppArmorProfileFile{
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test profile with all rules used"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " Simple test profile with all rules used"}},
|
||||||
&Include{
|
&Include{
|
||||||
RuleBase: RuleBase{Comment: " a comment", Optional: true},
|
Base: Base{Comment: " a comment", Optional: true},
|
||||||
IsMagic: true, Path: "tunables/global",
|
IsMagic: true, Path: "tunables/global",
|
||||||
},
|
},
|
||||||
&Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"},
|
&Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"},
|
||||||
&Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true},
|
&Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true},
|
||||||
&Variable{
|
&Variable{
|
||||||
RuleBase: RuleBase{Comment: " another comment"}, Define: true,
|
Base: Base{Comment: " another comment"}, Define: true,
|
||||||
Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||||
},
|
},
|
||||||
&Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true},
|
&Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true},
|
||||||
|
@ -1152,7 +1152,7 @@ var (
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}},
|
||||||
&File{
|
&File{
|
||||||
Path: "\"/opt/Mullvad VPN/resources/*.so*\"",
|
Path: "\"/opt/Mullvad VPN/resources/*.so*\"",
|
||||||
Access: []string{"m", "r"},
|
Access: []string{"m", "r"},
|
||||||
|
|
|
@ -9,7 +9,7 @@ import "fmt"
|
||||||
const PIVOTROOT Kind = "pivot_root"
|
const PIVOTROOT Kind = "pivot_root"
|
||||||
|
|
||||||
type PivotRoot struct {
|
type PivotRoot struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
OldRoot string
|
OldRoot string
|
||||||
NewRoot string
|
NewRoot string
|
||||||
|
@ -32,7 +32,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &PivotRoot{
|
return &PivotRoot{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
OldRoot: rule.GetValuesAsString("oldroot"),
|
OldRoot: rule.GetValuesAsString("oldroot"),
|
||||||
NewRoot: newroot,
|
NewRoot: newroot,
|
||||||
|
@ -42,7 +42,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newPivotRootFromLog(log map[string]string) Rule {
|
func newPivotRootFromLog(log map[string]string) Rule {
|
||||||
return &PivotRoot{
|
return &PivotRoot{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
OldRoot: log["srcname"],
|
OldRoot: log["srcname"],
|
||||||
NewRoot: log["name"],
|
NewRoot: log["name"],
|
||||||
|
|
|
@ -20,13 +20,13 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Comment struct {
|
type Comment struct {
|
||||||
RuleBase
|
Base
|
||||||
}
|
}
|
||||||
|
|
||||||
func newComment(rule rule) (Rule, error) {
|
func newComment(rule rule) (Rule, error) {
|
||||||
base := newBase(rule)
|
base := newBase(rule)
|
||||||
base.IsLineRule = true
|
base.IsLineRule = true
|
||||||
return &Comment{RuleBase: base}, nil
|
return &Comment{Base: base}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Comment) Validate() error {
|
func (r *Comment) Validate() error {
|
||||||
|
@ -50,7 +50,7 @@ func (r *Comment) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Abi struct {
|
type Abi struct {
|
||||||
RuleBase
|
Base
|
||||||
Path string
|
Path string
|
||||||
IsMagic bool
|
IsMagic bool
|
||||||
}
|
}
|
||||||
|
@ -71,9 +71,9 @@ func newAbi(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
|
return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
|
||||||
}
|
}
|
||||||
return &Abi{
|
return &Abi{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Path: strings.Trim(path, "\"<>"),
|
Path: strings.Trim(path, "\"<>"),
|
||||||
IsMagic: magic,
|
IsMagic: magic,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,7 +102,7 @@ func (r *Abi) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Alias struct {
|
type Alias struct {
|
||||||
RuleBase
|
Base
|
||||||
Path string
|
Path string
|
||||||
RewrittenPath string
|
RewrittenPath string
|
||||||
}
|
}
|
||||||
|
@ -115,7 +115,7 @@ func newAlias(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
|
return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
|
||||||
}
|
}
|
||||||
return &Alias{
|
return &Alias{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Path: rule.Get(0),
|
Path: rule.Get(0),
|
||||||
RewrittenPath: rule.Get(2),
|
RewrittenPath: rule.Get(2),
|
||||||
}, nil
|
}, nil
|
||||||
|
@ -146,7 +146,7 @@ func (r *Alias) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Include struct {
|
type Include struct {
|
||||||
RuleBase
|
Base
|
||||||
IfExists bool
|
IfExists bool
|
||||||
Path string
|
Path string
|
||||||
IsMagic bool
|
IsMagic bool
|
||||||
|
@ -177,7 +177,7 @@ func newInclude(rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid path format: %v", path)
|
return nil, fmt.Errorf("invalid path format: %v", path)
|
||||||
}
|
}
|
||||||
return &Include{
|
return &Include{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
IfExists: ifexists,
|
IfExists: ifexists,
|
||||||
Path: strings.Trim(path, "\"<>"),
|
Path: strings.Trim(path, "\"<>"),
|
||||||
IsMagic: magic,
|
IsMagic: magic,
|
||||||
|
@ -219,7 +219,7 @@ func (r *Include) Kind() Kind {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Variable struct {
|
type Variable struct {
|
||||||
RuleBase
|
Base
|
||||||
Name string
|
Name string
|
||||||
Values []string
|
Values []string
|
||||||
Define bool
|
Define bool
|
||||||
|
@ -245,10 +245,10 @@ func newVariable(rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid operator in variable: %v", rule)
|
return nil, fmt.Errorf("invalid operator in variable: %v", rule)
|
||||||
}
|
}
|
||||||
return &Variable{
|
return &Variable{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Name: name,
|
Name: name,
|
||||||
Values: values,
|
Values: values,
|
||||||
Define: define,
|
Define: define,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -261,8 +261,8 @@ func (r *Variable) Merge(other Rule) bool {
|
||||||
|
|
||||||
if r.Name == o.Name && r.Define == o.Define {
|
if r.Name == o.Name && r.Define == o.Define {
|
||||||
r.Values = merge(r.Kind(), "access", r.Values, o.Values)
|
r.Values = merge(r.Kind(), "access", r.Values, o.Values)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@ func init() {
|
||||||
|
|
||||||
// Profile represents a single AppArmor profile.
|
// Profile represents a single AppArmor profile.
|
||||||
type Profile struct {
|
type Profile struct {
|
||||||
RuleBase
|
Base
|
||||||
Header
|
Header
|
||||||
Rules Rules
|
Rules Rules
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Ptrace struct {
|
type Ptrace struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Peer string
|
Peer string
|
||||||
|
@ -31,7 +31,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Ptrace{
|
return &Ptrace{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Peer: rule.GetValuesAsString("peer"),
|
Peer: rule.GetValuesAsString("peer"),
|
||||||
|
@ -40,7 +40,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newPtraceFromLog(log map[string]string) Rule {
|
func newPtraceFromLog(log map[string]string) Rule {
|
||||||
return &Ptrace{
|
return &Ptrace{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: Must(toAccess(PTRACE, log["requested_mask"])),
|
Access: Must(toAccess(PTRACE, log["requested_mask"])),
|
||||||
Peer: log["peer"],
|
Peer: log["peer"],
|
||||||
|
@ -62,8 +62,8 @@ func (r *Ptrace) Merge(other Rule) bool {
|
||||||
}
|
}
|
||||||
if r.Peer == o.Peer {
|
if r.Peer == o.Peer {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,7 @@ func TestAppArmorProfileFile_resolveInclude(t *testing.T) {
|
||||||
Preamble: Rules{
|
Preamble: Rules{
|
||||||
&Alias{Path: "/usr/", RewrittenPath: "/User/"},
|
&Alias{Path: "/usr/", RewrittenPath: "/User/"},
|
||||||
&Alias{Path: "/lib/", RewrittenPath: "/Libraries/"},
|
&Alias{Path: "/lib/", RewrittenPath: "/Libraries/"},
|
||||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " variable declarations for inclusion"}},
|
&Comment{Base: Base{IsLineRule: true, Comment: " variable declarations for inclusion"}},
|
||||||
&Variable{
|
&Variable{
|
||||||
Name: "FOO", Define: true,
|
Name: "FOO", Define: true,
|
||||||
Values: []string{
|
Values: []string{
|
||||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Rlimit struct {
|
type Rlimit struct {
|
||||||
RuleBase
|
Base
|
||||||
Key string
|
Key string
|
||||||
Op string
|
Op string
|
||||||
Value string
|
Value string
|
||||||
|
@ -35,19 +35,19 @@ func newRlimit(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid rlimit format: %s", rule)
|
return nil, fmt.Errorf("invalid rlimit format: %s", rule)
|
||||||
}
|
}
|
||||||
return &Rlimit{
|
return &Rlimit{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Key: rule.Get(1),
|
Key: rule.Get(1),
|
||||||
Op: rule.Get(2),
|
Op: rule.Get(2),
|
||||||
Value: rule.Get(3),
|
Value: rule.Get(3),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func newRlimitFromLog(log map[string]string) Rule {
|
func newRlimitFromLog(log map[string]string) Rule {
|
||||||
return &Rlimit{
|
return &Rlimit{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Key: log["key"],
|
Key: log["key"],
|
||||||
Op: log["op"],
|
Op: log["op"],
|
||||||
Value: log["value"],
|
Value: log["value"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Signal struct {
|
type Signal struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Set []string
|
Set []string
|
||||||
|
@ -49,7 +49,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Signal{
|
return &Signal{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Set: set,
|
Set: set,
|
||||||
|
@ -59,7 +59,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newSignalFromLog(log map[string]string) Rule {
|
func newSignalFromLog(log map[string]string) Rule {
|
||||||
return &Signal{
|
return &Signal{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: Must(toAccess(SIGNAL, log["requested_mask"])),
|
Access: Must(toAccess(SIGNAL, log["requested_mask"])),
|
||||||
Set: []string{log["signal"]},
|
Set: []string{log["signal"]},
|
||||||
|
@ -86,12 +86,12 @@ func (r *Signal) Merge(other Rule) bool {
|
||||||
switch {
|
switch {
|
||||||
case r.Peer == o.Peer && compare(r.Set, o.Set) == 0:
|
case r.Peer == o.Peer && compare(r.Set, o.Set) == 0:
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
case r.Peer == o.Peer && compare(r.Access, o.Access) == 0:
|
case r.Peer == o.Peer && compare(r.Access, o.Access) == 0:
|
||||||
r.Set = merge(r.Kind(), "set", r.Set, o.Set)
|
r.Set = merge(r.Kind(), "set", r.Set, o.Set)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Unix struct {
|
type Unix struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Access []string
|
Access []string
|
||||||
Type string
|
Type string
|
||||||
|
@ -40,7 +40,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &Unix{
|
return &Unix{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Access: accesses,
|
Access: accesses,
|
||||||
Type: rule.GetValuesAsString("type"),
|
Type: rule.GetValuesAsString("type"),
|
||||||
|
@ -56,7 +56,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newUnixFromLog(log map[string]string) Rule {
|
func newUnixFromLog(log map[string]string) Rule {
|
||||||
return &Unix{
|
return &Unix{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Access: Must(toAccess(UNIX, log["requested_mask"])),
|
Access: Must(toAccess(UNIX, log["requested_mask"])),
|
||||||
Type: log["sock_type"],
|
Type: log["sock_type"],
|
||||||
|
@ -119,8 +119,8 @@ func (r *Unix) Merge(other Rule) bool {
|
||||||
r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt &&
|
r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt &&
|
||||||
r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr {
|
r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr {
|
||||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ import "fmt"
|
||||||
const USERNS Kind = "userns"
|
const USERNS Kind = "userns"
|
||||||
|
|
||||||
type Userns struct {
|
type Userns struct {
|
||||||
RuleBase
|
Base
|
||||||
Qualifier
|
Qualifier
|
||||||
Create bool
|
Create bool
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
|
||||||
return nil, fmt.Errorf("invalid userns format: %s", rule)
|
return nil, fmt.Errorf("invalid userns format: %s", rule)
|
||||||
}
|
}
|
||||||
return &Userns{
|
return &Userns{
|
||||||
RuleBase: newBase(rule),
|
Base: newBase(rule),
|
||||||
Qualifier: q,
|
Qualifier: q,
|
||||||
Create: create,
|
Create: create,
|
||||||
}, nil
|
}, nil
|
||||||
|
@ -36,7 +36,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
|
||||||
|
|
||||||
func newUsernsFromLog(log map[string]string) Rule {
|
func newUsernsFromLog(log map[string]string) Rule {
|
||||||
return &Userns{
|
return &Userns{
|
||||||
RuleBase: newBaseFromLog(log),
|
Base: newBaseFromLog(log),
|
||||||
Qualifier: newQualifierFromLog(log),
|
Qualifier: newQualifierFromLog(log),
|
||||||
Create: true,
|
Create: true,
|
||||||
}
|
}
|
||||||
|
@ -56,8 +56,8 @@ func (r *Userns) Compare(other Rule) int {
|
||||||
|
|
||||||
func (r *Userns) Merge(other Rule) bool {
|
func (r *Userns) Merge(other Rule) bool {
|
||||||
o, _ := other.(*Userns)
|
o, _ := other.(*Userns)
|
||||||
b := &r.RuleBase
|
b := &r.Base
|
||||||
return b.merge(o.RuleBase)
|
return b.merge(o.Base)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Userns) String() string {
|
func (r *Userns) String() string {
|
||||||
|
|
|
@ -303,13 +303,13 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) {
|
||||||
Header: aa.Header{Name: "kmod"},
|
Header: aa.Header{Name: "kmod"},
|
||||||
Rules: aa.Rules{
|
Rules: aa.Rules{
|
||||||
&aa.Unix{
|
&aa.Unix{
|
||||||
RuleBase: aa.RuleBase{FileInherit: true},
|
Base: aa.Base{FileInherit: true},
|
||||||
Access: []string{"send", "receive"},
|
Access: []string{"send", "receive"},
|
||||||
Type: "stream",
|
Type: "stream",
|
||||||
Protocol: "0",
|
Protocol: "0",
|
||||||
},
|
},
|
||||||
&aa.Unix{
|
&aa.Unix{
|
||||||
RuleBase: aa.RuleBase{FileInherit: true},
|
Base: aa.Base{FileInherit: true},
|
||||||
Access: []string{"send", "receive"},
|
Access: []string{"send", "receive"},
|
||||||
Type: "stream",
|
Type: "stream",
|
||||||
Protocol: "0",
|
Protocol: "0",
|
||||||
|
|
Loading…
Reference in a new issue