mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-11 23:07:25 +01:00
refractor(aa): rename base struct from RuleBase to Base
This commit is contained in:
parent
5b73923385
commit
272072d2a5
24 changed files with 150 additions and 150 deletions
|
@ -9,11 +9,11 @@ const (
|
|||
)
|
||||
|
||||
type All struct {
|
||||
RuleBase
|
||||
Base
|
||||
}
|
||||
|
||||
func newAll(q Qualifier, rule rule) (Rule, error) {
|
||||
return &All{RuleBase: newBase(rule)}, nil
|
||||
return &All{Base: newBase(rule)}, nil
|
||||
}
|
||||
|
||||
func (r *All) Validate() error {
|
||||
|
@ -26,8 +26,8 @@ func (r *All) Compare(other Rule) int {
|
|||
|
||||
func (r *All) Merge(other Rule) bool {
|
||||
o, _ := other.(*All)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
|
||||
func (r *All) String() string {
|
||||
|
|
|
@ -40,7 +40,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
|||
name: "foo",
|
||||
f: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||
&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||
nil,
|
||||
&Abi{IsMagic: true, Path: "abi/4.0"},
|
||||
&Alias{Path: "/mnt/usr", RewrittenPath: "/usr"},
|
||||
|
@ -66,7 +66,7 @@ func TestAppArmorProfileFile_String(t *testing.T) {
|
|||
&Network{Domain: "inet", Type: "stream"},
|
||||
&Network{Domain: "inet6", Type: "stream"},
|
||||
&Mount{
|
||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
||||
Base: Base{Comment: " failed perms check"},
|
||||
MountConditions: MountConditions{
|
||||
FsType: "fuse.portal",
|
||||
Options: []string{"rw", "rbind"},
|
||||
|
@ -204,9 +204,9 @@ func TestAppArmorProfileFile_Integration(t *testing.T) {
|
|||
name: "aa-status",
|
||||
f: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
|
||||
&Comment{RuleBase: RuleBase{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
|
||||
&Comment{RuleBase: RuleBase{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
|
||||
&Comment{Base: Base{Comment: " apparmor.d - Full set of apparmor profiles", IsLineRule: true}},
|
||||
&Comment{Base: Base{Comment: " Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>", IsLineRule: true}},
|
||||
&Comment{Base: Base{Comment: " SPDX-License-Identifier: GPL-2.0-only", IsLineRule: true}},
|
||||
nil,
|
||||
&Abi{IsMagic: true, Path: "abi/3.0"},
|
||||
&Include{IsMagic: true, Path: "tunables/global"},
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
"strings"
|
||||
)
|
||||
|
||||
type RuleBase struct {
|
||||
type Base struct {
|
||||
IsLineRule bool
|
||||
Comment string
|
||||
NoNewPrivs bool
|
||||
|
@ -19,7 +19,7 @@ type RuleBase struct {
|
|||
Optional bool
|
||||
}
|
||||
|
||||
func newBase(rule rule) RuleBase {
|
||||
func newBase(rule rule) Base {
|
||||
comment := ""
|
||||
fileInherit, noNewPrivs, optional := false, false, false
|
||||
|
||||
|
@ -44,7 +44,7 @@ func newBase(rule rule) RuleBase {
|
|||
optional = true
|
||||
comment = strings.Replace(comment, "optional: ", "", 1)
|
||||
}
|
||||
return RuleBase{
|
||||
return Base{
|
||||
Comment: comment,
|
||||
NoNewPrivs: noNewPrivs,
|
||||
FileInherit: fileInherit,
|
||||
|
@ -52,7 +52,7 @@ func newBase(rule rule) RuleBase {
|
|||
}
|
||||
}
|
||||
|
||||
func newBaseFromLog(log map[string]string) RuleBase {
|
||||
func newBaseFromLog(log map[string]string) Base {
|
||||
comment := ""
|
||||
fileInherit, noNewPrivs, optional := false, false, false
|
||||
|
||||
|
@ -70,7 +70,7 @@ func newBaseFromLog(log map[string]string) RuleBase {
|
|||
if log["info"] != "" {
|
||||
comment += " " + log["info"]
|
||||
}
|
||||
return RuleBase{
|
||||
return Base{
|
||||
IsLineRule: false,
|
||||
Comment: comment,
|
||||
NoNewPrivs: noNewPrivs,
|
||||
|
@ -79,11 +79,11 @@ func newBaseFromLog(log map[string]string) RuleBase {
|
|||
}
|
||||
}
|
||||
|
||||
func (r RuleBase) Merge(other Rule) bool {
|
||||
func (r Base) Merge(other Rule) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (r *RuleBase) merge(other RuleBase) bool {
|
||||
func (r *Base) merge(other Base) bool {
|
||||
if other.Comment != "" {
|
||||
r.Comment += " " + other.Comment
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ const (
|
|||
|
||||
// Hat represents a single AppArmor hat.
|
||||
type Hat struct {
|
||||
RuleBase
|
||||
Base
|
||||
Name string
|
||||
Rules Rules
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Capability struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Names []string
|
||||
}
|
||||
|
@ -37,7 +37,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Capability{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Names: names,
|
||||
}, nil
|
||||
|
@ -45,7 +45,7 @@ func newCapability(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newCapabilityFromLog(log map[string]string) Rule {
|
||||
return &Capability{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Names: Must(toValues(CAPABILITY, "name", log["capname"])),
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ func init() {
|
|||
}
|
||||
|
||||
type ChangeProfile struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
ExecMode string
|
||||
Exec string
|
||||
|
@ -49,7 +49,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
|
|||
}
|
||||
}
|
||||
return &ChangeProfile{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
ExecMode: mode,
|
||||
Exec: exec,
|
||||
|
@ -59,7 +59,7 @@ func newChangeProfile(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newChangeProfileFromLog(log map[string]string) Rule {
|
||||
return &ChangeProfile{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
ExecMode: log["mode"],
|
||||
Exec: log["exec"],
|
||||
|
|
|
@ -6,8 +6,8 @@ package aa
|
|||
|
||||
var (
|
||||
// Comment
|
||||
comment1 = &Comment{RuleBase: RuleBase{Comment: "comment", IsLineRule: true}}
|
||||
comment2 = &Comment{RuleBase: RuleBase{Comment: "another comment", IsLineRule: true}}
|
||||
comment1 = &Comment{Base: Base{Comment: "comment", IsLineRule: true}}
|
||||
comment2 = &Comment{Base: Base{Comment: "another comment", IsLineRule: true}}
|
||||
|
||||
// Abi
|
||||
abi1 = &Abi{IsMagic: true, Path: "abi/4.0"}
|
||||
|
@ -28,7 +28,7 @@ var (
|
|||
|
||||
// All
|
||||
all1 = &All{}
|
||||
all2 = &All{RuleBase: RuleBase{Comment: "comment"}}
|
||||
all2 = &All{Base: Base{Comment: "comment"}}
|
||||
|
||||
// Rlimit
|
||||
rlimit1 = &Rlimit{Key: "nproc", Op: "<=", Value: "200"}
|
||||
|
@ -94,13 +94,13 @@ var (
|
|||
"flags": "rw, rbind",
|
||||
}
|
||||
mount1 = &Mount{
|
||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
||||
Base: Base{Comment: " failed perms check"},
|
||||
MountConditions: MountConditions{FsType: "overlay"},
|
||||
Source: "overlay",
|
||||
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
|
||||
}
|
||||
mount2 = &Mount{
|
||||
RuleBase: RuleBase{Comment: " failed perms check"},
|
||||
Base: Base{Comment: " failed perms check"},
|
||||
MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
|
||||
Source: "/oldroot/dev/tty",
|
||||
MountPoint: "/newroot/dev/tty",
|
||||
|
@ -238,9 +238,9 @@ var (
|
|||
PeerLabel: "dbus-daemon",
|
||||
}
|
||||
unix2 = &Unix{
|
||||
RuleBase: RuleBase{FileInherit: true},
|
||||
Access: []string{"receive"},
|
||||
Type: "stream",
|
||||
Base: Base{FileInherit: true},
|
||||
Access: []string{"receive"},
|
||||
Type: "stream",
|
||||
}
|
||||
|
||||
// Dbus
|
||||
|
@ -318,10 +318,10 @@ var (
|
|||
}
|
||||
file1 = &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}}
|
||||
file2 = &File{
|
||||
RuleBase: RuleBase{NoNewPrivs: true},
|
||||
Owner: true,
|
||||
Path: "@{PROC}/4163/cgroup",
|
||||
Access: []string{"r"},
|
||||
Base: Base{NoNewPrivs: true},
|
||||
Owner: true,
|
||||
Path: "@{PROC}/4163/cgroup",
|
||||
Access: []string{"r"},
|
||||
}
|
||||
|
||||
// Link
|
||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Dbus struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Bus string
|
||||
|
@ -39,7 +39,7 @@ func newDbus(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Dbus{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Bus: rule.GetValuesAsString("bus"),
|
||||
|
@ -61,7 +61,7 @@ func newDbusFromLog(log map[string]string) Rule {
|
|||
peerName = log["name"]
|
||||
}
|
||||
return &Dbus{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: []string{log["mask"]},
|
||||
Bus: log["bus"],
|
||||
|
@ -120,8 +120,8 @@ func (r *Dbus) Merge(other Rule) bool {
|
|||
r.Interface == o.Interface && r.Member == o.Member &&
|
||||
r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ func isOwner(log map[string]string) bool {
|
|||
}
|
||||
|
||||
type File struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Owner bool
|
||||
Path string
|
||||
|
@ -76,7 +76,7 @@ func newFile(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &File{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Owner: owner,
|
||||
Path: path,
|
||||
|
@ -94,7 +94,7 @@ func newFileFromLog(log map[string]string) Rule {
|
|||
return newLinkFromLog(log)
|
||||
}
|
||||
return &File{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Owner: isOwner(log),
|
||||
Path: log["name"],
|
||||
|
@ -138,8 +138,8 @@ func (r *File) Merge(other Rule) bool {
|
|||
}
|
||||
if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
@ -157,7 +157,7 @@ func (r *File) Kind() Kind {
|
|||
}
|
||||
|
||||
type Link struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Owner bool
|
||||
Subset bool
|
||||
|
@ -190,7 +190,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
|
|||
}
|
||||
}
|
||||
return &Link{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Owner: owner,
|
||||
Subset: subset,
|
||||
|
@ -201,7 +201,7 @@ func newLink(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newLinkFromLog(log map[string]string) Rule {
|
||||
return &Link{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Owner: isOwner(log),
|
||||
Path: log["name"],
|
||||
|
|
|
@ -17,7 +17,7 @@ func init() {
|
|||
}
|
||||
|
||||
type IOUring struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Label string
|
||||
|
@ -29,7 +29,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &IOUring{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Label: rule.GetValuesAsString("label"),
|
||||
|
@ -38,7 +38,7 @@ func newIOUring(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newIOUringFromLog(log map[string]string) Rule {
|
||||
return &IOUring{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: Must(toAccess(IOURING, log["requested"])),
|
||||
Label: log["label"],
|
||||
|
@ -71,8 +71,8 @@ func (r *IOUring) Merge(other Rule) bool {
|
|||
}
|
||||
if r.Label == o.Label {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -74,7 +74,7 @@ func (m *MountConditions) Merge(other MountConditions) bool {
|
|||
}
|
||||
|
||||
type Mount struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
MountConditions
|
||||
Source string
|
||||
|
@ -102,7 +102,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Mount{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
MountConditions: conditions,
|
||||
Source: src,
|
||||
|
@ -112,7 +112,7 @@ func newMount(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newMountFromLog(log map[string]string) Rule {
|
||||
return &Mount{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
MountConditions: newMountConditionsFromLog(log),
|
||||
Source: log["srcname"],
|
||||
|
@ -150,8 +150,8 @@ func (r *Mount) Merge(other Rule) bool {
|
|||
}
|
||||
if r.Source == o.Source && r.MountPoint == o.MountPoint &&
|
||||
mc.Merge(o.MountConditions) {
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
@ -169,7 +169,7 @@ func (r *Mount) Kind() Kind {
|
|||
}
|
||||
|
||||
type Umount struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
MountConditions
|
||||
MountPoint string
|
||||
|
@ -186,7 +186,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Umount{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
MountConditions: conditions,
|
||||
MountPoint: mount,
|
||||
|
@ -195,7 +195,7 @@ func newUmount(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newUmountFromLog(log map[string]string) Rule {
|
||||
return &Umount{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
MountConditions: newMountConditionsFromLog(log),
|
||||
MountPoint: log["name"],
|
||||
|
@ -228,8 +228,8 @@ func (r *Umount) Merge(other Rule) bool {
|
|||
return false
|
||||
}
|
||||
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
@ -247,7 +247,7 @@ func (r *Umount) Kind() Kind {
|
|||
}
|
||||
|
||||
type Remount struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
MountConditions
|
||||
MountPoint string
|
||||
|
@ -265,7 +265,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Remount{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
MountConditions: conditions,
|
||||
MountPoint: mount,
|
||||
|
@ -274,7 +274,7 @@ func newRemount(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newRemountFromLog(log map[string]string) Rule {
|
||||
return &Remount{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
MountConditions: newMountConditionsFromLog(log),
|
||||
MountPoint: log["name"],
|
||||
|
@ -307,8 +307,8 @@ func (r *Remount) Merge(other Rule) bool {
|
|||
return false
|
||||
}
|
||||
if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) {
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Mqueue struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Type string
|
||||
|
@ -47,7 +47,7 @@ func newMqueue(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Mqueue{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Type: rule.GetValuesAsString("type"),
|
||||
|
@ -64,7 +64,7 @@ func newMqueueFromLog(log map[string]string) Rule {
|
|||
mqueueType = "sysv"
|
||||
}
|
||||
return &Mqueue{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: Must(toAccess(MQUEUE, log["requested"])),
|
||||
Type: mqueueType,
|
||||
|
@ -105,8 +105,8 @@ func (r *Mqueue) Merge(other Rule) bool {
|
|||
}
|
||||
if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ func (r AddressExpr) Compare(other AddressExpr) int {
|
|||
}
|
||||
|
||||
type Network struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
AddressExpr
|
||||
Domain string
|
||||
|
@ -80,7 +80,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
|
|||
}
|
||||
}
|
||||
return &Network{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Domain: domain,
|
||||
Type: nType,
|
||||
|
@ -90,7 +90,7 @@ func newNetwork(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newNetworkFromLog(log map[string]string) Rule {
|
||||
return &Network{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
AddressExpr: newAddressExprFromLog(log),
|
||||
Domain: log["family"],
|
||||
|
|
|
@ -755,14 +755,14 @@ var (
|
|||
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
||||
want: "\n\n\n",
|
||||
rules: Rules{
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||
&Include{
|
||||
RuleBase: RuleBase{Comment: " comment included"},
|
||||
IsMagic: true, Path: "tunables/global",
|
||||
Base: Base{Comment: " comment included"},
|
||||
IsMagic: true, Path: "tunables/global",
|
||||
},
|
||||
&Variable{
|
||||
RuleBase: RuleBase{Comment: " comment in variable"},
|
||||
Name: "lib_dirs", Define: true,
|
||||
Base: Base{Comment: " comment in variable"},
|
||||
Name: "lib_dirs", Define: true,
|
||||
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||
},
|
||||
},
|
||||
|
@ -862,14 +862,14 @@ var (
|
|||
@{lib_dirs} = @{lib}/@{name} /opt/@{name} # comment in variable`,
|
||||
apparmor: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " IsLineRule comment"}},
|
||||
&Include{
|
||||
RuleBase: RuleBase{Comment: " comment included"},
|
||||
Path: "tunables/global", IsMagic: true,
|
||||
Base: Base{Comment: " comment included"},
|
||||
Path: "tunables/global", IsMagic: true,
|
||||
},
|
||||
&Variable{
|
||||
RuleBase: RuleBase{Comment: " comment in variable"},
|
||||
Name: "lib_dirs", Define: true,
|
||||
Base: Base{Comment: " comment in variable"},
|
||||
Name: "lib_dirs", Define: true,
|
||||
Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||
},
|
||||
},
|
||||
|
@ -893,9 +893,9 @@ var (
|
|||
`,
|
||||
apparmor: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " Simple test"}},
|
||||
&Include{IsMagic: true, Path: "tunables/global"},
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " { commented block }"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " { commented block }"}},
|
||||
&Variable{Name: "name", Values: []string{"{D,d}ummy"}, Define: true},
|
||||
&Variable{Name: "exec_path", Values: []string{"@{bin}/@{name}"}, Define: true},
|
||||
&Variable{Name: "exec_path", Values: []string{"@{lib}/@{name}"}},
|
||||
|
@ -922,7 +922,7 @@ var (
|
|||
raw: util.MustReadFile(testData.Join("string.aa")),
|
||||
apparmor: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||
&Comment{Base: Base{Comment: " Simple test profile for the AppArmorProfileFile.String() method", IsLineRule: true}},
|
||||
&Include{IsMagic: true, Path: "tunables/global"},
|
||||
&Variable{
|
||||
Name: "exec_path", Define: true,
|
||||
|
@ -961,7 +961,7 @@ var (
|
|||
},
|
||||
{
|
||||
&Mount{
|
||||
RuleBase: RuleBase{IsLineRule: false, Comment: " failed perms check"},
|
||||
Base: Base{IsLineRule: false, Comment: " failed perms check"},
|
||||
MountConditions: MountConditions{
|
||||
FsType: "fuse.portal",
|
||||
Options: []string{"rw", "rbind"},
|
||||
|
@ -1020,15 +1020,15 @@ var (
|
|||
raw: util.MustReadFile(testData.Join("full.aa")),
|
||||
apparmor: &AppArmorProfileFile{
|
||||
Preamble: Rules{
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " Simple test profile with all rules used"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " Simple test profile with all rules used"}},
|
||||
&Include{
|
||||
RuleBase: RuleBase{Comment: " a comment", Optional: true},
|
||||
IsMagic: true, Path: "tunables/global",
|
||||
Base: Base{Comment: " a comment", Optional: true},
|
||||
IsMagic: true, Path: "tunables/global",
|
||||
},
|
||||
&Include{IfExists: true, Path: "/etc/apparmor.d/global/dummy space"},
|
||||
&Variable{Name: "name", Values: []string{"torbrowser", "\"tor browser\""}, Define: true},
|
||||
&Variable{
|
||||
RuleBase: RuleBase{Comment: " another comment"}, Define: true,
|
||||
Base: Base{Comment: " another comment"}, Define: true,
|
||||
Name: "lib_dirs", Values: []string{"@{lib}/@{name}", "/opt/@{name}"},
|
||||
},
|
||||
&Variable{Name: "config_dirs", Values: []string{"@{HOME}/.mozilla/"}, Define: true},
|
||||
|
@ -1152,7 +1152,7 @@ var (
|
|||
},
|
||||
},
|
||||
{
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " A comment! before a paragraph of rules"}},
|
||||
&File{
|
||||
Path: "\"/opt/Mullvad VPN/resources/*.so*\"",
|
||||
Access: []string{"m", "r"},
|
||||
|
|
|
@ -9,7 +9,7 @@ import "fmt"
|
|||
const PIVOTROOT Kind = "pivot_root"
|
||||
|
||||
type PivotRoot struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
OldRoot string
|
||||
NewRoot string
|
||||
|
@ -32,7 +32,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
|
|||
}
|
||||
}
|
||||
return &PivotRoot{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
OldRoot: rule.GetValuesAsString("oldroot"),
|
||||
NewRoot: newroot,
|
||||
|
@ -42,7 +42,7 @@ func newPivotRoot(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newPivotRootFromLog(log map[string]string) Rule {
|
||||
return &PivotRoot{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
OldRoot: log["srcname"],
|
||||
NewRoot: log["name"],
|
||||
|
|
|
@ -20,13 +20,13 @@ const (
|
|||
)
|
||||
|
||||
type Comment struct {
|
||||
RuleBase
|
||||
Base
|
||||
}
|
||||
|
||||
func newComment(rule rule) (Rule, error) {
|
||||
base := newBase(rule)
|
||||
base.IsLineRule = true
|
||||
return &Comment{RuleBase: base}, nil
|
||||
return &Comment{Base: base}, nil
|
||||
}
|
||||
|
||||
func (r *Comment) Validate() error {
|
||||
|
@ -50,7 +50,7 @@ func (r *Comment) Kind() Kind {
|
|||
}
|
||||
|
||||
type Abi struct {
|
||||
RuleBase
|
||||
Base
|
||||
Path string
|
||||
IsMagic bool
|
||||
}
|
||||
|
@ -71,9 +71,9 @@ func newAbi(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
|
||||
}
|
||||
return &Abi{
|
||||
RuleBase: newBase(rule),
|
||||
Path: strings.Trim(path, "\"<>"),
|
||||
IsMagic: magic,
|
||||
Base: newBase(rule),
|
||||
Path: strings.Trim(path, "\"<>"),
|
||||
IsMagic: magic,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -102,7 +102,7 @@ func (r *Abi) Kind() Kind {
|
|||
}
|
||||
|
||||
type Alias struct {
|
||||
RuleBase
|
||||
Base
|
||||
Path string
|
||||
RewrittenPath string
|
||||
}
|
||||
|
@ -115,7 +115,7 @@ func newAlias(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
|
||||
}
|
||||
return &Alias{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Path: rule.Get(0),
|
||||
RewrittenPath: rule.Get(2),
|
||||
}, nil
|
||||
|
@ -146,7 +146,7 @@ func (r *Alias) Kind() Kind {
|
|||
}
|
||||
|
||||
type Include struct {
|
||||
RuleBase
|
||||
Base
|
||||
IfExists bool
|
||||
Path string
|
||||
IsMagic bool
|
||||
|
@ -177,7 +177,7 @@ func newInclude(rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid path format: %v", path)
|
||||
}
|
||||
return &Include{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
IfExists: ifexists,
|
||||
Path: strings.Trim(path, "\"<>"),
|
||||
IsMagic: magic,
|
||||
|
@ -219,7 +219,7 @@ func (r *Include) Kind() Kind {
|
|||
}
|
||||
|
||||
type Variable struct {
|
||||
RuleBase
|
||||
Base
|
||||
Name string
|
||||
Values []string
|
||||
Define bool
|
||||
|
@ -245,10 +245,10 @@ func newVariable(rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid operator in variable: %v", rule)
|
||||
}
|
||||
return &Variable{
|
||||
RuleBase: newBase(rule),
|
||||
Name: name,
|
||||
Values: values,
|
||||
Define: define,
|
||||
Base: newBase(rule),
|
||||
Name: name,
|
||||
Values: values,
|
||||
Define: define,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -261,8 +261,8 @@ func (r *Variable) Merge(other Rule) bool {
|
|||
|
||||
if r.Name == o.Name && r.Define == o.Define {
|
||||
r.Values = merge(r.Kind(), "access", r.Values, o.Values)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ func init() {
|
|||
|
||||
// Profile represents a single AppArmor profile.
|
||||
type Profile struct {
|
||||
RuleBase
|
||||
Base
|
||||
Header
|
||||
Rules Rules
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Ptrace struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Peer string
|
||||
|
@ -31,7 +31,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Ptrace{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Peer: rule.GetValuesAsString("peer"),
|
||||
|
@ -40,7 +40,7 @@ func newPtrace(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newPtraceFromLog(log map[string]string) Rule {
|
||||
return &Ptrace{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: Must(toAccess(PTRACE, log["requested_mask"])),
|
||||
Peer: log["peer"],
|
||||
|
@ -62,8 +62,8 @@ func (r *Ptrace) Merge(other Rule) bool {
|
|||
}
|
||||
if r.Peer == o.Peer {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -31,7 +31,7 @@ func TestAppArmorProfileFile_resolveInclude(t *testing.T) {
|
|||
Preamble: Rules{
|
||||
&Alias{Path: "/usr/", RewrittenPath: "/User/"},
|
||||
&Alias{Path: "/lib/", RewrittenPath: "/Libraries/"},
|
||||
&Comment{RuleBase: RuleBase{IsLineRule: true, Comment: " variable declarations for inclusion"}},
|
||||
&Comment{Base: Base{IsLineRule: true, Comment: " variable declarations for inclusion"}},
|
||||
&Variable{
|
||||
Name: "FOO", Define: true,
|
||||
Values: []string{
|
||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Rlimit struct {
|
||||
RuleBase
|
||||
Base
|
||||
Key string
|
||||
Op string
|
||||
Value string
|
||||
|
@ -35,19 +35,19 @@ func newRlimit(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid rlimit format: %s", rule)
|
||||
}
|
||||
return &Rlimit{
|
||||
RuleBase: newBase(rule),
|
||||
Key: rule.Get(1),
|
||||
Op: rule.Get(2),
|
||||
Value: rule.Get(3),
|
||||
Base: newBase(rule),
|
||||
Key: rule.Get(1),
|
||||
Op: rule.Get(2),
|
||||
Value: rule.Get(3),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func newRlimitFromLog(log map[string]string) Rule {
|
||||
return &Rlimit{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Key: log["key"],
|
||||
Op: log["op"],
|
||||
Value: log["value"],
|
||||
Base: newBaseFromLog(log),
|
||||
Key: log["key"],
|
||||
Op: log["op"],
|
||||
Value: log["value"],
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Signal struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Set []string
|
||||
|
@ -49,7 +49,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Signal{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Set: set,
|
||||
|
@ -59,7 +59,7 @@ func newSignal(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newSignalFromLog(log map[string]string) Rule {
|
||||
return &Signal{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: Must(toAccess(SIGNAL, log["requested_mask"])),
|
||||
Set: []string{log["signal"]},
|
||||
|
@ -86,12 +86,12 @@ func (r *Signal) Merge(other Rule) bool {
|
|||
switch {
|
||||
case r.Peer == o.Peer && compare(r.Set, o.Set) == 0:
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
case r.Peer == o.Peer && compare(r.Access, o.Access) == 0:
|
||||
r.Set = merge(r.Kind(), "set", r.Set, o.Set)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ func init() {
|
|||
}
|
||||
|
||||
type Unix struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Access []string
|
||||
Type string
|
||||
|
@ -40,7 +40,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &Unix{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Access: accesses,
|
||||
Type: rule.GetValuesAsString("type"),
|
||||
|
@ -56,7 +56,7 @@ func newUnix(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newUnixFromLog(log map[string]string) Rule {
|
||||
return &Unix{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Access: Must(toAccess(UNIX, log["requested_mask"])),
|
||||
Type: log["sock_type"],
|
||||
|
@ -119,8 +119,8 @@ func (r *Unix) Merge(other Rule) bool {
|
|||
r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt &&
|
||||
r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr {
|
||||
r.Access = merge(r.Kind(), "access", r.Access, o.Access)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ import "fmt"
|
|||
const USERNS Kind = "userns"
|
||||
|
||||
type Userns struct {
|
||||
RuleBase
|
||||
Base
|
||||
Qualifier
|
||||
Create bool
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
|
|||
return nil, fmt.Errorf("invalid userns format: %s", rule)
|
||||
}
|
||||
return &Userns{
|
||||
RuleBase: newBase(rule),
|
||||
Base: newBase(rule),
|
||||
Qualifier: q,
|
||||
Create: create,
|
||||
}, nil
|
||||
|
@ -36,7 +36,7 @@ func newUserns(q Qualifier, rule rule) (Rule, error) {
|
|||
|
||||
func newUsernsFromLog(log map[string]string) Rule {
|
||||
return &Userns{
|
||||
RuleBase: newBaseFromLog(log),
|
||||
Base: newBaseFromLog(log),
|
||||
Qualifier: newQualifierFromLog(log),
|
||||
Create: true,
|
||||
}
|
||||
|
@ -56,8 +56,8 @@ func (r *Userns) Compare(other Rule) int {
|
|||
|
||||
func (r *Userns) Merge(other Rule) bool {
|
||||
o, _ := other.(*Userns)
|
||||
b := &r.RuleBase
|
||||
return b.merge(o.RuleBase)
|
||||
b := &r.Base
|
||||
return b.merge(o.Base)
|
||||
}
|
||||
|
||||
func (r *Userns) String() string {
|
||||
|
|
|
@ -303,13 +303,13 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) {
|
|||
Header: aa.Header{Name: "kmod"},
|
||||
Rules: aa.Rules{
|
||||
&aa.Unix{
|
||||
RuleBase: aa.RuleBase{FileInherit: true},
|
||||
Base: aa.Base{FileInherit: true},
|
||||
Access: []string{"send", "receive"},
|
||||
Type: "stream",
|
||||
Protocol: "0",
|
||||
},
|
||||
&aa.Unix{
|
||||
RuleBase: aa.RuleBase{FileInherit: true},
|
||||
Base: aa.Base{FileInherit: true},
|
||||
Access: []string{"send", "receive"},
|
||||
Type: "stream",
|
||||
Protocol: "0",
|
||||
|
|
Loading…
Reference in a new issue