build: prepare new structure for directives.

2024-11-14 23:43:56 +01:00 · 2024-03-21 20:36:41 +00:00 · 2024-03-21 20:36:41 +00:00 · 2ca62215bc
commit 2ca62215bc
parent e1d1d0be3d
4 changed files with 159 additions and 3 deletions
--- a/cmd/prebuild/main.go
+++ b/cmd/prebuild/main.go
@ -12,11 +12,13 @@ import (
 	"github.com/roddhjav/apparmor.d/pkg/logging"
 	oss "github.com/roddhjav/apparmor.d/pkg/os"
 	"github.com/roddhjav/apparmor.d/pkg/prebuild"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
 )

-const usage = `prebuild [-h] [--full] [--complain | --enforce]
+const usage = `prebuild [-h] [--full] [--complain | --enforce] [profiles...]

-    Prebuild apparmor.d profiles for a given distribution.
+    Prebuild apparmor.d profiles for a given distribution and apply
+    internal built-in directives.

 Options:
    -h, --help      Show this help message and exit.
@ -24,6 +26,8 @@ Options:
    -c, --complain  Set complain flag on all profiles.
    -e, --enforce   Set enforce flag on all profiles.
        --abi4      Convert the profiles to Apparmor abi/4.0.
+
+Directives:
 `

 var (
@ -73,7 +77,13 @@ func aaPrebuild() error {
 }

 func main() {
-	flag.Usage = func() { fmt.Print(usage) }
+	flag.Usage = func() {
+		res := usage
+		for _, d := range directive.Directives {
+			res += `    ` + d.Usage() + "\n"
+		}
+		fmt.Print(res)
+	}
 	flag.Parse()
 	if help {
 		flag.Usage()
--- a/pkg/prebuild/directive/core.go
+++ b/pkg/prebuild/directive/core.go
@ -0,0 +1,82 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package directive
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/arduino/go-paths-helper"
+)
+
+// Define the directive keyword globally
+const Keyword = "#aa:"
+
+// Build the profiles with the following directive applied
+var Directives = map[string]Directive{}
+
+var regDirective = regexp.MustCompile(`(?m).*` + Keyword + `([a-z]*) (.*)`)
+
+// Main directive interface
+type Directive interface {
+	Usage() string
+	Message() string
+	Apply(opt *Option, profile string) string
+}
+
+type DirectiveBase struct {
+	message string
+	usage   string
+}
+
+func (d *DirectiveBase) Usage() string {
+	return d.usage
+}
+
+func (d *DirectiveBase) Message() string {
+	return d.message
+}
+
+// Directive options
+type Option struct {
+	Name string
+	Args map[string]string
+	File *paths.Path
+	Raw  string
+}
+
+func NewOption(file *paths.Path, match []string) *Option {
+	if len(match) != 3 {
+		panic(fmt.Sprintf("Invalid directive: %v", match))
+	}
+	args := map[string]string{}
+	for _, t := range strings.Fields(match[2]) {
+		tmp := strings.Split(t, "=")
+		if len(tmp) < 2 {
+			args[tmp[0]] = ""
+		} else {
+			args[tmp[0]] = tmp[1]
+		}
+	}
+	return &Option{
+		Name: match[1],
+		Args: args,
+		File: file,
+		Raw:  match[0],
+	}
+}
+
+func Run(file *paths.Path, profile string) string {
+	for _, match := range regDirective.FindAllStringSubmatch(profile, -1) {
+		opt := NewOption(file, match)
+		drtv, ok := Directives[opt.Name]
+		if !ok {
+			panic(fmt.Sprintf("Unknown directive: %s", opt.Name))
+		}
+		profile = drtv.Apply(opt, profile)
+	}
+	return profile
+}
--- a/pkg/prebuild/directive/core_test.go
+++ b/pkg/prebuild/directive/core_test.go
@ -0,0 +1,63 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package directive
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/arduino/go-paths-helper"
+)
+
+func TestNewOption(t *testing.T) {
+	tests := []struct {
+		name  string
+		file  *paths.Path
+		match []string
+		want  *Option
+	}{
+		{
+			name: "dbus",
+			file: nil,
+			match: []string{
+				"  #aa:dbus own bus=system name=org.gnome.DisplayManager",
+				"dbus",
+				"own bus=system name=org.gnome.DisplayManager",
+			},
+			want: &Option{
+				Name: "dbus",
+				Args: map[string]string{
+					"bus":  "system",
+					"name": "org.gnome.DisplayManager",
+					"own":  "",
+				},
+				File: paths.New(""),
+				Raw:  "  #aa:dbus own bus=system name=org.gnome.DisplayManager",
+			},
+		},
+		{
+			name: "only",
+			file: nil,
+			match: []string{
+				"    #aa:only opensuse",
+				"only",
+				"opensuse",
+			},
+			want: &Option{
+				Name: "only",
+				Args: map[string]string{"opensuse": ""},
+				File: paths.New(""),
+				Raw:  "    #aa:only opensuse",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := NewOption(tt.file, tt.match); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("NewOption() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/pkg/prebuild/prebuild.go
+++ b/pkg/prebuild/prebuild.go
@ -89,6 +89,7 @@ func Build() error {
 		for _, fct := range Directives {
 			profile = fct(file, profile)
 		}
+		profile = directive.Run(file, profile)
 		if err := file.WriteFile([]byte(profile)); err != nil {
 			return err
 		}