feat(aa): add the Merge method to the Rule interface.

2025-01-23 11:28:13 +01:00 · 2024-06-20 23:23:39 +01:00 · 2024-06-20 23:23:39 +01:00 · 42ca1be858
commit 42ca1be858
parent d6424cb950
6 changed files with 25 additions and 18 deletions
--- a/cmd/aa-log/main.go
+++ b/cmd/aa-log/main.go
@ -68,7 +68,7 @@ func aaLog(logger string, path string, profile string) error {
 	if rules {
 		profiles := aaLogs.ParseToProfiles()
 		for _, p := range profiles {
-			p.Merge()
+			p.Merge(nil)
 			p.Sort()
 			p.Format()
 			fmt.Print(p.String() + "\n\n")
--- a/pkg/aa/apparmor.go
+++ b/pkg/aa/apparmor.go
@ -92,7 +92,7 @@ func (f *AppArmorProfileFile) Sort() {
 // Note: logs.regCleanLogs helps a lot to do a first cleaning
 func (f *AppArmorProfileFile) MergeRules() {
 	for _, p := range f.Profiles {
-		p.Merge()
+		p.Merge(nil)
 	}
 }

--- a/pkg/aa/base.go
+++ b/pkg/aa/base.go
@ -79,6 +79,10 @@ func newBaseFromLog(log map[string]string) RuleBase {
 	}
 }

+func (r RuleBase) Merge(other Rule) bool {
+	return false
+}
+
 type Qualifier struct {
 	Audit      bool
 	AccessType string
--- a/pkg/aa/file.go
+++ b/pkg/aa/file.go
@ -130,6 +130,17 @@ func (r *File) Compare(other Rule) int {
 	return r.Qualifier.Compare(o.Qualifier)
 }

+func (r *File) Merge(other Rule) bool {
+	o, _ := other.(*File)
+	if r.Path == o.Path {
+		r.Access = append(r.Access, o.Access...)
+		slices.SortFunc(r.Access, compareFileAccess)
+		r.Access = slices.Compact(r.Access)
+		return true
+	}
+	return false
+}
+
 func (r *File) String() string {
 	return renderTemplate(r.Kind(), r)
 }
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -96,10 +96,11 @@ func (p *Profile) Kind() Kind {
 	return PROFILE
 }

-func (p *Profile) Merge() {
+func (p *Profile) Merge(other Rule) bool {
 	slices.Sort(p.Flags)
 	p.Flags = slices.Compact(p.Flags)
 	p.Rules = p.Rules.Merge()
+	return false
 }

 func (p *Profile) Sort() {
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@ -39,6 +39,7 @@ func (k Kind) Tok() string {
 type Rule interface {
 	Validate() error
 	Compare(other Rule) int
+	Merge(other Rule) bool
 	String() string
 	Constraint() constraint
 	Kind() Kind
@ -156,30 +157,20 @@ func (r Rules) Merge() Rules {
 			if r[i] == nil || r[j] == nil {
 				continue
 			}
-			kindOfI := r[i].Kind()
-			if kindOfI != r[j].Kind() {
+			if r[i].Kind() != r[j].Kind() {
 				continue
 			}

 			// If rules are identical, merge them. Ignore comments
-			if kindOfI != COMMENT && r[i].Compare(r[j]) == 0 {
+			if r[i].Kind() != COMMENT && r[i].Compare(r[j]) == 0 {
 				r = r.Delete(j)
 				j--
 				continue
 			}

-			// File rule
-			if kindOfI == FILE {
-				// Merge access
-				fileI := r[i].(*File)
-				fileJ := r[j].(*File)
-				if fileI.Path == fileJ.Path {
-					fileI.Access = append(fileI.Access, fileJ.Access...)
-					slices.SortFunc(fileI.Access, compareFileAccess)
-					fileI.Access = slices.Compact(fileI.Access)
-					r = r.Delete(j)
-					j--
-				}
+			if r[i].Merge(r[j]) {
+				r = r.Delete(j)
+				j--
 			}
 		}
 	}