mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-23 19:38:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(aa): add the Merge method to the Rule interface.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-20 23:23:39 +01:00
parent d6424cb950
commit 42ca1be858
Failed to generate hash of commit
6 changed files with 25 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/aa-log/main.go
View file

@ -68,7 +68,7 @@ func aaLog(logger string, path string, profile string) error {
if rules { if rules {
profiles := aaLogs.ParseToProfiles() profiles := aaLogs.ParseToProfiles()
for _, p := range profiles { for _, p := range profiles {
p.Merge() p.Merge(nil)
p.Sort() p.Sort()
p.Format() p.Format()
fmt.Print(p.String() + "\n\n") fmt.Print(p.String() + "\n\n")

2
pkg/aa/apparmor.go
View file

@ -92,7 +92,7 @@ func (f *AppArmorProfileFile) Sort() {
// Note: logs.regCleanLogs helps a lot to do a first cleaning // Note: logs.regCleanLogs helps a lot to do a first cleaning
func (f *AppArmorProfileFile) MergeRules() { func (f *AppArmorProfileFile) MergeRules() {
for _, p := range f.Profiles { for _, p := range f.Profiles {
p.Merge() p.Merge(nil)
} }
} }

4
pkg/aa/base.go
View file

@ -79,6 +79,10 @@ func newBaseFromLog(log map[string]string) RuleBase {
} }
} }
func (r RuleBase) Merge(other Rule) bool {
return false
}
type Qualifier struct { type Qualifier struct {
Audit bool Audit bool
AccessType string AccessType string

11
pkg/aa/file.go
View file

@ -130,6 +130,17 @@ func (r *File) Compare(other Rule) int {
return r.Qualifier.Compare(o.Qualifier) return r.Qualifier.Compare(o.Qualifier)
} }
func (r *File) Merge(other Rule) bool {
o, _ := other.(*File)
if r.Path == o.Path {
r.Access = append(r.Access, o.Access...)
slices.SortFunc(r.Access, compareFileAccess)
r.Access = slices.Compact(r.Access)
return true
}
return false
}
func (r *File) String() string { func (r *File) String() string {
return renderTemplate(r.Kind(), r) return renderTemplate(r.Kind(), r)
} }

3
pkg/aa/profile.go
View file

@ -96,10 +96,11 @@ func (p *Profile) Kind() Kind {
return PROFILE return PROFILE
} }
func (p *Profile) Merge() { func (p *Profile) Merge(other Rule) bool {
slices.Sort(p.Flags) slices.Sort(p.Flags)
p.Flags = slices.Compact(p.Flags) p.Flags = slices.Compact(p.Flags)
p.Rules = p.Rules.Merge() p.Rules = p.Rules.Merge()
return false
} }
func (p *Profile) Sort() { func (p *Profile) Sort() {

17
pkg/aa/rules.go
View file

@ -39,6 +39,7 @@ func (k Kind) Tok() string {
type Rule interface { type Rule interface {
Validate() error Validate() error
Compare(other Rule) int Compare(other Rule) int
Merge(other Rule) bool
String() string String() string
Constraint() constraint Constraint() constraint
Kind() Kind Kind() Kind
@ -156,33 +157,23 @@ func (r Rules) Merge() Rules {
if r[i] == nil || r[j] == nil { if r[i] == nil || r[j] == nil {
continue continue
} }
kindOfI := r[i].Kind() if r[i].Kind() != r[j].Kind() {
if kindOfI != r[j].Kind() {
continue continue
} }
// If rules are identical, merge them. Ignore comments // If rules are identical, merge them. Ignore comments
if kindOfI != COMMENT && r[i].Compare(r[j]) == 0 { if r[i].Kind() != COMMENT && r[i].Compare(r[j]) == 0 {
r = r.Delete(j) r = r.Delete(j)
j-- j--
continue continue
} }
// File rule if r[i].Merge(r[j]) {
if kindOfI == FILE {
// Merge access
fileI := r[i].(*File)
fileJ := r[j].(*File)
if fileI.Path == fileJ.Path {
fileI.Access = append(fileI.Access, fileJ.Access...)
slices.SortFunc(fileI.Access, compareFileAccess)
fileI.Access = slices.Compact(fileI.Access)
r = r.Delete(j) r = r.Delete(j)
j-- j--
} }
} }
} }
}
return r return r
} }