From 54fdf388615cc61c5877b446696bf174136300bf Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 25 May 2024 22:21:59 +0100
Subject: [PATCH] chore: cosmetic & fix.

---
 pkg/aa/preamble.go | 11 +++--------
 pkg/aa/rules.go    | 11 +++++++++++
 pkg/aa/template.go | 24 ++++++++++++++++++------
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go
index 344ccaa1..2197612f 100644
--- a/pkg/aa/preamble.go
+++ b/pkg/aa/preamble.go
@@ -6,24 +6,21 @@ package aa
 
 import (
 	"slices"
+)
 
 const (
 	tokABI      = "abi"
 	tokALIAS    = "alias"
 	tokINCLUDE  = "include"
 	tokIFEXISTS = "if exists"
+	tokVARIABLE = "@{"
+	tokCOMMENT  = "#"
 )
 
 type Comment struct {
 	RuleBase
 }
 
-func newCommentFromRule(rule rule) (Rule, error) {
-	base := newRuleFromRule(rule)
-	base.IsLineRule = true
-	return &Comment{RuleBase: base}, nil
-}
-
 func (r *Comment) Less(other any) bool {
 	return false
 }
@@ -152,8 +149,6 @@ type Variable struct {
 	Define bool
 }
 
-}
-
 func (r *Variable) Less(other any) bool {
 	o, _ := other.(*Variable)
 	if r.Name != o.Name {
diff --git a/pkg/aa/rules.go b/pkg/aa/rules.go
index c42ca020..e6ab8ec1 100644
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@@ -62,6 +62,17 @@ func (r Rules) GetVariables() []*Variable {
 	return res
 }
 
+func (r Rules) GetIncludes() []*Include {
+	res := make([]*Include, 0)
+	for _, rule := range r {
+		switch rule.(type) {
+		case *Include:
+			res = append(res, rule.(*Include))
+		}
+	}
+	return res
+}
+
 // Must is a helper that wraps a call to a function returning (any, error) and
 // panics if the error is non-nil.
 func Must[T any](v T, err error) T {
diff --git a/pkg/aa/template.go b/pkg/aa/template.go
index 440be9da..10d1c161 100644
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@@ -8,7 +8,6 @@ import (
 	"embed"
 	"fmt"
 	"reflect"
-	"slices"
 	"strings"
 	"text/template"
 )
@@ -36,11 +35,23 @@ var (
 
 	// The apparmor templates
 	tmpl = generateTemplates([]string{
-		"apparmor", tokPROFILE, "rules", // Global templates
-		tokINCLUDE, tokRLIMIT, tokCAPABILITY, tokNETWORK,
-		tokMOUNT, tokPIVOTROOT, tokCHANGEPROFILE, tokSIGNAL,
-		tokPTRACE, tokUNIX, tokUSERNS, tokIOURING,
-		tokDBUS, "file", "variable",
+		// Global templates
+		"apparmor",
+		tokPROFILE,
+		"rules",
+
+		// Preamble templates
+		tokABI,
+		tokALIAS,
+		tokINCLUDE,
+		"variable",
+		"comment",
+
+		// Rules templates
+		tokALL, tokRLIMIT, tokUSERNS, tokCAPABILITY, tokNETWORK,
+		tokMOUNT, tokREMOUNT, tokUMOUNT, tokPIVOTROOT, tokCHANGEPROFILE,
+		tokMQUEUE, tokIOURING, tokUNIX, tokPTRACE, tokSIGNAL, tokDBUS,
+		tokFILE, tokLINK,
 	})
 
 	// convert apparmor requested mask to apparmor access mode
@@ -72,6 +83,7 @@ var (
 		"unix",
 		"dbus",
 		"file",
+		"link",
 		"profile",
 		"include_if_exists",
 	}