From 7c006dee0a0385d49b106c43925f19ea34be8a82 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 25 Jun 2024 20:10:12 +0100 Subject: [PATCH] feat(aa): be more verbose on rule.Merge --- pkg/aa/base.go | 4 ---- pkg/aa/blocks.go | 4 ++++ pkg/aa/capability.go | 4 ++++ pkg/aa/change_profile.go | 4 ++++ pkg/aa/file.go | 4 ++++ pkg/aa/network.go | 4 ++++ pkg/aa/pivot_root.go | 4 ++++ pkg/aa/preamble.go | 16 ++++++++++++++++ pkg/aa/ptrace.go | 22 +++++++++++----------- pkg/aa/rlimit.go | 4 ++++ pkg/aa/signal.go | 28 ++++++++++++++-------------- 11 files changed, 69 insertions(+), 29 deletions(-) diff --git a/pkg/aa/base.go b/pkg/aa/base.go index 6302a0fa..6e40e46d 100644 --- a/pkg/aa/base.go +++ b/pkg/aa/base.go @@ -79,10 +79,6 @@ func newBaseFromLog(log map[string]string) Base { } } -func (r Base) Merge(other Rule) bool { - return false -} - func (r *Base) merge(other Base) bool { if other.Comment != "" { r.Comment += " " + other.Comment diff --git a/pkg/aa/blocks.go b/pkg/aa/blocks.go index ed1f8fde..ecc931d0 100644 --- a/pkg/aa/blocks.go +++ b/pkg/aa/blocks.go @@ -35,3 +35,7 @@ func (r *Hat) Compare(other Rule) int { o, _ := other.(*Hat) return compare(r.Name, o.Name) } + +func (r *Hat) Merge(other Rule) bool { + return false // Never merge hat blocks +} diff --git a/pkg/aa/capability.go b/pkg/aa/capability.go index d3629411..a91fad7a 100644 --- a/pkg/aa/capability.go +++ b/pkg/aa/capability.go @@ -77,3 +77,7 @@ func (r *Capability) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } + +func (r *Capability) Merge(other Rule) bool { + return false // Never merge capabilities +} diff --git a/pkg/aa/change_profile.go b/pkg/aa/change_profile.go index a6e3bb6e..f0e9a5d0 100644 --- a/pkg/aa/change_profile.go +++ b/pkg/aa/change_profile.go @@ -99,3 +99,7 @@ func (r *ChangeProfile) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } + +func (r *ChangeProfile) Merge(other Rule) bool { + return false // Never merge change_profile +} diff --git a/pkg/aa/file.go b/pkg/aa/file.go index 3b58e4e1..4255c4de 100644 --- a/pkg/aa/file.go +++ b/pkg/aa/file.go @@ -242,3 +242,7 @@ func (r *Link) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } + +func (r *Link) Merge(other Rule) bool { + return false // Never merge link +} diff --git a/pkg/aa/network.go b/pkg/aa/network.go index 989b9b16..383d8692 100644 --- a/pkg/aa/network.go +++ b/pkg/aa/network.go @@ -140,3 +140,7 @@ func (r *Network) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } + +func (r *Network) Merge(other Rule) bool { + return false // Never merge network +} diff --git a/pkg/aa/pivot_root.go b/pkg/aa/pivot_root.go index 219435fc..255e6563 100644 --- a/pkg/aa/pivot_root.go +++ b/pkg/aa/pivot_root.go @@ -79,3 +79,7 @@ func (r *PivotRoot) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } + +func (r *PivotRoot) Merge(other Rule) bool { + return false // Never merge pivot root +} diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go index c66471c0..7b3d372c 100644 --- a/pkg/aa/preamble.go +++ b/pkg/aa/preamble.go @@ -49,6 +49,10 @@ func (r *Comment) Compare(other Rule) int { return 0 // Comments are always equal to each other as they are not compared } +func (r *Comment) Merge(other Rule) bool { + return false // Never merge comments +} + type Abi struct { Base Path string @@ -101,6 +105,10 @@ func (r *Abi) Compare(other Rule) int { return compare(r.IsMagic, o.IsMagic) } +func (r *Abi) Merge(other Rule) bool { + return false // Never merge abi +} + type Alias struct { Base Path string @@ -145,6 +153,10 @@ func (r *Alias) Compare(other Rule) int { return compare(r.RewrittenPath, o.RewrittenPath) } +func (r *Alias) Merge(other Rule) bool { + return false // Never merge alias +} + type Include struct { Base IfExists bool @@ -218,6 +230,10 @@ func (r *Include) Compare(other Rule) int { return compare(r.IfExists, o.IfExists) } +func (r *Include) Merge(other Rule) bool { + return false // Never merge include +} + type Variable struct { Base Name string diff --git a/pkg/aa/ptrace.go b/pkg/aa/ptrace.go index 3c907bc7..e4b174a8 100644 --- a/pkg/aa/ptrace.go +++ b/pkg/aa/ptrace.go @@ -66,6 +66,17 @@ func (r *Ptrace) Validate() error { return nil } +func (r *Ptrace) Compare(other Rule) int { + o, _ := other.(*Ptrace) + if res := compare(r.Access, o.Access); res != 0 { + return res + } + if res := compare(r.Peer, o.Peer); res != 0 { + return res + } + return r.Qualifier.Compare(o.Qualifier) +} + func (r *Ptrace) Merge(other Rule) bool { o, _ := other.(*Ptrace) @@ -79,14 +90,3 @@ func (r *Ptrace) Merge(other Rule) bool { } return false } - -func (r *Ptrace) Compare(other Rule) int { - o, _ := other.(*Ptrace) - if res := compare(r.Access, o.Access); res != 0 { - return res - } - if res := compare(r.Peer, o.Peer); res != 0 { - return res - } - return r.Qualifier.Compare(o.Qualifier) -} diff --git a/pkg/aa/rlimit.go b/pkg/aa/rlimit.go index 7fffbb78..8efe2fa1 100644 --- a/pkg/aa/rlimit.go +++ b/pkg/aa/rlimit.go @@ -80,3 +80,7 @@ func (r *Rlimit) Compare(other Rule) int { } return compare(r.Value, o.Value) } + +func (r *Rlimit) Merge(other Rule) bool { + return false // Never merge rlimit +} diff --git a/pkg/aa/signal.go b/pkg/aa/signal.go index 30b7aea8..f33304cc 100644 --- a/pkg/aa/signal.go +++ b/pkg/aa/signal.go @@ -89,6 +89,20 @@ func (r *Signal) Validate() error { return nil } +func (r *Signal) Compare(other Rule) int { + o, _ := other.(*Signal) + if res := compare(r.Access, o.Access); res != 0 { + return res + } + if res := compare(r.Set, o.Set); res != 0 { + return res + } + if res := compare(r.Peer, o.Peer); res != 0 { + return res + } + return r.Qualifier.Compare(o.Qualifier) +} + func (r *Signal) Merge(other Rule) bool { o, _ := other.(*Signal) @@ -107,17 +121,3 @@ func (r *Signal) Merge(other Rule) bool { } return false } - -func (r *Signal) Compare(other Rule) int { - o, _ := other.(*Signal) - if res := compare(r.Access, o.Access); res != 0 { - return res - } - if res := compare(r.Set, o.Set); res != 0 { - return res - } - if res := compare(r.Peer, o.Peer); res != 0 { - return res - } - return r.Qualifier.Compare(o.Qualifier) -}