mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(aa): cleanup, fix import and add some unit tests.
This commit is contained in:
parent
3ad55927bf
commit
81f0163086
13 changed files with 86 additions and 5 deletions
|
@ -4,7 +4,9 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "strings"
|
||||
import (
|
||||
"strings"
|
||||
)
|
||||
|
||||
type RuleBase struct {
|
||||
IsLineRule bool
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
|
||||
package aa
|
||||
|
||||
import (
|
||||
"slices"
|
||||
)
|
||||
|
||||
const tokCAPABILITY = "capability"
|
||||
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
package aa
|
||||
|
||||
import (
|
||||
"slices"
|
||||
)
|
||||
|
||||
const tokDBUS = "dbus"
|
||||
|
||||
type Dbus struct {
|
||||
|
|
|
@ -4,6 +4,17 @@
|
|||
|
||||
package aa
|
||||
|
||||
import (
|
||||
"slices"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
tokLINK = "link"
|
||||
tokOWNER = "owner"
|
||||
)
|
||||
|
||||
|
||||
type File struct {
|
||||
RuleBase
|
||||
Qualifier
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "slices"
|
||||
|
||||
const tokIOURING = "io_uring"
|
||||
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
package aa
|
||||
|
||||
import (
|
||||
"slices"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "slices"
|
||||
|
||||
const tokNETWORK = "network"
|
||||
|
||||
|
||||
|
|
|
@ -131,7 +131,7 @@ func (p *Profile) Format() {
|
|||
if letterI != letterJ {
|
||||
// Add a new empty line between Files rule of different type
|
||||
hasOwnerRule = false
|
||||
p.Rules = append(p.Rules[:i], append([]Rule{&RuleBase{}}, p.Rules[i:]...)...)
|
||||
p.Rules = append(p.Rules[:i], append(Rules{nil}, p.Rules[i:]...)...)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -82,3 +82,53 @@ func TestProfile_AddRule(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestProfile_GetAttachments(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
Attachments []string
|
||||
want string
|
||||
}{
|
||||
{
|
||||
name: "firefox",
|
||||
Attachments: []string{
|
||||
"/{usr/,}bin/firefox{,-esr,-bin}",
|
||||
"/{usr/,}lib{,32,64}/firefox{,-esr,-bin}/firefox{,-esr,-bin}",
|
||||
"/opt/firefox{,-esr,-bin}/firefox{,-esr,-bin}",
|
||||
},
|
||||
want: "/{{usr/,}bin/firefox{,-esr,-bin},{usr/,}lib{,32,64}/firefox{,-esr,-bin}/firefox{,-esr,-bin},opt/firefox{,-esr,-bin}/firefox{,-esr,-bin}}",
|
||||
},
|
||||
{
|
||||
name: "geoclue",
|
||||
Attachments: []string{
|
||||
"/{usr/,}libexec/geoclue",
|
||||
"/{usr/,}libexec/geoclue-2.0/demos/agent",
|
||||
},
|
||||
want: "/{{usr/,}libexec/geoclue,{usr/,}libexec/geoclue-2.0/demos/agent}",
|
||||
},
|
||||
{
|
||||
name: "null",
|
||||
Attachments: []string{},
|
||||
want: "",
|
||||
},
|
||||
{
|
||||
name: "empty",
|
||||
Attachments: []string{""},
|
||||
want: "",
|
||||
},
|
||||
{
|
||||
name: "not valid aare",
|
||||
Attachments: []string{"/file", "relative"},
|
||||
want: "/{file,relative}",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
p := &Profile{}
|
||||
p.Attachments = tt.Attachments
|
||||
if got := p.GetAttachments(); got != tt.want {
|
||||
t.Errorf("Profile.GetAttachments() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "slices"
|
||||
|
||||
const tokPTRACE = "ptrace"
|
||||
|
||||
type Ptrace struct {
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "slices"
|
||||
|
||||
const tokSIGNAL = "signal"
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ var (
|
|||
tokINCLUDE, tokRLIMIT, tokCAPABILITY, tokNETWORK,
|
||||
tokMOUNT, tokPIVOTROOT, tokCHANGEPROFILE, tokSIGNAL,
|
||||
tokPTRACE, tokUNIX, tokUSERNS, tokIOURING,
|
||||
tokDBUS, "file",
|
||||
tokDBUS, "file", "variable",
|
||||
})
|
||||
|
||||
// convert apparmor requested mask to apparmor access mode
|
||||
|
@ -73,7 +73,7 @@ var (
|
|||
"profile",
|
||||
"include_if_exists",
|
||||
}
|
||||
ruleWeights = map[string]int{}
|
||||
ruleWeights = make(map[string]int, len(ruleAlphabet))
|
||||
|
||||
// The order the apparmor file rules should be sorted
|
||||
fileAlphabet = []string{
|
||||
|
@ -98,8 +98,9 @@ var (
|
|||
"@{PROC}", // 10. Proc files
|
||||
"/dev", // 11. Dev files
|
||||
"deny", // 12. Deny rules
|
||||
"profile", // 13. Subprofiles
|
||||
}
|
||||
fileWeights = map[string]int{}
|
||||
fileWeights = make(map[string]int, len(fileAlphabet))
|
||||
)
|
||||
|
||||
func generateTemplates(names []string) map[string]*template.Template {
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
package aa
|
||||
|
||||
import "slices"
|
||||
|
||||
const tokUNIX = "unix"
|
||||
|
||||
type Unix struct {
|
||||
|
|
Loading…
Reference in a new issue