feat(aa): cleanup, fix import and add some unit tests.

pkg/aa/base.go

@@ -4,7 +4,9 @@
 
 package aa
 
-import "strings"
+import (
+	"strings"
+)
 
 type RuleBase struct {
 	IsLineRule  bool

pkg/aa/capability.go

@@ -4,6 +4,9 @@
 
 package aa
 
+import (
+	"slices"
+)
 
 const tokCAPABILITY = "capability"
 

pkg/aa/dbus.go

@@ -4,6 +4,10 @@
 
 package aa
 
+import (
+	"slices"
+)
+
 const tokDBUS = "dbus"
 
 type Dbus struct {

pkg/aa/file.go

@@ -4,6 +4,17 @@
 
 package aa
 
+import (
+	"slices"
+	"strings"
+)
+
+const (
+	tokLINK  = "link"
+	tokOWNER = "owner"
+)
+
+
 type File struct {
 	RuleBase
 	Qualifier

pkg/aa/io_uring.go

@@ -4,6 +4,8 @@
 
 package aa
 
+import "slices"
+
 const tokIOURING = "io_uring"
 
 

pkg/aa/mqueue.go

@@ -5,6 +5,7 @@
 package aa
 
 import (
+	"slices"
 	"strings"
 )
 

pkg/aa/network.go

@@ -4,6 +4,8 @@
 
 package aa
 
+import "slices"
+
 const tokNETWORK = "network"
 
 

pkg/aa/profile.go

@@ -131,7 +131,7 @@ func (p *Profile) Format() {
 			if letterI != letterJ {
 				// Add a new empty line between Files rule of different type
 				hasOwnerRule = false
-				p.Rules = append(p.Rules[:i], append([]Rule{&RuleBase{}}, p.Rules[i:]...)...)
+				p.Rules = append(p.Rules[:i], append(Rules{nil}, p.Rules[i:]...)...)
 			}
 		}
 	}

pkg/aa/profile_test.go

@@ -82,3 +82,53 @@ func TestProfile_AddRule(t *testing.T) {
 		})
 	}
 }
+
+func TestProfile_GetAttachments(t *testing.T) {
+	tests := []struct {
+		name        string
+		Attachments []string
+		want        string
+	}{
+		{
+			name: "firefox",
+			Attachments: []string{
+				"/{usr/,}bin/firefox{,-esr,-bin}",
+				"/{usr/,}lib{,32,64}/firefox{,-esr,-bin}/firefox{,-esr,-bin}",
+				"/opt/firefox{,-esr,-bin}/firefox{,-esr,-bin}",
+			},
+			want: "/{{usr/,}bin/firefox{,-esr,-bin},{usr/,}lib{,32,64}/firefox{,-esr,-bin}/firefox{,-esr,-bin},opt/firefox{,-esr,-bin}/firefox{,-esr,-bin}}",
+		},
+		{
+			name: "geoclue",
+			Attachments: []string{
+				"/{usr/,}libexec/geoclue",
+				"/{usr/,}libexec/geoclue-2.0/demos/agent",
+			},
+			want: "/{{usr/,}libexec/geoclue,{usr/,}libexec/geoclue-2.0/demos/agent}",
+		},
+		{
+			name:        "null",
+			Attachments: []string{},
+			want:        "",
+		},
+		{
+			name:        "empty",
+			Attachments: []string{""},
+			want:        "",
+		},
+		{
+			name:        "not valid aare",
+			Attachments: []string{"/file", "relative"},
+			want:        "/{file,relative}",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &Profile{}
+			p.Attachments = tt.Attachments
+			if got := p.GetAttachments(); got != tt.want {
+				t.Errorf("Profile.GetAttachments() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

pkg/aa/ptrace.go

@@ -4,6 +4,8 @@
 
 package aa
 
+import "slices"
+
 const tokPTRACE = "ptrace"
 
 type Ptrace struct {

pkg/aa/signal.go

@@ -4,6 +4,7 @@
 
 package aa
 
+import "slices"
 
 const tokSIGNAL = "signal"
 

pkg/aa/template.go

@@ -40,7 +40,7 @@ var (
 		tokINCLUDE, tokRLIMIT, tokCAPABILITY, tokNETWORK,
 		tokMOUNT, tokPIVOTROOT, tokCHANGEPROFILE, tokSIGNAL,
 		tokPTRACE, tokUNIX, tokUSERNS, tokIOURING,
-		tokDBUS, "file",
+		tokDBUS, "file", "variable",
 	})
 
 	// convert apparmor requested mask to apparmor access mode
@@ -73,7 +73,7 @@ var (
 		"profile",
 		"include_if_exists",
 	}
-	ruleWeights = map[string]int{}
+	ruleWeights = make(map[string]int, len(ruleAlphabet))
 
 	// The order the apparmor file rules should be sorted
 	fileAlphabet = []string{
@@ -98,8 +98,9 @@ var (
 		"@{PROC}",             // 10. Proc files
 		"/dev",                // 11. Dev files
 		"deny",                // 12. Deny rules
+		"profile",             // 13. Subprofiles
 	}
-	fileWeights = map[string]int{}
+	fileWeights = make(map[string]int, len(fileAlphabet))
 )
 
 func generateTemplates(names []string) map[string]*template.Template {

pkg/aa/unix.go

@@ -4,6 +4,8 @@
 
 package aa
 
+import "slices"
+
 const tokUNIX = "unix"
 
 type Unix struct {