diff --git a/pkg/aa/all.go b/pkg/aa/all.go index 3004bbf9..1ca5ba70 100644 --- a/pkg/aa/all.go +++ b/pkg/aa/all.go @@ -16,6 +16,18 @@ func newAll(q Qualifier, rule rule) (Rule, error) { return &All{Base: newBase(rule)}, nil } +func (r *All) Kind() Kind { + return ALL +} + +func (r *All) Constraint() constraint { + return blockKind +} + +func (r *All) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *All) Validate() error { return nil } @@ -29,15 +41,3 @@ func (r *All) Merge(other Rule) bool { b := &r.Base return b.merge(o.Base) } - -func (r *All) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *All) Constraint() constraint { - return blockKind -} - -func (r *All) Kind() Kind { - return ALL -} diff --git a/pkg/aa/blocks.go b/pkg/aa/blocks.go index 85f75495..ed1f8fde 100644 --- a/pkg/aa/blocks.go +++ b/pkg/aa/blocks.go @@ -15,6 +15,18 @@ type Hat struct { Rules Rules } +func (p *Hat) Kind() Kind { + return HAT +} + +func (p *Hat) Constraint() constraint { + return blockKind +} + +func (p *Hat) String() string { + return renderTemplate(p.Kind(), p) +} + func (r *Hat) Validate() error { return nil } @@ -23,15 +35,3 @@ func (r *Hat) Compare(other Rule) int { o, _ := other.(*Hat) return compare(r.Name, o.Name) } - -func (p *Hat) String() string { - return renderTemplate(p.Kind(), p) -} - -func (p *Hat) Constraint() constraint { - return blockKind -} - -func (p *Hat) Kind() Kind { - return HAT -} diff --git a/pkg/aa/capability.go b/pkg/aa/capability.go index 8a4d453b..d3629411 100644 --- a/pkg/aa/capability.go +++ b/pkg/aa/capability.go @@ -51,6 +51,18 @@ func newCapabilityFromLog(log map[string]string) Rule { } } +func (r *Capability) Kind() Kind { + return CAPABILITY +} + +func (r *Capability) Constraint() constraint { + return blockKind +} + +func (r *Capability) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Capability) Validate() error { if err := validateValues(r.Kind(), "name", r.Names); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -65,15 +77,3 @@ func (r *Capability) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *Capability) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Capability) Constraint() constraint { - return blockKind -} - -func (r *Capability) Kind() Kind { - return CAPABILITY -} diff --git a/pkg/aa/change_profile.go b/pkg/aa/change_profile.go index 4fc35a32..a6e3bb6e 100644 --- a/pkg/aa/change_profile.go +++ b/pkg/aa/change_profile.go @@ -67,6 +67,18 @@ func newChangeProfileFromLog(log map[string]string) Rule { } } +func (r *ChangeProfile) Kind() Kind { + return CHANGEPROFILE +} + +func (r *ChangeProfile) Constraint() constraint { + return blockKind +} + +func (r *ChangeProfile) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *ChangeProfile) Validate() error { if err := validateValues(r.Kind(), "mode", []string{r.ExecMode}); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -87,15 +99,3 @@ func (r *ChangeProfile) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *ChangeProfile) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *ChangeProfile) Constraint() constraint { - return blockKind -} - -func (r *ChangeProfile) Kind() Kind { - return CHANGEPROFILE -} diff --git a/pkg/aa/dbus.go b/pkg/aa/dbus.go index 95b73153..13a60028 100644 --- a/pkg/aa/dbus.go +++ b/pkg/aa/dbus.go @@ -74,6 +74,18 @@ func newDbusFromLog(log map[string]string) Rule { } } +func (r *Dbus) Kind() Kind { + return DBUS +} + +func (r *Dbus) Constraint() constraint { + return blockKind +} + +func (r *Dbus) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Dbus) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -125,15 +137,3 @@ func (r *Dbus) Merge(other Rule) bool { } return false } - -func (r *Dbus) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Dbus) Constraint() constraint { - return blockKind -} - -func (r *Dbus) Kind() Kind { - return DBUS -} diff --git a/pkg/aa/file.go b/pkg/aa/file.go index 1955884c..3b58e4e1 100644 --- a/pkg/aa/file.go +++ b/pkg/aa/file.go @@ -103,6 +103,18 @@ func newFileFromLog(log map[string]string) Rule { } } +func (r *File) Kind() Kind { + return FILE +} + +func (r *File) Constraint() constraint { + return blockKind +} + +func (r *File) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *File) Validate() error { return nil } @@ -144,18 +156,6 @@ func (r *File) Merge(other Rule) bool { return false } -func (r *File) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *File) Constraint() constraint { - return blockKind -} - -func (r *File) Kind() Kind { - return FILE -} - type Link struct { Base Qualifier @@ -209,6 +209,18 @@ func newLinkFromLog(log map[string]string) Rule { } } +func (r *Link) Kind() Kind { + return LINK +} + +func (r *Link) Constraint() constraint { + return blockKind +} + +func (r *Link) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Link) Validate() error { return nil } @@ -230,15 +242,3 @@ func (r *Link) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *Link) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Link) Constraint() constraint { - return blockKind -} - -func (r *Link) Kind() Kind { - return LINK -} diff --git a/pkg/aa/io_uring.go b/pkg/aa/io_uring.go index 40152cee..6d7755d1 100644 --- a/pkg/aa/io_uring.go +++ b/pkg/aa/io_uring.go @@ -45,6 +45,18 @@ func newIOUringFromLog(log map[string]string) Rule { } } +func (r *IOUring) Kind() Kind { + return IOURING +} + +func (r *IOUring) Constraint() constraint { + return blockKind +} + +func (r *IOUring) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *IOUring) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -76,15 +88,3 @@ func (r *IOUring) Merge(other Rule) bool { } return false } - -func (r *IOUring) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *IOUring) Constraint() constraint { - return blockKind -} - -func (r *IOUring) Kind() Kind { - return IOURING -} diff --git a/pkg/aa/mount.go b/pkg/aa/mount.go index 37f2aa3f..9833ac8f 100644 --- a/pkg/aa/mount.go +++ b/pkg/aa/mount.go @@ -120,6 +120,18 @@ func newMountFromLog(log map[string]string) Rule { } } +func (r *Mount) Kind() Kind { + return MOUNT +} + +func (r *Mount) Constraint() constraint { + return blockKind +} + +func (r *Mount) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Mount) Validate() error { if err := r.MountConditions.Validate(); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -156,18 +168,6 @@ func (r *Mount) Merge(other Rule) bool { return false } -func (r *Mount) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Mount) Constraint() constraint { - return blockKind -} - -func (r *Mount) Kind() Kind { - return MOUNT -} - type Umount struct { Base Qualifier @@ -202,6 +202,18 @@ func newUmountFromLog(log map[string]string) Rule { } } +func (r *Umount) Kind() Kind { + return UMOUNT +} + +func (r *Umount) Constraint() constraint { + return blockKind +} + +func (r *Umount) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Umount) Validate() error { if err := r.MountConditions.Validate(); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -234,18 +246,6 @@ func (r *Umount) Merge(other Rule) bool { return false } -func (r *Umount) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Umount) Constraint() constraint { - return blockKind -} - -func (r *Umount) Kind() Kind { - return UMOUNT -} - type Remount struct { Base Qualifier @@ -281,6 +281,18 @@ func newRemountFromLog(log map[string]string) Rule { } } +func (r *Remount) Kind() Kind { + return REMOUNT +} + +func (r *Remount) Constraint() constraint { + return blockKind +} + +func (r *Remount) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Remount) Validate() error { if err := r.MountConditions.Validate(); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -312,15 +324,3 @@ func (r *Remount) Merge(other Rule) bool { } return false } - -func (r *Remount) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Remount) Constraint() constraint { - return blockKind -} - -func (r *Remount) Kind() Kind { - return REMOUNT -} diff --git a/pkg/aa/mqueue.go b/pkg/aa/mqueue.go index 67b0ad2f..b511666c 100644 --- a/pkg/aa/mqueue.go +++ b/pkg/aa/mqueue.go @@ -73,6 +73,18 @@ func newMqueueFromLog(log map[string]string) Rule { } } +func (r *Mqueue) Kind() Kind { + return MQUEUE +} + +func (r *Mqueue) Constraint() constraint { + return blockKind +} + +func (r *Mqueue) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Mqueue) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -110,15 +122,3 @@ func (r *Mqueue) Merge(other Rule) bool { } return false } - -func (r *Mqueue) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Mqueue) Constraint() constraint { - return blockKind -} - -func (r *Mqueue) Kind() Kind { - return MQUEUE -} diff --git a/pkg/aa/network.go b/pkg/aa/network.go index 0820e187..989b9b16 100644 --- a/pkg/aa/network.go +++ b/pkg/aa/network.go @@ -99,6 +99,18 @@ func newNetworkFromLog(log map[string]string) Rule { } } +func (r *Network) Kind() Kind { + return NETWORK +} + +func (r *Network) Constraint() constraint { + return blockKind +} + +func (r *Network) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Network) Validate() error { if err := validateValues(r.Kind(), "domains", []string{r.Domain}); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -128,15 +140,3 @@ func (r *Network) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *Network) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Network) Constraint() constraint { - return blockKind -} - -func (r *Network) Kind() Kind { - return NETWORK -} diff --git a/pkg/aa/pivot_root.go b/pkg/aa/pivot_root.go index e0b8452c..219435fc 100644 --- a/pkg/aa/pivot_root.go +++ b/pkg/aa/pivot_root.go @@ -50,6 +50,18 @@ func newPivotRootFromLog(log map[string]string) Rule { } } +func (r *PivotRoot) Kind() Kind { + return PIVOTROOT +} + +func (r *PivotRoot) Constraint() constraint { + return blockKind +} + +func (r *PivotRoot) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *PivotRoot) Validate() error { return nil } @@ -67,15 +79,3 @@ func (r *PivotRoot) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *PivotRoot) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *PivotRoot) Constraint() constraint { - return blockKind -} - -func (r *PivotRoot) Kind() Kind { - return PIVOTROOT -} diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go index fdff066c..c66471c0 100644 --- a/pkg/aa/preamble.go +++ b/pkg/aa/preamble.go @@ -29,24 +29,24 @@ func newComment(rule rule) (Rule, error) { return &Comment{Base: base}, nil } -func (r *Comment) Validate() error { - return nil -} - -func (r *Comment) Compare(other Rule) int { - return 0 // Comments are always equal to each other as they are not compared -} - -func (r *Comment) String() string { - return renderTemplate(r.Kind(), r) +func (r *Comment) Kind() Kind { + return COMMENT } func (r *Comment) Constraint() constraint { return anyKind } -func (r *Comment) Kind() Kind { - return COMMENT +func (r *Comment) String() string { + return renderTemplate(r.Kind(), r) +} + +func (r *Comment) Validate() error { + return nil +} + +func (r *Comment) Compare(other Rule) int { + return 0 // Comments are always equal to each other as they are not compared } type Abi struct { @@ -77,6 +77,18 @@ func newAbi(q Qualifier, rule rule) (Rule, error) { }, nil } +func (r *Abi) Kind() Kind { + return ABI +} + +func (r *Abi) Constraint() constraint { + return preambleKind +} + +func (r *Abi) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Abi) Validate() error { return nil } @@ -89,18 +101,6 @@ func (r *Abi) Compare(other Rule) int { return compare(r.IsMagic, o.IsMagic) } -func (r *Abi) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Abi) Constraint() constraint { - return preambleKind -} - -func (r *Abi) Kind() Kind { - return ABI -} - type Alias struct { Base Path string @@ -121,6 +121,18 @@ func newAlias(q Qualifier, rule rule) (Rule, error) { }, nil } +func (r *Alias) Kind() Kind { + return ALIAS +} + +func (r *Alias) Constraint() constraint { + return preambleKind +} + +func (r *Alias) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Alias) Validate() error { return nil } @@ -133,18 +145,6 @@ func (r *Alias) Compare(other Rule) int { return compare(r.RewrittenPath, o.RewrittenPath) } -func (r *Alias) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Alias) Constraint() constraint { - return preambleKind -} - -func (r *Alias) Kind() Kind { - return ALIAS -} - type Include struct { Base IfExists bool @@ -184,6 +184,18 @@ func newInclude(rule rule) (Rule, error) { }, nil } +func (r *Include) Kind() Kind { + return INCLUDE +} + +func (r *Include) Constraint() constraint { + return anyKind +} + +func (r *Include) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Include) Validate() error { return nil } @@ -206,18 +218,6 @@ func (r *Include) Compare(other Rule) int { return compare(r.IfExists, o.IfExists) } -func (r *Include) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Include) Constraint() constraint { - return anyKind -} - -func (r *Include) Kind() Kind { - return INCLUDE -} - type Variable struct { Base Name string @@ -252,19 +252,20 @@ func newVariable(rule rule) (Rule, error) { }, nil } -func (r *Variable) Validate() error { - return nil +func (r *Variable) Kind() Kind { + return VARIABLE } -func (r *Variable) Merge(other Rule) bool { - o, _ := other.(*Variable) +func (r *Variable) Constraint() constraint { + return preambleKind +} - if r.Name == o.Name && r.Define == o.Define { - r.Values = merge(r.Kind(), "access", r.Values, o.Values) - b := &r.Base - return b.merge(o.Base) - } - return false +func (r *Variable) String() string { + return renderTemplate(r.Kind(), r) +} + +func (r *Variable) Validate() error { + return nil } func (r *Variable) Compare(other Rule) int { @@ -278,14 +279,13 @@ func (r *Variable) Compare(other Rule) int { return compare(r.Values, o.Values) } -func (r *Variable) String() string { - return renderTemplate(r.Kind(), r) -} +func (r *Variable) Merge(other Rule) bool { + o, _ := other.(*Variable) -func (r *Variable) Constraint() constraint { - return preambleKind -} - -func (r *Variable) Kind() Kind { - return VARIABLE + if r.Name == o.Name && r.Define == o.Define { + r.Values = merge(r.Kind(), "access", r.Values, o.Values) + b := &r.Base + return b.merge(o.Base) + } + return false } diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index ae6e0145..c1400da4 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -69,6 +69,18 @@ func newHeader(rule rule) (Header, error) { }, nil } +func (p *Profile) Kind() Kind { + return PROFILE +} + +func (p *Profile) Constraint() constraint { + return blockKind +} + +func (p *Profile) String() string { + return renderTemplate(p.Kind(), p) +} + func (r *Profile) Validate() error { if err := validateValues(r.Kind(), tokFLAGS, r.Flags); err != nil { return fmt.Errorf("profile %s: %w", r.Name, err) @@ -84,18 +96,6 @@ func (r *Profile) Compare(other Rule) int { return compare(r.Attachments, o.Attachments) } -func (p *Profile) String() string { - return renderTemplate(p.Kind(), p) -} - -func (p *Profile) Constraint() constraint { - return blockKind -} - -func (p *Profile) Kind() Kind { - return PROFILE -} - func (p *Profile) Merge(other Rule) bool { slices.Sort(p.Flags) p.Flags = slices.Compact(p.Flags) diff --git a/pkg/aa/ptrace.go b/pkg/aa/ptrace.go index 82883bb2..3c907bc7 100644 --- a/pkg/aa/ptrace.go +++ b/pkg/aa/ptrace.go @@ -47,6 +47,18 @@ func newPtraceFromLog(log map[string]string) Rule { } } +func (r *Ptrace) Kind() Kind { + return PTRACE +} + +func (r *Ptrace) Constraint() constraint { + return blockKind +} + +func (r *Ptrace) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Ptrace) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -78,15 +90,3 @@ func (r *Ptrace) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *Ptrace) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Ptrace) Constraint() constraint { - return blockKind -} - -func (r *Ptrace) Kind() Kind { - return PTRACE -} diff --git a/pkg/aa/rlimit.go b/pkg/aa/rlimit.go index f362d555..7fffbb78 100644 --- a/pkg/aa/rlimit.go +++ b/pkg/aa/rlimit.go @@ -51,6 +51,18 @@ func newRlimitFromLog(log map[string]string) Rule { } } +func (r *Rlimit) Kind() Kind { + return RLIMIT +} + +func (r *Rlimit) Constraint() constraint { + return blockKind +} + +func (r *Rlimit) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Rlimit) Validate() error { if err := validateValues(r.Kind(), "keys", []string{r.Key}); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -68,15 +80,3 @@ func (r *Rlimit) Compare(other Rule) int { } return compare(r.Value, o.Value) } - -func (r *Rlimit) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Rlimit) Constraint() constraint { - return blockKind -} - -func (r *Rlimit) Kind() Kind { - return RLIMIT -} diff --git a/pkg/aa/rules.go b/pkg/aa/rules.go index d216c758..6a0d6851 100644 --- a/pkg/aa/rules.go +++ b/pkg/aa/rules.go @@ -37,12 +37,12 @@ func (k Kind) Tok() string { // Rule generic interface for all AppArmor rules type Rule interface { + Kind() Kind + Constraint() constraint + String() string Validate() error Compare(other Rule) int Merge(other Rule) bool - String() string - Constraint() constraint - Kind() Kind } type Rules []Rule diff --git a/pkg/aa/signal.go b/pkg/aa/signal.go index aec7117a..30b7aea8 100644 --- a/pkg/aa/signal.go +++ b/pkg/aa/signal.go @@ -67,6 +67,18 @@ func newSignalFromLog(log map[string]string) Rule { } } +func (r *Signal) Kind() Kind { + return SIGNAL +} + +func (r *Signal) Constraint() constraint { + return blockKind +} + +func (r *Signal) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Signal) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -109,15 +121,3 @@ func (r *Signal) Compare(other Rule) int { } return r.Qualifier.Compare(o.Qualifier) } - -func (r *Signal) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Signal) Constraint() constraint { - return blockKind -} - -func (r *Signal) Kind() Kind { - return SIGNAL -} diff --git a/pkg/aa/unix.go b/pkg/aa/unix.go index 490ad7f6..7d882ea4 100644 --- a/pkg/aa/unix.go +++ b/pkg/aa/unix.go @@ -70,6 +70,18 @@ func newUnixFromLog(log map[string]string) Rule { } } +func (r *Unix) Kind() Kind { + return UNIX +} + +func (r *Unix) Constraint() constraint { + return blockKind +} + +func (r *Unix) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Unix) Validate() error { if err := validateValues(r.Kind(), "access", r.Access); err != nil { return fmt.Errorf("%s: %w", r, err) @@ -124,15 +136,3 @@ func (r *Unix) Merge(other Rule) bool { } return false } - -func (r *Unix) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Unix) Constraint() constraint { - return blockKind -} - -func (r *Unix) Kind() Kind { - return UNIX -} diff --git a/pkg/aa/userns.go b/pkg/aa/userns.go index 7e3a7567..baa50f0c 100644 --- a/pkg/aa/userns.go +++ b/pkg/aa/userns.go @@ -42,6 +42,18 @@ func newUsernsFromLog(log map[string]string) Rule { } } +func (r *Userns) Kind() Kind { + return USERNS +} + +func (r *Userns) Constraint() constraint { + return blockKind +} + +func (r *Userns) String() string { + return renderTemplate(r.Kind(), r) +} + func (r *Userns) Validate() error { return nil } @@ -59,15 +71,3 @@ func (r *Userns) Merge(other Rule) bool { b := &r.Base return b.merge(o.Base) } - -func (r *Userns) String() string { - return renderTemplate(r.Kind(), r) -} - -func (r *Userns) Constraint() constraint { - return blockKind -} - -func (r *Userns) Kind() Kind { - return USERNS -}