feat(prebuilt): update aa usage to the last changes.

2024-11-14 23:43:56 +01:00 · 2024-04-23 21:43:22 +01:00 · 2024-04-23 21:43:22 +01:00 · 8bb6f07950
commit 8bb6f07950
parent de73c9b706
3 changed files with 37 additions and 34 deletions
--- a/pkg/prebuild/directive/dbus.go
+++ b/pkg/prebuild/directive/dbus.go
@ -51,17 +51,20 @@ func setInterfaces(rules map[string]string) []string {
 }

 func (d Dbus) Apply(opt *Option, profile string) string {
-	var p *aa.AppArmorProfileFile
+	var r aa.Rules

 	action := d.sanityCheck(opt)
 	switch action {
 	case "own":
-		p = d.own(opt.ArgMap)
+		r = d.own(opt.ArgMap)
 	case "talk":
-		p = d.talk(opt.ArgMap)
+		r = d.talk(opt.ArgMap)
 	}

-	generatedDbus := p.String()
+	aa.TemplateIndentationLevel = strings.Count(
+		strings.SplitN(opt.Raw, Keyword, 1)[0], aa.TemplateIndentation,
+	)
+	generatedDbus := r.String()
 	lenDbus := len(generatedDbus)
 	generatedDbus = generatedDbus[:lenDbus-1]
 	profile = strings.Replace(profile, opt.Raw, generatedDbus, -1)
@ -95,16 +98,15 @@ func (d Dbus) sanityCheck(opt *Option) string {
 	return action
 }

-func (d Dbus) own(rules map[string]string) *aa.AppArmorProfileFile {
+func (d Dbus) own(rules map[string]string) aa.Rules {
 	interfaces := setInterfaces(rules)
-	profile := &aa.AppArmorProfileFile{}
-	p := profile.GetDefaultProfile()
-	p.Rules = append(p.Rules, &aa.Dbus{
-		Access: "bind", Bus: rules["bus"], Name: rules["name"],
+	res := aa.Rules{}
+	res = append(res, &aa.Dbus{
+		Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"],
 	})
 	for _, iface := range interfaces {
-		p.Rules = append(p.Rules, &aa.Dbus{
-			Access:    "receive",
+		res = append(res, &aa.Dbus{
+			Access:    []string{"receive"},
 			Bus:       rules["bus"],
 			Path:      rules["path"],
 			Interface: iface,
@ -112,32 +114,31 @@ func (d Dbus) own(rules map[string]string) *aa.AppArmorProfileFile {
 		})
 	}
 	for _, iface := range interfaces {
-		p.Rules = append(p.Rules, &aa.Dbus{
-			Access:    "send",
+		res = append(res, &aa.Dbus{
+			Access:    []string{"send"},
 			Bus:       rules["bus"],
 			Path:      rules["path"],
 			Interface: iface,
 			PeerName:  `"{:1.@{int},org.freedesktop.DBus}"`,
 		})
 	}
-	p.Rules = append(p.Rules, &aa.Dbus{
-		Access:    "receive",
+	res = append(res, &aa.Dbus{
+		Access:    []string{"receive"},
 		Bus:       rules["bus"],
 		Path:      rules["path"],
 		Interface: "org.freedesktop.DBus.Introspectable",
 		Member:    "Introspect",
 		PeerName:  `":1.@{int}"`,
 	})
-	return profile
+	return res
 }

-func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
+func (d Dbus) talk(rules map[string]string) aa.Rules {
 	interfaces := setInterfaces(rules)
-	profile := &aa.AppArmorProfileFile{}
-	p := profile.GetDefaultProfile()
+	res := aa.Rules{}
 	for _, iface := range interfaces {
-		p.Rules = append(p.Rules, &aa.Dbus{
-			Access:    "send",
+		res = append(res, &aa.Dbus{
+			Access:    []string{"send"},
 			Bus:       rules["bus"],
 			Path:      rules["path"],
 			Interface: iface,
@ -146,8 +147,8 @@ func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
 		})
 	}
 	for _, iface := range interfaces {
-		p.Rules = append(p.Rules, &aa.Dbus{
-			Access:    "receive",
+		res = append(res, &aa.Dbus{
+			Access:    []string{"receive"},
 			Bus:       rules["bus"],
 			Path:      rules["path"],
 			Interface: iface,
@ -155,5 +156,5 @@ func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
 			PeerLabel: rules["label"],
 		})
 	}
-	return profile
+	return res
 }
--- a/pkg/prebuild/directive/exec.go
+++ b/pkg/prebuild/directive/exec.go
@ -36,8 +36,7 @@ func (d Exec) Apply(opt *Option, profileRaw string) string {
 		delete(opt.ArgMap, t)
 	}

-	profile := &aa.AppArmorProfileFile{}
-	p := profile.GetDefaultProfile()
+	rules := aa.Rules{}
 	for name := range opt.ArgMap {
 		profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
 		dstProfile := aa.DefaultTunables()
@ -45,18 +44,21 @@ func (d Exec) Apply(opt *Option, profileRaw string) string {
 		for _, variable := range dstProfile.Variables {
 			if variable.Name == "exec_path" {
 				for _, v := range variable.Values {
-					p.Rules = append(p.Rules, &aa.File{
+					rules = append(rules, &aa.File{
 						Path:   v,
-						Access: transition,
+						Access: []string{transition},
 					})
 				}
 				break
 			}
 		}
 	}
-	profile.Sort()
-	rules := profile.String()
-	lenRules := len(rules)
-	rules = rules[:lenRules-1]
-	return strings.Replace(profileRaw, opt.Raw, rules, -1)
+
+	aa.TemplateIndentationLevel = strings.Count(
+		strings.SplitN(opt.Raw, Keyword, 1)[0], aa.TemplateIndentation,
+	)
+	rules.Sort()
+	new := rules.String()
+	new = new[:len(new)-1]
+	return strings.Replace(profileRaw, opt.Raw, new, -1)
 }
--- a/pkg/prebuild/directive/exec_test.go
+++ b/pkg/prebuild/directive/exec_test.go
@ -52,7 +52,7 @@ func TestExec_Apply(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg.RootApparmord = tt.rootApparmord
 			if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
-				t.Errorf("Exec.Apply() = %v, want %v", got, tt.want)
+				t.Errorf("Exec.Apply() = |%v|, want |%v|", got, tt.want)
 			}
 		})
 	}