feat(build): add the exec directive.

2024-11-14 23:43:56 +01:00 · 2024-03-21 22:07:41 +00:00 · 2024-03-21 22:07:41 +00:00 · b32ee4a5a9
commit b32ee4a5a9
parent 8e5f83df34
2 changed files with 92 additions and 0 deletions
--- a/pkg/prebuild/directive/exec.go
+++ b/pkg/prebuild/directive/exec.go
@ -0,0 +1,48 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package directive
+
+import (
+	"strings"
+
+	"github.com/roddhjav/apparmor.d/pkg/aa"
+)
+
+type Exec struct {
+	DirectiveBase
+}
+
+func init() {
+	Directives["exec"] = &Exec{
+		DirectiveBase: DirectiveBase{
+			message: "Exec directive applied",
+			usage:   `#aa:exec [P|U|p|u|i|] profiles_name...`,
+		},
+	}
+}
+
+func (d Exec) Apply(opt *Option, profile string) string {
+	res := ""
+	transition := "Px"
+	for name := range opt.Args {
+		tmp, err := rootApparmord.Join(name).ReadFile()
+		if err != nil {
+			panic(err)
+		}
+		profiletoTransition := string(tmp)
+
+		p := aa.DefaultTunables()
+		p.ParseVariables(profiletoTransition)
+		for _, variable := range p.Variables {
+			if variable.Name == "exec_path" {
+				for _, value := range variable.Values {
+					res += "  " + value + " " + transition + ",\n"
+				}
+			}
+		}
+		profile = strings.Replace(profile, opt.Raw, res, -1)
+	}
+	return profile
+}
--- a/pkg/prebuild/directive/exec_test.go
+++ b/pkg/prebuild/directive/exec_test.go
@ -0,0 +1,44 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package directive
+
+import (
+	"testing"
+
+	"github.com/arduino/go-paths-helper"
+)
+
+func TestExec_Apply(t *testing.T) {
+	tests := []struct {
+		name          string
+		rootApparmord *paths.Path
+		opt           *Option
+		profile       string
+		want          string
+	}{
+		{
+			name:          "exec",
+			rootApparmord: paths.New("../../../apparmor.d/groups/kde/"),
+			opt: &Option{
+				Name: "exec",
+				Args: map[string]string{"DiscoverNotifier": ""},
+				File: nil,
+				Raw:  "  #aa:exec DiscoverNotifier",
+			},
+			profile: `  #aa:exec DiscoverNotifier`,
+			want: `  @{lib}/DiscoverNotifier Px,
+  @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
+`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			rootApparmord = tt.rootApparmord
+			if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
+				t.Errorf("Exec.Apply() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}