mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-25 06:27:49 +01:00
build: exex directive: sort & cleanup generated rules.
This commit is contained in:
parent
73fe7a7475
commit
d5470b8404
2 changed files with 9 additions and 9 deletions
|
@ -24,7 +24,6 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d Exec) Apply(opt *Option, profile string) string {
|
func (d Exec) Apply(opt *Option, profile string) string {
|
||||||
res := ""
|
|
||||||
transition := "Px"
|
transition := "Px"
|
||||||
transitions := []string{"P", "U", "p", "u", "PU", "pu"}
|
transitions := []string{"P", "U", "p", "u", "PU", "pu"}
|
||||||
for _, t := range transitions {
|
for _, t := range transitions {
|
||||||
|
@ -35,6 +34,7 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
p := &aa.AppArmorProfile{}
|
||||||
for name := range opt.Args {
|
for name := range opt.Args {
|
||||||
content, err := rootApparmord.Join(name).ReadFile()
|
content, err := rootApparmord.Join(name).ReadFile()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -42,7 +42,6 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
||||||
}
|
}
|
||||||
profiletoTransition := string(content)
|
profiletoTransition := string(content)
|
||||||
|
|
||||||
p := &aa.AppArmorProfile{}
|
|
||||||
dstProfile := aa.DefaultTunables()
|
dstProfile := aa.DefaultTunables()
|
||||||
dstProfile.ParseVariables(profiletoTransition)
|
dstProfile.ParseVariables(profiletoTransition)
|
||||||
for _, variable := range dstProfile.Variables {
|
for _, variable := range dstProfile.Variables {
|
||||||
|
@ -56,7 +55,10 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
res += p.String()
|
|
||||||
}
|
}
|
||||||
return strings.Replace(profile, opt.Raw, res, -1)
|
p.Sort()
|
||||||
|
rules := p.String()
|
||||||
|
lenRules := len(rules)
|
||||||
|
rules = rules[:lenRules-1]
|
||||||
|
return strings.Replace(profile, opt.Raw, rules, -1)
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,9 +28,8 @@ func TestExec_Apply(t *testing.T) {
|
||||||
Raw: " #aa:exec DiscoverNotifier",
|
Raw: " #aa:exec DiscoverNotifier",
|
||||||
},
|
},
|
||||||
profile: ` #aa:exec DiscoverNotifier`,
|
profile: ` #aa:exec DiscoverNotifier`,
|
||||||
want: ` @{lib}/DiscoverNotifier Px,
|
want: ` @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
|
||||||
@{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
|
@{lib}/DiscoverNotifier Px,`,
|
||||||
`,
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "exec-unconfined",
|
name: "exec-unconfined",
|
||||||
|
@ -43,8 +42,7 @@ func TestExec_Apply(t *testing.T) {
|
||||||
},
|
},
|
||||||
profile: ` #aa:exec U polkit-agent-helper`,
|
profile: ` #aa:exec U polkit-agent-helper`,
|
||||||
want: ` @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux,
|
want: ` @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux,
|
||||||
@{lib}/polkit-agent-helper-[0-9] Ux,
|
@{lib}/polkit-agent-helper-[0-9] Ux,`,
|
||||||
`,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
|
Loading…
Reference in a new issue