build: exex directive: sort & cleanup generated rules.

This commit is contained in:
Alexandre Pujol 2024-03-22 20:56:04 +00:00
parent 73fe7a7475
commit d5470b8404
Failed to generate hash of commit
2 changed files with 9 additions and 9 deletions

View file

@ -24,7 +24,6 @@ func init() {
} }
func (d Exec) Apply(opt *Option, profile string) string { func (d Exec) Apply(opt *Option, profile string) string {
res := ""
transition := "Px" transition := "Px"
transitions := []string{"P", "U", "p", "u", "PU", "pu"} transitions := []string{"P", "U", "p", "u", "PU", "pu"}
for _, t := range transitions { for _, t := range transitions {
@ -35,6 +34,7 @@ func (d Exec) Apply(opt *Option, profile string) string {
} }
} }
p := &aa.AppArmorProfile{}
for name := range opt.Args { for name := range opt.Args {
content, err := rootApparmord.Join(name).ReadFile() content, err := rootApparmord.Join(name).ReadFile()
if err != nil { if err != nil {
@ -42,7 +42,6 @@ func (d Exec) Apply(opt *Option, profile string) string {
} }
profiletoTransition := string(content) profiletoTransition := string(content)
p := &aa.AppArmorProfile{}
dstProfile := aa.DefaultTunables() dstProfile := aa.DefaultTunables()
dstProfile.ParseVariables(profiletoTransition) dstProfile.ParseVariables(profiletoTransition)
for _, variable := range dstProfile.Variables { for _, variable := range dstProfile.Variables {
@ -56,7 +55,10 @@ func (d Exec) Apply(opt *Option, profile string) string {
break break
} }
} }
res += p.String()
} }
return strings.Replace(profile, opt.Raw, res, -1) p.Sort()
rules := p.String()
lenRules := len(rules)
rules = rules[:lenRules-1]
return strings.Replace(profile, opt.Raw, rules, -1)
} }

View file

@ -28,9 +28,8 @@ func TestExec_Apply(t *testing.T) {
Raw: " #aa:exec DiscoverNotifier", Raw: " #aa:exec DiscoverNotifier",
}, },
profile: ` #aa:exec DiscoverNotifier`, profile: ` #aa:exec DiscoverNotifier`,
want: ` @{lib}/DiscoverNotifier Px, want: ` @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
@{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px, @{lib}/DiscoverNotifier Px,`,
`,
}, },
{ {
name: "exec-unconfined", name: "exec-unconfined",
@ -43,8 +42,7 @@ func TestExec_Apply(t *testing.T) {
}, },
profile: ` #aa:exec U polkit-agent-helper`, profile: ` #aa:exec U polkit-agent-helper`,
want: ` @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux, want: ` @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux,
@{lib}/polkit-agent-helper-[0-9] Ux, @{lib}/polkit-agent-helper-[0-9] Ux,`,
`,
}, },
} }
for _, tt := range tests { for _, tt := range tests {