apparmor.d/pkg/aa/preamble.go
2024-05-27 18:55:21 +01:00

309 lines
5.5 KiB
Go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only
package aa
import (
"fmt"
"slices"
"strings"
)
const (
tokABI = "abi"
tokALIAS = "alias"
tokINCLUDE = "include"
tokIFEXISTS = "if exists"
tokVARIABLE = "@{"
tokCOMMENT = "#"
)
type Comment struct {
RuleBase
}
func newComment(rule []string) (Rule, error) {
base := newRule(rule)
base.IsLineRule = true
return &Comment{RuleBase: base}, nil
}
func (r *Comment) Validate() error {
return nil
}
func (r *Comment) Less(other any) bool {
return false
}
func (r *Comment) Equals(other any) bool {
return false
}
func (r *Comment) String() string {
return renderTemplate("comment", r)
}
func (r *Comment) IsPreamble() bool {
return true
}
func (r *Comment) Constraint() constraint {
return anyKind
}
func (r *Comment) Kind() string {
return tokCOMMENT
}
type Abi struct {
RuleBase
Path string
IsMagic bool
}
func newAbi(rule []string) (Rule, error) {
var magic bool
if len(rule) > 0 && rule[0] == tokABI {
rule = rule[1:]
}
if len(rule) != 1 {
return nil, fmt.Errorf("invalid abi format: %s", rule)
}
path := rule[0]
switch {
case path[0] == '"':
magic = false
case path[0] == '<':
magic = true
default:
return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
}
return &Abi{
RuleBase: newRule(rule),
Path: strings.Trim(path, "\"<>"),
IsMagic: magic,
}, nil
}
func (r *Abi) Validate() error {
return nil
}
func (r *Abi) Less(other any) bool {
o, _ := other.(*Abi)
if r.Path != o.Path {
return r.Path < o.Path
}
return r.IsMagic == o.IsMagic
}
func (r *Abi) Equals(other any) bool {
o, _ := other.(*Abi)
return r.Path == o.Path && r.IsMagic == o.IsMagic
}
func (r *Abi) String() string {
return renderTemplate(r.Kind(), r)
}
func (r *Abi) Constraint() constraint {
return preambleKind
}
func (r *Abi) Kind() string {
return tokABI
}
type Alias struct {
RuleBase
Path string
RewrittenPath string
}
func newAlias(rule []string) (Rule, error) {
if len(rule) > 0 && rule[0] == tokALIAS {
rule = rule[1:]
}
if len(rule) != 3 {
return nil, fmt.Errorf("invalid alias format: %s", rule)
}
if rule[1] != tokARROW {
return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
}
return &Alias{
RuleBase: newRule(rule),
Path: rule[0],
RewrittenPath: rule[2],
}, nil
}
func (r *Alias) Validate() error {
return nil
}
func (r Alias) Less(other any) bool {
o, _ := other.(*Alias)
if r.Path != o.Path {
return r.Path < o.Path
}
return r.RewrittenPath < o.RewrittenPath
}
func (r Alias) Equals(other any) bool {
o, _ := other.(*Alias)
return r.Path == o.Path && r.RewrittenPath == o.RewrittenPath
}
func (r *Alias) String() string {
return renderTemplate(r.Kind(), r)
}
func (r *Alias) Constraint() constraint {
return preambleKind
}
func (r *Alias) Kind() string {
return tokALIAS
}
type Include struct {
RuleBase
IfExists bool
Path string
IsMagic bool
}
func newInclude(rule []string) (Rule, error) {
var magic bool
var ifexists bool
if len(rule) > 0 && rule[0] == tokINCLUDE {
rule = rule[1:]
}
size := len(rule)
if size == 0 {
return nil, fmt.Errorf("invalid include format: %v", rule)
}
if size >= 3 && strings.Join(rule[:2], " ") == tokIFEXISTS {
ifexists = true
rule = rule[2:]
}
path := rule[0]
switch {
case path[0] == '"':
magic = false
case path[0] == '<':
magic = true
default:
return nil, fmt.Errorf("invalid path format: %v", path)
}
return &Include{
RuleBase: newRule(rule),
IfExists: ifexists,
Path: strings.Trim(path, "\"<>"),
IsMagic: magic,
}, nil
}
func (r *Include) Validate() error {
return nil
}
func (r *Include) Less(other any) bool {
o, _ := other.(*Include)
if r.Path == o.Path {
return r.Path < o.Path
}
if r.IsMagic != o.IsMagic {
return r.IsMagic
}
return r.IfExists
}
func (r *Include) Equals(other any) bool {
o, _ := other.(*Include)
return r.Path == o.Path && r.IsMagic == o.IsMagic && r.IfExists == o.IfExists
}
func (r *Include) String() string {
return renderTemplate(r.Kind(), r)
}
func (r *Include) Constraint() constraint {
return anyKind
}
func (r *Include) Kind() string {
return tokINCLUDE
}
type Variable struct {
RuleBase
Name string
Values []string
Define bool
}
func newVariable(rule []string) (Rule, error) {
var define bool
var values []string
if len(rule) < 3 {
return nil, fmt.Errorf("invalid variable format: %v", rule)
}
name := strings.Trim(rule[0], tokVARIABLE+"}")
switch rule[1] {
case tokEQUAL:
define = true
values = tokensStripComment(rule[2:])
case tokPLUS:
if rule[2] != tokEQUAL {
return nil, fmt.Errorf("invalid operator in variable: %v", rule)
}
define = false
values = tokensStripComment(rule[3:])
default:
return nil, fmt.Errorf("invalid operator in variable: %v", rule)
}
return &Variable{
RuleBase: newRule(rule),
Name: name,
Values: values,
Define: define,
}, nil
}
func (r *Variable) Validate() error {
return nil
}
func (r *Variable) Less(other any) bool {
o, _ := other.(*Variable)
if r.Name != o.Name {
return r.Name < o.Name
}
return len(r.Values) < len(o.Values)
}
func (r *Variable) Equals(other any) bool {
o, _ := other.(*Variable)
return r.Name == o.Name && slices.Equal(r.Values, o.Values)
}
func (r *Variable) String() string {
return renderTemplate("variable", r)
}
func (r *Variable) Constraint() constraint {
return preambleKind
}
func (r *Variable) Kind() string {
return tokVARIABLE
}