apparmor.d/pkg/prebuild/prebuild.go
Alexandre Pujol 89abbae6bd
Merge branch 'feat/aa'
Improve go apparmor lib.

* aa: (62 commits)
  feat(aa): handle appending value to defined variables.
  chore(aa): cosmetic.
  fix: userspace prebuild test.
  chore: cleanup unit test.
  feat(aa): improve log conversion.
  feat(aa): move conversion function to its own file & add unit tests.
  fix: go linter issue & not defined variables.
  tests(aa): improve aa unit tests.
  tests(aa): improve rules unit tests.
  feat(aa): ensure the prebuild jobs are working.
  feat(aa): add more unit tests.
  chore(aa): cleanup.
  feat(aa): Move sort, merge and format methods to the rules interface.
  feat(aa): add the hat template.
  feat(aa): add the Kind struct to manage aa rules.
  feat(aa): cleanup rules methods.
  feat(aa): add function to resolve include preamble.
  feat(aa): updaqte mount flags order.
  feat(aa): update default tunable selection.
  feat(aa): parse apparmor preamble files.
  ...
2024-05-30 19:29:34 +01:00

113 lines
2.6 KiB
Go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only
package prebuild
import (
"strings"
"github.com/roddhjav/apparmor.d/pkg/logging"
"github.com/roddhjav/apparmor.d/pkg/paths"
"github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
"github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
"github.com/roddhjav/apparmor.d/pkg/util"
)
func init() {
// Define the tasks applied by default
prepare.Register(
"synchronise",
"ignore",
"merge",
"configure",
"setflags",
"systemd-default",
)
// Build tasks applied by default
builder.Register("userspace")
builder.Register("dev")
switch cfg.Distribution {
case "ubuntu":
if cfg.Release["VERSION_CODENAME"] == "noble" {
builder.Register("abi3")
cfg.Overwrite.Enabled = true
}
case "whonix":
cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
/etc/apparmor.d/home.tor-browser.firefox
/etc/apparmor.d/tunables/home.d/anondist
/etc/apparmor.d/tunables/home.d/live-mode
/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist
/etc/apparmor.d/usr.bin.hexchat
/etc/apparmor.d/usr.bin.sdwdate
/etc/apparmor.d/usr.bin.systemcheck
/etc/apparmor.d/usr.bin.timesanitycheck
/etc/apparmor.d/usr.bin.url_to_unixtime
/etc/apparmor.d/whonix-firewall
`
}
}
func Prepare() error {
for _, task := range prepare.Prepares {
msg, err := task.Apply()
if err != nil {
return err
}
logging.Success("%s", task.Message())
logging.Indent = " "
for _, line := range msg {
if strings.Contains(line, "not found") {
logging.Warning("%s", line)
} else {
logging.Bullet("%s", line)
}
}
logging.Indent = ""
}
return nil
}
func Build() error {
files, _ := cfg.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories())
for _, file := range files {
if !file.Exist() {
continue
}
profile, err := util.ReadFile(file)
if err != nil {
return err
}
profile, err = builder.Run(file, profile)
if err != nil {
return err
}
profile, err = directive.Run(file, profile)
if err != nil {
return err
}
if err := file.WriteFile([]byte(profile)); err != nil {
return err
}
}
logging.Success("Build tasks:")
logging.Indent = " "
for _, task := range builder.Builds {
logging.Bullet("%s", task.Message())
}
logging.Indent = ""
logging.Success("Directives processed:")
logging.Indent = " "
for _, dir := range directive.Directives {
logging.Bullet("%s%s", directive.Keyword, dir.Name())
}
logging.Indent = ""
return nil
}