2016-10-01 20:57:09 +02:00
#! /usr/bin/python3
2016-05-06 22:19:34 +02:00
# ------------------------------------------------------------------
#
# Copyright (C) 2016 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import unittest
from common_test import AATest , setup_all_loops
import gettext
import os
import subprocess
from apparmor . ui import CMDS , get_translated_hotkey
class TestHotkeyConflicts ( AATest ) :
# check if there are any hotkey conflicts in one of the apparmor-utils translations
tests = [
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_OFF ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_OFF
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_NEW ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_NEW
2017-12-17 16:45:49 +01:00
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_OFF ' , ' CMD_USER_ON ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_OFF and CMD_USER_ON
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_OFF ' , ' CMD_USER_OFF ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_OFF and CMD_USER_OFF
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_NEW ' , ' CMD_USER_ON ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_NEW and CMD_USER_ON
( [ ' CMD_ALLOW ' , ' CMD_DENY ' , ' CMD_IGNORE_ENTRY ' , ' CMD_GLOB ' , ' CMD_GLOBEXT ' , ' CMD_NEW ' , ' CMD_AUDIT_NEW ' , ' CMD_USER_OFF ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py available_buttons() with CMD_AUDIT_NEW and CMD_USER_OFF
2016-05-06 22:19:34 +02:00
( [ ' CMD_SAVE_CHANGES ' , ' CMD_SAVE_SELECTED ' , ' CMD_VIEW_CHANGES ' , ' CMD_VIEW_CHANGES_CLEAN ' , ' CMD_ABORT ' ] , True ) , # aa.py save_profiles()
aa-genprof: ask about profiles in extra dir (again)
Thanks to reading the wrong directory in read_inactive_profiles()
(profile_dir instead of extra_profile_dir), aa-genprof never asked about
using a profile from the extra_profile_dir.
Sounds like an easy fix, right? ;-)
After fixing this (last chunk), several other errors popped up, one
after the other:
- get_profile() missed a required parameter in a serialize_profile() call
- when saving the profile, it was written to extra_profile_dir, not to
profile_dir where it (as a now-active profile) should be. This is
fixed by removing the filename from existing_profiles{} so that it can
pick up the default name.
- CMD_FINISHED (when asking if the extra profile should be used or a new
one) behaved exactly like CMD_CREATE_PROFILE, but this is surprising
for the user. Remove it to avoid confusion.
- displaying the extra profile was only implemented in YaST mode
- get_pager() returned None, not an actual pager. Since we have 'less'
hardcoded at several places, also return it in get_pager()
Finally, also remove CMD_FINISHED from the get_profile() test in
test-translations.py.
(test-translations.py is only in trunk, therefore this part of the patch
is obviously trunk-only.)
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk
Acked-by: John Johansen <john.johansen@canonical.com> for trunk + a 50% ACK for 2.10 and 2.9
Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk, 2.10 and 2.9
2016-06-01 21:04:13 +02:00
( [ ' CMD_VIEW_PROFILE ' , ' CMD_USE_PROFILE ' , ' CMD_CREATE_PROFILE ' , ' CMD_ABORT ' ] , True ) , # aa.py get_profile()
2016-05-06 22:19:34 +02:00
( [ ' CMD_UPLOAD_CHANGES ' , ' CMD_VIEW_CHANGES ' , ' CMD_ASK_LATER ' , ' CMD_ASK_NEVER ' , ' CMD_ABORT ' ] , True ) , # aa.py console_select_and_upload_profiles()
( [ ' CMD_ix ' , ' CMD_pix ' , ' CMD_cix ' , ' CMD_nix ' , ' CMD_EXEC_IX_OFF ' , ' CMD_ux ' , ' CMD_DENY ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py build_x_functions() with exec_toggle
( [ ' CMD_ix ' , ' CMD_cx ' , ' CMD_px ' , ' CMD_nx ' , ' CMD_ux ' , ' CMD_EXEC_IX_ON ' , ' CMD_DENY ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py build_x_functions() without exec_toggle
( [ ' CMD_ADDHAT ' , ' CMD_USEDEFAULT ' , ' CMD_DENY ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa.py handle_children()
( [ ' CMD_YES ' , ' CMD_NO ' , ' CMD_CANCEL ' ] , True ) , # ui.py UI_YesNo() and UI_YesNoCancel
2016-05-14 13:25:15 +02:00
( [ ' CMD_SAVE_CHANGES ' , ' CMD_VIEW_CHANGES ' , ' CMD_ABORT ' , ' CMD_IGNORE_ENTRY ' ] , True ) , # aa-mergeprof act()
( [ ' CMD_ALLOW ' , ' CMD_ABORT ' ] , True ) , # aa-mergeprof conflict_mode()
[41/38] let aa-mergeprof ask about new hats and subprofiles
If a merged profile contains additional hats or subprofiles, the "old"
aa-mergeprof silently created them as additional hasher elements (partly
buggy, because subprofiles would end up as '^/subprofile' instead of
'profile /subprofile'). After switching to FileRule, aa-mergeprof crashes
on new hats or subprofiles.
This patch adds code to ask the user if the new hat or subprofile should
be added - which means this patch replaces two bugs (crash + silently
adding subprofiles and hats) with a new feature ;-)
The new questions also add a new text CMD_ADDSUBPROFILE in ui.py.
Finally, the new "button" combinations get added to test-translations.py.
If you want to test, try to aa-mergeprof this profile (the subprofile
and hat are dummies, nothing ping would really require):
#include <tunables/global>
/{usr/,}bin/ping {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
network inet6 raw,
/{,usr/}bin/ping mixr,
/etc/modules.conf r,
^hat {
/bin/hat r,
/bin/bash px,
}
profile /subprofile {
/bin/subprofile r,
/bin/bash px,
}
# Site-specific additions and overrides. See local/README for details.
#include <local/bin.ping>
}
Note that this patch is not covered by unittests, but it passed all my
manual tests.
Acked-by: Steve Beattie <steve@nxnw.org>
Bug: https://launchpad.net/bugs/1507469
2016-10-01 20:21:06 +02:00
( [ ' CMD_ADDSUBPROFILE ' , ' CMD_DENY ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa-mergeprof ask_the_questions() - new subprofile
( [ ' CMD_ADDHAT ' , ' CMD_DENY ' , ' CMD_ABORT ' , ' CMD_FINISHED ' ] , True ) , # aa-mergeprof ask_the_questions() - new hat
2016-05-06 22:19:34 +02:00
]
def _run_test ( self , params , expected ) :
self . createTmpdir ( )
subprocess . call ( " make -C ../po >/dev/null " , shell = True )
subprocess . call ( " DESTDIR= %s NAME=apparmor-utils make -C ../po install >/dev/null " % self . tmpdir , shell = True )
self . localedir = ' %s /usr/share/locale ' % self . tmpdir
self . languages = os . listdir ( self . localedir )
# make sure we found all translations
if len ( self . languages ) < 15 :
raise Exception ( ' None or not all languages found, only %s ' % self . languages )
self . languages . append ( ' C ' ) # we also want to detect hotkey conflicts in the untranslated english strings
for language in self . languages :
t = gettext . translation ( ' apparmor-utils ' , fallback = True , localedir = self . localedir , languages = [ language ] )
keys = dict ( )
for key in params :
text = t . gettext ( CMDS [ key ] )
hotkey = get_translated_hotkey ( text )
if keys . get ( hotkey ) :
raise Exception ( " Hotkey conflict: ' %s ' and ' %s ' in language %s " % ( keys [ hotkey ] , text , language ) )
else :
keys [ hotkey ] = text
setup_all_loops ( __name__ )
if __name__ == ' __main__ ' :
2018-04-08 20:18:30 +02:00
unittest . main ( verbosity = 1 )
