mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/aa-mergeprof

202 lines
7.1 KiB
Text
Raw Normal View History

Switch utils to python3 As discussed a while ago, switch the utils (including their tests) to use python3 by default. While on it, drop usage of "env" to always get the system python3 instead of a random one that happens to live somewhere in $PATH. In practise, this patch doesn't change much - AFAIK openSUSE, Debian and Ubuntu already patch aa-* to use python3. Also add a note to README to officially deprecate Python 2.x. (I won't break Python 2.x support intentionally - unless some future change gives me a very good reason to finally drop Python 2.x support.) Acked-by: Seth Arnold <seth.arnold@canonical.com> (since 2016-08-23, but the commit had to wait for the FileRule series because it touches test-file.py)
2016-10-01 20:57:09 +02:00
#! /usr/bin/python3
Added license headers
2013-09-28 20:43:06 +05:30
# ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
[2/7] replace other.aa with log_dict['merge'] Set log_dict['merge'] = other.aa and aamode = 'merge', and use log_dict[aamode] everywhere. This brings aa-mergeprof ask_the_questions() closer to the code in aa.py. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:46:23 +01:00
# Copyright (C) 2014-2017 Christian Boltz <apparmor@cboltz.de>
Added license headers
2013-09-28 20:43:06 +05:30
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# ----------------------------------------------------------------------
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
import argparse
aa-mergeprof: honor -d parameter (it was ignored until now) Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-08-04 20:19:08 +02:00
import os
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
import apparmor.aa
import apparmor.aamode
Re-order imports in aa-mergeprof and rule/capability.py Acked-by: Christian Boltz <apparmor@cboltz.de>
2016-06-10 01:18:32 +05:30
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
import apparmor.severity
seperated the code to check for duplicates into a separate module, will be using it to remove duplicates/superfluous rules/includes from base and other profiles in the aa-mergeprof
2013-09-17 22:30:48 +05:30
import apparmor.cleanprofile as cleanprofile
fix aa-mergeprof to - import apparmor.ui as aaui - call aaui.UI_*() instead of apparmor.aa.UI_*() - use apparmor.aamode.AA_MAY_EXEC instead of apparmor.aa.AA_MAY_EXEC Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-07-28 00:24:26 +02:00
import apparmor.ui as aaui
Added manpages for the tools, fixes from rev 59..62, some fixes from rev 58
2013-09-19 10:32:19 +05:30
Re-order imports in aa-mergeprof and rule/capability.py Acked-by: Christian Boltz <apparmor@cboltz.de>
2016-06-10 01:18:32 +05:30
from apparmor.common import AppArmorException
from apparmor.regex import re_match_include
Improve exception handling Instead of always showing a backtrace, - for AppArmorException (used for profile syntax errors etc.), print only the exceptions value because a backtrace is superfluous and would confuse users. - for other (unexpected) exceptions, print backtrace and save detailed information in a file in /tmp/ (including variable content etc.) to make debugging easier. This is done by adding the apparmor.fail module which contains a custom exception handler (using cgitb, except for AppArmorException). Also change all python aa-* tools to use the new exception handler. Note: aa-audit did show backtraces only if the --trace option was given. This is superfluous with the improved exception handling, therefore this patch removes the --trace option. (The other aa-* tools never had this option.) If you want to test the behaviour of the new exception handler, you can use this script: #!/usr/bin/python from apparmor.common import AppArmorException, AppArmorBug from apparmor.fail import enable_aa_exception_handler enable_aa_exception_handler() # choose one ;-) raise AppArmorException('Harmless example failure') #raise AppArmorBug('b\xe4d bug!') #raise Exception('something is broken!') Acked-by: Seth Arnold <seth.arnold@canonical.com>
2015-07-06 22:02:34 +02:00
# setup exception handling
from apparmor.fail import enable_aa_exception_handler
enable_aa_exception_handler()
Convert to using python's modular translations interface. This allows the utility python modules to be used inside another tool with another textdomain binding and still have the translations for that tool and the stuff internal to the apparmor module convert properly.
2014-02-10 22:15:05 -08:00
# setup module translations
Simplify the work tools and modules need to do to get the shared translations. External utilities can still use their own textdomains if they have strings that are not part of the apparmor-utils catalog.
2014-02-11 16:23:21 -08:00
from apparmor.translations import init_translation
_ = init_translation()
Convert to using python's modular translations interface. This allows the utility python modules to be used inside another tool with another textdomain binding and still have the translations for that tool and the stuff internal to the apparmor module convert properly.
2014-02-10 22:15:05 -08:00
various aa-mergeprof fixes - remove some debug output (which Kshitij intentionally kept in the draft patch) - add a UI_Info to display which profile will be merged - disable the mergeprofiles.clear_common() call because it crashes (https://bugs.launchpad.net/apparmor/+bug/1382236) - disable (M)ore (CMD_OTHER) because it crashes - make (F)inish work everywhere - change the help text so that it doesn't mention 3-way-merge until we implement it
2014-10-16 23:25:33 +02:00
parser = argparse.ArgumentParser(description=_('Merge the given profiles into /etc/apparmor.d/ (or the directory specified with -d)'))
more aa-mergeprof fixes - change --help for files - "Profile(s) to merge" instead of "base profile" - display the profile to save when asking to save it - disable searching for existing network rules in abstractions because it crashes. This doesn't hurt too much, see https://bugs.launchpad.net/apparmor/+bug/1382241 Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-16 23:35:06 +02:00
parser.add_argument('files', nargs='+', type=str, help=_('Profile(s) to merge'))
Added help messages to translate strings and a few other minor fixes
2013-09-22 15:25:20 +05:30
parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
Add a warning to aa-mergeprof --help that the syntax will change in the future. Also remove --auto, which is not implemented yet.
2014-09-04 01:49:47 +02:00
#parser.add_argument('-a', '--auto', action='store_true', help=_('Automatically merge profiles, exits incase of *x conflicts'))
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
args = parser.parse_args()
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
args.other = None
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
utils: Require apparmor.aa users to call init_aa() Introduce an apparmor.aa.init_aa() method and move the initialization code of the apparmor.aa module into it. Note that this change will break any external users of apparmor.aa because global variables that were previously initialized when importing apparmor.aa will not be initialized unless a call to the new apparmor.aa.init_aa() method is made. The main purpose of this change is to allow the utils tests to be able to set a non-default location for configuration files. Instead of hard-coding the location of logprof.conf and other utils related configuration files to /etc/apparmor/, this patch allows it to be configured by calling apparmor.aa.init_aa(confdir=PATH). This allows for the make check target to use the in-tree config file, profiles, and parser by default. A helper method, setup_aa(), is added to common_test.py that checks for an environment variable containing a non-default configuration directory path prior to calling apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated to call setup_aa(). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Suggested-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2017-03-02 21:21:53 +00:00
apparmor.aa.init_aa()
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
profiles = args.files
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
aa-mergeprof: honor -d parameter (it was ignored until now) Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-08-04 20:19:08 +02:00
profiledir = args.dir
if profiledir:
apparmor.aa.profile_dir = apparmor.aa.get_full_path(profiledir)
if not os.path.isdir(apparmor.aa.profile_dir):
Fix raising AppArmorException in aa-mergeprof aa-mergeprof failed to fail ;-) when it should raise an AppArmorException. Instead, it failed with AttributeError: 'module' object has no attribute 'AppArmorException' I confirmed this bug in trunk and 2.9. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9.
2015-05-18 01:35:51 +02:00
raise AppArmorException(_("%s is not a directory.") %profiledir)
aa-mergeprof: honor -d parameter (it was ignored until now) Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-08-04 20:19:08 +02:00
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
def reset_aa():
apparmor.aa.aa = apparmor.aa.hasher()
apparmor.aa.filelist = apparmor.aa.hasher()
apparmor.aa.include = dict()
apparmor.aa.existing_profiles = apparmor.aa.hasher()
apparmor.aa.original_aa = apparmor.aa.hasher()
def find_profiles_from_files(files):
profile_to_filename = dict()
for file_name in files:
apparmor.aa.read_profile(file_name, True)
for profile_name in apparmor.aa.filelist[file_name]['profiles'].keys():
profile_to_filename[profile_name] = file_name
reset_aa()
return profile_to_filename
def find_files_from_profiles(profiles):
profile_to_filename = dict()
apparmor.aa.read_profiles()
for profile_name in profiles:
profile_to_filename[profile_name] = apparmor.aa.get_profile_filename(profile_name)
reset_aa()
return profile_to_filename
aa-mergeprof: honor -d parameter (it was ignored until now) Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-08-04 20:19:08 +02:00
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
def main():
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
base_profile_to_file = find_profiles_from_files(profiles)
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
profiles_to_merge = set(base_profile_to_file.keys())
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
user_profile_to_file = find_files_from_profiles(profiles_to_merge)
for profile_name in profiles_to_merge:
various aa-mergeprof fixes - remove some debug output (which Kshitij intentionally kept in the draft patch) - add a UI_Info to display which profile will be merged - disable the mergeprofiles.clear_common() call because it crashes (https://bugs.launchpad.net/apparmor/+bug/1382236) - disable (M)ore (CMD_OTHER) because it crashes - make (F)inish work everywhere - change the help text so that it doesn't mention 3-way-merge until we implement it
2014-10-16 23:25:33 +02:00
aaui.UI_Info("\n\n" + _("Merging profile for %s" % profile_name))
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
user_file = user_profile_to_file[profile_name]
base_file = base_profile_to_file.get(profile_name, None)
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
act([user_file, base_file], profile_name)
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
reset_aa()
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
def act(files, merging_profile):
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
mergeprofiles = Merge(files)
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
#Get rid of common/superfluous stuff
[30/38] Re-enable clear_common() call in aa-mergeprof The clear_common() call was disabled because it crashed in delete_path_duplicates(). With the switch to FileRule, this function no longer exists and therefore it can't crash ;-) This patch re-enables the clear_common() call to avoid asking superfluous questions. References: https://bugs.launchpad.net/apparmor/+bug/1382236 Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:09:36 +02:00
mergeprofiles.clear_common()
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
Add a warning to aa-mergeprof --help that the syntax will change in the future. Also remove --auto, which is not implemented yet.
2014-09-04 01:49:47 +02:00
# if not args.auto:
if 1 == 1: # workaround to avoid lots of whitespace changes
[7/7] Drop most of aa-mergeprof ask_the_questions() Replace most of aa-mergeprof ask_merge_questions() with a call to aa.py ask_the_questions() (which is, besides some small exceptions that are not relevant for aa-mergeprof, in sync with the dropped code). The remaining part gets renamed to ask_merge_questions() to avoid confusion with the function name in aa.py. Also drop the (now superfluous) parameter. aa.py ask_the_questions() needs to allow 'merge' as aamode. While on it, replace the fatal_error() call for unknown aamode with raising an AppArmorBug. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:54:47 +01:00
mergeprofiles.ask_merge_questions()
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
Refractor prompts in utils. The following patch: - creates a class for prompt questions moving away from Perl hash hack for the purpose. - moves some functions to the methods for that class - fix options being incorrectly passed to questionPrompt in aa-mergeprof Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-10-07 18:36:01 +05:30
q = aaui.PromptQuestion()
q.title = _('Changed Local Profiles')
q.explanation = _('The following local profiles were changed. Would you like to save them?')
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY']
Refractor prompts in utils. The following patch: - creates a class for prompt questions moving away from Perl hash hack for the purpose. - moves some functions to the methods for that class - fix options being incorrectly passed to questionPrompt in aa-mergeprof Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-10-07 18:36:01 +05:30
q.default = 'CMD_VIEW_CHANGES'
more aa-mergeprof fixes - change --help for files - "Profile(s) to merge" instead of "base profile" - display the profile to save when asking to save it - disable searching for existing network rules in abstractions because it crashes. This doesn't hurt too much, see https://bugs.launchpad.net/apparmor/+bug/1382241 Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-16 23:35:06 +02:00
q.options = [merging_profile]
Refractor prompts in utils. The following patch: - creates a class for prompt questions moving away from Perl hash hack for the purpose. - moves some functions to the methods for that class - fix options being incorrectly passed to questionPrompt in aa-mergeprof Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-10-07 18:36:01 +05:30
q.selected = 0
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
ans = ''
arg = None
programs = list(mergeprofiles.user.aa.keys())
program = programs[0]
while ans != 'CMD_SAVE_CHANGES':
Refractor prompts in utils. The following patch: - creates a class for prompt questions moving away from Perl hash hack for the purpose. - moves some functions to the methods for that class - fix options being incorrectly passed to questionPrompt in aa-mergeprof Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-10-07 18:36:01 +05:30
ans, arg = q.promptUser()
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
if ans == 'CMD_SAVE_CHANGES':
apparmor.aa.write_profile_ui_feedback(program)
apparmor.aa.reload_base(program)
elif ans == 'CMD_VIEW_CHANGES':
for program in programs:
apparmor.aa.original_aa[program] = apparmor.aa.deepcopy(apparmor.aa.aa[program])
#oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '')
newprofile = apparmor.aa.serialize_profile(mergeprofiles.user.aa[program], program, '')
[1/2] Introduce UI_Changes functions This is a preparation patch to use for JSON mode of conveying diff filename. In this patch we move diff generation functions to UI. In the process, I have cleaned up the code to reduce code and enable reuse. Remove unused function get_profile_diff(). Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Acked-by: Christian Boltz <apparmor@cboltz.de> [cboltz] Also adjust aa-mergeprof to the new function name/location Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-10-26 00:34:40 +02:00
aaui.UI_Changes(mergeprofiles.user.filename, newprofile, comments=True)
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
elif ans == 'CMD_IGNORE_ENTRY':
break
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
Only ran sed -i s/ *// in ./apparmor/*.py , ./Tools/aa* and ./Testing/*.py no other changes, should ignore this commit unless it broke something
2013-09-22 22:51:30 +05:30
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
class Merge(object):
def __init__(self, profiles):
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
user, base = profiles
Only ran sed -i s/ *// in ./apparmor/*.py , ./Tools/aa* and ./Testing/*.py no other changes, should ignore this commit unless it broke something
2013-09-22 22:51:30 +05:30
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
#Read and parse base profile and save profile data, include data from it and reset them
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
apparmor.aa.read_profile(base, True)
fix for the delete count
2013-09-23 03:47:15 +05:30
self.base = cleanprofile.Prof(base)
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
aa-mergeprof cmdline changes, disable 3-way-merge for now This is the rebased version of the patch by Kshitij Gupta <kgupta8592@gmail.com> (mostly) original patch description: Changes to facilitate 2-way merge (maybe also 3-way) of multiple profiles as discussed on IRC This patch - moves reset method to reset_aa function - modifies message displayed to user - allows processing of multiple files in 2-way merge - disables 3-way merge till new syntax has been decided The changes reflect the approach of providing arbitrary number of files using wildcards or explicitly. The changes map the profiles in the given files to their respective files in the local directory specified using -d. Then the merges take place profile-wise. Acked-by: Steve Beattie <steve@nxnw.org>.
2014-10-16 20:06:45 +02:00
reset_aa()
Only ran sed -i s/ *// in ./apparmor/*.py , ./Tools/aa* and ./Testing/*.py no other changes, should ignore this commit unless it broke something
2013-09-22 22:51:30 +05:30
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
#Read and parse user profile
modify aa-mergeprof to: - allow users to merge two profiles (2-way merge) using aa-mergeprof by making the third profile optional - re-enable code that cleaned up base and other profile and using it in deleted count (was disabled due to pyflakes thinking it was unused) Patch by Kshitij Gupta <kgupta8592@gmail.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-07-29 12:39:12 +02:00
apparmor.aa.read_profile(user, True)
fix for the delete count
2013-09-23 03:47:15 +05:30
self.user = cleanprofile.Prof(user)
Only ran sed -i s/ *// in ./apparmor/*.py , ./Tools/aa* and ./Testing/*.py no other changes, should ignore this commit unless it broke something
2013-09-22 22:51:30 +05:30
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
def clear_common(self):
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
deleted = 0
modify aa-mergeprof to: - allow users to merge two profiles (2-way merge) using aa-mergeprof by making the third profile optional - re-enable code that cleaned up base and other profile and using it in deleted count (was disabled due to pyflakes thinking it was unused) Patch by Kshitij Gupta <kgupta8592@gmail.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-07-29 12:39:12 +02:00
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
#Remove off the parts in base profile which are common/superfluous from user profile
fix for the delete count
2013-09-23 03:47:15 +05:30
user_base = cleanprofile.CleanProf(False, self.user, self.base)
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
deleted += user_base.compare_profiles()
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
[7/7] Drop most of aa-mergeprof ask_the_questions() Replace most of aa-mergeprof ask_merge_questions() with a call to aa.py ask_the_questions() (which is, besides some small exceptions that are not relevant for aa-mergeprof, in sync with the dropped code). The remaining part gets renamed to ask_merge_questions() to avoid confusion with the function name in aa.py. Also drop the (now superfluous) parameter. aa.py ask_the_questions() needs to allow 'merge' as aamode. While on it, replace the fatal_error() call for unknown aamode with raising an AppArmorBug. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:54:47 +01:00
def ask_merge_questions(self):
[1/7] drop traces of 3-way-merge in aa-mergeprof 3-way-merge was never really implemented. This patch drops all traces of it to make the code more readable and easier to maintain. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:45:29 +01:00
other = self.base
[2/7] replace other.aa with log_dict['merge'] Set log_dict['merge'] = other.aa and aamode = 'merge', and use log_dict[aamode] everywhere. This brings aa-mergeprof ask_the_questions() closer to the code in aa.py. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:46:23 +01:00
log_dict = {'merge': other.aa}
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
[40/38] Load all includes in aa-mergeprof ask_the_questions() aa-mergeprof empties 'includes' when running reset_aa(). The result is KeyError: 'abstractions/newly_added_abstraction' if an include file gets added because it isn't part of 'includes' at this time. Note that you'll need to add another rule after adding the include to trigger checking the includes for superfluous rules. This fixes the regression found by Steve - which isn't really a regression, "just" one more thing that got more visible with the new code. Before, it was just an ill-addressed hasher that didn't complain ;-) Acked-by: Steve Beattie <steve@nxnw.org>
2016-10-01 20:20:27 +02:00
apparmor.aa.loadincludes()
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
done = False
aa-mergeprof: don't ask for includes that are already there Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-16 20:22:52 +02:00
[2/7] replace other.aa with log_dict['merge'] Set log_dict['merge'] = other.aa and aamode = 'merge', and use log_dict[aamode] everywhere. This brings aa-mergeprof ask_the_questions() closer to the code in aa.py. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:46:23 +01:00
#Add the file-wide includes from the other profile to the user profile
aa-mergeprof: don't ask for includes that are already there Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-16 20:22:52 +02:00
options = []
for inc in other.filelist[other.filename]['include'].keys():
if not inc in self.user.filelist[self.user.filename]['include'].keys():
update python tools to support includes with absolute paths For now we only allow quoted absolute paths without spaces in the name due to: - 1738877: include rules don't handle files with spaces in the name - 1738879: include rules don't handle absolute paths without quotes in some versions of parser - 1738880: include rules don't handle relative paths in some versions of the parser
2017-12-18 19:37:35 +00:00
if inc.startswith('/'):
options.append('#include "%s"' %inc)
else:
options.append('#include <%s>' %inc)
aa-mergeprof: don't ask for includes that are already there Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-16 20:22:52 +02:00
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
default_option = 1
Refractor prompts in utils. The following patch: - creates a class for prompt questions moving away from Perl hash hack for the purpose. - moves some functions to the methods for that class - fix options being incorrectly passed to questionPrompt in aa-mergeprof Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-10-07 18:36:01 +05:30
q = aaui.PromptQuestion()
q.options = options
q.selected = default_option - 1
q.headers = [_('File includes'), _('Select the ones you wish to add')]
q.functions = ['CMD_ALLOW', 'CMD_IGNORE_ENTRY', 'CMD_ABORT', 'CMD_FINISHED']
q.default = 'CMD_ALLOW'
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
while not done and options:
various aa-mergeprof fixes - remove some debug output (which Kshitij intentionally kept in the draft patch) - add a UI_Info to display which profile will be merged - disable the mergeprofiles.clear_common() call because it crashes (https://bugs.launchpad.net/apparmor/+bug/1382236) - disable (M)ore (CMD_OTHER) because it crashes - make (F)inish work everywhere - change the help text so that it doesn't mention 3-way-merge until we implement it
2014-10-16 23:25:33 +02:00
ans, selected = q.promptUser()
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
if ans == 'CMD_IGNORE_ENTRY':
done = True
elif ans == 'CMD_ALLOW':
selection = options[selected]
Move re_match_include() to regex.py and improve it The function is basically a wrapper around a regex, so regex.py is a much better home. While on it, rename the regex to RE_INCLUDE, change it to named matches, use RE_EOL to handle comments and compile it outside the function, which should result in a (small) performance improvement. Also rewrite re_match_include(), let it check for empty include filenames ("#include <>") and let it raise AppArmorException in that case. Finally, adjust code calling it to the new location, and add some tests for re_match_include() Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2015-06-19 21:41:41 +02:00
inc = re_match_include(selection)
Added first version of aa-mergeprof, does not include the check for conflicting ix rules yet
2013-09-23 19:32:25 +05:30
self.user.filelist[self.user.filename]['include'][inc] = True
options.pop(selected)
fix aa-mergeprof to - import apparmor.ui as aaui - call aaui.UI_*() instead of apparmor.aa.UI_*() - use apparmor.aamode.AA_MAY_EXEC instead of apparmor.aa.AA_MAY_EXEC Acked-by: Kshitij Gupta <kgupta8592@gmail.com>.
2014-07-28 00:24:26 +02:00
aaui.UI_Info(_('Adding %s to the file.') % selection)
various aa-mergeprof fixes - remove some debug output (which Kshitij intentionally kept in the draft patch) - add a UI_Info to display which profile will be merged - disable the mergeprofiles.clear_common() call because it crashes (https://bugs.launchpad.net/apparmor/+bug/1382236) - disable (M)ore (CMD_OTHER) because it crashes - make (F)inish work everywhere - change the help text so that it doesn't mention 3-way-merge until we implement it
2014-10-16 23:25:33 +02:00
elif ans == 'CMD_FINISHED':
return
aa-mergeprof: fixup some of the whitespace issues
2014-02-13 08:31:59 -08:00
[7/7] Drop most of aa-mergeprof ask_the_questions() Replace most of aa-mergeprof ask_merge_questions() with a call to aa.py ask_the_questions() (which is, besides some small exceptions that are not relevant for aa-mergeprof, in sync with the dropped code). The remaining part gets renamed to ask_merge_questions() to avoid confusion with the function name in aa.py. Also drop the (now superfluous) parameter. aa.py ask_the_questions() needs to allow 'merge' as aamode. While on it, replace the fatal_error() call for unknown aamode with raising an AppArmorBug. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-01-19 16:54:47 +01:00
if not apparmor.aa.sev_db:
apparmor.aa.sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))
apparmor.aa.ask_the_questions(log_dict)
Updated __init_.py tested with de_DE and hi_IN translations using old apparmor-utils.mo file, not pushing remainder of files for their lack of beauty
2013-09-12 14:42:15 +05:30
Fixed the netrule persistence issue in cleanprof, some elementary work for mergeprof
2013-09-23 02:14:11 +05:30
if __name__ == '__main__':
main()
Reference in a new issue Copy permalink