mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Get rid of the globbing imports, which allows pyflakes to do a better

Browse source 
job. Clean up a bunch of pyflakes complaints. Doing so uncovered
references to apparmor/yasti.py functions in aa.py that hadn't been
imported.
This commit is contained in:
Steve Beattie 2014-02-10 22:17:21 -08:00
parent 35e1936202
commit 0525932561
3 changed files with 85 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

161
apparmor/aa.py
View file

@ -18,7 +18,6 @@ import inspect
import os import os
import re import re
import shutil import shutil
import stat
import subprocess import subprocess
import sys import sys
import time import time
@ -37,9 +36,13 @@ from apparmor.common import (AppArmorException, error, debug, msg, cmd,
open_file_read, valid_path, TRANSLATION_DOMAIN, open_file_read, valid_path, TRANSLATION_DOMAIN,
hasher, open_file_write, convert_regexp, DebugLogger) hasher, open_file_write, convert_regexp, DebugLogger)
from apparmor.ui import * import apparmor.ui as aaui
from apparmor.aamode import * from apparmor.aamode import (str_to_mode, mode_to_str, contains, split_mode,
mode_to_str_user, mode_contains, AA_OTHER,
flatten_mode, owner_flatten_mode)
from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
# setup module translations # setup module translations
t = gettext.translation(TRANSLATION_DOMAIN, fallback=True) t = gettext.translation(TRANSLATION_DOMAIN, fallback=True)
@ -137,7 +140,7 @@ def fatal_error(message):
sys.exit(1) sys.exit(1)
# Else tell user what happened # Else tell user what happened
UI_Important(message) aaui.UI_Important(message)
shutdown_yast() shutdown_yast()
sys.exit(1) sys.exit(1)
@ -256,13 +259,13 @@ def enforce(path):
def set_complain(filename, program): def set_complain(filename, program):
"""Sets the profile to complain mode""" """Sets the profile to complain mode"""
UI_Info(_('Setting %s to complain mode.') % program) aaui.UI_Info(_('Setting %s to complain mode.') % program)
create_symlink('force-complain', filename) create_symlink('force-complain', filename)
change_profile_flags(filename, program, 'complain', True) change_profile_flags(filename, program, 'complain', True)
def set_enforce(filename, program): def set_enforce(filename, program):
"""Sets the profile to enforce mode""" """Sets the profile to enforce mode"""
UI_Info(_('Setting %s to enforce mode.') % program) aaui.UI_Info(_('Setting %s to enforce mode.') % program)
delete_symlink('force-complain', filename) delete_symlink('force-complain', filename)
delete_symlink('disable', filename) delete_symlink('disable', filename)
change_profile_flags(filename, program, 'complain', False) change_profile_flags(filename, program, 'complain', False)
@ -439,9 +442,9 @@ def delete_profile(local_prof):
#prof_unload(local_prof) #prof_unload(local_prof)
def confirm_and_abort(): def confirm_and_abort():
ans = UI_YesNo(_('Are you sure you want to abandon this set of profile changes and exit?'), 'n') ans = aaui.UI_YesNo(_('Are you sure you want to abandon this set of profile changes and exit?'), 'n')
if ans == 'y': if ans == 'y':
UI_Info(_('Abandoning all changes.')) aaui.UI_Info(_('Abandoning all changes.'))
shutdown_yast() shutdown_yast()
for prof in created: for prof in created:
delete_profile(prof) delete_profile(prof)
@ -454,13 +457,13 @@ def get_profile(prof_name):
local_profiles = [] local_profiles = []
profile_hash = hasher() profile_hash = hasher()
if repo_is_enabled(): if repo_is_enabled():
UI_BusyStart(_('Connecting to repository...')) aaui.UI_BusyStart(_('Connecting to repository...'))
status_ok, ret = fetch_profiles_by_name(repo_url, distro, prof_name) status_ok, ret = fetch_profiles_by_name(repo_url, distro, prof_name)
UI_BusyStop() aaui.UI_BusyStop()
if status_ok: if status_ok:
profile_hash = ret profile_hash = ret
else: else:
UI_Important(_('WARNING: Error fetching profiles from the repository')) aaui.UI_Important(_('WARNING: Error fetching profiles from the repository'))
inactive_profile = get_inactive_profile(prof_name) inactive_profile = get_inactive_profile(prof_name)
if inactive_profile: if inactive_profile:
uname = 'Inactive local profile for %s' % prof_name uname = 'Inactive local profile for %s' % prof_name
@ -498,11 +501,11 @@ def get_profile(prof_name):
ans = '' ans = ''
while 'CMD_USE_PROFILE' not in ans and 'CMD_CREATE_PROFILE' not in ans: while 'CMD_USE_PROFILE' not in ans and 'CMD_CREATE_PROFILE' not in ans:
ans, arg = UI_PromptUser(q) ans, arg = aaui.UI_PromptUser(q)
p = profile_hash[options[arg]] p = profile_hash[options[arg]]
q['selected'] = options.index(options[arg]) q['selected'] = options.index(options[arg])
if ans == 'CMD_VIEW_PROFILE': if ans == 'CMD_VIEW_PROFILE':
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
SendDataToYast({ SendDataToYast({
'type': 'dialogue-view-profile', 'type': 'dialogue-view-profile',
'user': options[arg], 'user': options[arg],
@ -535,7 +538,7 @@ def activate_repo_profiles(url, profiles, complain):
if complain: if complain:
fname = get_profile_filename(pname) fname = get_profile_filename(pname)
set_profile_flags(profile_dir + fname, 'complain') set_profile_flags(profile_dir + fname, 'complain')
UI_Info(_('Setting %s to complain mode.') % pname) aaui.UI_Info(_('Setting %s to complain mode.') % pname)
except Exception as e: except Exception as e:
sys.stderr.write(_("Error activating profiles: %s") % e) sys.stderr.write(_("Error activating profiles: %s") % e)
@ -684,7 +687,7 @@ def sync_profile():
if not status_ok: if not status_ok:
if not ret: if not ret:
ret = 'UNKNOWN ERROR' ret = 'UNKNOWN ERROR'
UI_Important(_('WARNING: Error synchronizing profiles with the repository:\n%s\n') % ret) aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository:\n%s\n') % ret)
else: else:
users_repo_profiles = ret users_repo_profiles = ret
serialize_opts['NO_FLAGS'] = True serialize_opts['NO_FLAGS'] = True
@ -722,7 +725,7 @@ def sync_profile():
else: else:
if not ret: if not ret:
ret = 'UNKNOWN ERROR' ret = 'UNKNOWN ERROR'
UI_Important(_('WARNING: Error synchronizing profiles with the repository\n%s') % ret) aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository\n%s') % ret)
continue continue
if p_repo != p_local: if p_repo != p_local:
changed_profiles.append(prof) changed_profiles.append(prof)
@ -748,7 +751,7 @@ def fetch_profiles_by_user(url, distro, user):
def submit_created_profiles(new_profiles): def submit_created_profiles(new_profiles):
#url = cfg['repository']['url'] #url = cfg['repository']['url']
if new_profiles: if new_profiles:
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
title = 'New Profiles' title = 'New Profiles'
message = 'Please select the newly created profiles that you would like to store in the repository' message = 'Please select the newly created profiles that you would like to store in the repository'
yast_select_and_upload_profiles(title, message, new_profiles) yast_select_and_upload_profiles(title, message, new_profiles)
@ -760,7 +763,7 @@ def submit_created_profiles(new_profiles):
def submit_changed_profiles(changed_profiles): def submit_changed_profiles(changed_profiles):
#url = cfg['repository']['url'] #url = cfg['repository']['url']
if changed_profiles: if changed_profiles:
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
title = 'Changed Profiles' title = 'Changed Profiles'
message = 'Please select which of the changed profiles would you like to upload to the repository' message = 'Please select which of the changed profiles would you like to upload to the repository'
yast_select_and_upload_profiles(title, message, changed_profiles) yast_select_and_upload_profiles(title, message, changed_profiles)
@ -811,8 +814,8 @@ def yast_select_and_upload_profiles(title, message, profiles_up):
else: else:
if not ret: if not ret:
ret = 'UNKNOWN ERROR' ret = 'UNKNOWN ERROR'
UI_Important(_('WARNING: An error occurred while uploading the profile %s\n%s') % (p, ret)) aaui.UI_Important(_('WARNING: An error occurred while uploading the profile %s\n%s') % (p, ret))
UI_Info(_('Uploaded changes to repository.')) aaui.UI_Info(_('Uploaded changes to repository.'))
if yarg.get('NEVER_ASK_AGAIN'): if yarg.get('NEVER_ASK_AGAIN'):
unselected_profiles = [] unselected_profiles = []
for p in profs: for p in profs:
@ -838,13 +841,13 @@ def console_select_and_upload_profiles(title, message, profiles_up):
q['selected'] = 0 q['selected'] = 0
ans = '' ans = ''
while 'CMD_UPLOAD_CHANGES' not in ans and 'CMD_ASK_NEVER' not in ans and 'CMD_ASK_LATER' not in ans: while 'CMD_UPLOAD_CHANGES' not in ans and 'CMD_ASK_NEVER' not in ans and 'CMD_ASK_LATER' not in ans:
ans, arg = UI_PromptUser(q) ans, arg = aaui.UI_PromptUser(q)
if ans == 'CMD_VIEW_CHANGES': if ans == 'CMD_VIEW_CHANGES':
display_changes(profs[arg][2], profs[arg][1]) display_changes(profs[arg][2], profs[arg][1])
if ans == 'CMD_NEVER_ASK': if ans == 'CMD_NEVER_ASK':
set_profiles_local_only([i[0] for i in profs]) set_profiles_local_only([i[0] for i in profs])
elif ans == 'CMD_UPLOAD_CHANGES': elif ans == 'CMD_UPLOAD_CHANGES':
changelog = UI_GetString(_('Changelog Entry: '), '') changelog = aaui.UI_GetString(_('Changelog Entry: '), '')
user, passw = get_repo_user_pass() user, passw = get_repo_user_pass()
if user and passw: if user and passw:
for p_data in profs: for p_data in profs:
@ -858,13 +861,13 @@ def console_select_and_upload_profiles(title, message, profiles_up):
newid = newprof['id'] newid = newprof['id']
set_repo_info(aa[prof][prof], url, user, newid) set_repo_info(aa[prof][prof], url, user, newid)
write_profile_ui_feedback(prof) write_profile_ui_feedback(prof)
UI_Info('Uploaded %s to repository' % prof) aaui.UI_Info('Uploaded %s to repository' % prof)
else: else:
if not ret: if not ret:
ret = 'UNKNOWN ERROR' ret = 'UNKNOWN ERROR'
UI_Important(_('WARNING: An error occurred while uploading the profile %s\n%s') % (prof, ret)) aaui.UI_Important(_('WARNING: An error occurred while uploading the profile %s\n%s') % (prof, ret))
else: else:
UI_Important(_('Repository Error\nRegistration or Signin was unsuccessful. User login\ninformation is required to upload profiles to the repository.\nThese changes could not be sent.')) aaui.UI_Important(_('Repository Error\nRegistration or Signin was unsuccessful. User login\ninformation is required to upload profiles to the repository.\nThese changes could not be sent.'))
def set_profiles_local_only(profs): def set_profiles_local_only(profs):
for p in profs: for p in profs:
@ -990,7 +993,7 @@ def handle_children(profile, hat, root):
seen_events += 1 seen_events += 1
ans = UI_PromptUser(q) ans = aaui.UI_PromptUser(q)
transitions[context] = ans transitions[context] = ans
@ -1048,7 +1051,7 @@ def handle_children(profile, hat, root):
else: else:
do_execute = True do_execute = True
if mode & AA_MAY_LINK: if mode & apparmor.aamode.AA_MAY_LINK:
regex_link = re.compile('^from (.+) to (.+)$') regex_link = re.compile('^from (.+) to (.+)$')
match = regex_link.search(detail) match = regex_link.search(detail)
if match: if match:
@ -1246,7 +1249,7 @@ def handle_children(profile, hat, root):
ans = '' ans = ''
while not regex_options.search(ans): while not regex_options.search(ans):
ans = UI_PromptUser(q)[0].strip() ans = aaui.UI_PromptUser(q)[0].strip()
if ans.startswith('CMD_EXEC_IX_'): if ans.startswith('CMD_EXEC_IX_'):
exec_toggle = not exec_toggle exec_toggle = not exec_toggle
q['functions'] = [] q['functions'] = []
@ -1257,7 +1260,7 @@ def handle_children(profile, hat, root):
arg = exec_target arg = exec_target
ynans = 'n' ynans = 'n'
if profile == hat: if profile == hat:
ynans = UI_YesNo(_('Are you specifying a transition to a local profile?'), 'n') ynans = aaui.UI_YesNo(_('Are you specifying a transition to a local profile?'), 'n')
if ynans == 'y': if ynans == 'y':
if ans == 'CMD_nx': if ans == 'CMD_nx':
ans = 'CMD_cx' ans = 'CMD_cx'
@ -1269,7 +1272,7 @@ def handle_children(profile, hat, root):
else: else:
ans = 'CMD_pix' ans = 'CMD_pix'
to_name = UI_GetString(_('Enter profile name to transition to: '), arg) to_name = aaui.UI_GetString(_('Enter profile name to transition to: '), arg)
regex_optmode = re.compile('CMD_(px|cx|nx|pix|cix|nix)') regex_optmode = re.compile('CMD_(px|cx|nx|pix|cix|nix)')
if ans == 'CMD_ix': if ans == 'CMD_ix':
@ -1282,18 +1285,18 @@ def handle_children(profile, hat, root):
if parent_uses_ld_xxx: if parent_uses_ld_xxx:
px_msg = _("Should AppArmor sanitise the environment when\nswitching profiles?\n\nSanitising environment is more secure,\nbut this application appears to be using LD_PRELOAD\nor LD_LIBRARY_PATH and sanitising the environment\ncould cause functionality problems.") px_msg = _("Should AppArmor sanitise the environment when\nswitching profiles?\n\nSanitising environment is more secure,\nbut this application appears to be using LD_PRELOAD\nor LD_LIBRARY_PATH and sanitising the environment\ncould cause functionality problems.")
ynans = UI_YesNo(px_msg, px_default) ynans = aaui.UI_YesNo(px_msg, px_default)
if ynans == 'y': if ynans == 'y':
# Disable the unsafe mode # Disable the unsafe mode
exec_mode = exec_mode - (AA_EXEC_UNSAFE | AA_OTHER(AA_EXEC_UNSAFE)) exec_mode = exec_mode - (apparmor.aamode.AA_EXEC_UNSAFE | AA_OTHER(apparmor.aamode.AA_EXEC_UNSAFE))
elif ans == 'CMD_ux': elif ans == 'CMD_ux':
exec_mode = str_to_mode('ux') exec_mode = str_to_mode('ux')
ynans = UI_YesNo(_("Launching processes in an unconfined state is a very\ndangerous operation and can cause serious security holes.\n\nAre you absolutely certain you wish to remove all\nAppArmor protection when executing %s ?") % exec_target, 'n') ynans = aaui.UI_YesNo(_("Launching processes in an unconfined state is a very\ndangerous operation and can cause serious security holes.\n\nAre you absolutely certain you wish to remove all\nAppArmor protection when executing %s ?") % exec_target, 'n')
if ynans == 'y': if ynans == 'y':
ynans = UI_YesNo(_("Should AppArmor sanitise the environment when\nrunning this program unconfined?\n\nNot sanitising the environment when unconfining\na program opens up significant security holes\nand should be avoided if at all possible."), 'y') ynans = aaui.UI_YesNo(_("Should AppArmor sanitise the environment when\nrunning this program unconfined?\n\nNot sanitising the environment when unconfining\na program opens up significant security holes\nand should be avoided if at all possible."), 'y')
if ynans == 'y': if ynans == 'y':
# Disable the unsafe mode # Disable the unsafe mode
exec_mode = exec_mode - (AA_EXEC_UNSAFE | AA_OTHER(AA_EXEC_UNSAFE)) exec_mode = exec_mode - (apparmor.aamode.AA_EXEC_UNSAFE | AA_OTHER(apparmor.aamode.AA_EXEC_UNSAFE))
else: else:
ans = 'INVALID' ans = 'INVALID'
transitions[context_new] = ans transitions[context_new] = ans
@ -1366,7 +1369,7 @@ def handle_children(profile, hat, root):
if not os.path.exists(get_profile_filename(exec_target)): if not os.path.exists(get_profile_filename(exec_target)):
ynans = 'y' ynans = 'y'
if exec_mode & str_to_mode('i'): if exec_mode & str_to_mode('i'):
ynans = UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') %exec_target, 'n') ynans = aaui.UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') %exec_target, 'n')
if ynans == 'y': if ynans == 'y':
helpers[exec_target] = 'enforce' helpers[exec_target] = 'enforce'
if to_name: if to_name:
@ -1384,7 +1387,7 @@ def handle_children(profile, hat, root):
if not aa[profile].get(exec_target, False): if not aa[profile].get(exec_target, False):
ynans = 'y' ynans = 'y'
if exec_mode & str_to_mode('i'): if exec_mode & str_to_mode('i'):
ynans = UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') % exec_target, 'n') ynans = aaui.UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') % exec_target, 'n')
if ynans == 'y': if ynans == 'y':
hat = exec_target hat = exec_target
aa[profile][hat]['declared'] = False aa[profile][hat]['declared'] = False
@ -1493,9 +1496,9 @@ def ask_the_questions():
for aamode in sorted(log_dict.keys()): for aamode in sorted(log_dict.keys()):
# Describe the type of changes # Describe the type of changes
if aamode == 'PERMITTING': if aamode == 'PERMITTING':
UI_Info(_('Complain-mode changes:')) aaui.UI_Info(_('Complain-mode changes:'))
elif aamode == 'REJECTING': elif aamode == 'REJECTING':
UI_Info(_('Enforce-mode changes:')) aaui.UI_Info(_('Enforce-mode changes:'))
else: else:
# This is so wrong! # This is so wrong!
fatal_error(_('Invalid mode found: %s') % aamode) fatal_error(_('Invalid mode found: %s') % aamode)
@ -1551,7 +1554,7 @@ def ask_the_questions():
done = False done = False
while not done: while not done:
ans, selected = UI_PromptUser(q) ans, selected = aaui.UI_PromptUser(q)
# Ignore the log entry # Ignore the log entry
if ans == 'CMD_IGNORE_ENTRY': if ans == 'CMD_IGNORE_ENTRY':
done = True done = True
@ -1583,23 +1586,23 @@ def ask_the_questions():
deleted = delete_duplicates(aa[profile][hat], inc) deleted = delete_duplicates(aa[profile][hat], inc)
aa[profile][hat]['include'][inc] = True aa[profile][hat]['include'][inc] = True
UI_Info(_('Adding %s to profile.') % selection) aaui.UI_Info(_('Adding %s to profile.') % selection)
if deleted: if deleted:
UI_Info(_('Deleted %s previous matching profile entries.') % deleted) aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
aa[profile][hat]['allow']['capability'][capability]['set'] = True aa[profile][hat]['allow']['capability'][capability]['set'] = True
aa[profile][hat]['allow']['capability'][capability]['audit'] = audit_toggle aa[profile][hat]['allow']['capability'][capability]['audit'] = audit_toggle
changed[profile] = True changed[profile] = True
UI_Info(_('Adding capability %s to profile.') % capability) aaui.UI_Info(_('Adding capability %s to profile.') % capability)
done = True done = True
elif ans == 'CMD_DENY': elif ans == 'CMD_DENY':
aa[profile][hat]['deny']['capability'][capability]['set'] = True aa[profile][hat]['deny']['capability'][capability]['set'] = True
changed[profile] = True changed[profile] = True
UI_Info(_('Denying capability %s to profile.') % capability) aaui.UI_Info(_('Denying capability %s to profile.') % capability)
done = True done = True
else: else:
done = False done = False
@ -1637,7 +1640,7 @@ def ask_the_questions():
if cam: if cam:
deny_audit |= cam deny_audit |= cam
if deny_mode & AA_MAY_EXEC: if deny_mode & apparmor.aamode.AA_MAY_EXEC:
deny_mode |= apparmor.aamode.ALL_AA_EXEC_TYPE deny_mode |= apparmor.aamode.ALL_AA_EXEC_TYPE
# Mask off the denied modes # Mask off the denied modes
@ -1646,10 +1649,10 @@ def ask_the_questions():
# If we get an exec request from some kindof event that generates 'PERMITTING X' # If we get an exec request from some kindof event that generates 'PERMITTING X'
# check if its already in allow_mode # check if its already in allow_mode
# if not add ix permission # if not add ix permission
if mode & AA_MAY_EXEC: if mode & apparmor.aamode.AA_MAY_EXEC:
# Remove all type access permission # Remove all type access permission
mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE
if not allow_mode & AA_MAY_EXEC: if not allow_mode & apparmor.aamode.AA_MAY_EXEC:
mode |= str_to_mode('ix') mode |= str_to_mode('ix')
# m is not implied by ix # m is not implied by ix
@ -1794,7 +1797,7 @@ def ask_the_questions():
seen_events += 1 seen_events += 1
ans, selected = UI_PromptUser(q) ans, selected = aaui.UI_PromptUser(q)
if ans == 'CMD_IGNORE_ENTRY': if ans == 'CMD_IGNORE_ENTRY':
done = True done = True
@ -1818,9 +1821,9 @@ def ask_the_questions():
deleted = delete_duplicates(aa[profile][hat], inc) deleted = delete_duplicates(aa[profile][hat], inc)
aa[profile][hat]['include'][inc] = True aa[profile][hat]['include'][inc] = True
changed[profile] = True changed[profile] = True
UI_Info(_('Adding %s to profile.') % path) aaui.UI_Info(_('Adding %s to profile.') % path)
if deleted: if deleted:
UI_Info(_('Deleted %s previous matching profile entries.') % deleted) aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
else: else:
if aa[profile][hat]['allow']['path'][path].get('mode', False): if aa[profile][hat]['allow']['path'][path].get('mode', False):
@ -1858,9 +1861,9 @@ def ask_the_questions():
changed[profile] = True changed[profile] = True
UI_Info(_('Adding %s %s to profile') % (path, mode_to_str_user(mode))) aaui.UI_Info(_('Adding %s %s to profile') % (path, mode_to_str_user(mode)))
if deleted: if deleted:
UI_Info(_('Deleted %s previous matching profile entries.') % deleted) aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
elif ans == 'CMD_DENY': elif ans == 'CMD_DENY':
path = options[selected].strip() path = options[selected].strip()
@ -1876,11 +1879,11 @@ def ask_the_questions():
elif ans == 'CMD_NEW': elif ans == 'CMD_NEW':
arg = options[selected] arg = options[selected]
if not re_match_include(arg): if not re_match_include(arg):
ans = UI_GetString(_('Enter new path: '), arg) ans = aaui.UI_GetString(_('Enter new path: '), arg)
if ans: if ans:
if not matchliteral(ans, path): if not matchliteral(ans, path):
ynprompt = _('The specified path does not match this log entry:\n\n Log Entry: %s\n Entered Path: %s\nDo you really want to use this path?') % (path,ans) ynprompt = _('The specified path does not match this log entry:\n\n Log Entry: %s\n Entered Path: %s\nDo you really want to use this path?') % (path,ans)
key = UI_YesNo(ynprompt, 'n') key = aaui.UI_YesNo(ynprompt, 'n')
if key == 'n': if key == 'n':
continue continue
@ -1946,7 +1949,7 @@ def ask_the_questions():
done = False done = False
while not done: while not done:
ans, selected = UI_PromptUser(q) ans, selected = aaui.UI_PromptUser(q)
if ans == 'CMD_IGNORE_ENTRY': if ans == 'CMD_IGNORE_ENTRY':
done = True done = True
break break
@ -1977,9 +1980,9 @@ def ask_the_questions():
changed[profile] = True changed[profile] = True
UI_Info(_('Adding %s to profile') % selection) aaui.UI_Info(_('Adding %s to profile') % selection)
if deleted: if deleted:
UI_Info(_('Deleted %s previous matching profile entries.') % deleted) aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
else: else:
aa[profile][hat]['allow']['netdomain']['audit'][family][sock_type] = audit_toggle aa[profile][hat]['allow']['netdomain']['audit'][family][sock_type] = audit_toggle
@ -1987,13 +1990,13 @@ def ask_the_questions():
changed[profile] = True changed[profile] = True
UI_Info(_('Adding network access %s %s to profile.') % (family, sock_type)) aaui.UI_Info(_('Adding network access %s %s to profile.') % (family, sock_type))
elif ans == 'CMD_DENY': elif ans == 'CMD_DENY':
done = True done = True
aa[profile][hat]['deny']['netdomain']['rule'][family][sock_type] = True aa[profile][hat]['deny']['netdomain']['rule'][family][sock_type] = True
changed[profile] = True changed[profile] = True
UI_Info(_('Denying network access %s %s to profile') % (family, sock_type)) aaui.UI_Info(_('Denying network access %s %s to profile') % (family, sock_type))
else: else:
done = False done = False
@ -2206,10 +2209,10 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
skip = hasher() skip = hasher()
# filelist = hasher() # filelist = hasher()
UI_Info(_('Reading log entries from %s.') %filename) aaui.UI_Info(_('Reading log entries from %s.') %filename)
if not passno: if not passno:
UI_Info(_('Updating AppArmor profiles in %s.') %profile_dir) aaui.UI_Info(_('Updating AppArmor profiles in %s.') %profile_dir)
read_profiles() read_profiles()
if not sev_db: if not sev_db:
@ -2236,7 +2239,7 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
ask_the_questions() ask_the_questions()
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
# To-Do # To-Do
pass pass
@ -2268,7 +2271,7 @@ def save_profiles():
if changed_list: if changed_list:
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
# To-Do # To-Do
selected_profiles = [] selected_profiles = []
profile_changes = dict() profile_changes = dict()
@ -2310,7 +2313,7 @@ def save_profiles():
while ans != 'CMD_SAVE_CHANGES': while ans != 'CMD_SAVE_CHANGES':
if not changed: if not changed:
return return
ans, arg = UI_PromptUser(q) ans, arg = aaui.UI_PromptUser(q)
if ans == 'CMD_SAVE_SELECTED': if ans == 'CMD_SAVE_SELECTED':
profile_name = list(changed.keys())[arg] profile_name = list(changed.keys())[arg]
write_profile_ui_feedback(profile_name) write_profile_ui_feedback(profile_name)
@ -2374,8 +2377,8 @@ def get_profile_diff(oldprofile, newprofile):
return ''.join(diff) return ''.join(diff)
def display_changes(oldprofile, newprofile): def display_changes(oldprofile, newprofile):
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
UI_LongMessage(_('Profile Changes'), get_profile_diff(oldprofile, newprofile)) aaui.UI_LongMessage(_('Profile Changes'), get_profile_diff(oldprofile, newprofile))
else: else:
difftemp = generate_diff(oldprofile, newprofile) difftemp = generate_diff(oldprofile, newprofile)
subprocess.call('less %s' %difftemp.name, shell=True) subprocess.call('less %s' %difftemp.name, shell=True)
@ -2386,7 +2389,7 @@ def display_changes_with_comments(oldprofile, newprofile):
"""Compare the new profile with the existing profile inclusive of all the comments""" """Compare the new profile with the existing profile inclusive of all the comments"""
if not os.path.exists(oldprofile): if not os.path.exists(oldprofile):
raise AppArmorException(_("Can't find existing profile %s to compare changes.") %oldprofile) raise AppArmorException(_("Can't find existing profile %s to compare changes.") %oldprofile)
if UI_mode == 'yast': if aaui.UI_mode == 'yast':
#To-Do #To-Do
pass pass
else: else:
@ -2714,13 +2717,13 @@ def parse_profile_data(data, file, do_include):
link = strip_quotes(matches[6]) link = strip_quotes(matches[6])
value = strip_quotes(matches[7]) value = strip_quotes(matches[7])
profile_data[profile][hat][allow]['link'][link]['to'] = value profile_data[profile][hat][allow]['link'][link]['to'] = value
profile_data[profile][hat][allow]['link'][link]['mode'] = profile_data[profile][hat][allow]['link'][link].get('mode', set()) | AA_MAY_LINK profile_data[profile][hat][allow]['link'][link]['mode'] = profile_data[profile][hat][allow]['link'][link].get('mode', set()) | apparmor.aamode.AA_MAY_LINK
if subset: if subset:
profile_data[profile][hat][allow]['link'][link]['mode'] |= AA_LINK_SUBSET profile_data[profile][hat][allow]['link'][link]['mode'] |= apparmor.aamode.AA_LINK_SUBSET
if audit: if audit:
profile_data[profile][hat][allow]['link'][link]['audit'] = profile_data[profile][hat][allow]['link'][link].get('audit', set()) | AA_LINK_SUBSET profile_data[profile][hat][allow]['link'][link]['audit'] = profile_data[profile][hat][allow]['link'][link].get('audit', set()) | apparmor.aamode.AA_LINK_SUBSET
else: else:
profile_data[profile][hat][allow]['link'][link]['audit'] = set() profile_data[profile][hat][allow]['link'][link]['audit'] = set()
@ -3172,7 +3175,7 @@ def write_link_rules(prof_data, depth, allow):
for path in sorted(prof_data[allow]['link'].keys()): for path in sorted(prof_data[allow]['link'].keys()):
to_name = prof_data[allow]['link'][path]['to'] to_name = prof_data[allow]['link'][path]['to']
subset = '' subset = ''
if prof_data[allow]['link'][path]['mode'] & AA_LINK_SUBSET: if prof_data[allow]['link'][path]['mode'] & apparmor.aamode.AA_LINK_SUBSET:
subset = 'subset' subset = 'subset'
audit = '' audit = ''
if prof_data[allow]['link'][path].get('audit', False): if prof_data[allow]['link'][path].get('audit', False):
@ -3577,11 +3580,11 @@ def serialize_profile_from_old_profile(profile_data, name, options):
value = strip_quotes(matches[7]) value = strip_quotes(matches[7])
if not write_prof_data[hat][allow]['link'][link]['to'] == value: if not write_prof_data[hat][allow]['link'][link]['to'] == value:
correct = False correct = False
if not write_prof_data[hat][allow]['link'][link]['mode'] & AA_MAY_LINK: if not write_prof_data[hat][allow]['link'][link]['mode'] & apparmor.aamode.AA_MAY_LINK:
correct = False correct = False
if subset and not write_prof_data[hat][allow]['link'][link]['mode'] & AA_LINK_SUBSET: if subset and not write_prof_data[hat][allow]['link'][link]['mode'] & apparmor.aamode.AA_LINK_SUBSET:
correct = False correct = False
if audit and not write_prof_data[hat][allow]['link'][link]['audit'] & AA_LINK_SUBSET: if audit and not write_prof_data[hat][allow]['link'][link]['audit'] & apparmor.aamode.AA_LINK_SUBSET:
correct = False correct = False
if correct: if correct:
@ -3891,7 +3894,7 @@ def serialize_profile_from_old_profile(profile_data, name, options):
return string+'\n' return string+'\n'
def write_profile_ui_feedback(profile): def write_profile_ui_feedback(profile):
UI_Info(_('Writing updated profile for %s.') %profile) aaui.UI_Info(_('Writing updated profile for %s.') %profile)
write_profile(profile) write_profile(profile)
def write_profile(profile): def write_profile(profile):
@ -3937,19 +3940,19 @@ def profile_known_exec(profile, typ, exec_target):
m = [] m = []
cm, am, m = rematchfrag(profile, 'deny', exec_target) cm, am, m = rematchfrag(profile, 'deny', exec_target)
if cm & AA_MAY_EXEC: if cm & apparmor.aamode.AA_MAY_EXEC:
return -1 return -1
cm, am, m = match_prof_incs_to_path(profile, 'deny', exec_target) cm, am, m = match_prof_incs_to_path(profile, 'deny', exec_target)
if cm & AA_MAY_EXEC: if cm & apparmor.aamode.AA_MAY_EXEC:
return -1 return -1
cm, am, m = rematchfrag(profile, 'allow', exec_target) cm, am, m = rematchfrag(profile, 'allow', exec_target)
if cm & AA_MAY_EXEC: if cm & apparmor.aamode.AA_MAY_EXEC:
return 1 return 1
cm, am, m = match_prof_incs_to_path(profile, 'allow', exec_target) cm, am, m = match_prof_incs_to_path(profile, 'allow', exec_target)
if cm & AA_MAY_EXEC: if cm & apparmor.aamode.AA_MAY_EXEC:
return 1 return 1
return 0 return 0

4
apparmor/logparser.py
View file

@ -17,11 +17,11 @@ import re
import sys import sys
import time import time
import LibAppArmor import LibAppArmor
from apparmor.common import (AppArmorException, error, debug, msg, from apparmor.common import (AppArmorException, error, debug,
open_file_read, valid_path, TRANSLATION_DOMAIN, open_file_read, valid_path, TRANSLATION_DOMAIN,
hasher, open_file_write, convert_regexp, DebugLogger) hasher, open_file_write, convert_regexp, DebugLogger)
from apparmor.aamode import * from apparmor.aamode import validate_log_mode, log_str_to_mode, hide_log_mode, AA_MAY_EXEC
# setup module translations # setup module translations
t = gettext.translation(TRANSLATION_DOMAIN, fallback=True) t = gettext.translation(TRANSLATION_DOMAIN, fallback=True)

3
apparmor/ui.py
View file

@ -13,11 +13,10 @@
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
import gettext import gettext
import sys import sys
import os
import re import re
from apparmor.yasti import yastLog, SendDataToYast, GetDataFromYast from apparmor.yasti import yastLog, SendDataToYast, GetDataFromYast
from apparmor.common import readkey, AppArmorException, DebugLogger, msg, TRANSLATION_DOMAIN from apparmor.common import readkey, AppArmorException, DebugLogger, TRANSLATION_DOMAIN
# setup module translations # setup module translations
t = gettext.translation(TRANSLATION_DOMAIN, fallback=True) t = gettext.translation(TRANSLATION_DOMAIN, fallback=True)