mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

parse_profile_data(): return merged profile names

Browse source 
... instead of the old [profile][hat] structure.

This needs changes in read_profile() (now using the merged profile name)
and attach_profile_data() (using merged_to_split() for now).

Also adjust test-aa.py to expect the merged structure.
This commit is contained in:
Christian Boltz 2021-04-04 00:45:14 +02:00
parent d3816b5bcf
commit 338a7774f1
Failed to generate hash of commit
2 changed files with 31 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
utils/apparmor/aa.py
View file

@ -579,8 +579,8 @@ def autodep(bin_name, pname=''):
file = get_profile_filename_from_profile_name(pname, True)
profile_data[pname][pname]['filename'] = file # change filename from extra_profile_dir to /etc/apparmor.d/
attach_profile_data(aa, profile_data)
attach_profile_data(original_aa, profile_data)
attach_profile_data(aa, split_to_merged(profile_data))
attach_profile_data(original_aa, split_to_merged(profile_data))
attachment = profile_data[pname][pname]['attachment']
if not attachment and pname.startswith('/'):
@ -1729,9 +1729,12 @@ def read_profile(file, active_profile):
attach_profile_data(aa, profile_data)
attach_profile_data(original_aa, profile_data)
for profile in profile_data: # TODO: also honor hats
attachment = profile_data[profile][profile]['attachment']
filename = profile_data[profile][profile]['filename']
for profile in profile_data:
if '//' in profile:
continue # TODO: handle hats/child profiles independent of main profiles
attachment = profile_data[profile]['attachment']
filename = profile_data[profile]['filename']
if not attachment and profile.startswith('/'):
active_profiles.add_profile(filename, profile, profile) # use profile as name and attachment
@ -1741,9 +1744,12 @@ def read_profile(file, active_profile):
elif profile_data:
attach_profile_data(extras, profile_data)
for profile in profile_data: # TODO: also honor hats
attachment = profile_data[profile][profile]['attachment']
filename = profile_data[profile][profile]['filename']
for profile in profile_data:
if '//' in profile:
continue # TODO: handle hats/child profiles independent of main profiles
attachment = profile_data[profile]['attachment']
filename = profile_data[profile]['filename']
if not attachment and profile.startswith('/'):
extra_profiles.add_profile(filename, profile, profile) # use profile as name and attachment
@ -1751,6 +1757,7 @@ def read_profile(file, active_profile):
extra_profiles.add_profile(filename, profile, attachment)
def attach_profile_data(profiles, profile_data):
profile_data = merged_to_split(profile_data)
# Make deep copy of data to avoid changes to
# arising due to mutables
for p in profile_data.keys():
@ -2066,7 +2073,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
if profile and not do_include:
raise AppArmorException(_("Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside profile %(profile)s") % { 'file': file, 'profile': profile })
return merged_to_split(profile_data)
return profile_data
def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
''' handle all lines handled by *Rule classes '''

34
utils/test/test-aa.py
View file

@ -524,10 +524,9 @@ class AaTest_parse_profile_data(AATest):
prof = parse_profile_data('/foo {\n}\n'.split(), 'somefile', False, False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
self.assertEqual(prof['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['flags'], None)
def test_parse_duplicate_profile(self):
with self.assertRaises(AppArmorException):
@ -548,32 +547,29 @@ class AaTest_parse_profile_data(AATest):
prof = parse_profile_data('/foo xattrs=(user.bar=bar) {\n}\n'.split(), 'somefile', False, False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar')
self.assertEqual(prof['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['flags'], None)
self.assertEqual(prof['/foo']['xattrs'], 'user.bar=bar')
def test_parse_xattrs_02(self):
prof = parse_profile_data('/foo xattrs=(user.bar=bar user.foo=*) {\n}\n'.split(), 'somefile', False, False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar user.foo=*')
self.assertEqual(prof['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['flags'], None)
self.assertEqual(prof['/foo']['xattrs'], 'user.bar=bar user.foo=*')
def test_parse_xattrs_03(self):
d = '/foo xattrs=(user.bar=bar) flags=(complain) {\n}\n'
prof = parse_profile_data(d.split(), 'somefile', False, False)
self.assertEqual(list(prof.keys()), ['/foo'])
self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], 'complain')
self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar')
self.assertEqual(prof['/foo']['name'], '/foo')
self.assertEqual(prof['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['flags'], 'complain')
self.assertEqual(prof['/foo']['xattrs'], 'user.bar=bar')
def test_parse_xattrs_04(self):
with self.assertRaises(AppArmorException):