add a split_name() function to split a profile name

... into profile and hat. Also change several places to use split_name().
2025-03-04 08:24:42 +01:00 · 2019-05-04 20:49:27 +02:00 · 2019-05-04 20:49:27 +02:00 · 48cc1b2837
commit 48cc1b2837
parent 305b378bfd
5 changed files with 29 additions and 18 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -33,7 +33,7 @@ from copy import deepcopy
 from apparmor.aare import AARE

 from apparmor.common import (AppArmorException, AppArmorBug, open_file_read, valid_path, hasher,
-                             open_file_write, DebugLogger)
+                             split_name, open_file_write, DebugLogger)

 import apparmor.ui as aaui

@ -891,12 +891,8 @@ def handle_hashlog(hashlog):
    # TODO: translate  null-*  to the profile name after deciding about exec mode (currently, events get lost/ignored at the exec boundary)
    for aamode in hashlog.keys():
        for full_profile in hashlog[aamode].keys():
-            if '//' in full_profile:
-                profile, hat = full_profile.split('//')[:2]  # XXX limit to two levels to avoid an Exception on nested child profiles or nested null-*
-                # TODO: support nested child profiles
-            else:
-                profile = full_profile
-                hat = full_profile
+            profile, hat = split_name(full_profile)  # XXX limited to two levels to avoid an Exception on nested child profiles or nested null-*
+            # TODO: support nested child profiles

            for typ in hashlog[aamode][full_profile].keys():
                prelog[aamode][profile][hat][typ] = hashlog[aamode][full_profile][typ]
--- a/utils/apparmor/common.py
+++ b/utils/apparmor/common.py
@ -259,6 +259,16 @@ def type_is_str(var):
    else:
        return False

+def split_name(full_profile):
+    if '//' in full_profile:
+        profile, hat = full_profile.split('//')[:2]  # XXX limit to two levels to avoid an Exception on nested child profiles or nested null-*
+        # TODO: support nested child profiles
+    else:
+        profile = full_profile
+        hat = full_profile
+
+    return (profile, hat)
+

 class DebugLogger(object):
    '''Unified debug facility. Logs to file or stderr.
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@ -17,7 +17,7 @@ import re
 import sys
 import time
 import LibAppArmor
-from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, DebugLogger
+from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, split_name, DebugLogger

 # setup module translations
 from apparmor.translations import init_translation
@ -182,10 +182,7 @@ class ReadLog:
        if '//null-' in e['profile']:
            e['profile'] = 'null-complain-profile'

-        profile = e['profile']
-
-        if '//' in e['profile']:
-            profile, hat = e['profile'].split('//')[:2]
+        profile, hat = split_name(e['profile'])

        if profile != 'null-complain-profile' and not self.profile_exists(profile):
            return None
--- a/utils/test/test-common.py
+++ b/utils/test/test-common.py
@ -12,7 +12,7 @@
 import unittest
 from common_test import AATest, setup_all_loops

-from apparmor.common import type_is_str
+from apparmor.common import type_is_str, split_name

 class TestIs_str_type(AATest):
    tests = [
@ -26,6 +26,17 @@ class TestIs_str_type(AATest):
    def _run_test(self, params, expected):
        self.assertEqual(type_is_str(params), expected)

+class AaTest_split_name(AATest):
+    tests = [
+        # log event path       and perms    expected proposals
+        ('foo',                             ('foo',             'foo')),
+        ('foo//bar',                        ('foo',             'bar')),
+        ('foo//bar//baz',                   ('foo',             'bar')),  # XXX nested child profiles get cut off
+    ]
+
+    def _run_test(self, params, expected):
+        self.assertEqual(split_name(params), expected)
+

 setup_all_loops(__name__)
 if __name__ == '__main__':
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@ -14,7 +14,7 @@ from common_test import AATest, setup_all_loops, setup_aa, read_file

 import os
 import sys
-from apparmor.common import open_file_read
+from apparmor.common import open_file_read, split_name

 import apparmor.aa
 from apparmor.logparser import ReadLog
@ -224,10 +224,7 @@ def logfile_to_profile(logfile):
    apparmor.aa.aa = apparmor.aa.hasher()
    apparmor.aa.prelog = apparmor.aa.hasher()

-    profile = parsed_event['profile']
-    hat = profile
-    if '//' in profile:
-        profile, hat = profile.split('//')
+    profile, hat = split_name(parsed_event['profile'])

    apparmor.aa.active_profiles = ProfileList()