mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

add a split_name() function to split a profile name

Browse source 
... into profile and hat.

Also change several places to use split_name().
This commit is contained in:
Christian Boltz 2019-05-04 20:49:27 +02:00
parent 305b378bfd
commit 48cc1b2837
Failed to generate hash of commit
5 changed files with 29 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
utils/apparmor/aa.py
View file

@ -33,7 +33,7 @@ from copy import deepcopy
from apparmor.aare import AARE from apparmor.aare import AARE
from apparmor.common import (AppArmorException, AppArmorBug, open_file_read, valid_path, hasher, from apparmor.common import (AppArmorException, AppArmorBug, open_file_read, valid_path, hasher,
open_file_write, DebugLogger) split_name, open_file_write, DebugLogger)
import apparmor.ui as aaui import apparmor.ui as aaui
@ -891,12 +891,8 @@ def handle_hashlog(hashlog):
# TODO: translate null-* to the profile name after deciding about exec mode (currently, events get lost/ignored at the exec boundary) # TODO: translate null-* to the profile name after deciding about exec mode (currently, events get lost/ignored at the exec boundary)
for aamode in hashlog.keys(): for aamode in hashlog.keys():
for full_profile in hashlog[aamode].keys(): for full_profile in hashlog[aamode].keys():
if '//' in full_profile: profile, hat = split_name(full_profile) # XXX limited to two levels to avoid an Exception on nested child profiles or nested null-*
profile, hat = full_profile.split('//')[:2] # XXX limit to two levels to avoid an Exception on nested child profiles or nested null-* # TODO: support nested child profiles
# TODO: support nested child profiles
else:
profile = full_profile
hat = full_profile
for typ in hashlog[aamode][full_profile].keys(): for typ in hashlog[aamode][full_profile].keys():
prelog[aamode][profile][hat][typ] = hashlog[aamode][full_profile][typ] prelog[aamode][profile][hat][typ] = hashlog[aamode][full_profile][typ]

10
utils/apparmor/common.py
View file

@ -259,6 +259,16 @@ def type_is_str(var):
else: else:
return False return False
def split_name(full_profile):
if '//' in full_profile:
profile, hat = full_profile.split('//')[:2] # XXX limit to two levels to avoid an Exception on nested child profiles or nested null-*
# TODO: support nested child profiles
else:
profile = full_profile
hat = full_profile
return (profile, hat)
class DebugLogger(object): class DebugLogger(object):
'''Unified debug facility. Logs to file or stderr. '''Unified debug facility. Logs to file or stderr.

7
utils/apparmor/logparser.py
View file

@ -17,7 +17,7 @@ import re
import sys import sys
import time import time
import LibAppArmor import LibAppArmor
from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, DebugLogger from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, split_name, DebugLogger
# setup module translations # setup module translations
from apparmor.translations import init_translation from apparmor.translations import init_translation
@ -182,10 +182,7 @@ class ReadLog:
if '//null-' in e['profile']: if '//null-' in e['profile']:
e['profile'] = 'null-complain-profile' e['profile'] = 'null-complain-profile'
profile = e['profile'] profile, hat = split_name(e['profile'])
if '//' in e['profile']:
profile, hat = e['profile'].split('//')[:2]
if profile != 'null-complain-profile' and not self.profile_exists(profile): if profile != 'null-complain-profile' and not self.profile_exists(profile):
return None return None

13
utils/test/test-common.py
View file

@ -12,7 +12,7 @@
import unittest import unittest
from common_test import AATest, setup_all_loops from common_test import AATest, setup_all_loops
from apparmor.common import type_is_str from apparmor.common import type_is_str, split_name
class TestIs_str_type(AATest): class TestIs_str_type(AATest):
tests = [ tests = [
@ -26,6 +26,17 @@ class TestIs_str_type(AATest):
def _run_test(self, params, expected): def _run_test(self, params, expected):
self.assertEqual(type_is_str(params), expected) self.assertEqual(type_is_str(params), expected)
class AaTest_split_name(AATest):
tests = [
# log event path and perms expected proposals
('foo', ('foo', 'foo')),
('foo//bar', ('foo', 'bar')),
('foo//bar//baz', ('foo', 'bar')), # XXX nested child profiles get cut off
]
def _run_test(self, params, expected):
self.assertEqual(split_name(params), expected)
setup_all_loops(__name__) setup_all_loops(__name__)
if __name__ == '__main__': if __name__ == '__main__':

7
utils/test/test-libapparmor-test_multi.py
View file

@ -14,7 +14,7 @@ from common_test import AATest, setup_all_loops, setup_aa, read_file
import os import os
import sys import sys
from apparmor.common import open_file_read from apparmor.common import open_file_read, split_name
import apparmor.aa import apparmor.aa
from apparmor.logparser import ReadLog from apparmor.logparser import ReadLog
@ -224,10 +224,7 @@ def logfile_to_profile(logfile):
apparmor.aa.aa = apparmor.aa.hasher() apparmor.aa.aa = apparmor.aa.hasher()
apparmor.aa.prelog = apparmor.aa.hasher() apparmor.aa.prelog = apparmor.aa.hasher()
profile = parsed_event['profile'] profile, hat = split_name(parsed_event['profile'])
hat = profile
if '//' in profile:
profile, hat = profile.split('//')
apparmor.aa.active_profiles = ProfileList() apparmor.aa.active_profiles = ProfileList()