mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

ProfileStorage: store correct name

Browse source 
Instead of always storing the name of the main profile, store the child
profile/hat name if we are in a child profile or hat.

As a result, we always get the correct "profile xy" header even for
child profiles when dumping the ProfileStorage object.

Also extend the tests to check that the name gets stored correctly.

(cherry picked from commit cb943e4efc)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Christian Boltz 2024-10-06 14:34:55 +02:00 committed by John Johansen
parent 6637262181
commit 564e5748bc
2 changed files with 20 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
utils/apparmor/profile_storage.py
View file

@ -222,10 +222,12 @@ class ProfileStorage:
% {'profile': profile, 'file': file, 'line': lineno + 1})
hat = matches['profile']
prof_or_hat_name = hat
pps_set_hat_external = False
else: # stand-alone profile
profile = matches['profile']
prof_or_hat_name = profile
if len(profile.split('//')) > 2:
raise AppArmorException(
"Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet."
@ -239,7 +241,7 @@ class ProfileStorage:
prof_storage = cls(profile, hat, cls.__name__ + '.parse()')
prof_storage['name'] = profile
prof_storage['name'] = prof_or_hat_name
prof_storage['filename'] = file
prof_storage['external'] = pps_set_hat_external
prof_storage['flags'] = matches['flags']

33
utils/test/test-profile-storage.py
View file

@ -141,28 +141,29 @@ class AaTest_repr(AATest):
class AaTest_parse_profile_start(AATest):
tests = (
# profile start line profile hat profile hat attachment xattrs flags pps_set_hat_external
(('/foo {', None, None), ('/foo', '/foo', '', '', None, False)),
(('/foo (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)),
(('profile foo /foo {', None, None), ('foo', 'foo', '/foo', '', None, False)), # named profile
(('profile /foo {', '/bar', None), ('/bar', '/foo', '', '', None, False)), # child profile
(('/foo//bar {', None, None), ('/foo', 'bar', '', '', None, True)), # external hat
(('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)),
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '', 'user.bar=bar', None, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)),
# profile start line profile hat name profile hat attachment xattrs flags pps_set_hat_external
(('/foo {', None, None), ('/foo', '/foo', '/foo', '', '', None, False)),
(('/foo (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
(('profile foo /foo {', None, None), ('foo', 'foo', 'foo', '/foo', '', None, False)), # named profile
(('profile /foo {', '/bar', None), ('/foo', '/bar', '/foo', '', '', None, False)), # child profile
(('/foo//bar {', None, None), ('/foo//bar', '/foo', 'bar', '', '', None, True)), # external hat
(('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar', None, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)),
)
def _run_test(self, params, expected):
(profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
self.assertEqual(profile, expected[0])
self.assertEqual(hat, expected[1])
self.assertEqual(prof_storage['attachment'], expected[2])
self.assertEqual(prof_storage['xattrs'], expected[3])
self.assertEqual(prof_storage['flags'], expected[4])
self.assertEqual(prof_storage['name'], expected[0])
self.assertEqual(profile, expected[1])
self.assertEqual(hat, expected[2])
self.assertEqual(prof_storage['attachment'], expected[3])
self.assertEqual(prof_storage['xattrs'], expected[4])
self.assertEqual(prof_storage['flags'], expected[5])
self.assertEqual(prof_storage['is_hat'], False)
self.assertEqual(prof_storage['external'], expected[5])
self.assertEqual(prof_storage['external'], expected[6])
class AaTest_parse_profile_start_errors(AATest):