mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'cboltz-utils-cleanup' into 'master'

Browse source 
cleanup get_profile()

See merge request apparmor/apparmor!513

Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Christian Boltz 2020-05-06 22:42:48 +00:00
commit 7b8f7d645e
1 changed files with 21 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
utils/apparmor/aa.py
View file

@ -437,11 +437,6 @@ def get_interpreter_and_abstraction(exec_target):
return interpreter_path, abstraction return interpreter_path, abstraction
def get_inactive_profile(local_profile):
if extras.get(local_profile, False):
return {local_profile: extras[local_profile]}
return dict()
def create_new_profile(localfile, is_stub=False): def create_new_profile(localfile, is_stub=False):
local_profile = hasher() local_profile = hasher()
local_profile[localfile] = ProfileStorage('NEW', localfile, 'create_new_profile()') local_profile[localfile] = ProfileStorage('NEW', localfile, 'create_new_profile()')
@ -497,25 +492,25 @@ def confirm_and_abort():
sys.exit(0) sys.exit(0)
def get_profile(prof_name): def get_profile(prof_name):
profile_data = None '''search for inactive/extra profile, and ask if it should be used'''
# local_profiles = []
profile_hash = hasher() if not extras.get(prof_name, False):
inactive_profile = get_inactive_profile(prof_name) return None # no inactive profile found
if inactive_profile:
uname = 'Inactive local profile for %s' % prof_name # TODO: search based on the attachment, not (only?) based on the profile name
# (Note: in theory, multiple inactive profiles (with different profile names) could exist for a binary.)
inactive_profile = {prof_name: extras[prof_name]}
inactive_profile[prof_name][prof_name]['flags'] = 'complain' inactive_profile[prof_name][prof_name]['flags'] = 'complain'
orig_filename = inactive_profile[prof_name][prof_name]['filename'] # needed for CMD_VIEW_PROFILE orig_filename = inactive_profile[prof_name][prof_name]['filename'] # needed for CMD_VIEW_PROFILE
inactive_profile[prof_name][prof_name]['filename'] = '' inactive_profile[prof_name][prof_name]['filename'] = ''
profile_hash[uname]['profile_type'] = 'INACTIVE_LOCAL'
profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name, {})
profile_hash[uname]['profile_data'] = inactive_profile
# no longer necessary after splitting active and extra profiles uname = 'Inactive local profile for %s' % prof_name
# existing_profiles.pop(prof_name) # remove profile filename from list to force storing in /etc/apparmor.d/ instead of extra_profile_dir profile_hash = {
uname: {
# If no inactive profiles 'profile': serialize_profile(inactive_profile[prof_name], prof_name, {}),
if not profile_hash.keys(): 'profile_data': inactive_profile,
return None }
}
options = [uname] options = [uname]
@ -535,10 +530,10 @@ def get_profile(prof_name):
pager = get_pager() pager = get_pager()
subprocess.call([pager, orig_filename]) subprocess.call([pager, orig_filename])
elif ans == 'CMD_USE_PROFILE': elif ans == 'CMD_USE_PROFILE':
if p['profile_type'] == 'INACTIVE_LOCAL':
profile_data = p['profile_data']
created.append(prof_name) created.append(prof_name)
return profile_data return p['profile_data']
return None # CMD_CREATE_PROFILE chosen
def autodep(bin_name, pname=''): def autodep(bin_name, pname=''):
bin_full = None bin_full = None