From db7983aee561c0570604eadf10fd98148e8ebf22 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Jun 2018 21:39:47 +0200 Subject: [PATCH 1/5] simplify setting serialize_options --- utils/apparmor/aa.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index faa22deca..9bb1b8537 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -732,7 +732,6 @@ def sync_profile(): repo_profiles = [] changed_profiles = [] new_profiles = [] - serialize_opts = dict() status_ok, ret = fetch_profiles_by_user(cfg['repository']['url'], cfg['repository']['distro'], user) if not status_ok: @@ -741,7 +740,7 @@ def sync_profile(): aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository:\n%s\n') % ret) else: users_repo_profiles = ret - serialize_opts['NO_FLAGS'] = True + serialize_opts = {'NO_FLAGS': True} for prof in sorted(aa.keys()): if is_repo_profile([aa[prof][prof]]): repo_profiles.append(prof) @@ -1892,8 +1891,7 @@ def save_profiles(): else: oldprofile = get_profile_filename(which) - serialize_options = {} - serialize_options['METADATA'] = True + serialize_options = {'METADATA': True} newprofile = serialize_profile(aa[which], which, serialize_options) aaui.UI_Changes(oldprofile, newprofile, comments=True) @@ -2737,8 +2735,7 @@ def write_profile(profile): #os.chmod(newprof.name, permission_600) pass - serialize_options = {} - serialize_options['METADATA'] = True + serialize_options = {'METADATA': True} profile_string = serialize_profile(aa[profile], profile, serialize_options) newprof.write(profile_string) From 7e42135010264570fb2e6e075bdef244ceb57b0e Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Jun 2018 21:42:29 +0200 Subject: [PATCH 2/5] fix serialize_profile() calls to always use a dict for options --- utils/aa-mergeprof | 4 ++-- utils/apparmor/aa.py | 6 +++--- utils/apparmor/tools.py | 4 ++-- utils/test/test-libapparmor-test_multi.py | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof index d5700dbd2..8988e1956 100755 --- a/utils/aa-mergeprof +++ b/utils/aa-mergeprof @@ -126,8 +126,8 @@ def act(files, merging_profile): elif ans == 'CMD_VIEW_CHANGES': for program in programs: apparmor.aa.original_aa[program] = apparmor.aa.deepcopy(apparmor.aa.aa[program]) - #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '') - newprofile = apparmor.aa.serialize_profile(mergeprofiles.user.aa[program], program, '') + #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, {}) + newprofile = apparmor.aa.serialize_profile(mergeprofiles.user.aa[program], program, {}) aaui.UI_Changes(mergeprofiles.user.filename, newprofile, comments=True) elif ans == 'CMD_IGNORE_ENTRY': break diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 9bb1b8537..8cca7a675 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -501,7 +501,7 @@ def get_profile(prof_name): inactive_profile[prof_name][prof_name].pop('filename') profile_hash[uname]['username'] = uname profile_hash[uname]['profile_type'] = 'INACTIVE_LOCAL' - profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name, None) + profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name, {}) profile_hash[uname]['profile_data'] = inactive_profile existing_profiles.pop(prof_name) # remove profile filename from list to force storing in /etc/apparmor.d/ instead of extra_profile_dir @@ -1897,8 +1897,8 @@ def save_profiles(): aaui.UI_Changes(oldprofile, newprofile, comments=True) elif ans == 'CMD_VIEW_CHANGES_CLEAN': - oldprofile = serialize_profile(original_aa[which], which, '') - newprofile = serialize_profile(aa[which], which, '') + oldprofile = serialize_profile(original_aa[which], which, {}) + newprofile = serialize_profile(aa[which], which, {}) aaui.UI_Changes(oldprofile, newprofile) diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py index 6123b9995..c812158dc 100644 --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -223,8 +223,8 @@ class aa_tools: apparmor.write_profile_ui_feedback(program) self.reload_profile(filename) elif ans == 'CMD_VIEW_CHANGES': - #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '') - newprofile = apparmor.serialize_profile(apparmor.aa[program], program, '') + #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, {}) + newprofile = apparmor.serialize_profile(apparmor.aa[program], program, {}) aaui.UI_Changes(filename, newprofile, comments=True) else: apparmor.write_profile_ui_feedback(program) diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py index a5bf5882c..642d874b9 100644 --- a/utils/test/test-libapparmor-test_multi.py +++ b/utils/test/test-libapparmor-test_multi.py @@ -260,7 +260,7 @@ def logfile_to_profile(logfile): apparmor.aa.filelist = apparmor.aa.hasher() apparmor.aa.filelist[profile_dummy_file]['profiles'][profile] = True - new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile], profile, None) + new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile], profile, {}) return profile, new_profile From 5ef95fff4ff1f770295605f4296f19f5b3e3ff18 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Jun 2018 22:43:39 +0200 Subject: [PATCH 3/5] serialize_profile(): add type check for options This makes the "if options:" check superfluous, therefore remove it and change the whitespace of the following lines --- utils/apparmor/aa.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 8cca7a675..6fb4a4629 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -2668,11 +2668,13 @@ def serialize_profile(profile_data, name, options): include_flags = True data = [] - if options: # and type(options) == dict: - if options.get('METADATA', False): - include_metadata = True - if options.get('NO_FLAGS', False): - include_flags = False + if type(options) is not dict: + raise AppArmorBug('serialize_profile(): options is not a dict: %s' % options) + + if options.get('METADATA', False): + include_metadata = True + if options.get('NO_FLAGS', False): + include_flags = False if include_metadata: string = '# Last Modified: %s\n' % time.asctime() From 9865e112f70df3db9e7b94779e90c72885c2b1ea Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Jun 2018 22:47:30 +0200 Subject: [PATCH 4/5] serialize_profile(): simplify setting include_metadata --- utils/apparmor/aa.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 6fb4a4629..8142e279c 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -2664,15 +2664,14 @@ def write_piece(profile_data, depth, name, nhat, write_flags): def serialize_profile(profile_data, name, options): string = '' - include_metadata = False include_flags = True data = [] if type(options) is not dict: raise AppArmorBug('serialize_profile(): options is not a dict: %s' % options) - if options.get('METADATA', False): - include_metadata = True + include_metadata = options.get('METADATA', False) + if options.get('NO_FLAGS', False): include_flags = False From b613860f146b328d54b9ee6d2a13bb1f6b9249cd Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 25 Jun 2018 22:52:37 +0200 Subject: [PATCH 5/5] serialize_profile: simplify setting of include_flags Note that NO_FLAGS was an inverse option, therefore - NO_FLAGS was changed to FLAGS (also in sync_profile() which is the only caller that sets FLAGS) - the default for include_flags (if FLAGS is not set) is True --- utils/apparmor/aa.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 8142e279c..ccc81ea27 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -740,7 +740,7 @@ def sync_profile(): aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository:\n%s\n') % ret) else: users_repo_profiles = ret - serialize_opts = {'NO_FLAGS': True} + serialize_opts = {'FLAGS': False} for prof in sorted(aa.keys()): if is_repo_profile([aa[prof][prof]]): repo_profiles.append(prof) @@ -2664,16 +2664,13 @@ def write_piece(profile_data, depth, name, nhat, write_flags): def serialize_profile(profile_data, name, options): string = '' - include_flags = True data = [] if type(options) is not dict: raise AppArmorBug('serialize_profile(): options is not a dict: %s' % options) include_metadata = options.get('METADATA', False) - - if options.get('NO_FLAGS', False): - include_flags = False + include_flags = options.get('FLAGS', True) if include_metadata: string = '# Last Modified: %s\n' % time.asctime()