utils: address pep8 complaints

This patch eliminates the complaints from running:

  pep8 --ignore=E501 aa-easyprof vim/

(E501 is 'line too long', which I'm not too chuffed about.)

Mostly, it's a lot of whitespace touchups, with a few conversions from
'==' to 'is'.

Commit includes applied feedback from cboltz.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>

utils/aa-easyprof

@@ -55,11 +55,10 @@ if __name__ == "__main__":
             files = [os.path.join(easyp.dirs['policygroups'], g)]
             apparmor.easyprof.print_files(files)
         sys.exit(0)
-    elif binary == None:
+    elif binary is None:
         error("Must specify full path to binary\n%s" % m)
 
     # if we made it here, generate a profile
     params = apparmor.easyprof.gen_policy_params(binary, opt)
     p = easyp.gen_policy(**params)
     sys.stdout.write('%s\n' % p)
-

utils/vim/create-apparmor.vim.py

@@ -15,7 +15,7 @@ import subprocess
 import sys
 
 # dangerous capabilities
-danger_caps=["audit_control",
+danger_caps = ["audit_control",
                "audit_write",
                "mac_override",
                "mac_admin",
@@ -24,7 +24,8 @@ danger_caps=["audit_control",
                "sys_module",
                "sys_rawio"]
 
-def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
+
+def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, stdin=None, timeout=None):
     '''Try to execute given command (array) and return its stdout, or
     return a textual error if it failed.'''
 
@@ -36,12 +37,12 @@ def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.P
     out, outerr = sp.communicate(input)
 
     # Handle redirection of stdout
-    if out == None:
+    if out is None:
         out = ''
     # Handle redirection of stderr
-    if outerr == None:
+    if outerr is None:
         outerr = ''
-    return [sp.returncode,out+outerr]
+    return [sp.returncode, out + outerr]
 
 # get capabilities list
 (rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
@@ -50,7 +51,7 @@ if rc != 0:
     exit(rc)
 
 capabilities = re.sub('CAP_', '', output.strip()).lower().split(" ")
-benign_caps =[]
+benign_caps = []
 for cap in capabilities:
     if cap not in danger_caps:
         benign_caps.append(cap)
@@ -73,9 +74,9 @@ for af_pair in af_pairs:
 # but not in aa_flags...
 # -> currently (2011-01-11) not, but might come back
 
-aa_network_types=r'\s+tcp|\s+udp|\s+icmp'
+aa_network_types = r'\s+tcp|\s+udp|\s+icmp'
 
-aa_flags=['complain',
+aa_flags = ['complain',
             'audit',
             'attach_disconnect',
             'no_attach_disconnected',
@@ -84,7 +85,7 @@ aa_flags=['complain',
             'chroot_relative',
             'namespace_relative']
 
-filename=r'(\/|\@\{\S*\})\S*'
+filename = r'(\/|\@\{\S*\})\S*'
 
 aa_regex_map = {
     'FILENAME':         filename,
@@ -104,6 +105,7 @@ aa_regex_map = {
     'flags':            r'((flags\s*\=\s*)?\(\s*(' + '|'.join(aa_flags) + r')(\s*,\s*(' + '|'.join(aa_flags) + r'))*\s*\)\s+)',
 }
 
+
 def my_repl(matchobj):
     matchobj.group(1)
     if matchobj.group(1) in aa_regex_map:
@@ -112,7 +114,7 @@ def my_repl(matchobj):
     return matchobj.group(0)
 
 
-def create_file_rule (highlighting, permissions, comment, denyrule = 0):
+def create_file_rule(highlighting, permissions, comment, denyrule=0):
 
     if denyrule == 0:
         keywords = '@@auditdenyowner@@'
@@ -137,23 +139,23 @@ def create_file_rule (highlighting, permissions, comment, denyrule = 0):
 
 
 filerule = ''
-filerule = filerule + create_file_rule ( 'sdEntryWriteExec ', r'(l|r|w|a|m|k|[iuUpPcC]x)+@@TRANSITION@@', 'write + exec/mmap - danger! (known bug: accepts aw to keep things simple)' )
-filerule = filerule + create_file_rule ( 'sdEntryUX',  r'(r|m|k|ux|pux)+@@TRANSITION@@',  'ux(mr) - unconstrained entry, flag the line red. also includes pux which is unconstrained if no profile exists' )
-filerule = filerule + create_file_rule ( 'sdEntryUXe', r'(r|m|k|Ux|PUx)+@@TRANSITION@@',  'Ux(mr) and PUx(mr) - like ux + clean environment' )
-filerule = filerule + create_file_rule ( 'sdEntryPX',  r'(r|m|k|px|cx|pix|cix)+@@TRANSITION@@',  'px/cx/pix/cix(mrk) - standard exec entry, flag the line blue' )
-filerule = filerule + create_file_rule ( 'sdEntryPXe', r'(r|m|k|Px|Cx|Pix|Cix)+@@TRANSITION@@', 'Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment' )
-filerule = filerule + create_file_rule ( 'sdEntryIX',  r'(r|m|k|ix)+',  'ix(mr) - standard exec entry, flag the line green' )
-filerule = filerule + create_file_rule ( 'sdEntryM',   r'(r|m|k)+',  'mr - mmap with PROT_EXEC' )
+filerule = filerule + create_file_rule('sdEntryWriteExec ', r'(l|r|w|a|m|k|[iuUpPcC]x)+@@TRANSITION@@', 'write + exec/mmap - danger! (known bug: accepts aw to keep things simple)')
+filerule = filerule + create_file_rule('sdEntryUX',  r'(r|m|k|ux|pux)+@@TRANSITION@@',  'ux(mr) - unconstrained entry, flag the line red. also includes pux which is unconstrained if no profile exists')
+filerule = filerule + create_file_rule('sdEntryUXe', r'(r|m|k|Ux|PUx)+@@TRANSITION@@',  'Ux(mr) and PUx(mr) - like ux + clean environment')
+filerule = filerule + create_file_rule('sdEntryPX',  r'(r|m|k|px|cx|pix|cix)+@@TRANSITION@@',  'px/cx/pix/cix(mrk) - standard exec entry, flag the line blue')
+filerule = filerule + create_file_rule('sdEntryPXe', r'(r|m|k|Px|Cx|Pix|Cix)+@@TRANSITION@@', 'Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment')
+filerule = filerule + create_file_rule('sdEntryIX',  r'(r|m|k|ix)+',  'ix(mr) - standard exec entry, flag the line green')
+filerule = filerule + create_file_rule('sdEntryM',   r'(r|m|k)+',  'mr - mmap with PROT_EXEC')
 
-filerule = filerule + create_file_rule ( 'sdEntryM',   r'(r|m|k|x)+',  'special case: deny x is allowed (does not need to be ix, px, ux or cx)', 1)
+filerule = filerule + create_file_rule('sdEntryM',   r'(r|m|k|x)+',  'special case: deny x is allowed (does not need to be ix, px, ux or cx)', 1)
 #syn match  sdEntryM /@@DENYFILE@@(r|m|k|x)+@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
 
 
-filerule = filerule + create_file_rule ( 'sdError',    r'\S*(w\S*a|a\S*w)\S*',  'write + append is an error' )
-filerule = filerule + create_file_rule ( 'sdEntryW',   r'(l|r|w|k)+',  'write entry, flag the line yellow' )
-filerule = filerule + create_file_rule ( 'sdEntryW',   r'(l|r|a|k)+',  'append entry, flag the line yellow' )
-filerule = filerule + create_file_rule ( 'sdEntryK',   r'[rlk]+',  'read entry + locking, currently no highlighting' )
-filerule = filerule + create_file_rule ( 'sdEntryR',   r'[rl]+',  'read entry, no highlighting' )
+filerule = filerule + create_file_rule('sdError',    r'\S*(w\S*a|a\S*w)\S*',  'write + append is an error')
+filerule = filerule + create_file_rule('sdEntryW',   r'(l|r|w|k)+',  'write entry, flag the line yellow')
+filerule = filerule + create_file_rule('sdEntryW',   r'(l|r|a|k)+',  'append entry, flag the line yellow')
+filerule = filerule + create_file_rule('sdEntryK',   r'[rlk]+',  'read entry + locking, currently no highlighting')
+filerule = filerule + create_file_rule('sdEntryR',   r'[rl]+',  'read entry, no highlighting')
 
 # " special case: deny x is allowed (doesn't need to be ix, px, ux or cx)
 # syn match  sdEntryM /@@DENYFILE@@(r|m|k|x)+@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
@@ -174,5 +176,4 @@ with open("apparmor.vim.in") as template:
 sys.stdout.write("\n\n\n\n")
 
 sys.stdout.write('" file rules added with create_file_rule()\n')
-sys.stdout.write(re.sub(regex, my_repl, filerule)+'\n')
-
+sys.stdout.write(re.sub(regex, my_repl, filerule) + '\n')