[patch] extend and partially rewrite write_header()

- add support for prof_data['header_comment'] (comment after '{')
  and prof_data['profile_keyword'] (to force the 'profile' keyword, even
  if it isn't needed) to write_header().
  (set_profile_flags() will be the only user of these two for now)

- fix a crash if depth is not an integer - for example,
      len('   ')/2   # 3 spaces = 1.5
  would cause a crash.
  Also add a test for 1.5 and 1.3 spaces.

- rewrite the handling of flags to avoid we have to maintain two
  different template lines.

- update the tests to set 'profile_keyword' and 'header_comment' to None.
  This avoids big changes in the test code. I'll send another patch that
  makes sure profile_keyword and header_comment are tested ;-)


Acked-by: Steve Beattie <steve@nxnw.org>

utils/apparmor/aa.py

@@ -105,7 +105,8 @@ transitions = hasher()
 # a) rules (as dict): alias, change_profile, include, lvar, rlimit
 # b) rules (as hasher): allow, deny
 # c) one for each rule class
-# d) other: declared, external, flags, name, profile
+# d) other: declared, external, flags, name, profile, attachment,
+#           profile_keyword, header_comment (these two are currently only set by set_profile_flags())
 aa = hasher()  # Profiles originally in sd, replace by aa
 original_aa = hasher()
 extras = hasher()  # Inactive profiles from extras
@@ -3284,7 +3285,7 @@ def escape(escape):
     return escape
 
 def write_header(prof_data, depth, name, embedded_hat, write_flags):
-    pre = '  ' * depth
+    pre = ' ' * int(depth * 2)
     data = []
     unquoted_name = name
     name = quote_if_needed(name)
@@ -3293,13 +3294,18 @@ def write_header(prof_data, depth, name, embedded_hat, write_flags):
     if prof_data['attachment']:
         attachment = ' %s' % quote_if_needed(prof_data['attachment'])
 
-    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
+    comment = ''
+    if prof_data['header_comment']:
+        comment = ' %s' % prof_data['header_comment']
+
+    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
         name = 'profile %s%s' % (name, attachment)
 
+    flags = ''
     if write_flags and prof_data['flags']:
-        data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
+        flags = ' flags=(%s)' % prof_data['flags']
-    else:
+
-        data.append('%s%s {' % (pre, name))
+    data.append('%s%s%s {%s' % (pre, name, flags, comment))
 
     return data
 

utils/test/test-aa.py

@@ -327,6 +327,8 @@ class AaTest_write_header(AATest):
         (['bar baz', False,          True,          1,      'complain',     '/foo sp'   ],  '  profile "bar baz" "/foo sp" flags=(complain) {'),
         (['^foo',    False,          True,          1,      'complain',     None        ],  '  profile ^foo flags=(complain) {'),
         (['^foo',    True,           True,          1,      'complain',     None        ],  '  ^foo flags=(complain) {'),
+        (['^foo',    True,           True,          1.5,    'complain',     None        ],  '   ^foo flags=(complain) {'),
+        (['^foo',    True,           True,          1.3,    'complain',     None        ],  '  ^foo flags=(complain) {'),
      ]
 
     def _run_test(self, params, expected):
@@ -334,7 +336,7 @@ class AaTest_write_header(AATest):
         embedded_hat = params[1]
         write_flags = params[2]
         depth = params[3]
-        prof_data = { 'flags': params[4], 'attachment': params[5] }
+        prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
 
         result = write_header(prof_data, depth, name, embedded_hat, write_flags)
         self.assertEqual(result, [expected])