ProfileList: add replace_profile()

... and some tests for it.
2025-03-04 08:24:42 +01:00 · 2024-10-27 22:19:06 +01:00 · 2024-10-27 22:19:06 +01:00 · c5e495c56d
commit c5e495c56d
parent a37c65957f
2 changed files with 37 additions and 2 deletions
--- a/utils/apparmor/profile_list.py
+++ b/utils/apparmor/profile_list.py
@ -1,5 +1,5 @@
 # ----------------------------------------------------------------------
-#    Copyright (C) 2018-2020 Christian Boltz <apparmor@cboltz.de>
+#    Copyright (C) 2018-2024 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -107,6 +107,21 @@ class ProfileList:
            self.files[filename]['profiles'].append(attachment)
            self.profiles[attachment] = prof_storage

+    def replace_profile(self, profile_name, prof_storage):
+        """Replace the given profile in the profile list"""
+
+        if profile_name not in self.profiles:
+            raise AppArmorBug('Attempt to replace non-existing profile %s' % profile_name)
+
+        if type(prof_storage) is not ProfileStorage:
+            raise AppArmorBug('Invalid profile type: %s' % type(prof_storage))
+
+        # we might lift this restriction later, but for now, forbid changing the attachment instead of updating self.attachments
+        if self.profiles[profile_name]['attachment'] != prof_storage['attachment']:
+            raise AppArmorBug('Attempt to change atttachment while replacing profile %s - original: %s, new: %s' % (profile_name, self.profiles[profile_name]['attachment'], prof_storage['attachment']))
+
+        self.profiles[profile_name] = prof_storage
+
    def add_rule(self, filename, ruletype, rule):
        """Store the given rule for the given profile filename preamble"""

--- a/utils/test/test-profile-list.py
+++ b/utils/test/test-profile-list.py
@ -1,7 +1,7 @@
 #! /usr/bin/python3
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2018 Christian Boltz <apparmor@cboltz.de>
+#    Copyright (C) 2018-2024 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -12,6 +12,7 @@
 import os
 import shutil
 import unittest
+from copy import deepcopy

 import apparmor.aa
 from apparmor.common import AppArmorBug, AppArmorException
@ -120,6 +121,25 @@ class TestAdd_profile(AATest):
        with self.assertRaises(AppArmorBug):
            self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', 'wrong_type')

+    def testReplace_profile_1(self):
+        self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
+        # test if replacement works (but without checking if the content of the actual profile really changed)
+        self.pl.replace_profile('foo', self.dummy_profile)
+        with self.assertRaises(AppArmorBug):
+            self.pl.replace_profile('/bin/foo', self.dummy_profile)
+
+    def testReplace_profile_error_1(self):
+        self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
+        dummy2 = deepcopy(self.dummy_profile)
+        dummy2['attachment'] = 'changed'
+        with self.assertRaises(AppArmorBug):
+            self.pl.replace_profile('foo', dummy2)  # changed attachment
+
+    def testReplace_profile_error_2(self):
+        self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
+        with self.assertRaises(AppArmorBug):
+            self.pl.replace_profile('foo', [])  # [] is wrong type
+

 class TestFilename_from_profile_name(AATest):
    tests = (