mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge cleanup imports from apparmor.common

Browse source 
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/794
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia 2021-08-25 21:58:08 +00:00
commit c8ff8799cc
9 changed files with 64 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
utils/aa-genprof
View file

@ -21,7 +21,7 @@ import sys
import apparmor.aa as apparmor
import apparmor.ui as aaui
from apparmor.common import warn
from apparmor.common import AppArmorException, warn
# setup exception handling
from apparmor.fail import enable_aa_exception_handler
@ -79,7 +79,7 @@ apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
if not aa_mountpoint:
raise apparmor.AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
raise AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
program = None
#if os.path.exists(apparmor.which(profiling.strip())):
@ -93,9 +93,9 @@ else:
if not program or not os.path.exists(program):
if '/' not in profiling:
raise apparmor.AppArmorException(_("Can't find %(profiling)s in the system path list. If the name of the application\nis correct, please run 'which %(profiling)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % { 'profiling': profiling })
raise AppArmorException(_("Can't find %(profiling)s in the system path list. If the name of the application\nis correct, please run 'which %(profiling)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % { 'profiling': profiling })
else:
raise apparmor.AppArmorException(_('%s does not exists, please double-check the path.') %profiling)
raise AppArmorException(_('%s does not exists, please double-check the path.') %profiling)
# Check if the program has been marked as not allowed to have a profile
apparmor.check_qualifiers(program)

4
utils/aa-logprof
View file

@ -17,6 +17,8 @@ import argparse
import apparmor.aa as apparmor
import apparmor.ui as aaui
from apparmor.common import AppArmorException
# setup exception handling
from apparmor.fail import enable_aa_exception_handler
enable_aa_exception_handler()
@ -44,7 +46,7 @@ apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
if not aa_mountpoint:
raise apparmor.AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
raise AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
apparmor.loadincludes()

8
utils/aa-unconfined
View file

@ -21,7 +21,7 @@ import sys
import apparmor.aa as aa
import apparmor.ui as ui
import apparmor.common
from apparmor.common import AppArmorException, open_file_read
# setup exception handling
from apparmor.fail import enable_aa_exception_handler
@ -45,7 +45,7 @@ aa.init_aa(confdir=args.configdir)
aa_mountpoint = aa.check_for_apparmor()
if not aa_mountpoint:
raise aa.AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
raise AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
def get_all_pids():
@ -105,7 +105,7 @@ def read_proc_current(filename):
attr = None
if os.path.exists(filename):
with apparmor.common.open_file_read(filename) as current:
with open_file_read(filename) as current:
for line in current:
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1): # enforce at least one char as profile name
@ -135,7 +135,7 @@ for pid in sorted(map(int, pids)):
pname = None
cmdline = None
with apparmor.common.open_file_read("/proc/%s/cmdline" % pid) as cmd:
with open_file_read("/proc/%s/cmdline" % pid) as cmd:
cmdline = cmd.readlines()[0]
pname = cmdline.split("\0")[0]
if '/' in pname and pname != prog:

15
utils/apparmor/easyprof.py
View file

@ -23,21 +23,8 @@ import sys
import tempfile
from apparmor.aa import which
from apparmor.common import AppArmorException
#
# TODO: move this out to the common library
#
#from apparmor import AppArmorException
class AppArmorException(Exception):
'''This class represents AppArmor exceptions'''
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
#
# End common
#
DEBUGGING = False

18
utils/apparmor/tools.py
View file

@ -17,7 +17,7 @@ import sys
import apparmor.aa as apparmor
import apparmor.ui as aaui
from apparmor.common import user_perm, cmd
from apparmor.common import AppArmorException, cmd, is_skippable_file, user_perm
# setup module translations
from apparmor.translations import init_translation
@ -43,7 +43,7 @@ class aa_tools:
def check_profile_dir(self):
if not user_perm(apparmor.profile_dir):
raise apparmor.AppArmorException("Cannot write to profile directory: %s" % (apparmor.profile_dir))
raise AppArmorException("Cannot write to profile directory: %s" % (apparmor.profile_dir))
def get_next_to_profile(self):
'''Iterator function to walk the list of arguments passed'''
@ -111,7 +111,7 @@ class aa_tools:
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
if not os.path.isfile(profile) or is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
@ -127,7 +127,7 @@ class aa_tools:
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
if not os.path.isfile(profile) or is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
@ -142,7 +142,7 @@ class aa_tools:
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
if not os.path.isfile(profile) or is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
@ -157,7 +157,7 @@ class aa_tools:
output_name = profile if program is None else program
if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
if not os.path.isfile(profile) or is_skippable_file(profile):
aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
continue
@ -226,7 +226,7 @@ class aa_tools:
apparmor.write_profile_ui_feedback(program, True)
self.reload_profile(filename)
else:
raise apparmor.AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
raise AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
def enable_profile(self, filename):
apparmor.delete_symlink('disable', filename)
@ -242,7 +242,7 @@ class aa_tools:
cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', profile])
if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1])
raise AppArmorException(cmd_info[1])
def reload_profile(self, profile):
if not self.do_reload:
@ -251,4 +251,4 @@ class aa_tools:
cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-r', profile])
if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1])
raise AppArmorException(cmd_info[1])

73
utils/test/test-aa-easyprof.py
View file

@ -19,6 +19,7 @@ import tempfile
import unittest
import apparmor.easyprof as easyprof
from apparmor.common import AppArmorException
topdir = None
debugging = False
@ -219,7 +220,7 @@ TEMPLATES_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -236,7 +237,7 @@ TEMPLATES_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -253,7 +254,7 @@ TEMPLATES_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -343,7 +344,7 @@ POLICYGROUPS_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -360,7 +361,7 @@ POLICYGROUPS_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -377,7 +378,7 @@ POLICYGROUPS_DIR="%s/templates"
open(self.conffile, 'w').write(contents)
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -486,7 +487,7 @@ POLICYGROUPS_DIR="%s/templates"
'''Test binary (relative)'''
try:
easyprof.AppArmorEasyProfile('./foo', self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -501,7 +502,7 @@ POLICYGROUPS_DIR="%s/templates"
try:
easyprof.AppArmorEasyProfile(symlink, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -863,7 +864,7 @@ POLICYGROUPS_DIR="%s/templates"
'''Test genpolicy (nonexistent template)'''
try:
self._gen_policy(template=os.path.join(self.tmpdir, "/nonexistent"))
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -926,7 +927,7 @@ POLICYGROUPS_DIR="%s/templates"
for s in bad:
try:
self._gen_policy(extra_args=['--abstractions=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -985,7 +986,7 @@ POLICYGROUPS_DIR="%s/templates"
if base:
args.append('--base=%s' % base)
self._gen_policy(extra_args=args)
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -1014,7 +1015,7 @@ POLICYGROUPS_DIR="%s/templates"
if include:
args.append('--Include=%s' % include)
self._gen_policy(extra_args=args)
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -1030,7 +1031,7 @@ POLICYGROUPS_DIR="%s/templates"
for s in bad:
try:
self._gen_policy(extra_args=['--profile-name=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -1046,7 +1047,7 @@ POLICYGROUPS_DIR="%s/templates"
for s in bad:
try:
self._gen_policy(extra_args=['--policy-groups=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -1087,7 +1088,7 @@ POLICYGROUPS_DIR="%s/templates"
'''Test genpolicy (nonexistent policygroup)'''
try:
self._gen_policy(extra_args=['--policy-groups=nonexistent'])
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1196,7 +1197,7 @@ POLICYGROUPS_DIR="%s/templates"
s = "bar"
try:
self._gen_policy(extra_args=['--read-path=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1305,7 +1306,7 @@ POLICYGROUPS_DIR="%s/templates"
s = "bar"
try:
self._gen_policy(extra_args=['--write-path=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1352,7 +1353,7 @@ POLICYGROUPS_DIR="%s/templates"
for s in bad:
try:
self._gen_policy(extra_args=['--template-var=%s' % s])
except easyprof.AppArmorException:
except AppArmorException:
continue
except Exception:
raise
@ -1375,7 +1376,7 @@ POLICYGROUPS_DIR="%s/templates"
open(template, 'w').write(bad_pol)
try:
self._gen_policy(template=template)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1385,7 +1386,7 @@ POLICYGROUPS_DIR="%s/templates"
'''Test genpolicy (no binary with no profile name)'''
try:
easyprof.gen_policy_params(None, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1453,7 +1454,7 @@ POLICYGROUPS_DIR="%s/templates"
m.add_template("/etc/shadow")
try:
self._gen_manifest_policy(m)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1465,7 +1466,7 @@ POLICYGROUPS_DIR="%s/templates"
m.add_template("../../../../../../../../etc/shadow")
try:
self._gen_manifest_policy(m)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1477,7 +1478,7 @@ POLICYGROUPS_DIR="%s/templates"
m.add_template("nonexistent")
try:
self._gen_manifest_policy(m)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1555,7 +1556,7 @@ POLICYGROUPS_DIR="%s/templates"
m.add_policygroups(groups)
try:
self._gen_manifest_policy(m)
except easyprof.AppArmorException:
except AppArmorException:
return
except Exception:
raise
@ -1616,7 +1617,7 @@ POLICYGROUPS_DIR="%s/templates"
j = json.dumps(security, indent=2)
try:
easyprof.parse_manifest(j, self.options)
except easyprof.AppArmorException:
except AppArmorException:
continue
raise Exception ("'%s' should be invalid" % k)
@ -1744,7 +1745,7 @@ POLICYGROUPS_DIR="%s/templates"
(binary, self.options) = easyprof.parse_manifest(m, self.options)[0]
try:
easyprof.AppArmorEasyProfile(binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed on missing version")
@ -1776,7 +1777,7 @@ POLICYGROUPS_DIR="%s/templates"
(binary, self.options) = easyprof.parse_manifest(m, self.options)[0]
try:
easyprof.AppArmorEasyProfile(binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed on missing vendor")
@ -1852,7 +1853,7 @@ POLICYGROUPS_DIR="%s/templates"
(self.options, self.args) = easyprof.parse_args(args)
try:
(binary, options) = easyprof.parse_manifest(m, self.options)[0]
except easyprof.AppArmorException:
except AppArmorException:
if invalid:
return
raise
@ -2138,7 +2139,7 @@ POLICYGROUPS_DIR="%s/templates"
params = easyprof.gen_policy_params(binary, options)
try:
easyprof.verify_manifest(params)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with invalid variable declaration")
@ -2167,7 +2168,7 @@ POLICYGROUPS_DIR="%s/templates"
(binary, self.options) = easyprof.parse_manifest(m, self.options)[0]
try:
easyprof.AppArmorEasyProfile(binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with non-existent directory")
@ -2257,7 +2258,7 @@ POLICYGROUPS_DIR="%s/templates"
(self.options, self.args) = easyprof.parse_args(self.full_args + [self.binary])
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with non-existent directory")
@ -2279,7 +2280,7 @@ POLICYGROUPS_DIR="%s/templates"
(self.options, self.args) = easyprof.parse_args(self.full_args + [self.binary])
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
continue
raise Exception ("Should have failed with bad version")
@ -2300,7 +2301,7 @@ POLICYGROUPS_DIR="%s/templates"
(self.options, self.args) = easyprof.parse_args(self.full_args + [self.binary])
try:
easyprof.AppArmorEasyProfile(self.binary, self.options)
except easyprof.AppArmorException:
except AppArmorException:
continue
raise Exception ("Should have failed with bad vendor")
@ -2479,7 +2480,7 @@ POLICYGROUPS_DIR="%s/templates"
params = easyprof.gen_policy_params(binary, options)
try:
easyp.output_policy(params, dir=out_dir)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with 'is not a directory'")
@ -2516,7 +2517,7 @@ POLICYGROUPS_DIR="%s/templates"
del params['binary']
try:
easyp.output_policy(params, dir=out_dir)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with 'Must specify binary and/or profile name'")
@ -2554,7 +2555,7 @@ POLICYGROUPS_DIR="%s/templates"
params = easyprof.gen_policy_params(binary, options)
try:
easyp.output_policy(params, dir=out_dir)
except easyprof.AppArmorException:
except AppArmorException:
return
raise Exception ("Should have failed with 'already exists'")

4
utils/test/test-aa.py
View file

@ -19,11 +19,11 @@ import sys
import apparmor.aa # needed to set global vars in some tests
from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file,
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode,
parse_profile_data,
get_file_perms, propose_file_rules, merged_to_split, split_to_merged)
from apparmor.aare import AARE
from apparmor.common import AppArmorException, AppArmorBug
from apparmor.common import AppArmorException, AppArmorBug, is_skippable_file
from apparmor.rule.file import FileRule
from apparmor.rule.include import IncludeRule

4
utils/test/test-libapparmor-test_multi.py
View file

@ -14,7 +14,7 @@ from common_test import AATest, setup_all_loops, setup_aa, read_file
import os
import sys
from apparmor.common import open_file_read, split_name
from apparmor.common import hasher, open_file_read, split_name
import apparmor.aa
from apparmor.logparser import ReadLog
@ -225,7 +225,7 @@ def logfile_to_profile(logfile):
# cleanup apparmor.aa storage
apparmor.aa.log = dict()
apparmor.aa.aa = apparmor.aa.hasher()
apparmor.aa.aa = hasher()
profile, hat = split_name(parsed_event['profile'])

4
utils/test/test-parser-simple-tests.py
View file

@ -14,7 +14,7 @@ from common_test import AATest, setup_all_loops, setup_aa
import apparmor.aa as apparmor
import os
from apparmor.common import open_file_read, AppArmorException
from apparmor.common import open_file_read, AppArmorException, is_skippable_file
# This testcase will parse all parser/tst/simple_tests with parse_profile_data(),
# except the files listed in one of the arrays below.
@ -528,7 +528,7 @@ def find_and_setup_test_profiles(profile_dir):
for file in files:
file_with_path = os.path.join(root, file)
if not apparmor.is_skippable_file(file) and relpath != '.':
if not is_skippable_file(file) and relpath != '.':
skipped += parse_test_profiles(file_with_path)
if skipped: