Add sketchy profile conversion script.

2025-03-04 08:24:42 +01:00 · 2007-04-10 14:45:09 +00:00 · 2007-04-10 14:45:09 +00:00 · e3e5528dbc
commit e3e5528dbc
parent c97205bfeb
1 changed files with 108 additions and 0 deletions
--- a/utils/convert-profile.pl
+++ b/utils/convert-profile.pl
@ -0,0 +1,108 @@
+#! /usr/bin/perl -w
+
+# Very simple script to try converting AppArmor profiles to the new
+# profile syntax as of April 2007.
+#
+# Copyright (C) 2007 Andreas Gruenbacher <agruen@suse.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#  
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+use FileHandle;
+use strict;
+
+sub match($) {
+    my ($str) = @_;
+
+    return ($str =~ /^(\s*)(\/\S*)(\s.*,)$/);
+}
+
+sub alterations($) {
+    my ($str) = @_;
+
+    if ($str =~ /^([^{]*){([^}]*,[^}]*)}(.*)$/) {
+	my @strs = map { "$1$_$3" } split(/,/, $2);
+	return map { alterations($_) } @strs;
+    } else {
+	return ($str);
+    }
+}
+
+my %known_dirs;
+
+sub remember_pathname($) {
+    my ($str) = @_;
+    my $pathname;
+
+    for (split /(\/)/, $str) {
+	if ($_ eq '/' && $pathname ne '') {
+	    #print "<<>> $pathname\n";
+	    $known_dirs{$pathname} = 1;
+	}
+	$pathname .= $_;
+    }
+}
+
+sub add_slash($$) {
+    my ($str, $perms) = @_;
+
+    return exists $known_dirs{$str} || $str =~ /\*\*$/ ||
+	   -d $str;
+}
+
+sub never_add_slash($$) {
+    my ($str, $perms) = @_;
+
+    return $perms =~ /[lmx]/ || $str =~ /\.(so|cf|db|conf|config|log|pid|so\*)$/ ||
+	   $str =~ /\*\*|\/$/ || (-e $str && ! -d $str);
+
+}
+
+foreach my $filename (@ARGV) {
+    my $fh = new FileHandle("< $filename");
+
+    while (<$fh>) {
+	    if (my @fields = match($_)) {
+		for my $x (alterations($fields[1])) {
+		    remember_pathname($x);
+		}
+	    }
+    }
+}
+
+if (@ARGV == 0) {
+    print "Usage: $0 profile ...\n";
+    print "Tries to convert the profile to the new profile syntax, and\n" .
+	  "prints the result to standard output. The result may need" .
+	  "further review.\n";
+    exit 0;
+}
+
+foreach my $filename (@ARGV) {
+    my $fh = new FileHandle("< $filename");
+
+    while (<$fh>) {
+	    if (my @fields = match($_)) {
+		for my $x (alterations($fields[1])) {
+		    if (never_add_slash($x, $fields[2])) {
+			print $_;
+		    } elsif (add_slash($x, $fields[2])) {
+			print "$fields[0]$x/$fields[2]	# (dir)\n";
+		    } else {
+			print "$fields[0]$x/$fields[2]	# (maybe-dir)\n";
+			print $_;
+		    }
+		}
+	    } else {
+		print $_;
+	    }
+    }
+}
+
+# vim: smartindent softtabstop=4 shiftwidth=4