From eb76275cead9c5e257f2ccaa3701530873fa4492 Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Thu, 6 Mar 2014 11:48:09 -0800 Subject: [PATCH] utils: let aa-disable take profile name as arguments This patch modifies the aa-disable tool implementation to allow it to take a profile name (rather than a program name) as the argument(s) for what to disable, as this was supported behavior in the perl tools. (The rest of the commands that make use of the aa_tools.act() method have not been exercised with this patch in place, as further patches will separate those out.) Signed-off-by: Steve Beattie Acked-by: Seth Arnold --- utils/apparmor/tools.py | 46 ++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py index 6282fbe78..747fc424e 100644 --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -55,22 +55,43 @@ class aa_tools: raise apparmor.AppArmorException("Can't find AppArmor disable directory %s" % self.disabledir) def get_next_to_profile(self): + '''Iterator function to walk the list of arguments passed''' + for p in self.profiling: if not p: continue - program = p + program = None + profile = None if os.path.exists(p): - program = apparmor.get_full_path(p).strip() + fq_path = apparmor.get_full_path(p).strip() + if os.path.commonprefix([apparmor.profile_dir, fq_path]) == apparmor.profile_dir: + program = None + profile = fq_path + else: + program = fq_path + profile = apparmor.get_profile_filename(fq_path) else: which = apparmor.which(p) - if which: + if which is not None: program = apparmor.get_full_path(which) + profile = apparmor.get_profile_filename(program) + elif os.path.exists(os.path.join(apparmor.profile_dir, p)): + program = None + profile = apparmor.get_full_path(os.path.join(apparmor.profile_dir, p)).strip() + else: + if '/' not in p: + aaui.UI_Info(_("Can't find %s in the system path list. If the name of the application\nis correct, please run 'which %s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % (p, p)) + else: + aaui.UI_Info(_("%s does not exist, please double-check the path.") % p) + continue - yield program + yield (program, profile) def act(self): - for program in self.get_next_to_profile(): + for (program, profile) in self.get_next_to_profile(): + if program is None: + program = profile apparmor.read_profiles() @@ -124,19 +145,20 @@ class aa_tools: sys.exit(1) def cmd_disable(self): - for program in self.get_next_to_profile(): - filename = apparmor.get_profile_filename(program) + for (program, profile) in self.get_next_to_profile(): - if not os.path.isfile(filename) or apparmor.is_skippable_file(filename): - aaui.UI_Info(_('Profile for %s not found, skipping') % program) + output_name = profile if program is None else program + + if not os.path.isfile(profile) or apparmor.is_skippable_file(profile): + aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) continue - aaui.UI_Info(_('Disabling %s.') % program) - self.disable_profile(filename) + aaui.UI_Info(_('Disabling %s.') % output_name) + self.disable_profile(profile) # FIXME: this should be a profile_remove function/method # FIXME: should ensure profile is loaded before unloading - cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-R', filename]) + cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-R', profile]) if cmd_info[0] != 0: raise apparmor.AppArmorException(cmd_info[1])