mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
6672 commits 23 branches 109 tags 32 MiB
Commit graph

1769 commits

Author SHA1 Message Date
Mark Grassi
b150c40ed1 Unify rule._match() implementations 2022-11-20 10:38:42 -05:00
Christian Boltz
ef5c4b5085
Include profile name in error message on directory exec 
... to make the error message more helpful.

Inspired by https://gitlab.com/apparmor/apparmor/-/issues/285
 2022-11-20 15:09:33 +01:00
Mark Grassi
b62efce6ba Consolidate BaseRule.match() 2022-11-19 21:47:43 -05:00
Mark Grassi
d5c47ec900 Unify rule._match() calls 2022-11-19 21:47:43 -05:00
Mark Grassi
0fb7aed741 Unify rule.is_equal() type comparisons 2022-11-19 21:47:43 -05:00
Mark Grassi
e3eb5288cc Make rule.*_localvars methods private 2022-11-19 21:46:44 -05:00
Christian Boltz
b904fe78a7 Merge Make BaseRule a proper abstract base class 
This closes #277 by introducing the following changes:
1. `BaseRule` was made a "proper" abstract base class in that it now enforces that subclasses implement all abstract methods.
2. As a consequence of this change, `BaseRule` can no longer be directly instantiated; tests were changed accordingly.
3. These test changes led to test failures, the reason being that many rule methods hardcoded class names, breaking inheritance. I made a commit to address this.
4. Once tests were passing, code coverage regressed due to the fact that there was now effectively-unreachable code in abstract instance methods. This code, which was only raising `NotImplementedError`s, was removed. I say "effectively-unreachable" here because it could be reached by calling `super()` via a subclass.
5. There are three "bonus" commits as well; one bug fix, one typo fix, and one cleanup.

Closes #277
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/930
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
 2022-11-15 21:14:19 +00:00
Christian Boltz
d0ec2acaf2
Catch PermissionError when trying to write a profile 
... and re-raise it as AppArmorException so that only the actual error
(without a backtrace) gets displayed.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/282
 2022-11-14 22:50:27 +01:00
Mark Grassi
7bb9f45047 Empty enforced abstract instance methods 2022-11-13 19:56:53 -05:00
Mark Grassi
436a5774be Fix typo 2022-11-13 19:41:48 -05:00
Mark Grassi
0b625e92b7 Fix AttributeError missed in Python 3 migration 2022-11-13 19:41:48 -05:00
Mark Grassi
8300615833 Remove hardcoded class names 2022-11-13 19:41:48 -05:00
Mark Grassi
852169948f Make BaseRule a proper abstract base class 2022-11-13 19:32:01 -05:00
Georgia Garcia
4fb9b3d42b utils: add userns python tool support 
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
 2022-11-04 12:39:18 +00:00
Georgia Garcia
e492eb34b1 libapparmor tests: add userns denied logs 
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
 2022-10-27 18:24:55 +00:00
Georgia Garcia
5cc7a26e78 libapparmor: add support for class in logparsing 
We want to use the class field to identify operations such as
posix_mqueue

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
 2022-10-27 18:16:53 +00:00
Georgia Garcia
ef54144357 parser tests: add userns simple tests 
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
 2022-10-27 17:54:42 +00:00
Mark Grassi
084e35e3be Change apparmor.common.combine_profname arguments from list to tuple literals. 2022-09-11 21:56:26 -04:00
Mark Grassi
179ac34113 Simplify apparmor.common.combine_profname 2022-09-11 21:55:40 -04:00
Mark Grassi
5dc10264d2 Fix error in AppArmorBug exception text 2022-09-11 21:51:42 -04:00
Christian Boltz
7f6ffd33b2 Merge Rename BaseRule parse() and _parse() methods 
As discussed in !920, this MR renames BaseRule's `parse()` and `_parse()` methods to `create_instance()` and `_create_instance()`, respectively. It then removes the `selection_to_rule_obj` function from `apparmor.aa`, which is now an unnecessary alias for the renamed public method.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/923
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
 2022-09-11 09:18:18 +00:00
Christian Boltz
46e51abbb3 Merge Remove if True: conditionals 
Closes #274.

Closes #274
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/922
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
 2022-09-11 09:04:56 +00:00
Mark Grassi
86ae50b79e Remove selection_to_rule_obj() function from apparmor.aa 2022-09-10 20:50:22 -04:00
Mark Grassi
c7d1d5ea93 Rename BaseRule's _parse() method to _create_instance() 2022-09-10 19:54:35 -04:00
Mark Grassi
accc2debe9 Rename BaseRule's parse() method to create_instance() 2022-09-10 19:54:35 -04:00
Mark Grassi
170d7db186 Remove if True: conditionals 2022-09-10 18:11:01 -04:00
Mark Grassi
9725e66981 Change direct type comparisons to isinstance() calls where applicable. 2022-09-10 22:01:13 +00:00
Christian Boltz
94c7c79c8b
Prevent crash on log entries for non-existing profile 
If audit.log contains entries for a profile that doesn't exist (for
example when working with a log file from another system), skip these
log entries instead of crashing.

Reproducer (crashes without this patch):

    aa-logprof -f <(echo 'type=AVC msg=audit(1661739121.578:77893): apparmor="DENIED" operation="open" profile="no_such_profile" name="/run/" pid=33099 comm="no" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0')
 2022-08-29 14:36:18 +02:00
Mark Grassi
380bed3c9b Replace exit() with sys.exit(). 2022-08-28 22:40:28 -04:00
Mark Grassi
e754e8aed7 Narrow broad except statements. 2022-08-27 17:58:51 +00:00
Mark Grassi
2f9068e37c Remove duplicate regex "or" comments. 2022-08-21 11:15:07 -04:00
Mark Grassi
46a2be31a7 Remove outdated/incorrect comment. 2022-08-21 11:15:07 -04:00
Mark Grassi
e8b60e46fe Improve regex formatting. 2022-08-21 11:15:07 -04:00
Mark Grassi
b1c2aeaa76 Be consistent with return statements when only returning None. 2022-08-21 11:15:07 -04:00
Mark Grassi
091c6ad59d Use string startswith() and endswith() methods instead of slicing to check for prefixes and suffixes. 2022-08-21 11:15:07 -04:00
Mark Grassi
854602c0d9 Use the fact that empty sequences are false. 2022-08-21 11:15:07 -04:00
Mark Grassi
68e3f12c2c Avoid escaping quotation marks where possible. 2022-08-21 11:15:07 -04:00
Mark Grassi
c57138f255 Order imports and module-level dunder name assignments. 2022-08-21 11:15:07 -04:00
Mark Grassi
ea3fb60007 Break lines before binary operators. 2022-08-21 11:15:07 -04:00
Mark Grassi
ef2e6c62e7 Ensure variables inside functions are lower_case_with_underscores. 2022-08-21 11:15:07 -04:00
Mark Grassi
dc384c48a8 Use triple double-quoted strings for docstrings. 2022-08-21 11:15:07 -04:00
Mark Grassi
de3aa3c5f0 Correct misspelling. 2022-08-21 11:15:07 -04:00
Mark Grassi
f590a66e50 Remove redundant backslashes, and unnecessary semicolons and pass statements. 2022-08-21 11:15:07 -04:00
Mark Grassi
813c831468 Ensure non-membership tests are "not in". 2022-08-21 11:15:07 -04:00
Mark Grassi
96f7121944 Fix most PEP 8 whitespace, indentation, and major line length violations. 2022-08-21 11:15:07 -04:00
Mark Grassi
e4f88cc3a8 Indent line continuations per PEP 8. 2022-08-21 11:15:07 -04:00
Mark Grassi
aff9bb8f81 Ensure no bool comparisons use equality comparisons. 2022-08-21 11:15:07 -04:00
Mark Grassi
62f99465e9 Ensure all None comparisons use is or is not. 2022-08-21 11:15:07 -04:00
Mark Grassi
0375ea1257 Change tabs to spaces in Python files. 2022-08-21 11:15:07 -04:00
Christian Boltz
5a2fb8569c
Set (instead of compare) exresult 
Interestingly this accidentally worked because `if exresult` is true for
both a non-empty string ("PASS") as well as a real `True` value.

Found by Mark Grassi as part of
https://gitlab.com/apparmor/apparmor/-/merge_requests/906
 2022-08-14 12:33:56 +02:00