Since r3634, the tools allow any order of dbus conditionals.
Quoting the r3634 patch description:
This patch eases the restriction on the ordering at the expense of the
utils no longer being able to detect and reject a single attribute that
is repeated multiple times. In that situation, only the last occurrence
of the attribute will be honored by the utils.
It seems nobody tested with all test profiles generated ;-) so we have to
add some exceptions to the "does not raise an exception" list now.
Acked-by <timeout> for trunk and 2.11
Bug: https://launchpad.net/bugs/1658239
FileRule understands leading permissions, so the reason to skip those
(generated) test profiles in test-parser-simple-tests.py is gone.
However, the gen-xtrans.pl script generates profiles with a not-so-valid
mix of uppercase and lowercase, for example "Pux" and "Cux". The parser
accepts this, but the tools complain about such rules. Therefore add the
affected profiles to the exception list.
In total, this means we now test 319 of the 380 generated_perms_leading
test profiles.
The patch also moves some lines around to get the \-escaped profiles
out of the mixed uppercase/lowercase exec rule section.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Introduce an apparmor.aa.init_aa() method and move the initialization
code of the apparmor.aa module into it. Note that this change will break
any external users of apparmor.aa because global variables that were
previously initialized when importing apparmor.aa will not be
initialized unless a call to the new apparmor.aa.init_aa() method is
made.
The main purpose of this change is to allow the utils tests to be able
to set a non-default location for configuration files. Instead of
hard-coding the location of logprof.conf and other utils related
configuration files to /etc/apparmor/, this patch allows it to be
configured by calling apparmor.aa.init_aa(confdir=PATH).
This allows for the make check target to use the in-tree config file,
profiles, and parser by default. A helper method, setup_aa(), is added
to common_test.py that checks for an environment variable containing a
non-default configuration directory path prior to calling
apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Suggested-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
https://launchpad.net/bugs/1628286
The utils were enforcing that the dbus rule attributes were strictly
ordered in the following fashion:
bus -> path -> interface -> member -> peer
However, the parser has always accepted the attributes in any order. If
the system contained a profile which did not use the strict ordering
enforced by the utils, the utils would refuse to operate at all.
This patch eases the restriction on the ordering at the expense of the
utils no longer being able to detect and reject a single attribute that
is repeated multiple times. In that situation, only the last occurrence
of the attribute will be honored by the utils.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
As discussed a while ago, switch the utils (including their tests) to
use python3 by default. While on it, drop usage of "env" to always get
the system python3 instead of a random one that happens to live
somewhere in $PATH.
In practise, this patch doesn't change much - AFAIK openSUSE, Debian and
Ubuntu already patch aa-* to use python3.
Also add a note to README to officially deprecate Python 2.x.
(I won't break Python 2.x support intentionally - unless some future
change gives me a very good reason to finally drop Python 2.x support.)
Acked-by: Seth Arnold <seth.arnold@canonical.com>
(since 2016-08-23, but the commit had to wait for the FileRule series
because it touches test-file.py)
Change aa.py to use FileRule and FileRuleset for parsing and saving
profiles.
In detail, this means:
- add 'file' to the list of rule classes to enable it at various places
- store file rules in aa[profile][hat]['file'] (not 'path' as before)
to be consistent with the FileRule name
- drop the no longer needed delete_path_duplicates() - this is now
handled by FileRuleset like in all other rule classes.
(same change in cleanprofile.py)
- replace usage of RE_PROFILE_BARE_FILE_ENTRY and RE_PROFILE_PATH_ENTRY
with FileRule.match()
- drop write_path_rules() and write_paths() and replace them with the
new write_file() function.
- adjust several code sections to use write_file() and 'file' instead of
'path'
FileRule doesn't drop optional keywords ('allow' and 'file'), therefore
adjust cleanprof_test.out to the changed behaviour. (If someone insists
on dropping optional keywords in aa-cleanprof, that's something for a
future patch.)
Also adjust the list of known failures in test-parser-simple-tests.py -
switching to FileRule avoids several test failures (and introduces a few
new ones ;-)
IMPORTANT:
This patch introduces a "brain split" which means
- parsing and writing the profile and aa-cleanprof use the new location
(aa[profile][hat]['file'])
- aa-logprof and aa-genprof still save data to the old location
(aa[profile][hat]['allow']['path']) and probably ask superfluous
questions because there are no rules existing in the old location
TL;DR: don't try aa-logprof or aa-genprof with only this patch applied.
I know this isn't ideal, but still better than an even bigger and
totally unreadable patch ;-)
Acked-by: Steve Beattie <steve@nxnw.org>
https://launchpad.net/bugs/1584069
This patch adds support for the safe and unsafe exec modes for
change_profile rules. The logic is pretty simple at this point because
the kernel's default for exec modes changed in newer versions.
Therefore, this patch simply retains any specified exec mode in parsed
rules. If an exec mode is not specified in a rule, there is no attempt
to force the usage of "safe" because older kernels do not support it.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Change aa.py to use DbusRule and DbusRuleset in profile_storage,
parse_profile_data() and write_dbus. This also means we can drop the
now unused parse_dbus_rule() and write_dbus_rules() functions.
Raw_DBUS_Rule in rules.py is now also unused and can be dropped.
Also shorten the list of known-failing tests in
test-parser-simple-tests.py. Even if the list of removals doesn't look
too long, the generated_dbus/* removals mean 1989 tests now cause the
expected failures.
OTOH, I had to add 4 tests to the known-failing list:
- 3 tests with a "wrong" order of the conditionals which the parser
accepts (which is slightly surprising, because usually we enforce the
order of rule parts)
- one test fails because the path in the path= conditional doesn't start
with / or a variable. Instead, it starts with an alternation, which
wouldn't be allowed in file rules.
Those 4 failures need more investigation, but shouldn't block this
patchset.
Finally, adjust test-regex_matches.py to import RE_PROFILE_DBUS from
apparmor.regex instead of apparmor.aa.
Acked-by: Seth Arnold <seth.arnold@canonical.com>
parser/tst/simple_tests/profile/profile_ns_bad8.sd was added in r3376
(trunk) / r3312 (2.10 branch) and contains the profile name ':ns/t'
which misses the terminating ':' for the namespace.
Unfortunately the tools don't understand namespaces yet and just use the
full profile name. This also means this test doesn't fail as expected
when tested against the utils code.
This patch adds profile_ns_bad8.sd to the exception list of
test-parser-simple-tests.py.
Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.10.
Change aa.py to use PtraceRule and PtraceRuleset in profile_storage(),
parse_profile_data() and write_ptrace(). This also means we can drop the
now unused parse_ptrace_rule() and write_ptrace_rules() functions.
Raw_Ptrace_Rule in rules.py is now also unused and can be dropped.
Also adjust logparser.py to include the peer in the result, and shorten
the list of known-failing tests in test-parser-simple-tests.py.
Acked-by: John Johansen <john.johansen@canonical.com>
Parsing variables was broken in several ways:
- empty quotes (representing an intentionally empty value) were lost,
causing parser failures
- items consisting of only one letter were lost due to a bug in RE_VARS
- RE_VARS didn't start with ^, which means leading garbage (= syntax
errors) was ignored
- trailing garbage was also ignored
This patch fixes those issues in separate_vars() and changes
var_transform() to write out empty quotes (instead of nothing) for empty
values.
Also add some tests for separate_vars() with empty quotes and adjust
several tests with invalid syntax to expect an AppArmorException.
var_transform() gets some tests added.
Finally, remove 3 testcases from the "fails to raise an exception" list
in test-parser-simple-tests.py.
Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9
(which also implies 2.10)
Note: 2.9 doesn't have test-parser-simple-tests.py, therefore it won't
get that part of the patch.
This means:
- import the classes instead of RE_PROFILE_SIGNAL
- simplify signal rule parsing a lot
- drop the (now unused) functions parse_signal_rule() and write_signal_rules()
- change write_signal() to use the SignalRuleset class
Also drop the now unused Raw_Signal_Rule from rules.py.
Finally, drop most parser signal tests from the "known wrong results"
blacklist in test-parser-simple-tests.py because those tests succeed
with SignalRule.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
Add a testcase that parses all tests in the parser/tst/simple_tests/
directory with parse_profile_data() to ensure that everything with valid
syntax is accepted, and that all tests marked as FAIL raise an
exception.
This already resulted in
- several patches to fix low-hanging fruits (including some bugs in the
parser simple_tests itsself)
- a list of tests that don't behave as expected. Those files get their
expected result reverted to make sure we notice any change in the
tools behaviour, especially changing to the really expected resulted.
This method also makes sure that the testcase doesn't report any of
the known failures.
- a 5% improvement in test coverage - mostly caused by nearly completely
covering parse_profile_data.
- addition of some missing testcased (as noticed by missing coverage),
for example several "rule outside of a profile" testcases.
As indicated above, the tools don't work as expected on all test
profiles - most of the failures happen on expected-to-fail tests that
pass parse_profile_data() without raising an exception. There are also
some tests failing despite valid syntax, often with rarely used syntax
like if conditions and qualifier blocks.
Most of the failing (generated) tests are caused by features not
implemented in the tools yet:
- validating dbus rules (currently we just store them without any parsing)
- checks for conflicting x permissions
- permissions before path ("r /foo,")
- 'safe' and 'unsafe' keywords for *x rules
- 'Pux' and 'Cux' permissions (which actually mean PUx and CUx, and get
rejected by the tools - ideally the generator script should create
PUx and CUx tests instead)
skip_startswith excludes several generated tests from being run. I know
that skip_startswith also excludes tests that would not fail, but the
generated filenames (especially generated_x/exact-*) don't have a
pattern that I could easily use to exclude less tests - and I'm not too
keen to add a list with 1000 single filenames ;-)
Acked-by: John Johansen <john.johansen@canonical.com>
