mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
135 lines
2.9 KiB
Perl
Executable file
135 lines
2.9 KiB
Perl
Executable file
#! /usr/bin/perl -w
|
|
|
|
# Very simple script to try converting AppArmor profiles to the new
|
|
# profile syntax as of April 2007.
|
|
#
|
|
# Copyright (C) 2007 Andreas Gruenbacher <agruen@suse.de>
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
|
|
use FileHandle;
|
|
use File::Temp;
|
|
use Getopt::Std;
|
|
use strict;
|
|
|
|
sub match($) {
|
|
my ($str) = @_;
|
|
my @fields;
|
|
|
|
@fields = ($str =~ /^(\s*)([@\/]\S*)(\s.*,)$/);
|
|
if (!@fields) {
|
|
@fields = ($str =~ /^(\s*")((?:[^"]|\\")*)("\s.*,)$/);
|
|
}
|
|
|
|
return @fields;
|
|
}
|
|
|
|
sub alterations($) {
|
|
my ($str) = @_;
|
|
|
|
if ($str =~ /^([^{]*){([^}]*,[^}]*)}(.*)$/) {
|
|
my @strs = map { "$1$_$3" } split(/,/, $2);
|
|
return map { alterations($_) } @strs;
|
|
} else {
|
|
return ($str);
|
|
}
|
|
}
|
|
|
|
my %known_dirs;
|
|
|
|
sub remember_pathname($) {
|
|
my ($str) = @_;
|
|
my $pathname;
|
|
|
|
for (split /(\/)/, $str) {
|
|
if ($_ eq '/' && $pathname ne '') {
|
|
#print "<<>> $pathname\n";
|
|
$known_dirs{$pathname} = 1;
|
|
}
|
|
$pathname .= $_;
|
|
}
|
|
}
|
|
|
|
sub add_slash($$) {
|
|
my ($str, $perms) = @_;
|
|
|
|
return exists $known_dirs{$str} || -d $str;
|
|
}
|
|
|
|
sub never_add_slash($$) {
|
|
my ($str, $perms) = @_;
|
|
|
|
return $perms =~ /[lmx]/ || $str =~ /\.(so|cf|db|conf|config|log|pid|so\*)$/ ||
|
|
$str =~ /(\*\*|\/)$/ || (-e $str && ! -d $str);
|
|
|
|
}
|
|
|
|
our($opt_i);
|
|
getopts('i');
|
|
|
|
foreach my $filename (@ARGV) {
|
|
my $fh_in;
|
|
|
|
$fh_in = new FileHandle("< $filename")
|
|
or die "$filename: $!\n";
|
|
|
|
while (<$fh_in>) {
|
|
if (my @fields = match($_)) {
|
|
for my $x (alterations($fields[1])) {
|
|
remember_pathname($x);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (@ARGV == 0) {
|
|
print "Usage: $0 profile ...\n";
|
|
print "Tries to convert the profile to the new profile syntax, and\n" .
|
|
"prints the result to standard output. The result may need" .
|
|
"further review.\n";
|
|
exit 0;
|
|
}
|
|
|
|
foreach my $filename (@ARGV) {
|
|
my ($fh_in, $fh_out, $tmpname);
|
|
|
|
$fh_in = new FileHandle("< $filename")
|
|
or die "$filename: $!\n";
|
|
|
|
if ($opt_i) {
|
|
($fh_out, $tmpname) = mkstemp("$filename.XXXXXX")
|
|
or die "$!\n";
|
|
*STDOUT = $fh_out;
|
|
}
|
|
|
|
while (<$fh_in>) {
|
|
if (my @fields = match($_)) {
|
|
for my $x (alterations($fields[1])) {
|
|
if (never_add_slash($x, $fields[2])) {
|
|
print $_;
|
|
} elsif (add_slash($x, $fields[2])) {
|
|
print "$fields[0]$x/$fields[2] # (dir)\n";
|
|
} else {
|
|
print "$fields[0]$x/$fields[2] # (maybe-dir)\n";
|
|
print $_;
|
|
}
|
|
}
|
|
} else {
|
|
print $_;
|
|
}
|
|
}
|
|
|
|
if ($opt_i) {
|
|
rename $tmpname, $filename
|
|
or die "$filename: $!\n";
|
|
}
|
|
}
|
|
|
|
# vim: smartindent softtabstop=4 shiftwidth=4
|