mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
579aa7cb3e
D-Bus rules in particular seem to get written as multi-line rules. This
patch adds very simple hackish support for multiple lines. Essentially,
what it does is if the parsing of a line doesn't match anything and
falls all the way through, it saves the line and prepends it to the next
line that occurs in the profile, but *only* if the line does not have a
trailing comma to indicate the end of a rule. If the trailing comma
exists, then it assumes that it's a rule that it doesn't understand and
aborts.
With this patch, the simpler tools (aa-enforce, aa-complain, etc.) can
parse policies containing multi-line rules to an extent and continue to
function correctly. Again, aa-logprof and aa-genprof may have issues on
the writing back of profiles, so some assistance testing here would be
appreciated.
Some testcases are added to exercise the regex that looks for a rule
with a trailing comma but can still handle rules that have (,) or {,}
in them.
Patch history:
v1 - initial version
v2 - simplify and rearrange rule-ending comma search regex, since
we only care about the trailing comma
- add a new regex to search for trailing comments to filter out
- simplify reset of lastline variable
- restructure tests into a new script, and add more tests
v3 - add additional testcases, most of which are problematic and thus
commented out :(
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
|
||
|---|---|---|
| .. | ||
| apparmor | ||
| easyprof | ||
| po | ||
| test | ||
| vim | ||
| aa-audit | ||
| aa-audit.pod | ||
| aa-autodep | ||
| aa-autodep.pod | ||
| aa-cleanprof | ||
| aa-cleanprof.pod | ||
| aa-complain | ||
| aa-complain.pod | ||
| aa-decode | ||
| aa-decode.pod | ||
| aa-disable | ||
| aa-disable.pod | ||
| aa-easyprof | ||
| aa-easyprof.pod | ||
| aa-enforce | ||
| aa-enforce.pod | ||
| aa-exec | ||
| aa-exec.pod | ||
| aa-genprof | ||
| aa-genprof.pod | ||
| aa-logprof | ||
| aa-logprof.pod | ||
| aa-mergeprof | ||
| aa-mergeprof.pod | ||
| aa-notify | ||
| aa-notify.pod | ||
| aa-sandbox | ||
| aa-sandbox.pod | ||
| aa-status | ||
| aa-status.pod | ||
| aa-unconfined | ||
| aa-unconfined.pod | ||
| apparmor-utils.spec.in | ||
| check_po.pl | ||
| logprof.conf | ||
| logprof.conf.pod | ||
| Makefile | ||
| notify.conf | ||
| python-tools-setup.py | ||
| README.md | ||
| severity.db | ||
Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.