mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/aa-easyprof
Seth Arnold b432cf45c9 Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 
apparmor packaging.

These were originally 0030-easyprof-sdk.patch and
0037-easyprof-sdk-pt2.patch. Jamie posted an updated
0030-easyprof-sdk_v2.patch and I squashed both patches into one commit.

Acked-By: Jamie Strandboge <jamie@canonical.com>
2014-02-13 17:53:40 -08:00

98 lines
3.7 KiB
Python
Executable file
Raw Blame History

#! /usr/bin/env python
# ------------------------------------------------------------------
#
# Copyright (C) 2011-2013 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import apparmor.easyprof
from apparmor.easyprof import AppArmorException, error
import os
import sys
if __name__ == "__main__":
def usage():
'''Return usage information'''
return 'USAGE: %s [options] <path to binary>' % \
os.path.basename(sys.argv[0])
(opt, args) = apparmor.easyprof.parse_args()
binary = None
manifest = None
m = usage()
if opt.show_policy_group and not opt.policy_groups:
error("Must specify -p with --show-policy-group")
elif not opt.template and not opt.policy_groups and len(args) < 1:
error("Must specify full path to binary\n%s" % m)
binary = None
if len(args) >= 1:
binary = args[0]
# parse_manifest() returns a list of tuples (binary, options). Create a
# list of these profile tuples to support multiple profiles in one manifest
profiles = []
if opt.manifest:
try:
# should hide this in a common function
if sys.version_info[0] >= 3:
f = open(opt.manifest, "r", encoding="utf-8")
else:
f = open(opt.manifest, "r")
manifest = f.read()
except EnvironmentError as e:
error("Could not read '%s': %s (%d)\n" % (opt.manifest,
os.strerror(e.errno),
e.errno))
profiles = apparmor.easyprof.parse_manifest(manifest, opt)
else: # fake up a tuple list when processing command line args
profiles.append( (binary, opt) )
count = 0
for (binary, options) in profiles:
if len(profiles) > 1:
count += 1
try:
easyp = apparmor.easyprof.AppArmorEasyProfile(binary, options)
except AppArmorException as e:
error(e.value)
except Exception:
raise
if options.list_templates:
apparmor.easyprof.print_basefilenames(easyp.get_templates())
sys.exit(0)
elif options.template and options.show_template:
files = [os.path.join(easyp.dirs['templates'], options.template)]
apparmor.easyprof.print_files(files)
sys.exit(0)
elif options.list_policy_groups:
apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
sys.exit(0)
elif options.policy_groups and options.show_policy_group:
for g in options.policy_groups.split(','):
files = [os.path.join(easyp.dirs['policygroups'], g)]
apparmor.easyprof.print_files(files)
sys.exit(0)
elif binary == None and not options.profile_name and \
not options.manifest:
error("Must specify binary and/or profile name\n%s" % m)
params = apparmor.easyprof.gen_policy_params(binary, options)
if options.manifest and options.verify_manifest and \
not apparmor.easyprof.verify_manifest(params):
error("Manifest file requires review")
if options.output_format == "json":
sys.stdout.write('%s\n' % easyp.gen_manifest(params))
else:
params['no_verify'] = options.no_verify
try:
easyp.output_policy(params, count, opt.output_directory)
except AppArmorException as e:
error(e)
Reference in a new issue View git blame Copy permalink