[apparmor] [patch 16/18] utils: address pep8 complaints
Steve Beattie
steve at nxnw.org
Thu Jan 16 22:06:24 UTC 2014
This patch eliminates the complaints from running:
pep8 --ignore=E501 aa-easyprof vim/
(E501 is 'line too long', which I'm not too chuffed about.
)
Mostly, it's a lot of whitespace touchups, with a few conversions from
'==' to 'is'.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
utils/aa-easyprof | 3
utils/vim/create-apparmor.vim.py | 133 +++++++++++++++++++--------------------
2 files changed, 68 insertions(+), 68 deletions(-)
Index: b/utils/aa-easyprof
===================================================================
--- a/utils/aa-easyprof
+++ b/utils/aa-easyprof
@@ -55,11 +55,10 @@ if __name__ == "__main__":
files = [os.path.join(easyp.dirs['policygroups'], g)]
apparmor.easyprof.print_files(files)
sys.exit(0)
- elif binary == None:
+ elif binary is None:
error("Must specify full path to binary\n%s" % m)
# if we made it here, generate a profile
params = apparmor.easyprof.gen_policy_params(binary, opt)
p = easyp.gen_policy(**params)
sys.stdout.write('%s\n' % p)
-
Index: b/utils/vim/create-apparmor.vim.py
===================================================================
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@@ -15,16 +15,17 @@ import subprocess
import sys
# dangerous capabilities
-danger_caps=["audit_control",
- "audit_write",
- "mac_override",
- "mac_admin",
- "set_fcap",
- "sys_admin",
- "sys_module",
- "sys_rawio"]
+danger_caps = ["audit_control",
+ "audit_write",
+ "mac_override",
+ "mac_admin",
+ "set_fcap",
+ "sys_admin",
+ "sys_module",
+ "sys_rawio"]
-def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
+
+def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, stdin=None, timeout=None):
'''Try to execute given command (array) and return its stdout, or
return a textual error if it failed.'''
@@ -36,12 +37,12 @@ def cmd(command, input = None, stderr =
out, outerr = sp.communicate(input)
# Handle redirection of stdout
- if out == None:
+ if out is None:
out = ''
# Handle redirection of stderr
- if outerr == None:
+ if outerr is None:
outerr = ''
- return [sp.returncode,out+outerr]
+ return [sp.returncode, out + outerr]
# get capabilities list
(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
@@ -50,7 +51,7 @@ if rc != 0:
exit(rc)
capabilities = re.sub('CAP_', '', output.strip()).lower().split(" ")
-benign_caps =[]
+benign_caps = []
for cap in capabilities:
if cap not in danger_caps:
benign_caps.append(cap)
@@ -73,28 +74,28 @@ for af_pair in af_pairs:
# but not in aa_flags...
# -> currently (2011-01-11) not, but might come back
-aa_network_types=r'\s+tcp|\s+udp|\s+icmp'
+aa_network_types = r'\s+tcp|\s+udp|\s+icmp'
-aa_flags=['complain',
- 'audit',
- 'attach_disconnect',
- 'no_attach_disconnected',
- 'chroot_attach',
- 'chroot_no_attach',
- 'chroot_relative',
- 'namespace_relative']
+aa_flags = ['complain',
+ 'audit',
+ 'attach_disconnect',
+ 'no_attach_disconnected',
+ 'chroot_attach',
+ 'chroot_no_attach',
+ 'chroot_relative',
+ 'namespace_relative']
-filename=r'(\/|\@\{\S*\})\S*'
+filename = r'(\/|\@\{\S*\})\S*'
aa_regex_map = {
'FILENAME': filename,
- 'FILE': r'\v^\s*(audit\s+)?(deny\s+|allow\s+)?(owner\s+)?' + filename + r'\s+', # Start of a file rule
+ 'FILE': r'\v^\s*(audit\s+)?(deny\s+|allow\s+)?(owner\s+)?' + filename + r'\s+', # Start of a file rule
# (whitespace_+_, owner etc. flag_?_, filename pattern, whitespace_+_)
- 'DENYFILE': r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + r'\s+', # deny, otherwise like FILE
+ 'DENYFILE': r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + r'\s+', # deny, otherwise like FILE
'auditdenyowner': r'(audit\s+)?(deny\s+|allow\s+)?(owner\s+)?',
- 'audit_DENY_owner': r'(audit\s+)?deny\s+(owner\s+)?', # must include "deny", otherwise like auditdenyowner
+ 'audit_DENY_owner': r'(audit\s+)?deny\s+(owner\s+)?', # must include "deny", otherwise like auditdenyowner
'auditdeny': r'(audit\s+)?(deny\s+|allow\s+)?',
- 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, comma, whitespace_?_ comment.*)
+ 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, comma, whitespace_?_ comment.*)
'TRANSITION': r'(\s+-\>\s+\S+)?',
'sdKapKey': " ".join(benign_caps),
'sdKapKeyDanger': " ".join(danger_caps),
@@ -104,6 +105,7 @@ aa_regex_map = {
'flags': r'((flags\s*\=\s*)?\(\s*(' + '|'.join(aa_flags) + r')(\s*,\s*(' + '|'.join(aa_flags) + r'))*\s*\)\s+)',
}
+
def my_repl(matchobj):
matchobj.group(1)
if matchobj.group(1) in aa_regex_map:
@@ -112,48 +114,48 @@ def my_repl(matchobj):
return matchobj.group(0)
-def create_file_rule (highlighting, permissions, comment, denyrule = 0):
+def create_file_rule(highlighting, permissions, comment, denyrule=0):
- if denyrule == 0:
- keywords = '@@auditdenyowner@@'
- else:
- keywords = '@@audit_DENY_owner@@' # TODO: not defined yet, will be '(audit\s+)?deny\s+(owner\s+)?'
-
- sniplet = ''
- sniplet = sniplet + "\n" + '" ' + comment + "\n"
-
- prefix = r'syn match ' + highlighting + r' /\v^\s*' + keywords
- suffix = r'@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude' + "\n"
- # filename without quotes
- sniplet = sniplet + prefix + r'@@FILENAME@@\s+' + permissions + suffix
- # filename with quotes
- sniplet = sniplet + prefix + r'"@@FILENAME@@"\s+' + permissions + suffix
- # filename without quotes, reverse syntax
- sniplet = sniplet + prefix + permissions + r'\s+@@FILENAME@@' + suffix
- # filename with quotes, reverse syntax
- sniplet = sniplet + prefix + permissions + r'\s+"@@FILENAME@@"+' + suffix
+ if denyrule == 0:
+ keywords = '@@auditdenyowner@@'
+ else:
+ keywords = '@@audit_DENY_owner@@' # TODO: not defined yet, will be '(audit\s+)?deny\s+(owner\s+)?'
+
+ sniplet = ''
+ sniplet = sniplet + "\n" + '" ' + comment + "\n"
+
+ prefix = r'syn match ' + highlighting + r' /\v^\s*' + keywords
+ suffix = r'@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude' + "\n"
+ # filename without quotes
+ sniplet = sniplet + prefix + r'@@FILENAME@@\s+' + permissions + suffix
+ # filename with quotes
+ sniplet = sniplet + prefix + r'"@@FILENAME@@"\s+' + permissions + suffix
+ # filename without quotes, reverse syntax
+ sniplet = sniplet + prefix + permissions + r'\s+@@FILENAME@@' + suffix
+ # filename with quotes, reverse syntax
+ sniplet = sniplet + prefix + permissions + r'\s+"@@FILENAME@@"+' + suffix
- return sniplet
+ return sniplet
filerule = ''
-filerule = filerule + create_file_rule ( 'sdEntryWriteExec ', r'(l|r|w|a|m|k|[iuUpPcC]x)+@@TRANSITION@@', 'write + exec/mmap - danger! (known bug: accepts aw to keep things simple)' )
-filerule = filerule + create_file_rule ( 'sdEntryUX', r'(r|m|k|ux|pux)+@@TRANSITION@@', 'ux(mr) - unconstrained entry, flag the line red. also includes pux which is unconstrained if no profile exists' )
-filerule = filerule + create_file_rule ( 'sdEntryUXe', r'(r|m|k|Ux|PUx)+@@TRANSITION@@', 'Ux(mr) and PUx(mr) - like ux + clean environment' )
-filerule = filerule + create_file_rule ( 'sdEntryPX', r'(r|m|k|px|cx|pix|cix)+@@TRANSITION@@', 'px/cx/pix/cix(mrk) - standard exec entry, flag the line blue' )
-filerule = filerule + create_file_rule ( 'sdEntryPXe', r'(r|m|k|Px|Cx|Pix|Cix)+@@TRANSITION@@', 'Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment' )
-filerule = filerule + create_file_rule ( 'sdEntryIX', r'(r|m|k|ix)+', 'ix(mr) - standard exec entry, flag the line green' )
-filerule = filerule + create_file_rule ( 'sdEntryM', r'(r|m|k)+', 'mr - mmap with PROT_EXEC' )
-
-filerule = filerule + create_file_rule ( 'sdEntryM', r'(r|m|k|x)+', 'special case: deny x is allowed (does not need to be ix, px, ux or cx)', 1)
-#syn match sdEntryM /@@DENYFILE@@(r|m|k|x)+@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
-
-
-filerule = filerule + create_file_rule ( 'sdError', r'\S*(w\S*a|a\S*w)\S*', 'write + append is an error' )
-filerule = filerule + create_file_rule ( 'sdEntryW', r'(l|r|w|k)+', 'write entry, flag the line yellow' )
-filerule = filerule + create_file_rule ( 'sdEntryW', r'(l|r|a|k)+', 'append entry, flag the line yellow' )
-filerule = filerule + create_file_rule ( 'sdEntryK', r'[rlk]+', 'read entry + locking, currently no highlighting' )
-filerule = filerule + create_file_rule ( 'sdEntryR', r'[rl]+', 'read entry, no highlighting' )
+filerule = filerule + create_file_rule('sdEntryWriteExec ', r'(l|r|w|a|m|k|[iuUpPcC]x)+@@TRANSITION@@', 'write + exec/mmap - danger! (known bug: accepts aw to keep things simple)')
+filerule = filerule + create_file_rule('sdEntryUX', r'(r|m|k|ux|pux)+@@TRANSITION@@', 'ux(mr) - unconstrained entry, flag the line red. also includes pux which is unconstrained if no profile exists')
+filerule = filerule + create_file_rule('sdEntryUXe', r'(r|m|k|Ux|PUx)+@@TRANSITION@@', 'Ux(mr) and PUx(mr) - like ux + clean environment')
+filerule = filerule + create_file_rule('sdEntryPX', r'(r|m|k|px|cx|pix|cix)+@@TRANSITION@@', 'px/cx/pix/cix(mrk) - standard exec entry, flag the line blue')
+filerule = filerule + create_file_rule('sdEntryPXe', r'(r|m|k|Px|Cx|Pix|Cix)+@@TRANSITION@@', 'Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment')
+filerule = filerule + create_file_rule('sdEntryIX', r'(r|m|k|ix)+', 'ix(mr) - standard exec entry, flag the line green')
+filerule = filerule + create_file_rule('sdEntryM', r'(r|m|k)+', 'mr - mmap with PROT_EXEC')
+
+filerule = filerule + create_file_rule('sdEntryM', r'(r|m|k|x)+', 'special case: deny x is allowed (does not need to be ix, px, ux or cx)', 1)
+#syn match sdEntryM /@@DENYFILE@@(r|mk|x)+@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+
+filerule = filerule + create_file_rule('sdError', r'\S*(w\S*a|a\S*w)\S*', 'write + append is an error')
+filerule = filerule + create_file_rule('sdEntryW', r'(l|r|w|k)+', 'write entry, flag the line yellow')
+filerule = filerule + create_file_rule('sdEntryW', r'(l|r|a|k)+', 'append entry, flag the line yellow')
+filerule = filerule + create_file_rule('sdEntryK', r'[rlk]+', 'read entry + locking, currently no highlighting')
+filerule = filerule + create_file_rule('sdEntryR', r'[rl]+', 'read entry, no highlighting')
# " special case: deny x is allowed (doesn't need to be ix, px, ux or cx)
# syn match sdEntryM /@@DENYFILE@@(r|m|k|x)+@@EOL@@/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
@@ -174,5 +176,4 @@ with open("apparmor.vim.in") as template
sys.stdout.write("\n\n\n\n")
sys.stdout.write('" file rules added with create_file_rule()\n')
-sys.stdout.write(re.sub(regex, my_repl, filerule)+'\n')
-
+sys.stdout.write(re.sub(regex, my_repl, filerule) + '\n')
More information about the AppArmor
mailing list