[apparmor] [patch 05/11] utils: let aa-disable take profile name as arguments

Seth Arnold seth.arnold at canonical.com
Thu Mar 6 06:44:46 UTC 2014 

On Wed, Mar 05, 2014 at 05:44:39PM -0800, Steve Beattie wrote:
> This patch modifies the aa-disable tool implementation to allow it to
> take a profile name (rather than a program name) as the argument(s)
> for what to disable, as this was supported behavior in the perl
> tools. (The rest of the commands that make use of the aa_tools.act()
> method have not been exercised with this patch in place, as further
> patches will separate those out.)
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> ---
>  utils/apparmor/tools.py |   46 ++++++++++++++++++++++++++++++++++------------
>  1 file changed, 34 insertions(+), 12 deletions(-)
> 
> Index: b/utils/apparmor/tools.py
> ===================================================================
> --- a/utils/apparmor/tools.py
> +++ b/utils/apparmor/tools.py
> @@ -55,22 +55,43 @@ class aa_tools:
>              raise apparmor.AppArmorException("Can't find AppArmor disable directory %s" % self.disabledir)
>  
>      def get_next_to_profile(self):
> +        '''Iterator function to walk the list of arguments passed'''
> +
>          for p in self.profiling:
>              if not p:
>                  continue
>  
> -            program = p
> +            program = None
> +            profile = None
>              if os.path.exists(p):
> -                program = apparmor.get_full_path(p).strip()
> +                fq_path = apparmor.get_full_path(p).strip()
> +                if os.path.commonprefix([apparmor.profile_dir, fq_path]) == apparmor.profile_dir:
> +                    program = None
> +                    profile = fq_path
> +                else:
> +                    program = fq_path
> +                    profile = apparmor.get_profile_filename(fq_path)
>              else:
>                  which = apparmor.which(p)
> -                if which:
> +                if which is not None:
>                      program = apparmor.get_full_path(which)
> +                    profile = apparmor.get_profile_filename(program)
> +                elif os.path.exists(os.path.join(apparmor.profile_dir, p)):
> +                    program = None
> +                    profile = apparmor.get_full_path(os.path.join(apparmor.profile_dir, p)).strip()
> +                else:
> +                    if '/' not in p:
> +                        aaui.UI_Info(_("Can't find %s in the system path list. If the name of the application\nis correct, please run 'which %s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % (p, p))
> +                    else:
> +                        aaui.UI_Info(_("%s does not exist, please double-check the path.") % p)
> +                    continue
>  
> -            yield program
> +            yield (program, profile)
>  
>      def act(self):
> -        for program in self.get_next_to_profile():
> +        for (program, profile) in self.get_next_to_profile():
> +            if program is None:
> +                program = profile
>  
>              apparmor.read_profiles()
>  
> @@ -124,19 +145,20 @@ class aa_tools:
>                      sys.exit(1)
>  
>      def cmd_disable(self):
> -        for program in self.get_next_to_profile():
> -            filename = apparmor.get_profile_filename(program)
> +        for (program, profile) in self.get_next_to_profile():
> +
> +            output_name = profile if program is None else program
>  
> -            if not os.path.isfile(filename) or apparmor.is_skippable_file(filename):
> -                aaui.UI_Info(_('Profile for %s not found, skipping') % program)
> +            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
> +                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
>                  continue
>  
> -            aaui.UI_Info(_('Disabling %s.') % program)
> -            self.disable_profile(filename)
> +            aaui.UI_Info(_('Disabling %s.') % output_name)
> +            self.disable_profile(profile)
>  
>              # FIXME: this should be a profile_remove function/method
>              # FIXME: should ensure profile is loaded before unloading
> -            cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-R', filename])
> +            cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '-R', profile])
>  
>              if cmd_info[0] != 0:
>                  raise apparmor.AppArmorException(cmd_info[1])
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140305/5e7f2aa2/attachment.pgp>

More information about the AppArmor mailing list