[apparmor] [patch] aa.py: let parse_audit_allow also match comments

Christian Boltz apparmor at cboltz.de
Fri Nov 7 22:08:50 UTC 2014 

Hello,

This patch changes parse_audit_allow() in aa.py to also return comments 
at the end of the line.

This comment is not yet stored or used (except in the TODO note ;-) but 
I'd like to have it available from the beginning while writing the rule 
classes.


=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py        2014-10-20 20:40:42 +0000
+++ utils/apparmor/aa.py        2014-11-07 22:05:31 +0000
@@ -2752,8 +2752,8 @@
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected capability entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
-            audit, allow, allow_keyword = parse_audit_allow(matches)
-            # TODO: honor allow_keyword
+            audit, allow, allow_keyword, comment = parse_audit_allow(matches)
+            # TODO: honor allow_keyword and comment
 
             capability = ALL
             if matches.group('capability'):
@@ -2870,8 +2870,8 @@
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected bare file rule found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
-            audit, allow, allow_keyword = parse_audit_allow(matches)
-            # TODO: honor allow_keyword
+            audit, allow, allow_keyword, comment = parse_audit_allow(matches)
+            # TODO: honor allow_keyword and comment
 
             mode = apparmor.aamode.AA_BARE_FILE_MODE
             if not matches.group('owner'):
@@ -3222,7 +3222,12 @@
         if allow != 'allow' and allow != 'deny':  # should never happen
             raise AppArmorException(_("Invalid allow/deny keyword %s" % allow))
 
-    return (audit, allow, allow_keyword)
+    comment = ''
+    if matches.group('comment'):
+        # include a space so that we don't need to add it everywhere when writing the rule
+        comment = ' %s' % matches.group('comment')
+
+    return (audit, allow, allow_keyword, comment)
 
 # RE_DBUS_ENTRY = re.compile('^dbus\s*()?,\s*$')
 #   use stuff like '(?P<action>(send|write|w|receive|read|r|rw))'



Regards,

Christian Boltz
-- 
I am supposed to be the info provider, so here is my answer:
42
By the way:
What is the question?
[Johannes Meixner in https://bugzilla.novell.com/show_bug.cgi?id=190173]

More information about the AppArmor mailing list