[apparmor] [patch] aa.py: let parse_audit_allow also match comments

Christian Boltz apparmor at cboltz.de
Fri Nov 7 22:26:08 UTC 2014 

Hello,

Am Freitag, 7. November 2014 schrieb Christian Boltz:
> This patch changes parse_audit_allow() in aa.py to also return
> comments at the end of the line.
> 
> This comment is not yet stored or used (except in the TODO note ;-)
> but I'd like to have it available from the beginning while writing
> the rule classes.

Here's v2 which strip()s whitespace at the end of the comment.


=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py        2014-10-20 20:40:42 +0000
+++ utils/apparmor/aa.py        2014-11-07 22:24:06 +0000
@@ -2752,8 +2752,8 @@
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected capability entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
-            audit, allow, allow_keyword = parse_audit_allow(matches)
-            # TODO: honor allow_keyword
+            audit, allow, allow_keyword, comment = parse_audit_allow(matches)
+            # TODO: honor allow_keyword and comment
 
             capability = ALL
             if matches.group('capability'):
@@ -2870,8 +2870,8 @@
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected bare file rule found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
-            audit, allow, allow_keyword = parse_audit_allow(matches)
-            # TODO: honor allow_keyword
+            audit, allow, allow_keyword, comment = parse_audit_allow(matches)
+            # TODO: honor allow_keyword and comment
 
             mode = apparmor.aamode.AA_BARE_FILE_MODE
             if not matches.group('owner'):
@@ -3222,7 +3222,12 @@
         if allow != 'allow' and allow != 'deny':  # should never happen
             raise AppArmorException(_("Invalid allow/deny keyword %s" % allow))
 
-    return (audit, allow, allow_keyword)
+    comment = ''
+    if matches.group('comment'):
+        # include a space so that we don't need to add it everywhere when writing the rule
+        comment = ' %s' % matches.group('comment').strip()
+
+    return (audit, allow, allow_keyword, comment)
 
 # RE_DBUS_ENTRY = re.compile('^dbus\s*()?,\s*$')
 #   use stuff like '(?P<action>(send|write|w|receive|read|r|rw))'




Regards,

Christian Boltz
-- 
> Und bin grad auch zu faul nachzuschauen. Das hab ich schlicht
> aus den autoconf-Makefiles... ;)
Automake-Makefiles, autoconf-Makefile's gibt es nicht ;)
[> David Haller und Ralf Corsepius in suse-programming]

More information about the AppArmor mailing list