[apparmor] [patch] fix parsing of "hat foo {" lines

Thu Oct 16 19:00:03 UTC 2014

Hello,

the python utils didn't know about the hat keyword, for example
    hat foo {

This patch changes RE_PROFILE_HAT_DEF to add support for the hat keyword.

Note that this patch only changes profile reading - when saving a 
profile, the ^hat syntax will always be used.

While on it, also convert the regex to named matches - the result 
numbering changed anyway ;-)


=== modified file 'utils/apparmor/aa.py'

--- utils/apparmor/aa.py        2014-10-14 19:28:32 +0000
+++ utils/apparmor/aa.py        2014-10-16 18:52:37 +0000
@@ -2634,7 +2634,7 @@
 RE_NETWORK_FAMILY_TYPE = re.compile('\s+(\S+)\s+(\S+)\s*,$')
 RE_NETWORK_FAMILY = re.compile('\s+(\S+)\s*,$')
 RE_PROFILE_CHANGE_HAT   = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
-RE_PROFILE_HAT_DEF      = re.compile('^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{' + RE_EOL)
+RE_PROFILE_HAT_DEF      = re.compile('^\s*(\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
 RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
 RE_PROFILE_MOUNT        = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
 RE_PROFILE_SIGNAL       = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal\s+[^#]*\s*,)' + RE_EOL)
@@ -3144,14 +3144,14 @@
 
         elif RE_PROFILE_HAT_DEF.search(line):
             # An embedded hat syntax definition starts
-            matches = RE_PROFILE_HAT_DEF.search(line).groups()
+            matches = RE_PROFILE_HAT_DEF.search(line)
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected hat definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
             in_contained_hat = True
-            hat = matches[0]
+            hat = matches.group('hat')
             hat = strip_quotes(hat)
-            flags = matches[3]
+            flags = matches.group('flags')
 
             profile_data[profile][hat]['flags'] = flags
             profile_data[profile][hat]['declared'] = False
@@ -4321,11 +4321,12 @@
                     #To-Do
                     pass
             elif RE_PROFILE_HAT_DEF.search(line):
-                matches = RE_PROFILE_HAT_DEF.search(line).groups()
+                matches = RE_PROFILE_HAT_DEF.search(line)
                 in_contained_hat = True
-                hat = matches[0]
+                hat = matches.group('hat')
                 hat = strip_quotes(hat)
-                flags = matches[3]
+                flags = matches.group('flags')
+
                 if not write_prof_data[hat]['flags'] == flags:
                     correct = False
                 if not write_prof_data[hat]['declared'] is False:



Regards,

Christian Boltz
-- 
> 8.1 ist nicht 9.0
Also in der Quersumme schon ;-)
[> Henne Vogelsang und Manfred Tremmel in suse-linux]


