[apparmor] [patch] extend and partially rewrite write_header()

Steve Beattie steve at nxnw.org
Wed Apr 1 18:57:17 UTC 2015 

On Sun, Mar 15, 2015 at 08:14:51PM +0100, Christian Boltz wrote:
> Hello,
> 
> Am Samstag, 14. März 2015 schrieb Christian Boltz:
> > this patch extends and partially rewrites write_header()
> > 
> > - add support for prof_data['header_comment'] (comment after '{')
> >   and prof_data['profile_keyword'] (to force the 'profile' keyword,
> > even if it isn't needed) to write_header().
> >   (set_profile_flags() will be the only user of these two for now)
> > 
> > - fix a crash if depth is not an integer - for example,
> >       len('   ')/2   # 3 spaces = 1.5
> >   would cause a crash.
> >   Also add a test for this.
> > 
> > - rewrite the handling of flags to avoid we have to maintain two 
> >   different template lines.
> >  
> > - update the tests to set 'profile_keyword' and 'header_comment' to
> > None. This avoids big changes in the test code. I'll send another
> > patch that makes sure profile_keyword and header_comment are tested
> > ;-)
> > 
> > As usual, I propose this patch for trunk and 2.9.
> 
> Here's v2 - changes:
> - allow an odd number of spaces in write_header() to avoid unwanted 
>   whitespace changes in profiles
> - adjust the test for 1.5 (*2) spaces to expect 3 spaces
> - add a test with 1.3 (*2) spaces which makes sure write_header doesn't
>   crash because of the float, and expects 2 spaces
> 
> 
> [ 18-write_header-add-support-for-header_comment-and-profile_keyword.diff ]

Acked-by: Steve Beattie <steve at nxnw.org>

> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-03-13 23:02:15.645945929 +0100
> +++ utils/apparmor/aa.py        2015-03-14 00:36:41.362854488 +0100
> @@ -105,7 +105,8 @@
>  # a) rules (as dict): alias, change_profile, include, lvar, rlimit
>  # b) rules (as hasher): allow, deny
>  # c) one for each rule class
> -# d) other: declared, external, flags, name, profile
> +# d) other: declared, external, flags, name, profile, attachment,
> +#           profile_keyword, header_comment (these two are currently only set by set_profile_flags())
>  aa = hasher()  # Profiles originally in sd, replace by aa
>  original_aa = hasher()
>  extras = hasher()  # Inactive profiles from extras
> @@ -3277,7 +3278,7 @@
>      return escape
>  
>  def write_header(prof_data, depth, name, embedded_hat, write_flags):
> -    pre = '  ' * depth
> +    pre = ' ' * int(depth * 2)
>      data = []
>      unquoted_name = name
>      name = quote_if_needed(name)
> @@ -3286,13 +3287,18 @@
>      if prof_data['attachment']:
>          attachment = ' %s' % quote_if_needed(prof_data['attachment'])
>  
> +    comment = ''
> +    if prof_data['header_comment']:
> +        comment = ' %s' % prof_data['header_comment']
> +
> -    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
> +    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
>          name = 'profile %s%s' % (name, attachment)
>  
> +    flags = ''
>      if write_flags and prof_data['flags']:
> -        data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
> -    else:
> -        data.append('%s%s {' % (pre, name))
> +        flags = ' flags=(%s)' % prof_data['flags']
> +
> +    data.append('%s%s%s {%s' % (pre, name, flags, comment))
>  
>      return data
>  
> === modified file utils/test/test-aa.py
> --- utils/test/test-aa.py       2015-03-13 23:02:15.646945870 +0100
> +++ utils/test/test-aa.py       2015-03-14 00:35:58.343392466 +0100
> @@ -328,6 +328,8 @@
>          (['bar baz', False,          True,          1,      'complain',     '/foo sp'   ],  '  profile "bar baz" "/foo sp" flags=(complain) {'),
>          (['^foo',    False,          True,          1,      'complain',     None        ],  '  profile ^foo flags=(complain) {'),
>          (['^foo',    True,           True,          1,      'complain',     None        ],  '  ^foo flags=(complain) {'),
> +        (['^foo',    True,           True,          1.5,    'complain',     None        ],  '   ^foo flags=(complain) {'),
> +        (['^foo',    True,           True,          1.3,    'complain',     None        ],  '  ^foo flags=(complain) {'),
>       ]
>  
>      def _run_test(self, params, expected):
> @@ -335,7 +336,7 @@
>          embedded_hat = params[1]
>          write_flags = params[2]
>          depth = params[3]
> -        prof_data = { 'flags': params[4], 'attachment': params[5] }
> +        prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
>  
>          result = write_header(prof_data, depth, name, embedded_hat, write_flags)
>          self.assertEqual(result, [expected])

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150401/bea970a5/attachment.pgp>

More information about the AppArmor mailing list