[apparmor] [patch] extend and partially rewrite write_header()
Steve Beattie
steve at nxnw.org
Wed Apr 1 18:57:17 UTC 2015
On Sun, Mar 15, 2015 at 08:14:51PM +0100, Christian Boltz wrote:
> Hello,
>
> Am Samstag, 14. März 2015 schrieb Christian Boltz:
> > this patch extends and partially rewrites write_header()
> >
> > - add support for prof_data['header_comment'] (comment after '{')
> > and prof_data['profile_keyword'] (to force the 'profile' keyword,
> > even if it isn't needed) to write_header().
> > (set_profile_flags() will be the only user of these two for now)
> >
> > - fix a crash if depth is not an integer - for example,
> > len(' ')/2 # 3 spaces = 1.5
> > would cause a crash.
> > Also add a test for this.
> >
> > - rewrite the handling of flags to avoid we have to maintain two
> > different template lines.
> >
> > - update the tests to set 'profile_keyword' and 'header_comment' to
> > None. This avoids big changes in the test code. I'll send another
> > patch that makes sure profile_keyword and header_comment are tested
> > ;-)
> >
> > As usual, I propose this patch for trunk and 2.9.
>
> Here's v2 - changes:
> - allow an odd number of spaces in write_header() to avoid unwanted
> whitespace changes in profiles
> - adjust the test for 1.5 (*2) spaces to expect 3 spaces
> - add a test with 1.3 (*2) spaces which makes sure write_header doesn't
> crash because of the float, and expects 2 spaces
>
>
> [ 18-write_header-add-support-for-header_comment-and-profile_keyword.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-03-13 23:02:15.645945929 +0100
> +++ utils/apparmor/aa.py 2015-03-14 00:36:41.362854488 +0100
> @@ -105,7 +105,8 @@
> # a) rules (as dict): alias, change_profile, include, lvar, rlimit
> # b) rules (as hasher): allow, deny
> # c) one for each rule class
> -# d) other: declared, external, flags, name, profile
> +# d) other: declared, external, flags, name, profile, attachment,
> +# profile_keyword, header_comment (these two are currently only set by set_profile_flags())
> aa = hasher() # Profiles originally in sd, replace by aa
> original_aa = hasher()
> extras = hasher() # Inactive profiles from extras
> @@ -3277,7 +3278,7 @@
> return escape
>
> def write_header(prof_data, depth, name, embedded_hat, write_flags):
> - pre = ' ' * depth
> + pre = ' ' * int(depth * 2)
> data = []
> unquoted_name = name
> name = quote_if_needed(name)
> @@ -3286,13 +3287,18 @@
> if prof_data['attachment']:
> attachment = ' %s' % quote_if_needed(prof_data['attachment'])
>
> + comment = ''
> + if prof_data['header_comment']:
> + comment = ' %s' % prof_data['header_comment']
> +
> - if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
> + if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
> name = 'profile %s%s' % (name, attachment)
>
> + flags = ''
> if write_flags and prof_data['flags']:
> - data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
> - else:
> - data.append('%s%s {' % (pre, name))
> + flags = ' flags=(%s)' % prof_data['flags']
> +
> + data.append('%s%s%s {%s' % (pre, name, flags, comment))
>
> return data
>
> === modified file utils/test/test-aa.py
> --- utils/test/test-aa.py 2015-03-13 23:02:15.646945870 +0100
> +++ utils/test/test-aa.py 2015-03-14 00:35:58.343392466 +0100
> @@ -328,6 +328,8 @@
> (['bar baz', False, True, 1, 'complain', '/foo sp' ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
> (['^foo', False, True, 1, 'complain', None ], ' profile ^foo flags=(complain) {'),
> (['^foo', True, True, 1, 'complain', None ], ' ^foo flags=(complain) {'),
> + (['^foo', True, True, 1.5, 'complain', None ], ' ^foo flags=(complain) {'),
> + (['^foo', True, True, 1.3, 'complain', None ], ' ^foo flags=(complain) {'),
> ]
>
> def _run_test(self, params, expected):
> @@ -335,7 +336,7 @@
> embedded_hat = params[1]
> write_flags = params[2]
> depth = params[3]
> - prof_data = { 'flags': params[4], 'attachment': params[5] }
> + prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
>
> result = write_header(prof_data, depth, name, embedded_hat, write_flags)
> self.assertEqual(result, [expected])
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150401/bea970a5/attachment.pgp>
More information about the AppArmor
mailing list