[apparmor] [patch] add attachment to parse_profile_start() return values
Steve Beattie
steve at nxnw.org
Wed Apr 1 20:18:52 UTC 2015
On Sat, Mar 14, 2015 at 02:05:58AM +0100, Christian Boltz wrote:
> Hello,
>
> this patch adds the attachment to the parse_profile_start() and
> serialize_parse_profile_start() return values, and adjusts the functions
> calling the *parse_profile_start() functions to save the attachment in
> the "attachment" variable (which isn't used yet).
>
> The patch also adjusts the tests for the added return value.
>
> (Sorry for not getting the resultset right from the beginning!)
>
> I propose this patch for trunk and 2.9.
>
>
> [ 19-add-attachment-to-parse_profile_start-return-values.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>
Stylistically, 6+ element tuples are a bit ugly as a return
type. We might want to consider converting to a named tuple
(https://docs.python.org/dev/library/collections.html#collections.namedtuple)
to make things a bit less ugly.
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-03-14 01:42:16.776442896 +0100
> +++ utils/apparmor/aa.py 2015-03-14 01:20:04.539158271 +0100
> @@ -2658,9 +2658,10 @@
> else:
> hat = profile
>
> + attachment = matches['attachment']
> flags = matches['flags']
>
> - return (profile, hat, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
> + return (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
>
> def parse_profile_data(data, file, do_include):
> profile_data = hasher()
> @@ -2685,7 +2686,7 @@
> lastline = None
> # Starting line of a profile
> if RE_PROFILE_START.search(line):
> - (profile, hat, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat)
> + (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat)
> if pps_set_profile:
> profile_data[profile][hat]['profile'] = True
> if pps_set_hat_external:
> @@ -3731,9 +3734,10 @@
> else:
> hat = profile
>
> + attachment = matches['attachment']
> flags = matches['flags']
>
> - return (profile, hat, flags, in_contained_hat, correct)
> + return (profile, hat, attachment, flags, in_contained_hat, correct)
>
> def serialize_profile_from_old_profile(profile_data, name, options):
> data = []
> @@ -3842,7 +3846,7 @@
> #data.append(' ')#data.append('read: '+line)
> if RE_PROFILE_START.search(line):
>
> - (profile, hat, flags, in_contained_hat, correct) = serialize_parse_profile_start(
> + (profile, hat, attachment, flags, in_contained_hat, correct) = serialize_parse_profile_start(
> line, prof_filename, None, profile, hat, write_prof_data[profile][hat]['profile'], write_prof_data[profile][hat]['external'], correct)
>
> if not write_prof_data[hat]['name'] == profile:
> === modified file utils/test/test-aa.py
> --- utils/test/test-aa.py 2015-03-14 01:42:16.776442896 +0100
> +++ utils/test/test-aa.py 2015-03-14 01:20:04.540158212 +0100
> @@ -271,32 +271,32 @@
>
> def test_parse_profile_start_01(self):
> result = self._parse('/foo {', None, None)
> - expected = ('/foo', '/foo', None, False, False, False)
> + expected = ('/foo', '/foo', None, None, False, False, False)
> self.assertEqual(result, expected)
>
> def test_parse_profile_start_02(self):
> result = self._parse('/foo (complain) {', None, None)
> - expected = ('/foo', '/foo', 'complain', False, False, False)
> + expected = ('/foo', '/foo', None, 'complain', False, False, False)
> self.assertEqual(result, expected)
>
> def test_parse_profile_start_03(self):
> result = self._parse('profile foo /foo {', None, None) # named profile
> - expected = ('foo /foo', 'foo /foo', None, False, False, False) # XXX yes, that's what happens with the current code :-/
> + expected = ('foo /foo', 'foo /foo', '/foo', None, False, False, False) # XXX yes, that's what happens with the current code :-/
> self.assertEqual(result, expected)
>
> def test_parse_profile_start_04(self):
> result = self._parse('profile /foo {', '/bar', '/bar') # child profile
> - expected = ('/bar', '/foo', None, True, True, False)
> + expected = ('/bar', '/foo', None, None, True, True, False)
> self.assertEqual(result, expected)
>
> def test_parse_profile_start_05(self):
> result = self._parse('/foo//bar {', None, None) # external hat
> - expected = ('/foo', 'bar', None, False, False, True)
> + expected = ('/foo', 'bar', None, None, False, False, True)
> self.assertEqual(result, expected)
>
> def test_parse_profile_start_06(self):
> result = self._parse('profile "/foo" (complain) {', None, None)
> - expected = ('/foo', '/foo', 'complain', False, False, False)
> + expected = ('/foo', '/foo', None, 'complain', False, False, False)
> self.assertEqual(result, expected)
>
>
> @@ -348,77 +348,77 @@
>
> def test_serialize_parse_profile_start_01(self):
> result = self._parse('/foo {', None, None, False, False)
> - expected = ('/foo', '/foo', None, False, True)
> + expected = ('/foo', '/foo', None, None, False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_02(self):
> result = self._parse('/foo (complain) {', None, None, False, False)
> - expected = ('/foo', '/foo', 'complain', False, True)
> + expected = ('/foo', '/foo', None, 'complain', False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_03(self):
> result = self._parse('profile foo /foo {', None, None, False, False) # named profile
> - expected = ('foo /foo', 'foo /foo', None, False, True) # XXX yes, that's what happens with the current code :-/
> + expected = ('foo /foo', 'foo /foo', '/foo', None, False, True) # XXX yes, that's what happens with the current code :-/
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_04(self):
> result = self._parse('profile /foo {', '/bar', '/bar', False, False) # child profile
> - expected = ('/bar', '/foo', None, True, True)
> + expected = ('/bar', '/foo', None, None, True, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_05(self):
> result = self._parse('/foo//bar {', None, None, False, False) # external hat
> - expected = ('/foo', 'bar', None, False, False) # note correct == False here
> + expected = ('/foo', 'bar', None, None, False, False) # note correct == False here
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_06(self):
> result = self._parse('profile "/foo" (complain) {', None, None, False, False)
> - expected = ('/foo', '/foo', 'complain', False, True)
> + expected = ('/foo', '/foo', None, 'complain', False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_07(self):
> result = self._parse('/foo {', None, None, True, False)
> - expected = ('/foo', '/foo', None, False, True)
> + expected = ('/foo', '/foo', None, None, False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_08(self):
> result = self._parse('/foo {', None, None, False, True)
> - expected = ('/foo', '/foo', None, False, True)
> + expected = ('/foo', '/foo', None, None, False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_09(self):
> result = self._parse('/foo {', None, None, True, True)
> - expected = ('/foo', '/foo', None, False, True)
> + expected = ('/foo', '/foo', None, None, False, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_10(self):
> result = self._parse('profile /foo {', '/bar', '/bar', True, False) # child profile
> - expected = ('/bar', '/foo', None, True, True)
> + expected = ('/bar', '/foo', None, None, True, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_11(self):
> result = self._parse('profile /foo {', '/bar', '/bar', False, True) # child profile
> - expected = ('/bar', '/foo', None, True, True)
> + expected = ('/bar', '/foo', None, None, True, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_12(self):
> result = self._parse('profile /foo {', '/bar', '/bar', True, True) # child profile
> - expected = ('/bar', '/foo', None, True, True)
> + expected = ('/bar', '/foo', None, None, True, True)
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_13(self):
> result = self._parse('/foo {', '/bar', '/bar', False, False) # child profile without 'profile' keyword - XXX should this error out?
> - expected = ('/foo', '/foo', None, False, True) # note that in_contained_hat == False and that profile == hat == child profile
> + expected = ('/foo', '/foo', None, None, False, True) # note that in_contained_hat == False and that profile == hat == child profile
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_14(self):
> result = self._parse('/ext//hat {', '/bar', '/bar', True, True) # external hat inside a profile - XXX should this error out?
> - expected = ('/ext', '/ext', None, False, True) # XXX additionally note that hat == profile, but should be 'hat'
> + expected = ('/ext', '/ext', None, None, False, True) # XXX additionally note that hat == profile, but should be 'hat'
> self.assertEqual(result, expected)
>
> def test_serialize_parse_profile_start_15(self):
> result = self._parse('/ext//hat {', '/bar', '/bar', True, False) # external hat inside a profile - XXX should this error out?
> - expected = ('/ext', 'hat', None, False, False)
> + expected = ('/ext', 'hat', None, None, False, False)
> self.assertEqual(result, expected)
>
>
>
>
>
>
>
> Regards,
>
> Christian Boltz
> --
> Please, if you use any of my code in your giant list of bad coding
> practices, feel free to not attribute me. :) [Seth Arnold in apparmor]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150401/df50a67c/attachment.pgp>
More information about the AppArmor
mailing list