[apparmor] [patch] Use *Rule.match() in aa.py
Christian Boltz
apparmor at cboltz.de
Tue Apr 21 22:05:47 UTC 2015
Hello,
this patch replaces usage of RE_PROFILE_CAP and RE_PROFILE_NETWORK with
CapabilityRule.match() and NetworkRule.match() calls.
This also means aa.py doesn't need to import those regexes anymore.
As a side effect of this change, test-regex_matches.py needs a small
fix because it imported RE_PROFILE_CAP from apparmor.aa instead of
apparmor.regex.
Needless to say that this patch depends on patch 48 ;-)
[ 49-use-rule-match-in-aa.py.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-04-17 23:26:26.067399028 +0200
+++ utils/apparmor/aa.py 2015-04-21 23:51:13.233664335 +0200
@@ -40,11 +40,11 @@
mode_to_str_user, mode_contains, AA_OTHER,
flatten_mode, owner_flatten_mode)
-from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_CAP, RE_PROFILE_LINK,
+from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
RE_PROFILE_CHANGE_PROFILE, RE_PROFILE_ALIAS, RE_PROFILE_RLIMIT,
RE_PROFILE_BOOLEAN, RE_PROFILE_VARIABLE, RE_PROFILE_CONDITIONAL,
RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_CONDITIONAL_BOOLEAN,
- RE_PROFILE_BARE_FILE_ENTRY, RE_PROFILE_PATH_ENTRY, RE_PROFILE_NETWORK,
+ RE_PROFILE_BARE_FILE_ENTRY, RE_PROFILE_PATH_ENTRY,
RE_PROFILE_CHANGE_HAT,
RE_PROFILE_HAT_DEF, RE_PROFILE_DBUS, RE_PROFILE_MOUNT,
RE_PROFILE_SIGNAL, RE_PROFILE_PTRACE, RE_PROFILE_PIVOT_ROOT,
@@ -2701,7 +2701,7 @@
initial_comment = ''
- elif RE_PROFILE_CAP.search(line):
+ elif CapabilityRule.match(line):
if not profile:
raise AppArmorException(_('Syntax Error: Unexpected capability entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
@@ -2915,7 +2915,7 @@
if not include.get(include_name, False):
load_include(include_name)
- elif RE_PROFILE_NETWORK.search(line):
+ elif NetworkRule.match(line):
if not profile:
raise AppArmorException(_('Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
@@ -3830,7 +3830,7 @@
else:
profile = None
- elif RE_PROFILE_CAP.search(line):
+ elif CapabilityRule.match(line):
cap = CapabilityRule.parse(line)
if write_prof_data[hat]['capability'].is_covered(cap, True, True):
if not segments['capability'] and True in segments.values():
@@ -4069,7 +4069,7 @@
write_filelist['include'].pop(include_name)
data.append(line)
- elif RE_PROFILE_NETWORK.search(line):
+ elif NetworkRule.match(line):
network_obj = NetworkRule.parse(line)
if write_prof_data[hat]['network'].is_covered(network_obj, True, True):
if not segments['network'] and True in segments.values():
=== modified file utils/test/test-regex_matches.py
--- utils/test/test-regex_matches.py 2015-04-11 20:17:35.131546115 +0200
+++ utils/test/test-regex_matches.py 2015-04-21 23:53:27.505660866 +0200
@@ -14,7 +14,7 @@
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug
-from apparmor.regex import strip_quotes, parse_profile_start_line, RE_PROFILE_START
+from apparmor.regex import strip_quotes, parse_profile_start_line, RE_PROFILE_START, RE_PROFILE_CAP
class AARegexTest(AATest):
@@ -203,7 +203,7 @@
class AARegexCapability(AARegexTest):
'''Tests for RE_PROFILE_CAP'''
- regex = aa.RE_PROFILE_CAP
+ regex = RE_PROFILE_CAP
tests = [
(' capability net_raw,', (None, None, 'net_raw', 'net_raw', None)),
Regards,
Christian Boltz
--
An NT server can be run by an idiot, and usually is.
[Tom Holub,a.h.b-o-u]
More information about the AppArmor
mailing list