[apparmor] [patch] Use *Rule.match() in aa.py

Seth Arnold seth.arnold at canonical.com
Tue Apr 21 23:43:15 UTC 2015 

On Wed, Apr 22, 2015 at 12:05:47AM +0200, Christian Boltz wrote:
> Hello,
> 
> this patch replaces usage of RE_PROFILE_CAP and RE_PROFILE_NETWORK with
> CapabilityRule.match() and NetworkRule.match() calls.
> This also means aa.py doesn't need to import those regexes anymore.
> 
> As a side effect of this change, test-regex_matches.py needs a small
> fix because it imported RE_PROFILE_CAP from apparmor.aa instead of
> apparmor.regex.
> 
> 
> Needless to say that this patch depends on patch 48 ;-)

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> 
> [ 49-use-rule-match-in-aa.py.diff ]
> 
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-04-17 23:26:26.067399028 +0200
> +++ utils/apparmor/aa.py        2015-04-21 23:51:13.233664335 +0200
> @@ -40,11 +40,11 @@
>                               mode_to_str_user, mode_contains, AA_OTHER,
>                               flatten_mode, owner_flatten_mode)
>  
> -from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_CAP, RE_PROFILE_LINK,
> +from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
>                              RE_PROFILE_CHANGE_PROFILE, RE_PROFILE_ALIAS, RE_PROFILE_RLIMIT,
>                              RE_PROFILE_BOOLEAN, RE_PROFILE_VARIABLE, RE_PROFILE_CONDITIONAL,
>                              RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_CONDITIONAL_BOOLEAN,
> -                            RE_PROFILE_BARE_FILE_ENTRY, RE_PROFILE_PATH_ENTRY, RE_PROFILE_NETWORK,
> +                            RE_PROFILE_BARE_FILE_ENTRY, RE_PROFILE_PATH_ENTRY,
>                              RE_PROFILE_CHANGE_HAT,
>                              RE_PROFILE_HAT_DEF, RE_PROFILE_DBUS, RE_PROFILE_MOUNT,
>                              RE_PROFILE_SIGNAL, RE_PROFILE_PTRACE, RE_PROFILE_PIVOT_ROOT,
> @@ -2701,7 +2701,7 @@
>  
>              initial_comment = ''
>  
> -        elif RE_PROFILE_CAP.search(line):
> +        elif CapabilityRule.match(line):
>              if not profile:
>                  raise AppArmorException(_('Syntax Error: Unexpected capability entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
>  
> @@ -2915,7 +2915,7 @@
>                  if not include.get(include_name, False):
>                      load_include(include_name)
>  
> -        elif RE_PROFILE_NETWORK.search(line):
> +        elif NetworkRule.match(line):
>              if not profile:
>                  raise AppArmorException(_('Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
>  
> @@ -3830,7 +3830,7 @@
>                  else:
>                      profile = None
>  
> -            elif RE_PROFILE_CAP.search(line):
> +            elif CapabilityRule.match(line):
>                  cap = CapabilityRule.parse(line)
>                  if write_prof_data[hat]['capability'].is_covered(cap, True, True):
>                      if not segments['capability'] and True in segments.values():
> @@ -4069,7 +4069,7 @@
>                          write_filelist['include'].pop(include_name)
>                          data.append(line)
>  
> -            elif RE_PROFILE_NETWORK.search(line):
> +            elif NetworkRule.match(line):
>                  network_obj = NetworkRule.parse(line)
>                  if write_prof_data[hat]['network'].is_covered(network_obj, True, True):
>                      if not segments['network'] and True in segments.values():
> === modified file utils/test/test-regex_matches.py
> --- utils/test/test-regex_matches.py    2015-04-11 20:17:35.131546115 +0200
> +++ utils/test/test-regex_matches.py    2015-04-21 23:53:27.505660866 +0200
> @@ -14,7 +14,7 @@
>  from common_test import AATest, setup_all_loops
>  from apparmor.common import AppArmorBug
>  
> -from apparmor.regex import strip_quotes, parse_profile_start_line, RE_PROFILE_START
> +from apparmor.regex import strip_quotes, parse_profile_start_line, RE_PROFILE_START, RE_PROFILE_CAP
>  
>  
>  class AARegexTest(AATest):
> @@ -203,7 +203,7 @@
>  class AARegexCapability(AARegexTest):
>      '''Tests for RE_PROFILE_CAP'''
>  
> -    regex = aa.RE_PROFILE_CAP
> +    regex = RE_PROFILE_CAP
>  
>      tests = [
>          ('   capability net_raw,', (None, None, 'net_raw', 'net_raw', None)),
> 
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> An NT server can be run by an idiot, and usually is.
> [Tom Holub,a.h.b-o-u]
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150421/8d9875d0/attachment.pgp>

More information about the AppArmor mailing list