[apparmor] [patch] Centralize the 'ruletypes' list

Seth Arnold seth.arnold at canonical.com
Fri Dec 4 01:39:50 UTC 2015 

On Thu, Dec 03, 2015 at 09:55:31PM +0100, Christian Boltz wrote:
> Hello,
> 
> having a list of rule types/classes at several places is annoying and
> error-prone. This patch centralizes the list in aa.py.
> 
> This also means ask_the_question() in aa.py will now (in theory) support
> 'change_profile' and 'rlimit'. In practise, that doesn't change anything
> because logparser.py doesn't support change_profile events yet - and
> rlimit doesn't cause any log events.
> 
> Also add some long overdue copyright headers.

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks


> 
> [ 24-centralize-ruletypes.diff ]
> 
> === modified file ./utils/aa-mergeprof
> --- utils/aa-mergeprof  2015-11-19 17:42:26.317879173 +0100
> +++ utils/aa-mergeprof  2015-12-02 22:37:23.198671126 +0100
> @@ -1,6 +1,7 @@
>  #! /usr/bin/env python
>  # ----------------------------------------------------------------------
>  #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
> +#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -631,7 +632,7 @@
>                              elif re.search('\d', ans):
>                                  default_option = ans
>  
> -            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
> +            for ruletype in apparmor.aa.ruletypes:
>                  if other.aa[profile][hat].get(ruletype, False): # needed until we have proper profile initialization
>                      for rule_obj in other.aa[profile][hat][ruletype].rules:
>  
> === modified file ./utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-11-29 21:05:50.338348194 +0100
> +++ utils/apparmor/aa.py        2015-12-02 22:29:55.825439595 +0100
> @@ -61,6 +61,8 @@
>  from apparmor.rule.signal     import SignalRuleset,    SignalRule
>  from apparmor.rule import parse_modifiers, quote_if_needed
>  
> +ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
> +
>  from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
>  
>  # setup module translations
> @@ -1677,7 +1679,7 @@
>                              signal_obj = SignalRule(access, signal, peer, log_event=aamode)
>                              log_obj[profile][hat]['signal'].add(signal_obj)
>  
> -                for ruletype in ['capability', 'network', 'signal']:
> +                for ruletype in ruletypes:
>                      # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
>                      for rule_obj in log_obj[profile][hat][ruletype].rules:
>  
> @@ -2161,8 +2163,6 @@
>      # Allow rules covered by denied rules shouldn't be deleted
>      # only a subset allow rules may actually be denied
>  
> -    ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
> -
>      if include.get(incname, False):
>          for rule_type in ruletypes:
>              deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
> === modified file ./utils/apparmor/cleanprofile.py
> --- utils/apparmor/cleanprofile.py      2015-11-19 17:42:26.317879173 +0100
> +++ utils/apparmor/cleanprofile.py      2015-12-02 22:37:19.298695423 +0100
> @@ -1,5 +1,6 @@
>  # ----------------------------------------------------------------------
>  #    Copyright (C) 2013 Kshitij Gupta <kgupta8592 at gmail.com>
> +#    Copyright (C) 2014-2015 Christian Boltz <apparmor at cboltz.de>
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -64,7 +65,7 @@
>                  deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)
>  
>              #Clean duplicate rules in other profile
> -            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
> +            for ruletype in apparmor.ruletypes:
>                  if not self.same_file:
>                      deleted += self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype])
>                  else:
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151203/a74415de/attachment.pgp>

More information about the AppArmor mailing list