[apparmor] [patch] split off _aare_or_all()
Christian Boltz
apparmor at cboltz.de
Sun Dec 20 23:11:11 UTC 2015
Hello,
Am Sonntag, 20. Dezember 2015 schrieb Christian Boltz:
> we need to check a rule part if it is *Rule.ALL or a string at various
> places. Therefore split off the checks in PtraceRule's and
> SignalRule's __init__() to the new _aare_or_alll() function in
> BaseRule.
>
> This also makes the *Rule __init__() much more readable because we now
> have one line to set self.foo and self.all_foo instead of 10 lines of
> nested if conditions.
I missed that we need the is_path flag, so here's v2:
[ 39-split-off-aare_or_all.diff ]
=== modified file ./utils/apparmor/rule/__init__.py
--- utils/apparmor/rule/__init__.py 2015-12-20 19:28:07.516487665 +0100
+++ utils/apparmor/rule/__init__.py 2015-12-20 19:30:40.931501227 +0100
@@ -13,6 +13,7 @@
#
# ----------------------------------------------------------------------
+from apparmor.aare import AARE
from apparmor.common import AppArmorBug, type_is_str
# setup module translations
@@ -50,6 +51,30 @@
# Set only in the parse() class method
self.raw_rule = None
+ def _aare_or_all(self, rulepart, partname, is_path, log_event):
+ '''checks rulepart and returns
+ - (AARE, False) if rulepart is a (non-empty) string
+ - (None, True) if rulepart is all_obj (typically *Rule.ALL)
+ - raises AppArmorBug if rulepart is an empty string or has a wrong type
+
+ Parameters:
+ - rulepart: the rule part to check (string or *Rule.ALL object)
+ - partname: the name of the rulepart (for example 'peer', used for exception messages)
+ - is_path (passed through to AARE)
+ - log_event (passed through to AARE)
+ '''
+
+ if rulepart == self.ALL:
+ return None, True
+ elif type_is_str(rulepart):
+ if len(rulepart.strip()) == 0:
+ raise AppArmorBug('Passed empty %(partname)s to %(classname)s: %(rulepart)s' %
+ {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
+ return AARE(rulepart, is_path=is_path, log_event=log_event), False
+ else:
+ raise AppArmorBug('Passed unknown %(partname)s to %(classname)s: %(rulepart)s'
+ % {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
+
def __repr__(self):
classname = self.__class__.__name__
try:
=== modified file ./utils/apparmor/rule/ptrace.py
--- utils/apparmor/rule/ptrace.py 2015-12-20 19:28:07.516487665 +0100
+++ utils/apparmor/rule/ptrace.py 2015-12-20 19:27:22.024780366 +0100
@@ -14,9 +14,8 @@
import re
-from apparmor.aare import AARE
from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME
-from apparmor.common import AppArmorBug, AppArmorException, type_is_str
+from apparmor.common import AppArmorBug, AppArmorException
from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed
# setup module translations
@@ -63,18 +62,7 @@
if unknown_items:
raise AppArmorException(_('Passed unknown access keyword to PtraceRule: %s') % ' '.join(unknown_items))
- # XXX same as in SignalRule - move to _init_peer() function!
- self.peer = None
- self.all_peers = False
- if peer == PtraceRule.ALL:
- self.all_peers = True
- elif type_is_str(peer):
- if len(peer.strip()) == 0:
- raise AppArmorBug('Passed empty peer to PtraceRule: %s' % str(peer))
- self.peer = AARE(peer, False, log_event=log_event)
- else:
- raise AppArmorBug('Passed unknown object to PtraceRule: %s' % str(peer))
-
+ self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event)
@classmethod
def _match(cls, raw_rule):
=== modified file ./utils/apparmor/rule/signal.py
--- utils/apparmor/rule/signal.py 2015-12-20 19:28:07.516487665 +0100
+++ utils/apparmor/rule/signal.py 2015-12-20 19:27:09.752859340 +0100
@@ -14,9 +14,8 @@
import re
-from apparmor.aare import AARE
from apparmor.regex import RE_PROFILE_SIGNAL, RE_PROFILE_NAME
-from apparmor.common import AppArmorBug, AppArmorException, type_is_str
+from apparmor.common import AppArmorBug, AppArmorException
from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed
# setup module translations
@@ -92,17 +91,7 @@
else:
raise AppArmorException(_('Passed unknown signal keyword to SignalRule: %s') % item)
- self.peer = None
- self.all_peers = False
- if peer == SignalRule.ALL:
- self.all_peers = True
- elif type_is_str(peer):
- if len(peer.strip()) == 0:
- raise AppArmorBug('Passed empty peer to SignalRule: %s' % str(peer))
- self.peer = AARE(peer, False, log_event=log_event)
- else:
- raise AppArmorBug('Passed unknown object to SignalRule: %s' % str(peer))
-
+ self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event)
@classmethod
def _match(cls, raw_rule):
Regards,
Christian Boltz
--
> Das hatte ich (samt Kommentar aus der /etc/postfix/transport) doch
> schon in meiner letzten Mail erklärt ... ;)
Sandy ist schuld ;-)
Erst mit seiner Erklärung ist mir aufgefallen, dass ich es nicht
verstanden habe. [> David Haller und Peter Mc Donough in opensuse-de]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151221/07a4e261/attachment.pgp>
More information about the AppArmor
mailing list