[apparmor] [patch] Split off include_dir_filelist() from parse_profile_data() include handling

Christian Boltz apparmor at cboltz.de
Sat Jul 4 16:47:37 UTC 2015


Hello,

we need directory listings for #include <directory> in more than one
place, therefore split it off to its own function.

This is a preparation to fix https://bugs.launchpad.net/apparmor/+bug/1471425
If we want 2.9 to do more than "ignore #include <directory>" (which also
means to ask about and add rules for already covered events), this patch
is also needed for 2.9.



[ 60-split-off-include_dir_filelist.diff ]                                                                                                                   
                                                                                                                                                             
=== modified file utils/apparmor/aa.py                                                                                                                       
--- utils/apparmor/aa.py        2015-07-04 18:18:05.639468823 +0200                                                                                          
+++ utils/apparmor/aa.py        2015-07-04 18:34:30.602541182 +0200                                                                                          
@@ -2821,15 +2821,9 @@                                                                                                                                       
                 filelist[file]['include'][include_name] = True
             # If include is a directory
             if os.path.isdir(profile_dir + '/' + include_name):
-                for path in os.listdir(profile_dir + '/' + include_name):
-                    path = path.strip()
-                    if is_skippable_file(path):
-                        continue
-                    if os.path.isfile(profile_dir + '/' + include_name + '/' + path):
-                        file_name = include_name + '/' + path
-                        file_name = file_name.replace(profile_dir + '/', '')
-                        if not include.get(file_name, False):
-                            load_include(file_name)
+                for file_name in include_dir_filelist(profile_dir, include_name):
+                    if not include.get(file_name, False):
+                        load_include(file_name)
             else:
                 if not include.get(include_name, False):
                     load_include(include_name)
@@ -4138,6 +4135,20 @@
         raise AppArmorException(_('File Not Found: %s') % filename)
     return data
 
+def include_dir_filelist(profile_dir, include_name):
+    '''returns a list of files in the given profile_dir/include_name directory, except skippable files'''
+    files = []
+    for path in os.listdir(profile_dir + '/' + include_name):
+        path = path.strip()
+        if is_skippable_file(path):
+            continue
+        if os.path.isfile(profile_dir + '/' + include_name + '/' + path):
+            file_name = include_name + '/' + path
+            file_name = file_name.replace(profile_dir + '/', '')
+            files.append(file_name)
+
+    return files
+
 def load_include(incname):
     load_includeslist = [incname]
     if include.get(incname, {}).get(incname, False):


Regards,

Christian Boltz
-- 
>In Yast2-System-Editor /etc/sysconfig-Dateien in
>System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi eintragen.
*JAUUUUUUUULLLLL* *ARRRGGHHHH*
Man reiche mir eine Klinik-Jahrespackung von $SCHMERZMITTEL!!!
[> Heinz Dittmar und David Haller in suse-linux]




More information about the AppArmor mailing list