[apparmor] [patch] Allow variables in change_profile rules

[Christian Boltz]

Hello,

now that the parser allows variables in change_profile rules,
the tools should also do that ;-)


[ 67-change-profile-allow-var.diff ]

=== modified file utils/apparmor/regex.py
--- utils/apparmor/regex.py     2015-07-05 16:49:54.682489394 +0200
+++ utils/apparmor/regex.py     2015-07-05 17:13:27.880086386 +0200
@@ -27,7 +27,9 @@
 RE_COMMA_EOL            = '\s*,' + RE_EOL # optional whitespace, comma + RE_EOL
 
 RE_PROFILE_NAME         = '(?P<%s>(\S+|"[^"]+"))'    # string without spaces, or quoted string. %s is the match group name
-RE_PROFILE_PATH         = '(?P<%s>(/\S+|"/[^"]+"))'  # filename (starting with '/') without spaces, or quoted filename. %s is the match group name
+RE_PATH                 = '/\S+|"/[^"]+"'  # filename (starting with '/') without spaces, or quoted filename.
+RE_PROFILE_PATH         = '(?P<%s>(' + RE_PATH + '))'  # quoted or unquoted filename. %s is the match group name
+RE_PROFILE_PATH_OR_VAR  = '(?P<%s>(' + RE_PATH + '|@{\S+}\S*|"@{\S+}[^"]*"))'  # quoted or unquoted filename or variable. %s is the match group name
 
 RE_PROFILE_END          = re.compile('^\s*\}' + RE_EOL)
 RE_PROFILE_CAP          = re.compile(RE_AUDIT_DENY + 'capability(?P<capability>(\s+\S+)+)?' + RE_COMMA_EOL)
@@ -75,7 +77,7 @@
 RE_PROFILE_CHANGE_PROFILE = re.compile(
     RE_AUDIT_DENY +
     'change_profile' +
-    '(\s+' + RE_PROFILE_PATH % 'execcond' + ')?' +  # optionally exec condition
+    '(\s+' + RE_PROFILE_PATH_OR_VAR % 'execcond' + ')?' +  # optionally exec condition
     '(\s+->\s*' + RE_PROFILE_NAME % 'targetprofile' + ')?' +  # optionally '->' target profile
     RE_COMMA_EOL)
 

Regards,

Christian Boltz
-- 
> # bluescreen: Bluescreen-Emulator für Terminals
Ich hab es eben in ner Konsole getestet und ich Idiot habe wirklich
Strg+Alt+Entf gedrückt! Warum postest Du solch gefährliche Scripte?
[> David Haller und Rüdiger Meier in suse-linux]