[apparmor] [patch] Change aa.py delete_duplicates() to loop over rule classes

Kshitij Gupta kgupta8592 at gmail.com
Fri Jun 19 20:09:10 UTC 2015 

Hello,

On Fri, Jun 5, 2015 at 7:15 PM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hello,
>
> this patch changes aa.py delete_duplicates() to loop over the rule
> classes.
>
> That's better than doing copy&paste for each added rule class ;-)
>
>
> [ 45-delete_duplicates-use-loop.diff ]
>
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-06-05 15:19:00.724318954 +0200
> +++ utils/apparmor/aa.py        2015-06-05 15:40:36.233292517 +0200
> @@ -2066,20 +2066,18 @@
>      # Allow rules covered by denied rules shouldn't be deleted
>      # only a subset allow rules may actually be denied
>
> +    ruletypes = ['capability', 'change_profile', 'network', 'rlimit']
> +
>
There is probably a better home for this list than this function where it
may even be re-used, for now its fine.

     if include.get(incname, False):
> -        deleted +=
> profile['network'].delete_duplicates(include[incname][incname]['network'])
> -        deleted +=
> profile['capability'].delete_duplicates(include[incname][incname]['capability'])
> -        deleted +=
> profile['change_profile'].delete_duplicates(include[incname][incname]['change_profile'])
> -        deleted +=
> profile['rlimit'].delete_duplicates(include[incname][incname]['rlimit'])
> +        for rule_type in ruletypes:
> +            deleted +=
> profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
>
>          deleted += delete_path_duplicates(profile, incname, 'allow')
>          deleted += delete_path_duplicates(profile, incname, 'deny')
>
>      elif filelist.get(incname, False):
> -        deleted +=
> profile['network'].delete_duplicates(filelist[incname][incname]['network'])
> -        deleted +=
> profile['capability'].delete_duplicates(filelist[incname][incname]['capability'])
> -        deleted +=
> profile['change_profile'].delete_duplicates(filelist[incname][incname]['change_profile'])
> -        deleted +=
> profile['rlimit'].delete_duplicates(filelist[incname][incname]['rlimit'])
> +        for rule_type in ruletypes:
> +            deleted +=
> profile[rule_type].delete_duplicates(filelist[incname][incname][rule_type])
>
>          deleted += delete_path_duplicates(profile, incname, 'allow')
>          deleted += delete_path_duplicates(profile, incname, 'deny')
>
>
> Thanks for the patch.

Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>.


>
> Regards,
>
> Christian Boltz
> --
> And in those years, you have never had a bigger issue than a tray icon
> not working? - Damn! KDE team must be doing one fantastic job!
> [Bjørn Lie in opensuse-factory]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>



-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150620/0e79c054/attachment.html>

More information about the AppArmor mailing list