[apparmor] [patch] extend and partially rewrite write_header()
Christian Boltz
apparmor at cboltz.de
Sat Mar 14 00:31:06 UTC 2015
Hello,
this patch extends and partially rewrites write_header()
- add support for prof_data['header_comment'] (comment after '{')
and prof_data['profile_keyword'] (to force the 'profile' keyword, even
if it isn't needed) to write_header().
(set_profile_flags() will be the only user of these two for now)
- fix a crash if depth is not an integer - for example,
len(' ')/2 # 3 spaces = 1.5
would cause a crash.
Also add a test for this.
- rewrite the handling of flags to avoid we have to maintain two
different template lines.
- update the tests to set 'profile_keyword' and 'header_comment' to None.
This avoids big changes in the test code. I'll send another patch that
makes sure profile_keyword and header_comment are tested ;-)
As usual, I propose this patch for trunk and 2.9.
[ 18-write_header-add-support-for-header_comment-and-profile_keyword.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-03-13 23:02:15.645945929 +0100
+++ utils/apparmor/aa.py 2015-03-14 00:36:41.362854488 +0100
@@ -105,7 +105,8 @@
# a) rules (as dict): alias, change_profile, include, lvar, rlimit
# b) rules (as hasher): allow, deny
# c) one for each rule class
-# d) other: declared, external, flags, name, profile
+# d) other: declared, external, flags, name, profile, attachment,
+# profile_keyword, header_comment (these two are currently only set by set_profile_flags())
aa = hasher() # Profiles originally in sd, replace by aa
original_aa = hasher()
extras = hasher() # Inactive profiles from extras
@@ -3277,7 +3278,7 @@
return escape
def write_header(prof_data, depth, name, embedded_hat, write_flags):
- pre = ' ' * depth
+ pre = ' ' * int(depth)
data = []
unquoted_name = name
name = quote_if_needed(name)
@@ -3286,13 +3287,18 @@
if prof_data['attachment']:
attachment = ' %s' % quote_if_needed(prof_data['attachment'])
+ comment = ''
+ if prof_data['header_comment']:
+ comment = ' %s' % prof_data['header_comment']
+
- if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
+ if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
name = 'profile %s%s' % (name, attachment)
+ flags = ''
if write_flags and prof_data['flags']:
- data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
- else:
- data.append('%s%s {' % (pre, name))
+ flags = ' flags=(%s)' % prof_data['flags']
+
+ data.append('%s%s%s {%s' % (pre, name, flags, comment))
return data
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py 2015-03-13 23:02:15.646945870 +0100
+++ utils/test/test-aa.py 2015-03-14 00:35:58.343392466 +0100
@@ -328,6 +328,7 @@
(['bar baz', False, True, 1, 'complain', '/foo sp' ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
(['^foo', False, True, 1, 'complain', None ], ' profile ^foo flags=(complain) {'),
(['^foo', True, True, 1, 'complain', None ], ' ^foo flags=(complain) {'),
+ (['^foo', True, True, 1.5, 'complain', None ], ' ^foo flags=(complain) {'),
]
def _run_test(self, params, expected):
@@ -335,7 +336,7 @@
embedded_hat = params[1]
write_flags = params[2]
depth = params[3]
- prof_data = { 'flags': params[4], 'attachment': params[5] }
+ prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
result = write_header(prof_data, depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
Regards,
Christian Boltz
--
Die c't schrieb mal sinngemäß auf ein Mail: Aus einem MP3-File ein
Midifile zu machen ist so, als würdest Du mit einem "Wiener Wald Händle"
zum Tierarzt gehen und fragen: "Das arme Tier, Herr Doktor, ist da noch
was zu retten?" [Dennis Kielhorn in suse-laptop]
More information about the AppArmor
mailing list