[apparmor] [patch] extend and partially rewrite write_header()

Sun Mar 15 19:14:51 UTC 2015

Hello,

Am Samstag, 14. März 2015 schrieb Christian Boltz:
> this patch extends and partially rewrites write_header()
> 
> - add support for prof_data['header_comment'] (comment after '{')
>   and prof_data['profile_keyword'] (to force the 'profile' keyword,
> even if it isn't needed) to write_header().
>   (set_profile_flags() will be the only user of these two for now)
> 
> - fix a crash if depth is not an integer - for example,
>       len('   ')/2   # 3 spaces = 1.5
>   would cause a crash.
>   Also add a test for this.
> 
> - rewrite the handling of flags to avoid we have to maintain two 
>   different template lines.
>  
> - update the tests to set 'profile_keyword' and 'header_comment' to
> None. This avoids big changes in the test code. I'll send another
> patch that makes sure profile_keyword and header_comment are tested
> ;-)
> 
> As usual, I propose this patch for trunk and 2.9.

Here's v2 - changes:
- allow an odd number of spaces in write_header() to avoid unwanted 
  whitespace changes in profiles
- adjust the test for 1.5 (*2) spaces to expect 3 spaces
- add a test with 1.3 (*2) spaces which makes sure write_header doesn't
  crash because of the float, and expects 2 spaces


[ 18-write_header-add-support-for-header_comment-and-profile_keyword.diff ]

=== modified file utils/apparmor/aa.py

--- utils/apparmor/aa.py        2015-03-13 23:02:15.645945929 +0100
+++ utils/apparmor/aa.py        2015-03-14 00:36:41.362854488 +0100
@@ -105,7 +105,8 @@
 # a) rules (as dict): alias, change_profile, include, lvar, rlimit
 # b) rules (as hasher): allow, deny
 # c) one for each rule class
-# d) other: declared, external, flags, name, profile
+# d) other: declared, external, flags, name, profile, attachment,
+#           profile_keyword, header_comment (these two are currently only set by set_profile_flags())
 aa = hasher()  # Profiles originally in sd, replace by aa
 original_aa = hasher()
 extras = hasher()  # Inactive profiles from extras
@@ -3277,7 +3278,7 @@
     return escape
 
 def write_header(prof_data, depth, name, embedded_hat, write_flags):
-    pre = '  ' * depth
+    pre = ' ' * int(depth * 2)
     data = []
     unquoted_name = name
     name = quote_if_needed(name)
@@ -3286,13 +3287,18 @@
     if prof_data['attachment']:
         attachment = ' %s' % quote_if_needed(prof_data['attachment'])
 
+    comment = ''
+    if prof_data['header_comment']:
+        comment = ' %s' % prof_data['header_comment']
+
-    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
+    if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
         name = 'profile %s%s' % (name, attachment)
 
+    flags = ''
     if write_flags and prof_data['flags']:
-        data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
-    else:
-        data.append('%s%s {' % (pre, name))
+        flags = ' flags=(%s)' % prof_data['flags']
+
+    data.append('%s%s%s {%s' % (pre, name, flags, comment))
 
     return data
 
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py       2015-03-13 23:02:15.646945870 +0100
+++ utils/test/test-aa.py       2015-03-14 00:35:58.343392466 +0100
@@ -328,6 +328,8 @@
         (['bar baz', False,          True,          1,      'complain',     '/foo sp'   ],  '  profile "bar baz" "/foo sp" flags=(complain) {'),
         (['^foo',    False,          True,          1,      'complain',     None        ],  '  profile ^foo flags=(complain) {'),
         (['^foo',    True,           True,          1,      'complain',     None        ],  '  ^foo flags=(complain) {'),
+        (['^foo',    True,           True,          1.5,    'complain',     None        ],  '   ^foo flags=(complain) {'),
+        (['^foo',    True,           True,          1.3,    'complain',     None        ],  '  ^foo flags=(complain) {'),
      ]
 
     def _run_test(self, params, expected):
@@ -335,7 +336,7 @@
         embedded_hat = params[1]
         write_flags = params[2]
         depth = params[3]
-        prof_data = { 'flags': params[4], 'attachment': params[5] }
+        prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
 
         result = write_header(prof_data, depth, name, embedded_hat, write_flags)
         self.assertEqual(result, [expected])




Regards,

Christian Boltz
-- 
DOSen-Hersteller: "Wisst ihr, was wir DOSen-Hersteller an Euch
Windows-Usern so toll finden?"
Windows-User: "Keine Ahnung."
DOSen-Hersteller: "Genau."


