[apparmor] [patch] extend and partially rewrite write_header()
Christian Boltz
apparmor at cboltz.de
Sun Mar 15 19:14:51 UTC 2015
Hello,
Am Samstag, 14. März 2015 schrieb Christian Boltz:
> this patch extends and partially rewrites write_header()
>
> - add support for prof_data['header_comment'] (comment after '{')
> and prof_data['profile_keyword'] (to force the 'profile' keyword,
> even if it isn't needed) to write_header().
> (set_profile_flags() will be the only user of these two for now)
>
> - fix a crash if depth is not an integer - for example,
> len(' ')/2 # 3 spaces = 1.5
> would cause a crash.
> Also add a test for this.
>
> - rewrite the handling of flags to avoid we have to maintain two
> different template lines.
>
> - update the tests to set 'profile_keyword' and 'header_comment' to
> None. This avoids big changes in the test code. I'll send another
> patch that makes sure profile_keyword and header_comment are tested
> ;-)
>
> As usual, I propose this patch for trunk and 2.9.
Here's v2 - changes:
- allow an odd number of spaces in write_header() to avoid unwanted
whitespace changes in profiles
- adjust the test for 1.5 (*2) spaces to expect 3 spaces
- add a test with 1.3 (*2) spaces which makes sure write_header doesn't
crash because of the float, and expects 2 spaces
[ 18-write_header-add-support-for-header_comment-and-profile_keyword.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-03-13 23:02:15.645945929 +0100
+++ utils/apparmor/aa.py 2015-03-14 00:36:41.362854488 +0100
@@ -105,7 +105,8 @@
# a) rules (as dict): alias, change_profile, include, lvar, rlimit
# b) rules (as hasher): allow, deny
# c) one for each rule class
-# d) other: declared, external, flags, name, profile
+# d) other: declared, external, flags, name, profile, attachment,
+# profile_keyword, header_comment (these two are currently only set by set_profile_flags())
aa = hasher() # Profiles originally in sd, replace by aa
original_aa = hasher()
extras = hasher() # Inactive profiles from extras
@@ -3277,7 +3278,7 @@
return escape
def write_header(prof_data, depth, name, embedded_hat, write_flags):
- pre = ' ' * depth
+ pre = ' ' * int(depth * 2)
data = []
unquoted_name = name
name = quote_if_needed(name)
@@ -3286,13 +3287,18 @@
if prof_data['attachment']:
attachment = ' %s' % quote_if_needed(prof_data['attachment'])
+ comment = ''
+ if prof_data['header_comment']:
+ comment = ' %s' % prof_data['header_comment']
+
- if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
+ if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
name = 'profile %s%s' % (name, attachment)
+ flags = ''
if write_flags and prof_data['flags']:
- data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
- else:
- data.append('%s%s {' % (pre, name))
+ flags = ' flags=(%s)' % prof_data['flags']
+
+ data.append('%s%s%s {%s' % (pre, name, flags, comment))
return data
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py 2015-03-13 23:02:15.646945870 +0100
+++ utils/test/test-aa.py 2015-03-14 00:35:58.343392466 +0100
@@ -328,6 +328,8 @@
(['bar baz', False, True, 1, 'complain', '/foo sp' ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
(['^foo', False, True, 1, 'complain', None ], ' profile ^foo flags=(complain) {'),
(['^foo', True, True, 1, 'complain', None ], ' ^foo flags=(complain) {'),
+ (['^foo', True, True, 1.5, 'complain', None ], ' ^foo flags=(complain) {'),
+ (['^foo', True, True, 1.3, 'complain', None ], ' ^foo flags=(complain) {'),
]
def _run_test(self, params, expected):
@@ -335,7 +336,7 @@
embedded_hat = params[1]
write_flags = params[2]
depth = params[3]
- prof_data = { 'flags': params[4], 'attachment': params[5] }
+ prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': None, 'header_comment': None }
result = write_header(prof_data, depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
Regards,
Christian Boltz
--
DOSen-Hersteller: "Wisst ihr, was wir DOSen-Hersteller an Euch
Windows-Usern so toll finden?"
Windows-User: "Keine Ahnung."
DOSen-Hersteller: "Genau."
More information about the AppArmor
mailing list