[apparmor] [patch] rewrite parse_profile_start()
Kshitij Gupta
kgupta8592 at gmail.com
Wed Mar 18 18:25:56 UTC 2015
Hello,
On Wed, Mar 18, 2015 at 12:24 AM, Christian Boltz <apparmor at cboltz.de>
wrote:
> Hello,
>
> this patch rewrites parse_profile_start() in aa.py to a more readable
> version. The behaviour remains unchanged (and is covered by tests).
>
> The patch also updates the comment about the internal struct of
> aa[profile][hat] - initial_comment was missing.
>
>
> [ 25-rewrite-parse_profile_start.diff ]
>
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-03-17 19:49:58.129177681 +0100
> +++ utils/apparmor/aa.py 2015-03-17 19:49:07.899127019 +0100
> @@ -105,7 +105,7 @@
> # a) rules (as dict): alias, change_profile, include, lvar, rlimit
> # b) rules (as hasher): allow, deny
> # c) one for each rule class
> -# d) other: declared, external, flags, name, profile, attachment,
> +# d) other: declared, external, flags, name, profile, attachment,
> initial_comment,
> # profile_keyword, header_comment (these two are currently only
> set by set_profile_flags())
> aa = hasher() # Profiles originally in sd, replace by aa
> original_aa = hasher()
> @@ -2641,31 +2641,31 @@
> def parse_profile_start(line, file, lineno, profile, hat):
> matches = parse_profile_start_line(line, file)
>
> - pps_set_profile = False
> - pps_set_hat_external = False
>
Python's scoping for variables with if is not something I like, but okay to
clean-up.
+ if profile: # we are inside a profile, so we expect a child profile
> + if not matches['profile_keyword']:
> + raise AppArmorException(_('%(profile)s profile in %(file)s
> contains syntax errors in line %(line)s: missing "profile" keyword.') % {
> + 'profile': profile, 'file': file, 'line': lineno + 1
> })
> + if profile != hat:
> + # nesting limit reached - a child profile can't contain
> another child profile
> + raise AppArmorException(_('%(profile)s profile in %(file)s
> contains syntax errors in line %(line)s: a child profile inside another
> child profile is not allowed.') % {
> + 'profile': profile, 'file': file, 'line': lineno + 1
> })
>
> - if profile:
> - #print(profile, hat)
> - if profile != hat or not matches['profile_keyword']:
> - raise AppArmorException(_('%(profile)s profile in %(file)s
> contains syntax errors in line: %(line)s.') % { 'profile': profile, 'file':
> file, 'line': lineno + 1 })
> - # Keep track of the start of a profile
> - if profile and profile == hat and matches['profile_keyword']:
> - # local profile
> hat = matches['profile']
> in_contained_hat = True
> pps_set_profile = True
> - else:
> + pps_set_hat_external = False
> +
> + else: # stand-alone profile
> profile = matches['profile']
> - #print(profile)
> if len(profile.split('//')) >= 2:
> profile, hat = profile.split('//')[:2]
> - else:
> - hat = None
> - in_contained_hat = False
> - if hat:
> pps_set_hat_external = True
> else:
> hat = profile
> + pps_set_hat_external = False
> +
> + in_contained_hat = False
> + pps_set_profile = False
>
> attachment = matches['attachment']
> flags = matches['flags']
>
>
> Looks good to me.
Plus its covered by tests so good on that front.
Thanks for the re-write and cleanup.
Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>
Regards,
Kshitij Gupta
> Regards,
>
> Christian Boltz
> --
> Als Autofahrer würden die sich vergleichbar in einen PKW setzen der
> nicht abschliessbar ist und kein Zündschloss besitzt, dazu noch ein
> Zettel an der Tür, "Fahr mich, ich stehe zur Verfügung und bin
> Vollgetankt." [Thomas Templin in suse-linux über unsichere Passwörter]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150318/a7024320/attachment.html>
More information about the AppArmor
mailing list