[apparmor] [patch] Replace duplicate code in aa-mergeprof with a loop
Christian Boltz
apparmor at cboltz.de
Sun May 24 21:23:54 UTC 2015
Hello,
now that the handling for capability and network rules is the same,
wrap the former network rule-only code with
for ruletype in ['capability', 'network']:
and delete the superfluous ;-) capabiltiy code block.
Needless to say that future updates for other rule types will be
quite easy ;-)
[ 24-mergeprof-drop-duplicate-code.diff ]
=== modified file utils/aa-mergeprof
--- utils/aa-mergeprof 2015-05-24 22:48:52.434598457 +0200
+++ utils/aa-mergeprof 2015-05-24 22:50:14.903762979 +0200
@@ -308,91 +308,6 @@
elif ans == 'CMD_FINISHED':
return
- #Add the capabilities
- ruletype = 'capability'
- if other.aa[profile][hat].get(ruletype, False): # needed until we have proper profile initialization
- for rule_obj in other.aa[profile][hat][ruletype].rules:
-
- if apparmor.aa.is_known_rule(self.user.aa[profile][hat], ruletype, rule_obj):
- continue
-
- default_option = 1
- options = []
- newincludes = apparmor.aa.match_includes(self.user.aa[profile][hat], ruletype, rule_obj)
- q = aaui.PromptQuestion()
- if newincludes:
- options += list(map(lambda inc: '#include <%s>' % inc, sorted(set(newincludes))))
-
- options.append(rule_obj.get_clean())
- q.options = options
- q.selected = default_option - 1
-
- q.headers = [_('Profile'), apparmor.aa.combine_name(profile, hat)]
- q.headers += rule_obj.logprof_header()
-
- severity = rule_obj.severity(sev_db)
- if severity != '--':
- q.headers += [_('Severity'), severity]
-
- q.functions = available_buttons(rule_obj)
- q.default = q.functions[0]
-
- done = False
- while not done:
- ans, selected = q.promptUser()
- if ans == 'CMD_IGNORE_ENTRY':
- done = True
- break
-
- elif ans == 'CMD_FINISHED':
- return
-
- elif ans.startswith('CMD_AUDIT'):
- if ans == 'CMD_AUDIT_NEW':
- rule_obj.audit = True
- rule_obj.raw_rule = None
- else:
- rule_obj.audit = False
- rule_obj.raw_rule = None
-
- q.functions = available_buttons(rule_obj)
- options[len(options) - 1] = rule_obj.get_clean()
- q.options = options
-
- q.headers = [_('Profile'), apparmor.aa.combine_name(profile, hat)]
- q.headers += rule_obj.logprof_header()
-
- elif ans == 'CMD_ALLOW':
- done = True
- apparmor.aa.changed[profile] = True
-
- selection = options[selected]
-
- inc = apparmor.aa.re_match_include(selection)
- if inc:
- deleted = apparmor.aa.delete_duplicates(self.user.aa[profile][hat], inc)
- self.user.aa[profile][hat]['include'][inc] = True
-
- aaui.UI_Info(_('Adding %s to profile.') % selection)
- if deleted:
- aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
-
- else:
- self.user.aa[profile][hat][ruletype].add(rule_obj)
-
- aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
-
- elif ans == 'CMD_DENY':
- done = True
- apparmor.aa.changed[profile] = True
-
- rule_obj.deny = True
- rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
- self.user.aa[profile][hat][ruletype].add(rule_obj)
- aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
- else:
- done = False
-
# Process all the path entries.
for allow in ['allow', 'deny']:
for path in sorted(other.aa[profile][hat][allow]['path'].keys()):
@@ -707,8 +622,7 @@
elif re.search('\d', ans):
default_option = ans
- if 1 == 1: # avoid whitespace change
- ruletype = 'network'
+ for ruletype in ['capability', 'network']:
if other.aa[profile][hat].get(ruletype, False): # needed until we have proper profile initialization
for rule_obj in other.aa[profile][hat][ruletype].rules:
Regards,
Christian Boltz
--
And still I don't see the problem. Just add a GNOME2 theme to XFCE and
people will actually find they have additional useful options with XFCE
that they did not have with GNOME :-)
[Stefan Seyfried in opensuse-factory]
More information about the AppArmor
mailing list