[apparmor] [patch] Add logprof_header_localvars() to change_profileRule
Christian Boltz
apparmor at cboltz.de
Mon May 25 18:37:07 UTC 2015
Hello,
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> [ 31-Change_profileRule-add-logprof_header_localvars.diff ]
> === modified file utils/test/test-change_profile.py
> +class CapabilityLogprofHeaderTest(AATest):
That classname is a bit strange for change_profile rule tests ;-)
so here's v2 that changes it to ChangeProfileLogprofHeaderTest:
Add logprof_header_localvars() to change_profileRule
The function will return the 'Exec Condition' and the 'Target Profile'
as nice list to use in aa-logprof (once we have support for
change_profile in logparser.py) and aa-mergeprof.
Also add some tests to ensure the correct result.
[ 31-Change_profileRule-add-logprof_header_localvars.diff ]
=== modified file utils/apparmor/rule/change_profile.py
--- utils/apparmor/rule/change_profile.py 2015-05-25 14:01:56.183593449 +0200
+++ utils/apparmor/rule/change_profile.py 2015-05-25 13:43:52.402011047 +0200
@@ -161,6 +161,21 @@
return True
+ def logprof_header_localvars(self):
+ if self.all_execconds:
+ execcond_txt = _('ALL')
+ else:
+ execcond_txt = self.execcond
+
+ if self.all_targetprofiles:
+ targetprofiles_txt = _('ALL')
+ else:
+ targetprofiles_txt = self.targetprofile
+
+ return [
+ _('Exec Condition'), execcond_txt,
+ _('Target Profile'), targetprofiles_txt,
+ ]
class ChangeProfileRuleset(BaseRuleset):
'''Class to handle and store a collection of change_profile rules'''
=== modified file utils/test/test-change_profile.py
--- utils/test/test-change_profile.py 2015-05-25 14:01:56.185593332 +0200
+++ utils/test/test-change_profile.py 2015-05-25 14:02:22.124074660 +0200
@@ -21,6 +21,8 @@
from apparmor.rule import BaseRule
from apparmor.common import AppArmorException, AppArmorBug
from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()
exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
'execcond', 'all_execconds', 'targetprofile', 'all_targetprofiles'])
@@ -353,6 +355,22 @@
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
+class ChangeProfileLogprofHeaderTest(AATest):
+ tests = [
+ ('change_profile,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), _('ALL'), ]),
+ ('change_profile -> /bin/ping,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), '/bin/ping',]),
+ ('change_profile /bar -> /bin/bar,', [ _('Exec Condition'), '/bar', _('Target Profile'), '/bin/bar', ]),
+ ('change_profile /foo,', [ _('Exec Condition'), '/foo', _('Target Profile'), _('ALL'), ]),
+ ('audit change_profile -> /bin/ping,', [_('Qualifier'), 'audit', _('Exec Condition'), _('ALL'), _('Target Profile'), '/bin/ping',]),
+ ('deny change_profile /bar -> /bin/bar,', [_('Qualifier'), 'deny', _('Exec Condition'), '/bar', _('Target Profile'), '/bin/bar', ]),
+ ('allow change_profile /foo,', [_('Qualifier'), 'allow', _('Exec Condition'), '/foo', _('Target Profile'), _('ALL'), ]),
+ ('audit deny change_profile,', [_('Qualifier'), 'audit deny', _('Exec Condition'), _('ALL'), _('Target Profile'), _('ALL'), ]),
+ ]
+
+ def _run_test(self, params, expected):
+ obj = ChangeProfileRule._parse(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
# --- tests for ChangeProfileRuleset --- #
class ChangeProfileRulesTest(AATest):
Regards,
Christian Boltz
--
Eine Windows-Kiste als Tor zu Welt - das wäre ja so, als würde man
einen Blinden, einen Lahmen und einen Tauben als Wachschutz einsetzen.
[Matthias Houdek in suse-linux]
More information about the AppArmor
mailing list