[apparmor] [patch] Add logprof_header_localvars() to change_profileRule

Christian Boltz apparmor at cboltz.de
Mon May 25 18:37:07 UTC 2015


Hello,

Am Montag, 25. Mai 2015 schrieb Christian Boltz:
> [ 31-Change_profileRule-add-logprof_header_localvars.diff ]

> === modified file utils/test/test-change_profile.py

> +class CapabilityLogprofHeaderTest(AATest):

That classname is a bit strange for change_profile rule tests ;-)
so here's v2 that changes it to ChangeProfileLogprofHeaderTest:



Add logprof_header_localvars() to change_profileRule

The function will return the 'Exec Condition' and the 'Target Profile'
as nice list to use in aa-logprof (once we have support for
change_profile in logparser.py) and aa-mergeprof.

Also add some tests to ensure the correct result.


[ 31-Change_profileRule-add-logprof_header_localvars.diff ]

=== modified file utils/apparmor/rule/change_profile.py
--- utils/apparmor/rule/change_profile.py       2015-05-25 14:01:56.183593449 +0200
+++ utils/apparmor/rule/change_profile.py       2015-05-25 13:43:52.402011047 +0200
@@ -161,6 +161,21 @@
 
         return True
 
+    def logprof_header_localvars(self):
+        if self.all_execconds:
+            execcond_txt = _('ALL')
+        else:
+            execcond_txt = self.execcond
+
+        if self.all_targetprofiles:
+            targetprofiles_txt = _('ALL')
+        else:
+            targetprofiles_txt = self.targetprofile
+
+        return [
+            _('Exec Condition'), execcond_txt,
+            _('Target Profile'), targetprofiles_txt,
+        ]
 
 class ChangeProfileRuleset(BaseRuleset):
     '''Class to handle and store a collection of change_profile rules'''
=== modified file utils/test/test-change_profile.py
--- utils/test/test-change_profile.py   2015-05-25 14:01:56.185593332 +0200
+++ utils/test/test-change_profile.py   2015-05-25 14:02:22.124074660 +0200
@@ -21,6 +21,8 @@
 from apparmor.rule import BaseRule
 from apparmor.common import AppArmorException, AppArmorBug
 from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()
 
 exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
         'execcond', 'all_execconds', 'targetprofile', 'all_targetprofiles'])
@@ -353,6 +355,22 @@
         with self.assertRaises(AppArmorBug):
             obj.is_equal(testobj)
 
+class ChangeProfileLogprofHeaderTest(AATest):
+    tests = [
+        ('change_profile,',                         [                               _('Exec Condition'), _('ALL'),  _('Target Profile'), _('ALL'),   ]),
+        ('change_profile -> /bin/ping,',            [                               _('Exec Condition'), _('ALL'),  _('Target Profile'), '/bin/ping',]),
+        ('change_profile /bar -> /bin/bar,',        [                               _('Exec Condition'), '/bar',    _('Target Profile'), '/bin/bar', ]),
+        ('change_profile /foo,',                    [                               _('Exec Condition'), '/foo',    _('Target Profile'), _('ALL'),   ]),
+        ('audit change_profile -> /bin/ping,',      [_('Qualifier'), 'audit',       _('Exec Condition'), _('ALL'),  _('Target Profile'), '/bin/ping',]),
+        ('deny change_profile /bar -> /bin/bar,',   [_('Qualifier'), 'deny',        _('Exec Condition'), '/bar',    _('Target Profile'), '/bin/bar', ]),
+        ('allow change_profile /foo,',              [_('Qualifier'), 'allow',       _('Exec Condition'), '/foo',    _('Target Profile'), _('ALL'),   ]),
+        ('audit deny change_profile,',              [_('Qualifier'), 'audit deny',  _('Exec Condition'), _('ALL'),  _('Target Profile'), _('ALL'),   ]),
+    ]
+
+    def _run_test(self, params, expected):
+        obj = ChangeProfileRule._parse(params)
+        self.assertEqual(obj.logprof_header(), expected)
+
 # --- tests for ChangeProfileRuleset --- #
 
 class ChangeProfileRulesTest(AATest):




Regards,

Christian Boltz
-- 
Eine Windows-Kiste als Tor zu Welt - das wäre ja so, als  würde man
einen Blinden, einen Lahmen und einen Tauben als Wachschutz einsetzen.
[Matthias Houdek in suse-linux]




More information about the AppArmor mailing list