[apparmor] [patch] Add SignalRule and SignalRuleset classes

Christian Boltz apparmor at cboltz.de
Sat Oct 24 14:58:46 UTC 2015


Hello,

Am Freitag, 23. Oktober 2015 schrieb Christian Boltz:
> this patch adds the SignalRule and SignalRuleset classes

Here's the second patch on top:

Cleanup SignalRule a bit:
- fix a wrong comment
- remove two superfluous commented lines

I'll commit this togeter with 07-add-SignalRule-and-SignalRuleset.diff.



*** commit with 07-add-SignalRule-and-SignalRuleset.diff ***


[ 17-signal-rule-cleanup.diff ]

=== modified file ./utils/apparmor/rule/signal.py
--- utils/apparmor/rule/signal.py       2015-10-24 16:45:17.287513707 +0200
+++ utils/apparmor/rule/signal.py       2015-10-24 16:43:35.297451192 +0200
@@ -38,7 +38,7 @@
 joint_access_keyword = '\s*(' + '|'.join(access_keywords) + ')\s*'
 RE_ACCESS_KEYWORDS = ( joint_access_keyword +  # one of the access_keyword or
                        '|' +                                           # or
-                       '\(' + joint_access_keyword + '(' + '(\s|,)+' + joint_access_keyword + ')*' + '\)'  # one or more signal_keyword in (...)
+                       '\(' + joint_access_keyword + '(' + '(\s|,)+' + joint_access_keyword + ')*' + '\)'  # one or more access_keyword in (...)
                      )
 
 signal_keyword = '\s*([a-z0-9+]+|"[a-z0-9+]+")\s*'  # don't check against the signal keyword list in the regex to allow a more helpful error message
@@ -52,7 +52,6 @@
 RE_SIGNAL_DETAILS  = re.compile(
     '^' +
     '(\s+(?P<access>' + RE_ACCESS_KEYWORDS + '))?' +  # optional access keyword(s)
-#    '(\s+(?P<signal>' + RE_SIGNAL_KEYWORDS + '(\s+' + RE_SIGNAL_KEYWORDS + ')*' + '))*' +  # optional signal set(s)
     '(?P<signal>' + '(\s+(' + RE_SIGNAL_KEYWORDS + '))+' + ')?' +  # optional signal set(s)
     '(\s+(peer=' + RE_PROFILE_NAME % 'peer' + '))?' +
     '\s*$')
@@ -141,7 +140,6 @@
                 signal = details.group('signal')
                 signal = RE_FILTER_SET_1.sub(r'\1', signal)  # filter out 'set='
                 signal = RE_FILTER_SET_2.sub('', signal)  # filter out 'set='
-                #signal = RE_FILTER_PARENTHESIS.sub(r' \1 ', signal)  # filter out '(' and ')' pairs
                 signal = RE_FILTER_QUOTES.sub(r' \1 ', signal)  # filter out quote pairs
                 signal = signal.replace(',', ' ').split()  # split at ',' or whitespace
             else:


Regards,

Christian Boltz
-- 
S: Naja, da gibt es noch diverse Einstellungen unter "Internetoptionen"
F: Wir arbeiten hier mit Linux
S: Linux supporten wir sowieso nicht. Da müssten sie schon bei Linux
   anrufen.
F: legt auf
[Felix Eschenburg und ein Mitarbeiter des T-online-Supports]




More information about the AppArmor mailing list