[apparmor] [patch] [37/38] Drop severity rank() dispatcher
Christian Boltz
apparmor at cboltz.de
Fri Aug 12 21:07:41 UTC 2016
Hello,
rank() in severity.py is a dispatcher that calls the needed function
(rank_path(), rank_capability() based on the parameter. Since all
calling code knows what rule type it is handling, this dispatcher is
superfluous - the calling code can call rank_path() or rank_capability()
directly.
This patch drops rank() and switches the remaining users of rank() to
call the rank_*() functions directly. For the tests, this means to drop
the CAP_ prefix because rank_capability doesn't expect this prefix.
[ 37-drop-severity-rank.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-07-31 19:12:31.549453215 +0200
+++ utils/apparmor/aa.py 2016-07-31 19:14:34.816835421 +0200
@@ -1265,7 +1265,7 @@
sev_db.unload_variables()
sev_db.load_variables(get_profile_filename(profile))
- severity = sev_db.rank(exec_target, 'x')
+ severity = sev_db.rank_path(exec_target, 'x')
# Prompt portion starts
q = aaui.PromptQuestion()
=== modified file ./utils/apparmor/severity.py
--- utils/apparmor/severity.py 2016-07-31 19:12:31.525453336 +0200
+++ utils/apparmor/severity.py 2016-07-31 19:18:03.347792599 +0200
@@ -142,17 +142,6 @@
else:
return sev
- def rank(self, resource, mode=None):
- """Returns the rank for the resource file/capability"""
- if '@' in resource: # path contains variable
- return self.rank_path(resource, mode)
- elif resource[0] == '/': # file resource
- return self.rank_path(resource, mode)
- elif resource[0:4] == 'CAP_': # capability resource
- return self.rank_capability(resource[4:])
- else:
- raise AppArmorException("Unexpected rank input: %s" %
resource)
-
def handle_variable_rank(self, resource, mode):
"""Returns the max possible rank for file resources containing
variables"""
regex_variable = re.compile('@{([^{.]*)}')
=== modified file ./utils/test/test-severity.py
--- utils/test/test-severity.py 2015-06-06 14:53:16.868029000 +0200
+++ utils/test/test-severity.py 2016-07-31 19:24:58.937722452 +0200
@@ -25,13 +25,13 @@
def AASetup(self):
self.sev_db = severity.Severity('severity.db', 'unknown')
- def _simple_severity_test(self, path, expected_rank):
- rank = self.sev_db.rank(path)
+ def _capability_severity_test(self, cap, expected_rank):
+ rank = self.sev_db.rank_capability(cap)
self.assertEqual(rank, expected_rank,
'expected rank %s, got %s' % (expected_rank,
rank))
def _simple_severity_w_perm(self, path, perm, expected_rank):
- rank = self.sev_db.rank(path, perm)
+ rank = self.sev_db.rank_path(path, perm)
self.assertEqual(rank, expected_rank,
'expected rank %s, got %s' % (expected_rank,
rank))
@@ -68,8 +68,7 @@
]
def _run_test(self, params, expected):
- cap_with_prefix = 'CAP_%s' % params
- self._simple_severity_test(cap_with_prefix, expected)
+ self._capability_severity_test(params, expected)
rank = self.sev_db.rank_capability(params)
self.assertEqual(rank, expected, 'expected rank %s, got %s' %
(expected, rank))
Regards,
Christian Boltz
--
> [suse-linux Statistik] Hm. Apropos: Was meint ihr, sollte ich
> 'ratti / Joerg' zusammenfassen? Ja, oder?
Ich denke ja schon, aber Ratti ist dagegen.
[> David Haller und Jörg Roßdeutscher aka Ratti in sl-etikette]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/b3369e02/attachment.pgp>
More information about the AppArmor
mailing list