[apparmor] [patch] [37/38] Drop severity rank() dispatcher

Christian Boltz apparmor at cboltz.de
Fri Aug 12 21:07:41 UTC 2016


Hello,

rank() in severity.py is a dispatcher that calls the needed function
(rank_path(), rank_capability() based on the parameter. Since all
calling code knows what rule type it is handling, this dispatcher is
superfluous - the calling code can call rank_path() or rank_capability()
directly.

This patch drops rank() and switches the remaining users of rank() to
call the rank_*() functions directly. For the tests, this means to drop
the CAP_ prefix because rank_capability doesn't expect this prefix.



[ 37-drop-severity-rank.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py	2016-07-31 19:12:31.549453215 +0200
+++ utils/apparmor/aa.py	2016-07-31 19:14:34.816835421 +0200
@@ -1265,7 +1265,7 @@
 
                         sev_db.unload_variables()
                         sev_db.load_variables(get_profile_filename(profile))
-                        severity = sev_db.rank(exec_target, 'x')
+                        severity = sev_db.rank_path(exec_target, 'x')
 
                         # Prompt portion starts
                         q = aaui.PromptQuestion()
=== modified file ./utils/apparmor/severity.py
--- utils/apparmor/severity.py	2016-07-31 19:12:31.525453336 +0200
+++ utils/apparmor/severity.py	2016-07-31 19:18:03.347792599 +0200
@@ -142,17 +142,6 @@
         else:
             return sev
 
-    def rank(self, resource, mode=None):
-        """Returns the rank for the resource file/capability"""
-        if '@' in resource:    # path contains variable
-            return self.rank_path(resource, mode)
-        elif resource[0] == '/':    # file resource
-            return self.rank_path(resource, mode)
-        elif resource[0:4] == 'CAP_':    # capability resource
-            return self.rank_capability(resource[4:])
-        else:
-            raise AppArmorException("Unexpected rank input: %s" % 
resource)
-
     def handle_variable_rank(self, resource, mode):
         """Returns the max possible rank for file resources containing 
variables"""
         regex_variable = re.compile('@{([^{.]*)}')
=== modified file ./utils/test/test-severity.py
--- utils/test/test-severity.py	2015-06-06 14:53:16.868029000 +0200
+++ utils/test/test-severity.py	2016-07-31 19:24:58.937722452 +0200
@@ -25,13 +25,13 @@
     def AASetup(self):
         self.sev_db = severity.Severity('severity.db', 'unknown')
 
-    def _simple_severity_test(self, path, expected_rank):
-        rank = self.sev_db.rank(path)
+    def _capability_severity_test(self, cap, expected_rank):
+        rank = self.sev_db.rank_capability(cap)
         self.assertEqual(rank, expected_rank,
                          'expected rank %s, got %s' % (expected_rank, 
rank))
 
     def _simple_severity_w_perm(self, path, perm, expected_rank):
-        rank = self.sev_db.rank(path, perm)
+        rank = self.sev_db.rank_path(path, perm)
         self.assertEqual(rank, expected_rank,
                          'expected rank %s, got %s' % (expected_rank, 
rank))
 
@@ -68,8 +68,7 @@
     ]
 
     def _run_test(self, params, expected):
-        cap_with_prefix = 'CAP_%s' % params
-        self._simple_severity_test(cap_with_prefix, expected)
+        self._capability_severity_test(params, expected)
 
         rank = self.sev_db.rank_capability(params)
         self.assertEqual(rank, expected, 'expected rank %s, got %s' % 
(expected, rank))



Regards,

Christian Boltz
-- 
> [suse-linux Statistik] Hm. Apropos: Was meint ihr, sollte ich
> 'ratti / Joerg' zusammenfassen? Ja, oder?
Ich denke ja schon, aber Ratti ist dagegen.
[> David Haller und Jörg Roßdeutscher aka Ratti in sl-etikette]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/b3369e02/attachment.pgp>


More information about the AppArmor mailing list