[apparmor] [patch] [38/38] Drop old path regexes

Fri Aug 12 21:07:59 UTC 2016

Hello,

FileRule uses RE_PROFILE_FILE_ENTRY, which also means
RE_PROFILE_PATH_ENTRY, RE_PROFILE_BARE_FILE_ENTRY and RE_OWNER are now
unused.

This patch drops these regexes and their tests in test-regex_matches.py.



[ 38-drop-old-path-regexes.diff ]

=== modified file ./utils/apparmor/regex.py

--- utils/apparmor/regex.py	2016-08-12 21:04:52.011446225 +0200
+++ utils/apparmor/regex.py	2016-08-12 21:11:28.573373456 +0200
@@ -22,7 +22,6 @@
 
 ## Profile parsing Regex
 RE_AUDIT_DENY           = '^\s*(?P<audit>audit\s+)?(?P<allow>allow\s+|deny\s+)?'  # line start, optionally: leading whitespace, <audit> and <allow>/deny
-RE_OWNER                = '(?P<owner>owner\s+)?'  # optionally: <owner>
 RE_EOL                  = '\s*(?P<comment>#.*?)?\s*$'  # optional whitespace, optional <comment>, optional whitespace, end of the line
 RE_COMMA_EOL            = '\s*,' + RE_EOL # optional whitespace, comma + RE_EOL
 
@@ -42,8 +41,6 @@
 RE_PROFILE_CONDITIONAL  = re.compile('^\s*if\s+(not\s+)?(\$\{?\w*\}?)\s*\{' + RE_EOL)
 RE_PROFILE_CONDITIONAL_VARIABLE = re.compile('^\s*if\s+(not\s+)?defined\s+(@\{?\w+\}?)\s*\{\s*(#.*)?$')
 RE_PROFILE_CONDITIONAL_BOOLEAN = re.compile('^\s*if\s+(not\s+)?defined\s+(\$\{?\w+\}?)\s*\{\s*(#.*)?$')
-RE_PROFILE_BARE_FILE_ENTRY = re.compile(RE_AUDIT_DENY + RE_OWNER + 'file' + RE_COMMA_EOL)
-RE_PROFILE_PATH_ENTRY   = re.compile(RE_AUDIT_DENY + RE_OWNER + '(file\s+)?([\"@/].*?)\s+(\S+)(\s+->\s*(.*?))?' + RE_COMMA_EOL)
 RE_PROFILE_NETWORK      = re.compile(RE_AUDIT_DENY + 'network(?P<details>\s+.*)?' + RE_COMMA_EOL)
 RE_PROFILE_CHANGE_HAT   = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
 RE_PROFILE_HAT_DEF      = re.compile('^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
@@ -88,7 +85,6 @@
 # Therefore parsing code should match against file rules only after trying to match all other rule types.
 RE_PATH_PERMS = '(?P<%s>[mrwalkPUCpucix]+)'
 
-# XXX drop RE_PROFILE_PATH_ENTRY, RE_PROFILE_BARE_FILE_ENTRY and RE_OWNER after switching to this regex
 RE_PROFILE_FILE_ENTRY = re.compile(
     RE_AUDIT_DENY +
     '(?P<owner>owner\s+)?' +  # optionally: <owner>
=== modified file ./utils/test/test-regex_matches.py
--- utils/test/test-regex_matches.py	2016-08-12 21:04:52.015446204 +0200
+++ utils/test/test-regex_matches.py	2016-08-12 21:12:34.325029927 +0200
@@ -15,7 +15,6 @@
 from apparmor.common import AppArmorBug, AppArmorException
 
 from apparmor.regex import ( strip_parenthesis, strip_quotes, parse_profile_start_line, re_match_include,
-     RE_PROFILE_BARE_FILE_ENTRY, RE_PROFILE_PATH_ENTRY,
      RE_PROFILE_START, RE_PROFILE_DBUS, RE_PROFILE_CAP, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL )
 
 
@@ -216,44 +215,6 @@
         ('   capabilitynet_raw,', False)
     ]
 
-
-class AARegexPath(AARegexTest):
-    '''Tests for RE_PROFILE_PATH_ENTRY'''
-
-    def AASetup(self):
-        self.regex = RE_PROFILE_PATH_ENTRY
-
-    tests = [
-        ('   /tmp/foo r,',
-         (None, None, None, None, '/tmp/foo', 'r', None, None, None)),
-        ('   audit /tmp/foo rw,',
-         ('audit', None, None, None, '/tmp/foo', 'rw', None, None, None)),
-        ('   audit deny /tmp/foo rw,',
-         ('audit', 'deny', None, None, '/tmp/foo', 'rw', None, None, None)),
-        ('   file /tmp/foo rw,',
-         (None, None, None, 'file', '/tmp/foo', 'rw', None, None, None)),
-        ('   file,', False),
-    ]
-
-
-class AARegexBareFile(AARegexTest):
-    '''Tests for RE_PROFILE_BARE_FILE_ENTRY'''
-
-    def AASetup(self):
-        self.regex = RE_PROFILE_BARE_FILE_ENTRY
-
-    tests = [
-        ('   file,', (None, None, None, None)),
-        ('   dbus,', False),
-        ('   file /tmp/foo rw,', False),
-        ('   file /tmp/foo,', False),
-        ('   file r,', False),
-        ('  owner file  , ', (None, None, 'owner', None)),
-        ('  audit owner file  , ', ('audit', None, 'owner', None)),
-        ('  deny file  , ', (None, 'deny', None, None)),
-    ]
-
-
 class AARegexDbus(AARegexTest):
     '''Tests for RE_PROFILE_DBUS'''
 



Regards,

Christian Boltz
-- 
> Also, Hosen runter:
Hose*n*! Du hast nur "die" Hose runtergelassen und die Unterhose
anbehalten. Nix da!
[> Stefan G. Weichinger und Peer Heinlein in postfixbuch-users]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/0850cb5c/attachment.pgp>
