[apparmor] [patch] [1/9] add a named match group to RE_PROFILE_DBUS

Kshitij Gupta kgupta8592 at gmail.com
Sun Feb 21 20:08:19 UTC 2016 

Hello

On Sun, Dec 27, 2015 at 8:33 PM, Christian Boltz <apparmor at cboltz.de> wrote:

> Hello,
>
> as a preparation for the DbusRule class, add a <details> match group
> to RE_PROFILE_DBUS.
>
> Also adjust test-regex_matches.py for the added group.
>
> Note: RE_PROFILE_DBUS is only used in aa.py, and only matches[0..2]
> are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
> rule (except audit and allow/deny). Therefore no aa.py changes are
> needed.
>
>
>
> [ 52-add-match-group-to-RE_PROFILE_DBUS.diff ]
>
> === modified file ./utils/apparmor/regex.py
> --- utils/apparmor/regex.py     2015-12-12 13:34:40.549997194 +0100
> +++ utils/apparmor/regex.py     2015-12-20 17:22:56.051619606 +0100
> @@ -46,7 +46,7 @@
>  RE_PROFILE_NETWORK      = re.compile(RE_AUDIT_DENY +
> 'network(?P<details>\s+.*)?' + RE_COMMA_EOL)
>  RE_PROFILE_CHANGE_HAT   = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
>  RE_PROFILE_HAT_DEF      =
> re.compile('^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{'
> + RE_EOL)
> -RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY +
> '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
> +RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY +
> '(dbus\s*,|dbus(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
>  RE_PROFILE_MOUNT        = re.compile(RE_AUDIT_DENY +
> '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
>  RE_PROFILE_SIGNAL       = re.compile(RE_AUDIT_DENY +
> '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
>  RE_PROFILE_PTRACE       = re.compile(RE_AUDIT_DENY +
> '(ptrace\s*,|ptrace(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
> === modified file ./utils/test/test-regex_matches.py
> --- utils/test/test-regex_matches.py    2015-12-12 13:34:40.553997166 +0100
> +++ utils/test/test-regex_matches.py    2015-12-20 17:26:03.002435746 +0100
> @@ -259,10 +259,10 @@
>          self.regex = aa.RE_PROFILE_DBUS
>
>      tests = [
> -        ('   dbus,', (None, None, 'dbus,', None)),
> -        ('   audit dbus,', ('audit', None, 'dbus,', None)),
> -        ('   dbus send member=no_comment,', (None, None, 'dbus send
> member=no_comment,', None)),
> -        ('   dbus send member=no_comment, # comment', (None, None, 'dbus
> send member=no_comment,', '# comment')),
> +        ('   dbus,',                                    (None,
> None,   'dbus,',                            None,
>  None)),
> +        ('   audit dbus,',                              ('audit',
>  None,   'dbus,',                            None,
>  None)),
> +        ('   dbus send member=no_comment,',             (None,
> None,   'dbus send member=no_comment,',     'send member=no_comment',
>  None)),
> +        ('   dbus send member=no_comment, # comment',   (None,
> None,   'dbus send member=no_comment,',     'send member=no_comment',   '#
> comment')),
>
>          ('   dbusdriver,', False),
>          ('   audit dbusdriver,', False),
>
>
>
Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>

>
> Regards,
>
> Christian Boltz
> --
> I built version 1.7.1 in my branch.. a bit messy, as most work seems
> to have gone into 'replacing autofoo with cmake' (aka one broken build
> system for another one). [Dominique Leuenberger in opensuse-factory]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>


-- 
Regards,

Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160222/d101e60a/attachment-0001.html>

More information about the AppArmor mailing list