[apparmor] [patch] [01/38] Pass 'strict' flag from is_equal to is_equal_localvars
Kshitij Gupta
kgupta8592 at gmail.com
Sun Sep 11 20:31:19 UTC 2016
On Sat, Aug 13, 2016 at 2:13 AM, Christian Boltz <apparmor at cboltz.de> wrote:
> Hello,
>
> File rules contain some optional details (like leading permissions and
> the file keyword) which should be ignored in non-strict mode.
>
> This patch passes through the 'strict' parameter to is_equal_localvars
> and adds it as function parameter in all existing rule classes.
> It also adjusts test-baserule.py to test with the additional parameter.
>
>
> [ 01-pass-strict-param-to-is_equal_localvars.diff ]
>
> === modified file ./utils/apparmor/rule/capability.py
> --- utils/apparmor/rule/capability.py 2016-01-07 20:41:32.718787664 +0100
> +++ utils/apparmor/rule/capability.py 2016-01-16 20:53:03.510459170 +0100
> @@ -109,7 +109,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == CapabilityRule:
> === modified file ./utils/apparmor/rule/change_profile.py
> --- utils/apparmor/rule/change_profile.py 2016-01-07 20:41:32.718787664 +0100
> +++ utils/apparmor/rule/change_profile.py 2016-01-16 20:53:07.858431360 +0100
> @@ -133,7 +133,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == ChangeProfileRule:
> === modified file ./utils/apparmor/rule/dbus.py
> --- utils/apparmor/rule/dbus.py 2016-01-07 20:41:32.722787641 +0100
> +++ utils/apparmor/rule/dbus.py 2016-01-16 20:53:11.418408587 +0100
> @@ -263,7 +263,7 @@
> return True
>
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == DbusRule:
> === modified file ./utils/apparmor/rule/__init__.py
> --- utils/apparmor/rule/__init__.py 2016-01-15 23:17:34.323170864 +0100
> +++ utils/apparmor/rule/__init__.py 2016-01-16 20:57:26.616768804 +0100
> @@ -211,7 +211,7 @@
> ):
> return False
>
> - return self.is_equal_localvars(rule_obj)
> + return self.is_equal_localvars(rule_obj, strict)
>
> def _is_equal_aare(self, self_value, self_all, other_value, other_all, cond_name):
> '''check if other_* is the same as self_* - for AARE'''
> @@ -229,7 +229,7 @@
> return True
>
> # @abstractmethod FIXME - uncomment when python3 only
> - def is_equal_localvars(self, other_rule):
> + def is_equal_localvars(self, other_rule, strict):
> '''compare if rule-specific variables are equal'''
> raise NotImplementedError("'%s' needs to implement is_equal_localvars(), but didn't" % (str(self)))
>
> === modified file ./utils/apparmor/rule/network.py
> --- utils/apparmor/rule/network.py 2016-01-07 20:41:32.718787664 +0100
> +++ utils/apparmor/rule/network.py 2016-01-16 20:53:30.094289065 +0100
> @@ -162,7 +162,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == NetworkRule:
> === modified file ./utils/apparmor/rule/ptrace.py
> --- utils/apparmor/rule/ptrace.py 2016-01-07 20:41:32.730787594 +0100
> +++ utils/apparmor/rule/ptrace.py 2016-01-16 20:53:33.542266990 +0100
> @@ -144,7 +144,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == PtraceRule:
> === modified file ./utils/apparmor/rule/rlimit.py
> --- utils/apparmor/rule/rlimit.py 2016-01-07 20:41:32.706787734 +0100
> +++ utils/apparmor/rule/rlimit.py 2016-01-16 20:53:36.510247988 +0100
> @@ -218,7 +218,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == RlimitRule:
> === modified file ./utils/apparmor/rule/signal.py
> --- utils/apparmor/rule/signal.py 2016-01-07 20:41:32.718787664 +0100
> +++ utils/apparmor/rule/signal.py 2016-01-16 20:53:40.158224630 +0100
> @@ -194,7 +194,7 @@
> # still here? -> then it is covered
> return True
>
> - def is_equal_localvars(self, rule_obj):
> + def is_equal_localvars(self, rule_obj, strict):
> '''compare if rule-specific variables are equal'''
>
> if not type(rule_obj) == SignalRule:
> --- utils/test/test-baserule.py 2015-11-19 17:42:26.325879118 +0100
> +++ utils/test/test-baserule.py 2016-01-16 20:57:47.712632644 +0100
> @@ -43,7 +43,7 @@
> def test_is_equal_localvars(self):
> obj = BaseRule()
> with self.assertRaises(NotImplementedError):
> - obj.is_equal_localvars(BaseRule())
> + obj.is_equal_localvars(BaseRule(), False)
>
> def test_is_covered_localvars(self):
> obj = BaseRule()
>
>
Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>
>
> Regards,
>
> Christian Boltz
> --
> depressing, infuriating, sickening and
> Acked-by: John Johansen <john.johansen at canonical.com>
> [John Johansen in apparmor]
Ha! This sig comes back in another patch in this series.
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
--
Regards,
Kshitij Gupta
More information about the AppArmor
mailing list