[apparmor] [patch] [14/38] Use FileRule and FileRuleset

Steve Beattie steve at nxnw.org
Thu Sep 22 17:57:23 UTC 2016 

On Fri, Aug 12, 2016 at 10:54:53PM +0200, Christian Boltz wrote:
> Hello,
> 
> this patch changes aa.py to use FileRule and FileRuleset for parsing and 
> saving profiles.
> 
> In detail, this means:
> - add 'file' to the list of rule classes to enable it at various places
> - store file rules in aa[profile][hat]['file'] (not 'path' as before)
>   to be consistent with the FileRule name
> - drop the no longer needed delete_path_duplicates() - this is now
>   handled by FileRuleset like in all other rule classes.
>   (same change in cleanprofile.py)
> - replace usage of RE_PROFILE_BARE_FILE_ENTRY and RE_PROFILE_PATH_ENTRY
>   with FileRule.match()
> - drop write_path_rules() and write_paths() and replace them with the
>   new write_file() function.
> - adjust several code sections to use write_file and 'file' instead of
>   'path'
> 
> FileRule doesn't drop optional keywords ('allow' and 'file'), therefore
> adjust cleanprof_test.out to the changed behaviour. (If someone insists
> on dropping optional keywords in aa-cleanprof, that's something for a
> future patch.)
> 
> Also adjust the list of known failures in test-parser-simple-tests.py -
> switching to FileRule avoids several test failures (and introduces a few
> new ones ;-)
> 
> IMPORTANT:
> 
> This patch introduces a "brain split" which means
> - parsing and writing the profile and aa-cleanprof use the new location
>   (aa[profile][hat]['file'])
> - aa-logprof and aa-genprof still save data to the old location
>   (aa[profile][hat]['allow']['path']) and probably ask superfluous
>   questions because there are no rules existing in the old location
> 
> TL;DR: don't try aa-logprof or aa-genprof with only this patch applied.
> 
> I know this isn't ideal, but still better than an even bigger and
> totally unreadable patch ;-)
> 
> [ 14-switch-to-FileRule.diff ]

Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160922/f4efbbb3/attachment.pgp>

More information about the AppArmor mailing list