[apparmor] [patch] [14/38] Use FileRule and FileRuleset
Steve Beattie
steve at nxnw.org
Thu Sep 22 17:57:23 UTC 2016
On Fri, Aug 12, 2016 at 10:54:53PM +0200, Christian Boltz wrote:
> Hello,
>
> this patch changes aa.py to use FileRule and FileRuleset for parsing and
> saving profiles.
>
> In detail, this means:
> - add 'file' to the list of rule classes to enable it at various places
> - store file rules in aa[profile][hat]['file'] (not 'path' as before)
> to be consistent with the FileRule name
> - drop the no longer needed delete_path_duplicates() - this is now
> handled by FileRuleset like in all other rule classes.
> (same change in cleanprofile.py)
> - replace usage of RE_PROFILE_BARE_FILE_ENTRY and RE_PROFILE_PATH_ENTRY
> with FileRule.match()
> - drop write_path_rules() and write_paths() and replace them with the
> new write_file() function.
> - adjust several code sections to use write_file and 'file' instead of
> 'path'
>
> FileRule doesn't drop optional keywords ('allow' and 'file'), therefore
> adjust cleanprof_test.out to the changed behaviour. (If someone insists
> on dropping optional keywords in aa-cleanprof, that's something for a
> future patch.)
>
> Also adjust the list of known failures in test-parser-simple-tests.py -
> switching to FileRule avoids several test failures (and introduces a few
> new ones ;-)
>
> IMPORTANT:
>
> This patch introduces a "brain split" which means
> - parsing and writing the profile and aa-cleanprof use the new location
> (aa[profile][hat]['file'])
> - aa-logprof and aa-genprof still save data to the old location
> (aa[profile][hat]['allow']['path']) and probably ask superfluous
> questions because there are no rules existing in the old location
>
> TL;DR: don't try aa-logprof or aa-genprof with only this patch applied.
>
> I know this isn't ideal, but still better than an even bigger and
> totally unreadable patch ;-)
>
> [ 14-switch-to-FileRule.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160922/f4efbbb3/attachment.pgp>
More information about the AppArmor
mailing list