[apparmor] [patch] [41/38] let aa-mergeprof ask about new hats and subprofiles
Christian Boltz
apparmor at cboltz.de
Wed Sep 28 21:08:40 UTC 2016
Hello,
if a merged profile contains additional hats or subprofiles, the "old"
aa-mergeprof silently created them as additional hasher elements (partly
buggy, because subprofiles would end up as '^/subprofile' instead of
'profile subprofile'). After switching to FileRule, aa-mergeprof crashes
on new hats or subprofiles.
This patch adds code to ask the user if the new hat or subprofile should
be added - which means this patch replaces two bugs (crash + silently
adding subprofiles and hats) with a new feature ;-)
The new questions also add a new text CMD_ADDSUBPROFILE in ui.py.
Finally, the new "button" combinations get added to test-translations.py.
If you want to test, try to aa-mergeprof this profile (the subprofile
and hat are dummies, nothing ping would really require):
#include <tunables/global>
/{usr/,}bin/ping {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
network inet6 raw,
/{,usr/}bin/ping mixr,
/etc/modules.conf r,
^hat {
/bin/hat r,
/bin/bash px,
}
profile /subprofile {
/bin/subprofile r,
/bin/bash px,
}
# Site-specific additions and overrides. See local/README for details.
#include <local/bin.ping>
}
Note that this patch is not covered by unittests, but it passed all my
manual tests.
[ 41-mergeprof-new-subprofiles.diff ]
=== modified file ./utils/aa-mergeprof
--- utils/aa-mergeprof 2016-09-28 21:42:21.255527892 +0200
+++ utils/aa-mergeprof 2016-09-28 22:35:00.156477453 +0200
@@ -24,7 +24,7 @@
import apparmor.ui as aaui
from apparmor.aa import (add_to_options, available_buttons, combine_name, delete_duplicates,
- get_profile_filename, is_known_rule, match_includes,
+ get_profile_filename, is_known_rule, match_includes, profile_storage,
set_options_audit_mode, propose_file_rules, selection_to_rule_obj)
from apparmor.aare import AARE
from apparmor.common import AppArmorException
@@ -289,6 +292,39 @@
sev_db.load_variables(get_profile_filename(profile))
for hat in sorted(other.aa[profile].keys()):
+
+ if not aa[profile].get(hat):
+ ans = ''
+ while ans not in ['CMD_ADDHAT', 'CMD_ADDSUBPROFILE', 'CMD_DENY']:
+ q = aaui.PromptQuestion()
+ q.headers += [_('Profile'), profile]
+
+ if other.aa[profile][hat]['profile']:
+ q.headers += [_('Requested Subprofile'), hat]
+ q.functions.append('CMD_ADDSUBPROFILE')
+ else:
+ q.headers += [_('Requested Hat'), hat]
+ q.functions.append('CMD_ADDHAT')
+
+ q.functions += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED']
+
+ q.default = 'CMD_DENY'
+
+ ans = q.promptUser()[0]
+
+ if ans == 'CMD_FINISHED':
+ return
+
+ if ans == 'CMD_DENY':
+ continue # don't ask about individual rules if the user doesn't want the additional subprofile/hat
+
+ if other.aa[profile][hat]['profile']:
+ aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing subprofile')
+ aa[profile][hat]['profile'] = True
+ else:
+ aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing hat')
+ aa[profile][hat]['profile'] = False
+
#Add the includes from the other profile to the user profile
done = False
=== modified file ./utils/apparmor/ui.py
--- utils/apparmor/ui.py 2016-04-03 18:02:37.478933351 +0200
+++ utils/apparmor/ui.py 2016-09-28 22:25:20.659356679 +0200
@@ -254,6 +254,7 @@
'CMD_GLOB': _('(G)lob'),
'CMD_GLOBEXT': _('Glob with (E)xtension'),
'CMD_ADDHAT': _('(A)dd Requested Hat'),
+ 'CMD_ADDSUBPROFILE': _('(A)dd Requested Subprofile'),
'CMD_USEDEFAULT': _('(U)se Default Hat'),
'CMD_SCAN': _('(S)can system log for AppArmor events'),
'CMD_HELP': _('(H)elp'),
=== modified file ./utils/test/test-translations.py
--- utils/test/test-translations.py 2016-09-28 00:46:23.071166538 +0200
+++ utils/test/test-translations.py 2016-09-28 22:39:32.915120909 +0200
@@ -32,6 +32,8 @@
(['CMD_YES', 'CMD_NO', 'CMD_CANCEL'], True), # ui.py UI_YesNo() and UI_YesNoCancel
(['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY'], True), # aa-mergeprof act()
(['CMD_ALLOW', 'CMD_ABORT'], True), # aa-mergeprof conflict_mode()
+ (['CMD_ADDSUBPROFILE', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa-mergeprof ask_the_questions() - new subprofile
+ (['CMD_ADDHAT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa-mergeprof ask_the_questions() - new hat
]
def _run_test(self, params, expected):
Regards,
Christian Boltz
--
given our recent direction, unmaintainable python would probably be
preferred over unmaintainable perl. :) [Steve Beattie in apparmor]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160928/aacc717c/attachment.pgp>
More information about the AppArmor
mailing list