[apparmor] [patch] [41/38] let aa-mergeprof ask about new hats and subprofiles

Wed Sep 28 21:08:40 UTC 2016

Hello,

if a merged profile contains additional hats or subprofiles, the "old"
aa-mergeprof silently created them as additional hasher elements (partly
buggy, because subprofiles would end up as '^/subprofile' instead of
'profile subprofile'). After switching to FileRule, aa-mergeprof crashes
on new hats or subprofiles.

This patch adds code to ask the user if the new hat or subprofile should
be added - which means this patch replaces two bugs (crash + silently
adding subprofiles and hats) with a new feature ;-)


The new questions also add a new text CMD_ADDSUBPROFILE in ui.py.

Finally, the new "button" combinations get added to test-translations.py.



If you want to test, try to aa-mergeprof this profile (the subprofile
and hat are dummies, nothing ping would really require):


#include <tunables/global>
/{usr/,}bin/ping {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>

  capability net_raw,
  capability setuid,
  network inet raw,
  network inet6 raw,

  /{,usr/}bin/ping mixr,
  /etc/modules.conf r,

  ^hat {
    /bin/hat r,
    /bin/bash px,
  }

  profile /subprofile {
    /bin/subprofile r,
    /bin/bash px,
 }

  # Site-specific additions and overrides. See local/README for details.
  #include <local/bin.ping>
}



Note that this patch is not covered by unittests, but it passed all my
manual tests.



[ 41-mergeprof-new-subprofiles.diff ]

=== modified file ./utils/aa-mergeprof

--- utils/aa-mergeprof  2016-09-28 21:42:21.255527892 +0200
+++ utils/aa-mergeprof  2016-09-28 22:35:00.156477453 +0200
@@ -24,7 +24,7 @@
 import apparmor.ui as aaui
 
 from apparmor.aa import (add_to_options, available_buttons, combine_name, delete_duplicates,
-                         get_profile_filename, is_known_rule, match_includes,
+                         get_profile_filename, is_known_rule, match_includes, profile_storage,
                          set_options_audit_mode, propose_file_rules, selection_to_rule_obj)
 from apparmor.aare import AARE
 from apparmor.common import AppArmorException
@@ -289,6 +292,39 @@
         sev_db.load_variables(get_profile_filename(profile))
 
         for hat in sorted(other.aa[profile].keys()):
+
+            if not aa[profile].get(hat):
+                ans = ''
+                while ans not in ['CMD_ADDHAT', 'CMD_ADDSUBPROFILE', 'CMD_DENY']:
+                    q = aaui.PromptQuestion()
+                    q.headers += [_('Profile'), profile]
+
+                    if other.aa[profile][hat]['profile']:
+                        q.headers += [_('Requested Subprofile'), hat]
+                        q.functions.append('CMD_ADDSUBPROFILE')
+                    else:
+                        q.headers += [_('Requested Hat'), hat]
+                        q.functions.append('CMD_ADDHAT')
+
+                    q.functions += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED']
+
+                    q.default = 'CMD_DENY'
+
+                    ans = q.promptUser()[0]
+
+                    if ans == 'CMD_FINISHED':
+                        return
+
+                if ans == 'CMD_DENY':
+                    continue  # don't ask about individual rules if the user doesn't want the additional subprofile/hat
+
+                if other.aa[profile][hat]['profile']:
+                    aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing subprofile')
+                    aa[profile][hat]['profile'] = True
+                else:
+                    aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing hat')
+                    aa[profile][hat]['profile'] = False
+
             #Add the includes from the other profile to the user profile
             done = False
 
=== modified file ./utils/apparmor/ui.py
--- utils/apparmor/ui.py        2016-04-03 18:02:37.478933351 +0200
+++ utils/apparmor/ui.py        2016-09-28 22:25:20.659356679 +0200
@@ -254,6 +254,7 @@
         'CMD_GLOB': _('(G)lob'),
         'CMD_GLOBEXT': _('Glob with (E)xtension'),
         'CMD_ADDHAT': _('(A)dd Requested Hat'),
+        'CMD_ADDSUBPROFILE': _('(A)dd Requested Subprofile'),
         'CMD_USEDEFAULT': _('(U)se Default Hat'),
         'CMD_SCAN': _('(S)can system log for AppArmor events'),
         'CMD_HELP': _('(H)elp'),
=== modified file ./utils/test/test-translations.py
--- utils/test/test-translations.py     2016-09-28 00:46:23.071166538 +0200
+++ utils/test/test-translations.py     2016-09-28 22:39:32.915120909 +0200
@@ -32,6 +32,8 @@
         (['CMD_YES', 'CMD_NO', 'CMD_CANCEL'],                                                                                               True),  # ui.py UI_YesNo() and UI_YesNoCancel
         (['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY'],                                                         True),  # aa-mergeprof act()
         (['CMD_ALLOW', 'CMD_ABORT'],                                                                                                        True),  # aa-mergeprof conflict_mode()
+        (['CMD_ADDSUBPROFILE', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'],                                                                    True),  # aa-mergeprof ask_the_questions() - new subprofile
+        (['CMD_ADDHAT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'],                                                                           True),  # aa-mergeprof ask_the_questions() - new hat
     ]
 
     def _run_test(self, params, expected):




Regards,

Christian Boltz
-- 
given our recent direction, unmaintainable python would probably be
preferred over unmaintainable perl. :)  [Steve Beattie in apparmor]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160928/aacc717c/attachment.pgp>
