[apparmor] [patch] [5/7] move ask_conflict_mode() to aa.py

Seth Arnold seth.arnold at canonical.com
Tue Jan 17 20:58:44 UTC 2017 

On Sun, Jan 15, 2017 at 04:25:19PM +0100, Christian Boltz wrote:
> Hello,
> 
> The function is a exact copy of the code in aa-mergeprof (except
> removing the 'self' function parameter and changing the whitespace
> level)
> 
> Also add a ask_conflict_mode() call to aa.py ask_the_questions().
> This is needed for aa-mergeprof, and won't hurt in aa-logprof mode
> because handle_children() already handles all exec events.
> 
> 
> [ 05-move-ask_conflict_mode.diff ]

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> --- utils/apparmor/aa.py	2017-01-14 23:20:29.014791326 +0100
> +++ utils/apparmor/aa.py	2017-01-14 23:47:42.507418770 +0100
> @@ -1585,6 +1585,9 @@
>                      elif ans == 'CMD_FINISHED':
>                          return
>  
> +                # check for and ask about conflicting exec modes
> +                apparmor.aa.ask_conflict_mode(profile, hat, aa[profile][hat], log_dict[aamode][profile][hat])
> +
>                  for ruletype in ruletypes:
>                      for rule_obj in log_dict[aamode][profile][hat][ruletype].rules:
>                          # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
> @@ -1791,6 +1794,39 @@
>  
>      return deleted
>  
> +def ask_conflict_mode(profile, hat, old_profile, merge_profile):
> +    '''ask user about conflicting exec rules'''
> +    for oldrule in old_profile['file'].rules:
> +        conflictingrules = merge_profile['file'].get_exec_conflict_rules(oldrule)
> +
> +        if conflictingrules.rules:
> +            q = aaui.PromptQuestion()
> +            q.headers = [_('Path'), oldrule.path.regex]
> +            q.headers += [_('Select the appropriate mode'), '']
> +            options = []
> +            options.append(oldrule.get_clean())
> +            for rule in conflictingrules.rules:
> +                options.append(rule.get_clean())
> +            q.options = options
> +            q.functions = ['CMD_ALLOW', 'CMD_ABORT']
> +            done = False
> +            while not done:
> +                ans, selected = q.promptUser()
> +                if ans == 'CMD_ALLOW':
> +                    if selected == 0:
> +                        pass  # just keep the existing rule
> +                    elif selected > 0:
> +                        # replace existing rule with merged one
> +                        old_profile['file'].delete(oldrule)
> +                        old_profile['file'].add(conflictingrules.rules[selected - 1])
> +                    else:
> +                        raise AppArmorException(_('Unknown selection'))
> +
> +                    for rule in conflictingrules.rules:
> +                        merge_profile['file'].delete(rule)  # make sure aa-mergeprof doesn't ask to add conflicting rules later
> +
> +                    done = True
> +
>  def match_includes(profile, rule_type, rule_obj):
>      newincludes = []
>      for incname in include.keys():
> --- utils/aa-mergeprof	2017-01-14 22:46:14.191632249 +0100
> +++ utils/aa-mergeprof	2017-01-14 23:46:55.755628680 +0100
> @@ -156,38 +156,6 @@
>          user_base = cleanprofile.CleanProf(False, self.user, self.base)
>          deleted += user_base.compare_profiles()
>  
> -    def ask_conflict_mode(self, profile, hat, old_profile, merge_profile):
> -        '''ask user about conflicting exec rules'''
> -        for oldrule in old_profile['file'].rules:
> -            conflictingrules = merge_profile['file'].get_exec_conflict_rules(oldrule)
> -
> -            if conflictingrules.rules:
> -                q = aaui.PromptQuestion()
> -                q.headers = [_('Path'), oldrule.path.regex]
> -                q.headers += [_('Select the appropriate mode'), '']
> -                options = []
> -                options.append(oldrule.get_clean())
> -                for rule in conflictingrules.rules:
> -                    options.append(rule.get_clean())
> -                q.options = options
> -                q.functions = ['CMD_ALLOW', 'CMD_ABORT']
> -                done = False
> -                while not done:
> -                    ans, selected = q.promptUser()
> -                    if ans == 'CMD_ALLOW':
> -                        if selected == 0:
> -                            pass  # just keep the existing rule
> -                        elif selected > 0:
> -                            # replace existing rule with merged one
> -                            old_profile['file'].delete(oldrule)
> -                            old_profile['file'].add(conflictingrules.rules[selected - 1])
> -                        else:
> -                            raise AppArmorException(_('Unknown selection'))
> -
> -                        for rule in conflictingrules.rules:
> -                            merge_profile['file'].delete(rule)  # make sure aa-mergeprof doesn't ask to add conflicting rules later
> -
> -                        done = True
>  
>      def ask_the_questions(self, profile):
>          aa = self.user.aa  # keep references so that the code in this function can use the short name
> 
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> Wer es sicher haben will, muss halt lesen. Was sollen wir tun? Die
> Leute zuhause besuchen, mit Broschüren in der Hand, "Guten Tag - ich
> möchte gern mit ihnen über Gott^W^W^W^Wihren Webserver sprechen"?
> [Ratti in fontlinge-devel]



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170117/18c9c650/attachment.pgp>

More information about the AppArmor mailing list