[apparmor] [patch] More strict profile_storage()

Christian Boltz apparmor at cboltz.de
Mon Jun 5 21:20:33 UTC 2017 

Hello,

this patch makes the profile_storage() data structure more strict. It
- initializes everything inside a profile with proper values
- makes the profile storage a dict() instead of a hasher(), which means
  it will complain loudly when trying to access non-existing elements
  (hasher() was more forgiving, but this also meant hiding bugs)

The patch also fixes a minor issue related to the more strict 'repo'
profile property in serialize_profile().


Note that I propose this patch only for trunk.

In theory it should also work on 2.11, but I won't take that risk.

2.10.x and older are guaranteed to crash in
serialize_profile_from_old_profile() when (v)iew changes for a profile
with child profiles is used. The switch to FileRule removed that broken
code :-)

I use this patch since (at least) several months locally, so there's a
chance it doesn't break anything ;-)


[ 01-strict-profile-storage.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-12-26 16:47:30.614839586 +0100
+++ utils/apparmor/aa.py        2015-12-26 16:46:25.451187459 +0100
@@ -453,10 +453,7 @@
     # d) other: external, flags, name, profile, attachment, initial_comment, filename, info,
     #           profile_keyword, header_comment (these two are currently only set by set_profile_flags())
 
-    # Note that this function doesn't explicitely init all those keys (yet).
-    # It will be extended over time, with the final goal to get rid of hasher().
-
-    profile = hasher()
+    profile = dict()
 
     # profile['info'] isn't used anywhere, but can be helpful in debugging.
     profile['info'] = {'profile': profilename, 'hat': hat, 'calledby': calledby}
@@ -472,8 +467,35 @@
     profile['rlimit']           = RlimitRuleset()
     profile['signal']           = SignalRuleset()
 
-    profile['allow']['mount'] = list()
+    profile['alias']            = dict()
+    profile['include']          = dict()
+    profile['localinclude']     = dict()
+    profile['repo']             = dict()
+    profile['lvar']             = dict()
+
+    profile['filename']         = ''
+    profile['name']             = ''
+    profile['attachment']       = ''
+    profile['flags']            = ''
+    profile['external']         = False
+    profile['header_comment']   = ''
+    profile['initial_comment']  = ''
+    profile['profile_keyword']  = False
+    profile['profile']          = False  # profile or hat?
+
+    profile['allow'] = dict()
+    profile['deny'] = dict()
+
+    profile['allow']['link']    = hasher()
+    profile['deny']['link']     = hasher()
+
+    # mount, pivot_root, unix have a .get() fallback to list() - initialize them nevertheless
+    profile['allow']['mount']   = list()
+    profile['deny']['mount']    = list()
     profile['allow']['pivot_root'] = list()
+    profile['deny']['pivot_root']  = list()
+    profile['allow']['unix']    = list()
+    profile['deny']['unix']     = list()
 
     return profile
 
@@ -3074,7 +3074,7 @@
                 profile_data[name]['repo']['id']):
             repo = profile_data[name]['repo']
             string += '# REPOSITORY: %s %s %s\n' % (repo['url'], repo['user'], repo['id'])
-        elif profile_data[name]['repo']['neversubmit']:
+        elif profile_data[name]['repo'].get('neversubmit'):
             string += '# REPOSITORY: NEVERSUBMIT\n'
 
 #     if profile_data[name].get('initial_comment', False):



Regards,

Christian Boltz
-- 
This is a mailing list, not the World Championchips for Misunderstanding
Potentially Anything     [Knurpht - Gertjan Lettink in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170605/35bb187b/attachment.pgp>

More information about the AppArmor mailing list