2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00

Extend ProfileList to store and write include rules

- add_inc_ie() stores include and include if exists rules
- get_clean() and get_raw() return the profile preamble (currently only
  the include rules)

Also add tests for the new functions.
This commit is contained in:
Christian Boltz
2020-05-04 21:12:15 +02:00
parent 1569136180
commit 07b52134f4
2 changed files with 70 additions and 1 deletions

View File

@@ -14,6 +14,7 @@ from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.profile_list import ProfileList
from apparmor.rule.include import IncludeRule
class TestAdd_profile(AATest):
def AASetup(self):
@@ -114,6 +115,40 @@ class TestFilename_from_attachment(AATest):
with self.assertRaises(AppArmorBug):
self.pl.filename_from_attachment('foo')
class TestAdd_inc_ie(AATest):
def AASetup(self):
self.pl = ProfileList()
def testAdd_inc_ie_1(self):
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/global', False, True))
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
def testAdd_inc_ie_2(self):
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/global', False, True))
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/dovecot', False, True))
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', 'include <tunables/dovecot>', ''])
self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', 'include <tunables/dovecot>', ''])
def testAdd_inc_ie_error_1(self):
with self.assertRaises(AppArmorBug):
self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', 'tunables/global') # str insteadd of IncludeRule
self.assertEqual(list(self.pl.files.keys()), [])
class TestGet(AATest):
def AASetup(self):
self.pl = ProfileList()
def testGet_clean_error(self):
with self.assertRaises(AppArmorBug):
self.pl.get_clean('/etc/apparmor.d/not.found')
def testGet_raw_error(self):
with self.assertRaises(AppArmorBug):
self.pl.get_raw('/etc/apparmor.d/not.found')
setup_all_loops(__name__)
if __name__ == '__main__':