split set_options_audit_mode() and add set_options_owner_mode()

- move the code of set_options_audit_mode() to a new function
  set_options_mode() and make set_options_audit_mode() a wrapper for it.
- add set_options_owner_mode() as another wrapper for set_options_mode()
  and add code to switch the owner flag to set_options_mode()
- add tests for set_options_owner_mode()

utils/apparmor/aa.py

@@ -1605,6 +1605,16 @@ def set_options_audit_mode(rule_obj, options):
     '''change audit state in options (proposed rules) to audit state in rule_obj.
        #include options will be kept unchanged
     '''
+    return set_options_mode(rule_obj, options, 'audit')
+
+def set_options_owner_mode(rule_obj, options):
+    '''change owner state in options (proposed rules) to owner state in rule_obj.
+       #include options will be kept unchanged
+    '''
+    return set_options_mode(rule_obj, options, 'owner')
+
+def set_options_mode(rule_obj, options, what):
+    ''' helper function for set_options_audit_mode() and set_options_owner_mode'''
     new_options = []
 
     for rule in options:
@@ -1612,7 +1622,13 @@ def set_options_audit_mode(rule_obj, options):
             new_options.append(rule)
         else:
             parsed_rule = selection_to_rule_obj(rule_obj, rule)
+            if what == 'audit':
                 parsed_rule.audit = rule_obj.audit
+            elif what == 'owner':
+                parsed_rule.owner = rule_obj.owner
+            else:
+                raise AppArmorBug('Unknown "what" value given to set_options_mode: %s' % what)
+
             parsed_rule.raw_rule = None
             new_options.append(parsed_rule.get_raw())
 

utils/test/test-aa.py

@@ -19,7 +19,7 @@ import sys
 
 import apparmor.aa  # needed to set global vars in some tests
 from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
-     get_profile_flags, set_profile_flags, set_options_audit_mode, is_skippable_file, is_skippable_dir,
+     get_profile_flags, set_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file, is_skippable_dir,
      parse_profile_start, parse_profile_data, separate_vars, store_list_var, write_header,
      var_transform, serialize_parse_profile_start, get_file_perms, propose_file_rules)
 from apparmor.aare import AARE
@@ -414,6 +414,20 @@ class AaTest_set_options_audit_mode(AATest):
         new_options = set_options_audit_mode(rule_obj, options)
         self.assertEqual(new_options, expected)
 
+class AaTest_set_options_owner_mode(AATest):
+    tests = [
+        ((FileRule.parse('owner /foo/bar r,'),      ['/foo/bar r,', '/foo/* r,', '/** r,']                                  ), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
+        ((FileRule.parse('owner /foo/bar r,'),      ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']                      ), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
+        ((FileRule.parse('/foo/bar r,'),            ['/foo/bar r,', '/foo/* r,', '/** r,']                                  ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+        ((FileRule.parse('/foo/bar r,'),            ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']                ), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+        ((FileRule.parse('audit owner /foo/bar r,'),['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
+    ]
+
+    def _run_test(self, params, expected):
+        rule_obj, options = params
+        new_options = set_options_owner_mode(rule_obj, options)
+        self.assertEqual(new_options, expected)
+
 class AaTest_is_skippable_file(AATest):
     def test_not_skippable_01(self):
         self.assertFalse(is_skippable_file('bin.ping'))