mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

Fix and simplify ask_addhat()

Browse Source 
- replace/merge 'uhat' with 'hat'
- adjust ProfileStorage comment to the new function name
- initialize default hat if it gets chosen and doesn't exist yet
- don't exit the function if "Deny" gets chosen. Instead, continue with
  the next hat to (possibly) add
This commit is contained in:
Christian Boltz
2019-05-02 22:51:39 +02:00
parent 560fb6fabe
commit 1b7cdec70d
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
utils/apparmor/aa.py
View File

@@ -914,13 +914,11 @@ def ask_addhat(hashlog):
for hat in hashlog[aamode][profile]['change_hat']: for hat in hashlog[aamode][profile]['change_hat']:
hat = hat.split('//')[-1] hat = hat.split('//')[-1]
uhat = hat if aa[profile].get(hat, False):
if aa[profile].get(uhat, False): continue # no need to ask if the hat already exists
hat = uhat
continue
new_p = update_repo_profile(aa[profile][profile]) new_p = update_repo_profile(aa[profile][profile])
if new_p and UI_SelectUpdatedRepoProfile(profile, new_p) and aa[profile].get(uhat, False): if new_p and UI_SelectUpdatedRepoProfile(profile, new_p) and aa[profile].get(hat, False):
hat = uhat
continue continue
default_hat = None default_hat = None
@@ -929,7 +927,7 @@ def ask_addhat(hashlog):
default_hat = cfg['defaulthat'][hatglob] default_hat = cfg['defaulthat'][hatglob]
context = profile context = profile
context = context + ' -> ^%s' % uhat context = context + ' -> ^%s' % hat
ans = transitions.get(context, 'XXXINVALIDXXX') ans = transitions.get(context, 'XXXINVALIDXXX')
while ans not in ['CMD_ADDHAT', 'CMD_USEDEFAULT', 'CMD_DENY']: while ans not in ['CMD_ADDHAT', 'CMD_USEDEFAULT', 'CMD_DENY']:
@@ -939,7 +937,7 @@ def ask_addhat(hashlog):
if default_hat: if default_hat:
q.headers += [_('Default Hat'), default_hat] q.headers += [_('Default Hat'), default_hat]
q.headers += [_('Requested Hat'), uhat] q.headers += [_('Requested Hat'), hat]
q.functions.append('CMD_ADDHAT') q.functions.append('CMD_ADDHAT')
if default_hat: if default_hat:
@@ -959,15 +957,19 @@ def ask_addhat(hashlog):
transitions[context] = ans transitions[context] = ans
if ans == 'CMD_ADDHAT': if ans == 'CMD_ADDHAT':
hat = uhat aa[profile][hat] = ProfileStorage(profile, hat, 'ask_addhat addhat')
aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children addhat')
aa[profile][hat]['flags'] = aa[profile][profile]['flags'] aa[profile][hat]['flags'] = aa[profile][profile]['flags']
changed[profile] = True changed[profile] = True
elif ans == 'CMD_USEDEFAULT': elif ans == 'CMD_USEDEFAULT':
hat = default_hat hat = default_hat
if not aa[profile].get(hat, False):
# create default hat if it doesn't exist yet
aa[profile][hat] = ProfileStorage(profile, hat, 'ask_addhat default hat')
aa[profile][hat]['flags'] = aa[profile][profile]['flags']
changed[profile] = True
elif ans == 'CMD_DENY': elif ans == 'CMD_DENY':
# As unknown hat is denied no entry for it should be made # As unknown hat is denied no entry for it should be made
return None continue
def handle_children(profile, hat, root): def handle_children(profile, hat, root):
regex_nullcomplain = re.compile('^null(-complain)*-profile$') regex_nullcomplain = re.compile('^null(-complain)*-profile$')