mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

UnixRule: allow comma as separator in peer=

Browse Source 
... and add some tests for it
This commit is contained in:
Christian Boltz 2025-03-13 17:11:07 +01:00
parent 819802cdb3
commit 1ff9306c93
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/apparmor/rule/unix.py
View File

@ -47,7 +47,7 @@ sep = r'\s*[\s,]\s*'
unix_accesses = rf'\s*(\s*(?P<accesses>\({join_access}({sep}{join_access})*\s*\)|{join_access}))?'
unix_rule_conds = rf'(\s*({re_cond_set("type")}|{re_cond_set("protocol")}))*'
unix_local_expr = rf'(\s*({re_cond("addr")}|{re_cond("label")}|{re_cond("attr")}|{re_cond("opt")}))*'
unix_peer_expr = rf'peer\s*=\s*\((\s*({re_cond("addr", "addr_peer")}|{re_cond("label", "label_peer")}))*\)'
unix_peer_expr = rf'peer\s*=\s*\((\s*({re_cond("addr", "addr_peer")}|{re_cond("label", "label_peer")})(\s*,)?)*\)'
RE_UNIX_DETAILS = re.compile(rf'^(\s*{unix_accesses})?(\s*{unix_rule_conds})?(\s*{unix_local_expr})?(\s*{unix_peer_expr})?\s*$')

4
utils/test/test-unix.py
View File

@ -42,6 +42,10 @@ class UnixTestParse(AATest):
('unix peer=(addr=@/tmp/foo-*),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/tmp/foo-*'}, False, False, False, '')),
('unix (accept, rw) protocol=AA type=BB opt=AA label=bb peer=(addr=a label=bb),',
UnixRule(('accept', 'rw'), {'type': 'BB', 'protocol': 'AA'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'a', 'label': 'bb'}, False, False, False, '')), # noqa: E127
('unix peer=( label=la, addr="@/h"),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/h', 'label': 'la,'}, False, False, False, '')),
('unix peer=(addr="@/h o", label="l a"),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/h o', 'label': 'l a'}, False, False, False, '')),
('unix addr="@/h" label=la,', UnixRule(UnixRule.ALL, UnixRule.ALL, {'addr': '@/h', 'label': 'la'}, UnixRule.ALL, False, False, False, '')),
('unix addr="@/h o" label="l a",', UnixRule(UnixRule.ALL, UnixRule.ALL, {'addr': '@/h o', 'label': 'l a'}, UnixRule.ALL, False, False, False, '')),
)
def _run_test(self, rawrule, expected):