Remove match statements in utils for older Python compatibility

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-08-31 14:25:52 +00:00 · 2024-12-02 10:39:15 -08:00
parent 93c7035148
commit 2068ea8720
3 changed files with 79 additions and 80 deletions
--- a/utils/aa-notify
+++ b/utils/aa-notify
@@ -515,21 +515,21 @@ def prompt_userns(ev):
    """If the user namespace creation denial was generated by an unconfined binary, displays a graphical notification.
    Creates a new profile to allow userns if the user wants it. Returns whether a notification was displayed to the user
    """
-    match can_leverage_userns_event(ev):
-        case 'error_cannot_find_path':
-            UsernsGUI.show_error_cannot_find_execpath(ev['comm'], os.path.dirname(os.path.abspath(__file__)) + '/default_unconfined.template')
-        case 'error_userns_profile_exists':
-            # There is already a profile with this name: we show an error to the user.
-            # We could use the full path as profile name like for the old profiles if we want to handle this case
-            # but if execpath is not supported by the kernel it could also mean that we inferred a bad path
-            # So we do nothing beyond showing this error.
-            ErrorGUI(
-                _('Application {profile} tried to create an user namespace, but a profile already exists with this name.\n'
-                  'This is likely because there is several binaries named {profile} thus the path inferred by AppArmor ({inferred_path}) is not correct.\n'
-                  'You should review your profiles (in {profile_dir}).').format(profile=ev['comm'], inferred_path=ev['execpath'], profile_dir=aa.profile_dir),
-                False).show()
-        case 'ok':
-            ask_for_user_ns_denied(ev['execpath'], ev['comm'])
+    userns_event_usable = can_leverage_userns_event(ev)
+    if userns_event_usable == 'error_cannot_find_path':
+        UsernsGUI.show_error_cannot_find_execpath(ev['comm'], os.path.dirname(os.path.abspath(__file__)) + '/default_unconfined.template')
+    elif userns_event_usable == 'error_userns_profile_exists':
+        # There is already a profile with this name: we show an error to the user.
+        # We could use the full path as profile name like for the old profiles if we want to handle this case
+        # but if execpath is not supported by the kernel it could also mean that we inferred a bad path
+        # So we do nothing beyond showing this error.
+        ErrorGUI(
+            _('Application {profile} tried to create an user namespace, but a profile already exists with this name.\n'
+                'This is likely because there is several binaries named {profile} thus the path inferred by AppArmor ({inferred_path}) is not correct.\n'
+                'You should review your profiles (in {profile_dir}).').format(profile=ev['comm'], inferred_path=ev['execpath'], profile_dir=aa.profile_dir),
+            False).show()
+    elif userns_event_usable == 'ok':
+        ask_for_user_ns_denied(ev['execpath'], ev['comm'])


 def get_more_info_about_event(rl, ev, special_profiles, header='', get_clean_rule=False):
@@ -551,13 +551,13 @@ def get_more_info_about_event(rl, ev, special_profiles, header='', get_clean_rul
        if customized_message['userns']['cond'](ev, special_profiles):
            profile_path = None
            out += _('You may allow it through a dedicated unconfined profile for {}.').format(ev['comm'])
-            match can_leverage_userns_event(ev):
-                case 'error_cannot_find_path':
-                    clean_rule = _('# You may allow it through a dedicated unconfined profile for {0}. However, apparmor cannot find {0}. If you want to allow it, please create a profile for it manually.').format(ev['comm'])
-                case 'error_userns_profile_exists':
-                    clean_rule = _('# You may allow it through a dedicated unconfined profile for {} ({}). However, a profile already exists with this name. If you want to allow it, please create a profile for it manually.').format(ev['comm'], ev['execpath'])
-                case 'ok':
-                    clean_rule = _('# You may allow it through a dedicated unconfined profile for {} ({})').format(ev['comm'], ev['execpath'])
+            userns_event_usable = can_leverage_userns_event(ev)
+            if userns_event_usable == 'error_cannot_find_path':
+                clean_rule = _('# You may allow it through a dedicated unconfined profile for {0}. However, apparmor cannot find {0}. If you want to allow it, please create a profile for it manually.').format(ev['comm'])
+            elif userns_event_usable == 'error_userns_profile_exists':
+                clean_rule = _('# You may allow it through a dedicated unconfined profile for {} ({}). However, a profile already exists with this name. If you want to allow it, please create a profile for it manually.').format(ev['comm'], ev['execpath'])
+            elif userns_event_usable == 'ok':
+                clean_rule = _('# You may allow it through a dedicated unconfined profile for {} ({})').format(ev['comm'], ev['execpath'])
        else:
            profile_path = aa.get_profile_filename_from_profile_name(ev['profile'])
            clean_rule = rule.get_clean()
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -199,49 +199,49 @@ class ReadLog:
            ev['fsuid'] = event.fsuid
            ev['ouid'] = event.ouid

-        match self.get_event_type(ev):
-            case 'signal':
-                ev['signal'] = event.signal
-                ev['peer'] = event.peer
-            case 'ptrace':
-                ev['peer'] = event.peer
-            case 'pivot_root':
-                ev['src_name'] = event.src_name
-            case 'mount':
-                ev['flags'] = event.flags
-                ev['fs_type'] = event.fs_type
-                if ev['operation'] and ev['operation'] == 'mount':
-                    ev['src_name'] = event.src_name  # mount can have a source but not umount.
-            case 'userns':
-                ev['execpath'] = event.execpath
-                ev['comm'] = event.comm
-            case 'network':
-                ev['accesses'] = event.requested_mask
-                ev['port'] = event.net_local_port or None
-                ev['remote_port'] = event.net_foreign_port or None
-                ev['addr'] = event.net_local_addr
-                ev['peer_addr'] = event.net_foreign_addr
-                ev['addr'] = event.net_local_addr
-                ev['peer_addr'] = event.net_foreign_addr
-            case 'unix':
-                ev['accesses'] = event.requested_mask
-                ev['port'] = event.net_local_port or None
-                ev['remote_port'] = event.net_foreign_port or None
-                ev['addr'] = event.net_addr
-                ev['peer_addr'] = event.peer_addr
-                ev['peer'] = event.peer
-                ev['peer_profile'] = event.peer_profile
-            case 'dbus':
-                ev['peer_profile'] = event.peer_profile
-                ev['bus'] = event.dbus_bus
-                ev['path'] = event.dbus_path
-                ev['interface'] = event.dbus_interface
-                ev['member'] = event.dbus_member
+        event_type = self.get_event_type(ev)
+        if event_type == 'signal':
+            ev['signal'] = event.signal
+            ev['peer'] = event.peer
+        elif event_type == 'ptrace':
+            ev['peer'] = event.peer
+        elif event_type == 'pivot_root':
+            ev['src_name'] = event.src_name
+        elif event_type == 'mount':
+            ev['flags'] = event.flags
+            ev['fs_type'] = event.fs_type
+            if ev['operation'] and ev['operation'] == 'mount':
+                ev['src_name'] = event.src_name  # mount can have a source but not umount.
+        elif event_type == 'userns':
+            ev['execpath'] = event.execpath
+            ev['comm'] = event.comm
+        elif event_type == 'network':
+            ev['accesses'] = event.requested_mask
+            ev['port'] = event.net_local_port or None
+            ev['remote_port'] = event.net_foreign_port or None
+            ev['addr'] = event.net_local_addr
+            ev['peer_addr'] = event.net_foreign_addr
+            ev['addr'] = event.net_local_addr
+            ev['peer_addr'] = event.net_foreign_addr
+        elif event_type == 'unix':
+            ev['accesses'] = event.requested_mask
+            ev['port'] = event.net_local_port or None
+            ev['remote_port'] = event.net_foreign_port or None
+            ev['addr'] = event.net_addr
+            ev['peer_addr'] = event.peer_addr
+            ev['peer'] = event.peer
+            ev['peer_profile'] = event.peer_profile
+        elif event_type == 'dbus':
+            ev['peer_profile'] = event.peer_profile
+            ev['bus'] = event.dbus_bus
+            ev['path'] = event.dbus_path
+            ev['interface'] = event.dbus_interface
+            ev['member'] = event.dbus_member

-            case 'io_uring':
-                ev['peer_profile'] = event.peer_profile
-            case 'capability':
-                ev['comm'] = event.comm
+        elif event_type == 'io_uring':
+            ev['peer_profile'] = event.peer_profile
+        elif event_type == 'capability':
+            ev['comm'] = event.comm

        if not ev['time']:
            ev['time'] = int(time.time())
--- a/utils/apparmor/update_profile.py
+++ b/utils/apparmor/update_profile.py
@@ -67,23 +67,22 @@ def create_from_file(file_path):


 def do_command(command, args):
-    match command:
-        case 'from_file':
-            if not len(args) == 2:
-                usage(False)
-            create_from_file(args[1])
-        case 'create_userns':
-            if not len(args) == 6:
-                usage(False)
-            create_userns(args[1], args[2], args[3], args[4], args[5])
-        case 'add_rule':
-            if not len(args) == 3:
-                usage(False)
-            add_to_profile(args[1], args[2])
-        case 'help':
-            usage(True)
-        case _:
+    if command == 'from_file':
+        if not len(args) == 2:
            usage(False)
+        create_from_file(args[1])
+    elif command == 'create_userns':
+        if not len(args) == 6:
+            usage(False)
+        create_userns(args[1], args[2], args[3], args[4], args[5])
+    elif command == 'add_rule':
+        if not len(args) == 3:
+            usage(False)
+        add_to_profile(args[1], args[2])
+    elif command == 'help':
+        usage(True)
+    else:
+        usage(False)


 def main():