Add option to skip reading specific profiles

If a profile uses features not supported by the tools yet, add a skiplist to (hopefully temporarily) exclude it from the tests. This is meant to avoid blocking usage of new features in profiles. When doing a release, the skip lists should be empty.
2025-08-22 10:07:12 +00:00 · 2021-03-07 13:55:42 +01:00 · 2021-03-07 13:55:42 +01:00 · 26d7c13f94
commit 26d7c13f94
parent b02c59a730
2 changed files with 24 additions and 4 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1658,9 +1658,12 @@ def collapse_log(hashlog, ignore_null_profiles=True):

    return log_dict

-def read_profiles(ui_msg=False):
+def read_profiles(ui_msg=False, skip_profiles=[]):
    # we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
    # a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
+    #
+    # The skip_profiles parameter should only be specified by tests.
+
    global aa, original_aa
    aa = hasher()
    original_aa = hasher()
@ -1678,10 +1681,15 @@ def read_profiles(ui_msg=False):
        if os.path.isfile(full_file):
            if is_skippable_file(file):
                continue
+            elif file in skip_profiles:
+                aaui.UI_Info("skipping profile %s" % full_file)
+                continue
            else:
                read_profile(full_file, True)

-def read_inactive_profiles():
+def read_inactive_profiles(skip_profiles=[]):
+    # The skip_profiles parameter should only be specified by tests.
+
    if hasattr(read_inactive_profiles, 'already_read'):
        # each autodep() run calls read_inactive_profiles, but that's a) superfluous and b) triggers a conflict because the inactive profiles are already loaded
        # therefore don't do anything if the inactive profiles were already loaded
@ -1701,6 +1709,9 @@ def read_inactive_profiles():
        if os.path.isfile(full_file):
            if is_skippable_file(file):
                continue
+            elif file in skip_profiles:
+                aaui.UI_Info("skipping profile %s" % full_file)
+                continue
            else:
                read_profile(full_file, False)

--- a/utils/test/test-profiles.py
+++ b/utils/test/test-profiles.py
@ -13,6 +13,15 @@ import unittest
 from common_test import AATest, setup_all_loops, setup_aa
 import apparmor.aa as aa

+# If a profile can't be parsed by the tools, add it to skip_active_profiles or skip_extra_profiles.
+# Add only the filename (without path), for example 'usr.bin.foo'.
+# These skip lists are meant as a temporary solution, and should be empty on release.
+skip_active_profiles = [
+]
+
+skip_extra_profiles = [
+]
+
 class TestFoo(AATest):
    # Make sure the python code can parse all profiles shipped with AppArmor.
    # If this fails, read_profiles() / read_inactive_profiles() will raise an exception.
@ -21,12 +30,12 @@ class TestFoo(AATest):
    # (to make sure an empty or non-existing directory won't make this test useless).

    def test_active_profiles(self):
-        aa.read_profiles()
+        aa.read_profiles(skip_profiles=skip_active_profiles)

        self.assertGreaterEqual(len(aa.active_profiles.profile_names), 42)

    def test_extra_profiles(self):
-        aa.read_inactive_profiles()
+        aa.read_inactive_profiles(skip_profiles=skip_extra_profiles)

        self.assertGreaterEqual(len(aa.extra_profiles.profile_names), 100)