fix parsing of "hat foo {" lines

The python utils didn't know about the hat keyword, for example hat foo { This patch changes RE_PROFILE_HAT_DEF to add support for the hat keyword. Note that this patch only changes profile reading - when saving a profile, the ^foo syntax will always be used. While on it, also convert the regex to named matches - the result numbering changed anyway ;-) Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2025-08-30 13:58:22 +00:00 · 2014-10-16 22:03:42 +02:00
parent 31a57bdfa9
commit 31c4dc80a8
1 changed files with 8 additions and 7 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2634,7 +2634,7 @@ RE_PROFILE_NETWORK      = re.compile(RE_AUDIT_DENY + 'network(.*)' + RE_EOL)
 RE_NETWORK_FAMILY_TYPE = re.compile('\s+(\S+)\s+(\S+)\s*,$')
 RE_NETWORK_FAMILY = re.compile('\s+(\S+)\s*,$')
 RE_PROFILE_CHANGE_HAT   = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
-RE_PROFILE_HAT_DEF      = re.compile('^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{' + RE_EOL)
+RE_PROFILE_HAT_DEF      = re.compile('^\s*(\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
 RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
 RE_PROFILE_MOUNT        = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
 RE_PROFILE_SIGNAL       = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal\s+[^#]*\s*,)' + RE_EOL)
@@ -3144,14 +3144,14 @@ def parse_profile_data(data, file, do_include):

        elif RE_PROFILE_HAT_DEF.search(line):
            # An embedded hat syntax definition starts
-            matches = RE_PROFILE_HAT_DEF.search(line).groups()
+            matches = RE_PROFILE_HAT_DEF.search(line)
            if not profile:
                raise AppArmorException(_('Syntax Error: Unexpected hat definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })

            in_contained_hat = True
-            hat = matches[0]
+            hat = matches.group('hat')
            hat = strip_quotes(hat)
-            flags = matches[3]
+            flags = matches.group('flags')

            profile_data[profile][hat]['flags'] = flags
            profile_data[profile][hat]['declared'] = False
@@ -4321,11 +4321,12 @@ def serialize_profile_from_old_profile(profile_data, name, options):
                    #To-Do
                    pass
            elif RE_PROFILE_HAT_DEF.search(line):
-                matches = RE_PROFILE_HAT_DEF.search(line).groups()
+                matches = RE_PROFILE_HAT_DEF.search(line)
                in_contained_hat = True
-                hat = matches[0]
+                hat = matches.group('hat')
                hat = strip_quotes(hat)
-                flags = matches[3]
+                flags = matches.group('flags')
+
                if not write_prof_data[hat]['flags'] == flags:
                    correct = False
                if not write_prof_data[hat]['declared'] is False: