Add and use logprof_header() and logprof_header_localvars() in *Rule classes

BaseRule: - add logprof_header() - sets the 'Qualifier' (audit, allow/deny) header if a qualifier is specified, calls logprof_header_localvars() and then returns an array of headers to display in aa-logprof and aa-mergeprof - add logprof_header_localvars() - dummy function that needs to be implemented in the child classes NetworkRule: add logprof_header_localvars() - adds 'Network Family' and 'Socket Type' to the headers CapabilityRule: add logprof_header_localvars() - adds 'Capability' to the headers Also change aa-mergeprof to use rule_obj.logprof_header() for network and capability rules. This means deleting lots of lines (that moved to the *Rule classes) and also deleting the last differences between capabiltiy and network rules. Finally add tests for the newly added functions. Acked-by: Steve Beattie <steve@nxnw.org>
2025-09-05 08:45:22 +00:00 · 2015-06-06 14:04:11 +02:00
parent babebceaf3
commit 902f88b0bb
7 changed files with 98 additions and 42 deletions
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -21,6 +21,8 @@ from apparmor.rule import BaseRule
 import apparmor.severity as severity
 from apparmor.common import AppArmorException, AppArmorBug, hasher
 from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()

 # --- tests for single CapabilityRule --- #

@@ -434,6 +436,21 @@ class CapabiliySeverityTest(AATest):
        rank = obj.severity(sev_db)
        self.assertEqual(rank, expected)

+class CapabilityLogprofHeaderTest(AATest):
+    tests = [
+        ('capability,',                         [                               _('Capability'), _('ALL'),         ]),
+        ('capability chown,',                   [                               _('Capability'), 'chown',          ]),
+        ('capability chown fsetid,',            [                               _('Capability'), 'chown fsetid',   ]),
+        ('audit capability,',                   [_('Qualifier'), 'audit',       _('Capability'), _('ALL'),         ]),
+        ('deny capability chown,',              [_('Qualifier'), 'deny',        _('Capability'), 'chown',          ]),
+        ('allow capability chown fsetid,',      [_('Qualifier'), 'allow',       _('Capability'), 'chown fsetid',   ]),
+        ('audit deny capability,',              [_('Qualifier'), 'audit deny',  _('Capability'), _('ALL'),         ]),
+    ]
+
+    def _run_test(self, params, expected):
+        obj = CapabilityRule._parse(params)
+        self.assertEqual(obj.logprof_header(), expected)
+
 # --- tests for CapabilityRuleset --- #

 class CapabilityRulesTest(AATest):