Add and use logprof_header() and logprof_header_localvars() in *Rule classes

BaseRule: - add logprof_header() - sets the 'Qualifier' (audit, allow/deny) header if a qualifier is specified, calls logprof_header_localvars() and then returns an array of headers to display in aa-logprof and aa-mergeprof - add logprof_header_localvars() - dummy function that needs to be implemented in the child classes NetworkRule: add logprof_header_localvars() - adds 'Network Family' and 'Socket Type' to the headers CapabilityRule: add logprof_header_localvars() - adds 'Capability' to the headers Also change aa-mergeprof to use rule_obj.logprof_header() for network and capability rules. This means deleting lots of lines (that moved to the *Rule classes) and also deleting the last differences between capabiltiy and network rules. Finally add tests for the newly added functions. Acked-by: Steve Beattie <steve@nxnw.org>
2025-09-05 08:45:22 +00:00 · 2015-06-06 14:04:11 +02:00
parent babebceaf3
commit 902f88b0bb
7 changed files with 98 additions and 42 deletions
--- a/utils/test/test-network.py
+++ b/utils/test/test-network.py
@@ -21,6 +21,8 @@ from apparmor.rule.network import NetworkRule, NetworkRuleset
 from apparmor.rule import BaseRule
 from apparmor.common import AppArmorException, AppArmorBug
 from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()

 exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
        'domain', 'all_domains', 'type_or_protocol', 'all_type_or_protocols'])
@@ -336,6 +338,21 @@ class NetworkCoveredTest_Invalid(AATest):
        with self.assertRaises(AppArmorBug):
            obj.is_equal(testobj)

+class NetworkLogprofHeaderTest(AATest):
+    tests = [
+        ('network,',                    [                               _('Network Family'), _('ALL'),     _('Socket Type'), _('ALL'),     ]),
+        ('network inet,',               [                               _('Network Family'), 'inet',       _('Socket Type'), _('ALL'),     ]),
+        ('network inet stream,',        [                               _('Network Family'), 'inet',       _('Socket Type'), 'stream',     ]),
+        ('deny network,',               [_('Qualifier'), 'deny',        _('Network Family'), _('ALL'),     _('Socket Type'), _('ALL'),     ]),
+        ('allow network inet,',         [_('Qualifier'), 'allow',       _('Network Family'), 'inet',       _('Socket Type'), _('ALL'),     ]),
+        ('audit network inet stream,',  [_('Qualifier'), 'audit',       _('Network Family'), 'inet',       _('Socket Type'), 'stream',     ]),
+        ('audit deny network inet,',    [_('Qualifier'), 'audit deny',  _('Network Family'), 'inet',       _('Socket Type'), _('ALL'),     ]),
+    ]
+
+    def _run_test(self, params, expected):
+        obj = NetworkRule._parse(params)
+        self.assertEqual(obj.logprof_header(), expected)
+
 ## --- tests for NetworkRuleset --- #

 class NetworkRulesTest(AATest):