mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

convert RE_PROFILE_CAP in aa.py and the code using it to named match groups

Browse Source 
(capability is one of the easiest rule types, so it's good as a start.)

The patch also adds basic support for rules containing more than one 
capability, like
    capability chown dac_override,
Note that this is just a pass-through mode (instead of complaining about 
an invalid line). aa-logprof will happily add another "capability chown" 
if it hits a log entry for it. (But: we never got a bugreport about not 
supporting multi-capability lines, so I guess they are rarely used ;-)

I also added a parse_audit_allow() function to handle the audit and 
allow/deny keywords. They are used in most rule types, which means we 
can get rid of some duplicated code with this function.


Finally, update utils/test/test-regex_matches.py - RE_PROFILE_CAP now 
has 5 instead of 4 match groups because of the added multi-capability 
support.

While on it, I also improved the error message in setup_regex_tests()
to also show the rule that causes a problem.


Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Christian Boltz
2014-10-01 21:45:22 +02:00
parent bcb1cd750e
commit 95994ed64a
2 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
utils/test/test-regex_matches.py
View File

@@ -162,7 +162,7 @@ def regex_test(self, line, expected):
for (i, group) in enumerate(groups):
if group:
group = group.strip()
self.assertEqual(group, expected[i], 'Group %d mismatch' % i)
self.assertEqual(group, expected[i], 'Group %d mismatch in rule %s' % (i,line))
def setup_regex_tests(test_class):
@@ -188,10 +188,10 @@ class AARegexCapability(unittest.TestCase):
self.regex = aa.RE_PROFILE_CAP
tests = [
(' capability net_raw,', (None, None, 'net_raw', None)),
('capability net_raw , ', (None, None, 'net_raw', None)),
(' capability,', (None, None, None, None)),
(' capability , ', (None, None, None, None)),
(' capability net_raw,', (None, None, 'net_raw', 'net_raw', None)),
('capability net_raw , ', (None, None, 'net_raw', 'net_raw', None)),
(' capability,', (None, None, None, None, None)),
(' capability , ', (None, None, None, None, None)),
(' capabilitynet_raw,', False)
]