From b34e81e606b922500066f69bfead89aa97d86c01 Mon Sep 17 00:00:00 2001 From: Kshitij Gupta Date: Thu, 9 Oct 2014 01:42:33 +0530 Subject: [PATCH] utils: Allow Perl utils to store and write back unsupported rules This patch: - allows the unsupported rules to be stored when parsing profiles - writes all the unsupported rules back to profile Acked-by: Christian Boltz --- deprecated/utils/Immunix/AppArmor.pm | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/deprecated/utils/Immunix/AppArmor.pm b/deprecated/utils/Immunix/AppArmor.pm index 05ba7e18c..42c0bd362 100755 --- a/deprecated/utils/Immunix/AppArmor.pm +++ b/deprecated/utils/Immunix/AppArmor.pm @@ -5440,7 +5440,12 @@ sub parse_profile_data($$$) { } } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount|signal|unix|ptrace)/) { # ignore valid rules that are currently unsupported by AppArmor.pm - # BUG: when writing the profile, those rules are lost! + if (! defined $profile_data->{$profile}{$hat}{unsupported_rules}) { + $profile_data->{$profile}{$hat}{unsupported_rules} = []; + } + $_ =~ s/^\s+|\s+$//g; + push @{$profile_data->{$profile}{$hat}{unsupported_rules}}, $_ ; + } else { # we hit something we don't understand in a profile... die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n"; @@ -5894,6 +5899,25 @@ sub writepaths ($$) { return @data; } +sub writeunsupportedrules ($$) { + my ($prof_data, $depth) = @_; + + my @data; + my $pre = " " x $depth; + + if (defined $prof_data->{unsupported_rules}) { + + for my $rule (@{$prof_data->{unsupported_rules}}){ + push @data, "${pre}${rule}"; + } + + push @data, ""; + } + + return @data; + +} + sub write_rules ($$) { my ($prof_data, $depth) = @_; @@ -5904,6 +5928,7 @@ sub write_rules ($$) { push @data, writerlimits($prof_data, $depth); push @data, writecapabilities($prof_data, $depth); push @data, writenetdomain($prof_data, $depth); + push @data, writeunsupportedrules($prof_data, $depth); ## Legacy support for unknown/new rules push @data, writelinks($prof_data, $depth); push @data, writepaths($prof_data, $depth); push @data, writechange_profile($prof_data, $depth);