Ensure opened files are closed.

2025-08-30 22:05:27 +00:00 · 2022-06-18 14:40:58 -04:00
parent d7e3f33aa8
commit bf819bc8e6
6 changed files with 77 additions and 56 deletions
--- a/parser/tst/valgrind_simple.py
+++ b/parser/tst/valgrind_simple.py
@@ -68,11 +68,11 @@ def create_suppressions():

    handle, name = tempfile.mkstemp(suffix='.suppressions', prefix='aa-parser-valgrind')
    os.close(handle)
-    handle = open(name,"w+")
-    handle.write(VALGRIND_SUPPRESSIONS)
-    handle.close()
+    with open(name, "w+") as handle:
+        handle.write(VALGRIND_SUPPRESSIONS)
    return name

+
 def main():
    rc = 0
    p = ArgumentParser()
--- a/utils/apparmor/config.py
+++ b/utils/apparmor/config.py
@@ -279,9 +279,8 @@ class Config(object):
 def py2_parser(filename):
    """Returns the de-dented ini file from the new format ini"""
    tmp = tempfile.NamedTemporaryFile('rw')
-    f_out = open(tmp.name, 'w')
    if os.path.exists(filename):
-        with open_file_read(filename) as f_in:
+        with open(tmp.name, 'w') as f_out, open_file_read(filename) as f_in:
            for line in f_in:
                # The ini format allows for multi-line entries, with the subsequent
                # entries being indented deeper hence simple lstrip() is not appropriate
@@ -290,5 +289,4 @@ def py2_parser(filename):
                elif line[0] == '\t':
                    line = line[1:]
                f_out.write(line)
-    f_out.flush()
    return tmp
--- a/utils/apparmor/easyprof.py
+++ b/utils/apparmor/easyprof.py
@@ -415,7 +415,8 @@ class AppArmorEasyProfile:

    def get_template(self):
        '''Get contents of current template'''
-        return open(self.template).read()
+        with open(self.template) as f:
+            return f.read()

    def set_template(self, template, allow_abs_path=True):
        '''Set current template'''
@@ -464,7 +465,8 @@ class AppArmorEasyProfile:

        if self.policy_groups == None or not p in self.policy_groups:
            raise AppArmorException("Policy group '%s' does not exist" % p)
-        return open(p).read()
+        with open(p) as f:
+            return f.read()

    def set_policygroup(self, policygroups):
        '''Set policygroups'''
--- a/utils/apparmor/sandbox.py
+++ b/utils/apparmor/sandbox.py
@@ -128,25 +128,24 @@ def aa_exec(command, opt, environ={}, verify_rules=[]):
        policy = easyp.gen_policy(**params)
        debug("\n%s" % policy)

-        tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name)
-        if sys.version_info[0] >= 3:
-            tmp.write(bytes(policy, 'utf-8'))
-        else:
-            tmp.write(policy)
-        tmp.flush()
+        with tempfile.NamedTemporaryFile(prefix='%s-' % policy_name) as tmp:
+            if sys.version_info[0] >= 3:
+                tmp.write(bytes(policy, 'utf-8'))
+            else:
+                tmp.write(policy)

-        debug("using '%s' template" % opt.template)
-        # TODO: get rid of this
-        if opt.withx:
-            rc, report = cmd(['pkexec', 'apparmor_parser', '-r', '%s' % tmp.name])
-        else:
-            rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
-        if rc != 0:
-            raise AppArmorException("Could not load policy")
+            debug("using '%s' template" % opt.template)
+            # TODO: get rid of this
+            if opt.withx:
+                rc, report = cmd(['pkexec', 'apparmor_parser', '-r', '%s' % tmp.name])
+            else:
+                rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
+            if rc != 0:
+                raise AppArmorException("Could not load policy")

-        rc, report = cmd(['sudo', 'apparmor_parser', '-p', tmp.name])
-        if rc != 0:
-            raise AppArmorException("Could not dump policy")
+            rc, report = cmd(['sudo', 'apparmor_parser', '-p', tmp.name])
+            if rc != 0:
+                raise AppArmorException("Could not dump policy")

        # Make sure the dynamic profile has the appropriate line for X
        for r in verify_rules:
--- a/utils/test/test-aa-easyprof.py
+++ b/utils/test/test-aa-easyprof.py
@@ -144,7 +144,8 @@ class T(unittest.TestCase):
 }

 ''' % (self.test_template)
-        open(os.path.join(self.tmpdir, 'templates', self.test_template), 'w').write(contents)
+        with open(os.path.join(self.tmpdir, 'templates', self.test_template), 'w') as f:
+            f.write(contents)

        # Create a test policygroup
        self.test_policygroup = "test-policygroup"
@@ -153,7 +154,8 @@ class T(unittest.TestCase):
  #include <abstractions/gnome>
  #include <abstractions/nameservice>
 ''' % (self.test_policygroup)
-        open(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), 'w').write(contents)
+        with open(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), 'w') as f:
+            f.write(contents)

        # setup our conffile
        self.conffile = os.path.join(self.tmpdir, 'easyprof.conf')
@@ -161,7 +163,8 @@ class T(unittest.TestCase):
 POLICYGROUPS_DIR="%s/policygroups"
 TEMPLATES_DIR="%s/templates"
 ''' % (self.tmpdir, self.tmpdir)
-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)

        self.binary = "/opt/bin/foo"
        self.full_args = ['-c', self.conffile, self.binary]
@@ -217,7 +220,8 @@ POLICYGROUPS_DIR=
 TEMPLATES_DIR="%s/templates"
 ''' % (self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -234,7 +238,8 @@ POLICYGROUPS_DIR="%s"
 TEMPLATES_DIR="%s/templates"
 ''' % ('', self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -251,7 +256,8 @@ POLICYGROUPS_DIR="%s/policygroups"
 TEMPLATES_DIR="%s/templates"
 ''' % ('/nonexistent', self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -341,7 +347,8 @@ TEMPLATES_DIR=
 POLICYGROUPS_DIR="%s/templates"
 ''' % (self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -358,7 +365,8 @@ TEMPLATES_DIR="%s"
 POLICYGROUPS_DIR="%s/templates"
 ''' % ('', self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -375,7 +383,8 @@ TEMPLATES_DIR="%s/policygroups"
 POLICYGROUPS_DIR="%s/templates"
 ''' % ('/nonexistent', self.tmpdir)

-        open(self.conffile, 'w').write(contents)
+        with open(self.conffile, 'w') as f:
+            f.write(contents)
        try:
            easyprof.AppArmorEasyProfile(self.binary, self.options)
        except AppArmorException:
@@ -535,7 +544,8 @@ POLICYGROUPS_DIR="%s/templates"

            path = os.path.join(easyp.dirs['templates'], f)
            self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
-            open(path).read()
+            with open(path) as fd:
+                fd.read()

    def test_templates_list_include(self):
        '''Test templates (list with --include-templates-dir)'''
@@ -577,7 +587,8 @@ POLICYGROUPS_DIR="%s/templates"

            path = os.path.join(easyp.dirs['templates_include'], f)
            self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
-            open(path).read()
+            with open(path) as fd:
+                fd.read()

            bn = os.path.basename(f)
            # setup() copies everything in the include prefixed with inc_
@@ -612,7 +623,8 @@ POLICYGROUPS_DIR="%s/templates"

            path = os.path.join(easyp.dirs['policygroups'], f)
            self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
-            open(path).read()
+            with open(path) as fd:
+                fd.read()

    def test_policygroups_list_include(self):
        '''Test policygroups (list with --include-policy-groups-dir)'''
@@ -654,7 +666,8 @@ POLICYGROUPS_DIR="%s/templates"

            path = os.path.join(easyp.dirs['policygroups_include'], f)
            self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
-            open(path).read()
+            with open(path) as fd:
+                fd.read()

            bn = os.path.basename(f)
            # setup() copies everything in the include prefixed with inc_
@@ -672,7 +685,8 @@ POLICYGROUPS_DIR="%s/templates"
        contents = '''
 {"security": {"domain.reverse.appname": {"name": "simple-app"}}}
 '''
-        open(self.manifest, 'w').write(contents)
+        with open(self.manifest, 'w') as f:
+            f.write(contents)

        args = self.full_args
        args.extend(['--manifest', self.manifest])
@@ -685,7 +699,8 @@ POLICYGROUPS_DIR="%s/templates"
        contents = '''
 {"security": {"domain.reverse.appname": {"binary": /nonexistent"}}}
 '''
-        open(self.manifest, 'w').write(contents)
+        with open(self.manifest, 'w') as f:
+            f.write(contents)

        # opt first
        args = self.full_args
@@ -847,9 +862,11 @@ POLICYGROUPS_DIR="%s/templates"
        # create a new template
        template = os.path.join(self.tmpdir, "test-abspath-template")
        shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template)
-        contents = open(template).read()
+        with open(template) as f:
+            contents = f.read()
        test_string = "#teststring"
-        open(template, 'w').write(contents + "\n%s\n" % test_string)
+        with open(template, 'w') as f:
+            f.write(contents + "\n%s\n" % test_string)

        p = self._gen_policy(template=template)

@@ -951,14 +968,16 @@ POLICYGROUPS_DIR="%s/templates"
  # Abstraction file for testing
  /%s r,
 ''' % (f)
-            open(os.path.join(abstractions_dir, f), 'w').write(contents)
+            with open(os.path.join(abstractions_dir, f), 'w') as fd:
+                fd.write(contents)

        for f in tunables:
            contents = '''
 # Tunable file for testing
@{AA_TEST_%s}=foo
 ''' % (f)
-            open(os.path.join(tunables_dir, f), 'w').write(contents)
+            with open(os.path.join(tunables_dir, f), 'w') as fd:
+                fd.write(contents)

        return base_dir

@@ -1071,7 +1090,8 @@ POLICYGROUPS_DIR="%s/templates"
  #include <abstractions/kde>
  #include <abstractions/openssl>
 ''' % (self.test_policygroup)
-        open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w').write(contents)
+        with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
+            f.write(contents)

        groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
        p = self._gen_policy(extra_args=['--policy-groups=%s' % groups])
@@ -1364,7 +1384,8 @@ POLICYGROUPS_DIR="%s/templates"
        # create a new template
        template = os.path.join(self.tmpdir, "test-invalid-template")
        shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template)
-        contents = open(template).read()
+        with open(template) as f:
+            contents = f.read()
        bad_pol = ""
        bad_string = "bzzzt"
        for line in contents.splitlines():
@@ -1373,7 +1394,8 @@ POLICYGROUPS_DIR="%s/templates"
            else:
                bad_pol += line
            bad_pol += "\n"
-        open(template, 'w').write(bad_pol)
+        with open(template, 'w') as f:
+            f.write(bad_pol)
        try:
            self._gen_policy(template=template)
        except AppArmorException:
@@ -1534,7 +1556,8 @@ POLICYGROUPS_DIR="%s/templates"
  #include <abstractions/kde>
  #include <abstractions/openssl>
 ''' % (self.test_policygroup)
-        open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w').write(contents)
+        with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
+            f.write(contents)

        groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
        m = Manifest("test_gen_manifest_policy")
--- a/utils/test/test-aa-notify.py
+++ b/utils/test/test-aa-notify.py
@@ -114,14 +114,13 @@ Feb  4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoc

        handle, self.test_logfile = tempfile.mkstemp(prefix='test-aa-notify-')
        os.close(handle)
-        handle = open(self.test_logfile, "w+")
-        handle.write(
-            test_logfile_contents_999_days_old +
-            test_logfile_contents_30_days_old +
-            test_logfile_contents_unrelevant_entries +
-            test_logfile_contents_0_seconds_old
-        )
-        handle.close()
+        with open(self.test_logfile, "w+") as handle:
+            handle.write(
+                test_logfile_contents_999_days_old +
+                test_logfile_contents_30_days_old +
+                test_logfile_contents_unrelevant_entries +
+                test_logfile_contents_0_seconds_old
+            )

    def AATeardown(self):
        '''Remove temporary log file after tests ended'''