mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 23:35:37 +00:00
Code Issues Releases Wiki Activity

Ensure opened files are closed.

Browse Source
This commit is contained in:
Mark Grassi
2022-06-18 14:40:58 -04:00
parent d7e3f33aa8
commit bf819bc8e6
6 changed files with 77 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/tst/valgrind_simple.py
View File

@@ -68,11 +68,11 @@ def create_suppressions():
handle, name = tempfile.mkstemp(suffix='.suppressions', prefix='aa-parser-valgrind') handle, name = tempfile.mkstemp(suffix='.suppressions', prefix='aa-parser-valgrind')
os.close(handle) os.close(handle)
handle = open(name,"w+") with open(name, "w+") as handle:
handle.write(VALGRIND_SUPPRESSIONS) handle.write(VALGRIND_SUPPRESSIONS)
handle.close()
return name return name
def main(): def main():
rc = 0 rc = 0
p = ArgumentParser() p = ArgumentParser()

4
utils/apparmor/config.py
View File

@@ -279,9 +279,8 @@ class Config(object):
def py2_parser(filename): def py2_parser(filename):
"""Returns the de-dented ini file from the new format ini""" """Returns the de-dented ini file from the new format ini"""
tmp = tempfile.NamedTemporaryFile('rw') tmp = tempfile.NamedTemporaryFile('rw')
f_out = open(tmp.name, 'w')
if os.path.exists(filename): if os.path.exists(filename):
with open_file_read(filename) as f_in: with open(tmp.name, 'w') as f_out, open_file_read(filename) as f_in:
for line in f_in: for line in f_in:
# The ini format allows for multi-line entries, with the subsequent # The ini format allows for multi-line entries, with the subsequent
# entries being indented deeper hence simple lstrip() is not appropriate # entries being indented deeper hence simple lstrip() is not appropriate
@@ -290,5 +289,4 @@ def py2_parser(filename):
elif line[0] == '\t': elif line[0] == '\t':
line = line[1:] line = line[1:]
f_out.write(line) f_out.write(line)
f_out.flush()
return tmp return tmp

6
utils/apparmor/easyprof.py
View File

@@ -415,7 +415,8 @@ class AppArmorEasyProfile:
def get_template(self): def get_template(self):
'''Get contents of current template''' '''Get contents of current template'''
return open(self.template).read() with open(self.template) as f:
return f.read()
def set_template(self, template, allow_abs_path=True): def set_template(self, template, allow_abs_path=True):
'''Set current template''' '''Set current template'''
@@ -464,7 +465,8 @@ class AppArmorEasyProfile:
if self.policy_groups == None or not p in self.policy_groups: if self.policy_groups == None or not p in self.policy_groups:
raise AppArmorException("Policy group '%s' does not exist" % p) raise AppArmorException("Policy group '%s' does not exist" % p)
return open(p).read() with open(p) as f:
return f.read()
def set_policygroup(self, policygroups): def set_policygroup(self, policygroups):
'''Set policygroups''' '''Set policygroups'''

3
utils/apparmor/sandbox.py
View File

@@ -128,12 +128,11 @@ def aa_exec(command, opt, environ={}, verify_rules=[]):
policy = easyp.gen_policy(**params) policy = easyp.gen_policy(**params)
debug("\n%s" % policy) debug("\n%s" % policy)
tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name) with tempfile.NamedTemporaryFile(prefix='%s-' % policy_name) as tmp:
if sys.version_info[0] >= 3: if sys.version_info[0] >= 3:
tmp.write(bytes(policy, 'utf-8')) tmp.write(bytes(policy, 'utf-8'))
else: else:
tmp.write(policy) tmp.write(policy)
tmp.flush()
debug("using '%s' template" % opt.template) debug("using '%s' template" % opt.template)
# TODO: get rid of this # TODO: get rid of this

69
utils/test/test-aa-easyprof.py
View File

@@ -144,7 +144,8 @@ class T(unittest.TestCase):
} }
''' % (self.test_template) ''' % (self.test_template)
open(os.path.join(self.tmpdir, 'templates', self.test_template), 'w').write(contents) with open(os.path.join(self.tmpdir, 'templates', self.test_template), 'w') as f:
f.write(contents)
# Create a test policygroup # Create a test policygroup
self.test_policygroup = "test-policygroup" self.test_policygroup = "test-policygroup"
@@ -153,7 +154,8 @@ class T(unittest.TestCase):
#include <abstractions/gnome> #include <abstractions/gnome>
#include <abstractions/nameservice> #include <abstractions/nameservice>
''' % (self.test_policygroup) ''' % (self.test_policygroup)
open(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), 'w').write(contents) with open(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), 'w') as f:
f.write(contents)
# setup our conffile # setup our conffile
self.conffile = os.path.join(self.tmpdir, 'easyprof.conf') self.conffile = os.path.join(self.tmpdir, 'easyprof.conf')
@@ -161,7 +163,8 @@ class T(unittest.TestCase):
POLICYGROUPS_DIR="%s/policygroups" POLICYGROUPS_DIR="%s/policygroups"
TEMPLATES_DIR="%s/templates" TEMPLATES_DIR="%s/templates"
''' % (self.tmpdir, self.tmpdir) ''' % (self.tmpdir, self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
self.binary = "/opt/bin/foo" self.binary = "/opt/bin/foo"
self.full_args = ['-c', self.conffile, self.binary] self.full_args = ['-c', self.conffile, self.binary]
@@ -217,7 +220,8 @@ POLICYGROUPS_DIR=
TEMPLATES_DIR="%s/templates" TEMPLATES_DIR="%s/templates"
''' % (self.tmpdir) ''' % (self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -234,7 +238,8 @@ POLICYGROUPS_DIR="%s"
TEMPLATES_DIR="%s/templates" TEMPLATES_DIR="%s/templates"
''' % ('', self.tmpdir) ''' % ('', self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -251,7 +256,8 @@ POLICYGROUPS_DIR="%s/policygroups"
TEMPLATES_DIR="%s/templates" TEMPLATES_DIR="%s/templates"
''' % ('/nonexistent', self.tmpdir) ''' % ('/nonexistent', self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -341,7 +347,8 @@ TEMPLATES_DIR=
POLICYGROUPS_DIR="%s/templates" POLICYGROUPS_DIR="%s/templates"
''' % (self.tmpdir) ''' % (self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -358,7 +365,8 @@ TEMPLATES_DIR="%s"
POLICYGROUPS_DIR="%s/templates" POLICYGROUPS_DIR="%s/templates"
''' % ('', self.tmpdir) ''' % ('', self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -375,7 +383,8 @@ TEMPLATES_DIR="%s/policygroups"
POLICYGROUPS_DIR="%s/templates" POLICYGROUPS_DIR="%s/templates"
''' % ('/nonexistent', self.tmpdir) ''' % ('/nonexistent', self.tmpdir)
open(self.conffile, 'w').write(contents) with open(self.conffile, 'w') as f:
f.write(contents)
try: try:
easyprof.AppArmorEasyProfile(self.binary, self.options) easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException: except AppArmorException:
@@ -535,7 +544,8 @@ POLICYGROUPS_DIR="%s/templates"
path = os.path.join(easyp.dirs['templates'], f) path = os.path.join(easyp.dirs['templates'], f)
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() with open(path) as fd:
fd.read()
def test_templates_list_include(self): def test_templates_list_include(self):
'''Test templates (list with --include-templates-dir)''' '''Test templates (list with --include-templates-dir)'''
@@ -577,7 +587,8 @@ POLICYGROUPS_DIR="%s/templates"
path = os.path.join(easyp.dirs['templates_include'], f) path = os.path.join(easyp.dirs['templates_include'], f)
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() with open(path) as fd:
fd.read()
bn = os.path.basename(f) bn = os.path.basename(f)
# setup() copies everything in the include prefixed with inc_ # setup() copies everything in the include prefixed with inc_
@@ -612,7 +623,8 @@ POLICYGROUPS_DIR="%s/templates"
path = os.path.join(easyp.dirs['policygroups'], f) path = os.path.join(easyp.dirs['policygroups'], f)
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() with open(path) as fd:
fd.read()
def test_policygroups_list_include(self): def test_policygroups_list_include(self):
'''Test policygroups (list with --include-policy-groups-dir)''' '''Test policygroups (list with --include-policy-groups-dir)'''
@@ -654,7 +666,8 @@ POLICYGROUPS_DIR="%s/templates"
path = os.path.join(easyp.dirs['policygroups_include'], f) path = os.path.join(easyp.dirs['policygroups_include'], f)
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() with open(path) as fd:
fd.read()
bn = os.path.basename(f) bn = os.path.basename(f)
# setup() copies everything in the include prefixed with inc_ # setup() copies everything in the include prefixed with inc_
@@ -672,7 +685,8 @@ POLICYGROUPS_DIR="%s/templates"
contents = ''' contents = '''
{"security": {"domain.reverse.appname": {"name": "simple-app"}}} {"security": {"domain.reverse.appname": {"name": "simple-app"}}}
''' '''
open(self.manifest, 'w').write(contents) with open(self.manifest, 'w') as f:
f.write(contents)
args = self.full_args args = self.full_args
args.extend(['--manifest', self.manifest]) args.extend(['--manifest', self.manifest])
@@ -685,7 +699,8 @@ POLICYGROUPS_DIR="%s/templates"
contents = ''' contents = '''
{"security": {"domain.reverse.appname": {"binary": /nonexistent"}}} {"security": {"domain.reverse.appname": {"binary": /nonexistent"}}}
''' '''
open(self.manifest, 'w').write(contents) with open(self.manifest, 'w') as f:
f.write(contents)
# opt first # opt first
args = self.full_args args = self.full_args
@@ -847,9 +862,11 @@ POLICYGROUPS_DIR="%s/templates"
# create a new template # create a new template
template = os.path.join(self.tmpdir, "test-abspath-template") template = os.path.join(self.tmpdir, "test-abspath-template")
shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template) shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template)
contents = open(template).read() with open(template) as f:
contents = f.read()
test_string = "#teststring" test_string = "#teststring"
open(template, 'w').write(contents + "\n%s\n" % test_string) with open(template, 'w') as f:
f.write(contents + "\n%s\n" % test_string)
p = self._gen_policy(template=template) p = self._gen_policy(template=template)
@@ -951,14 +968,16 @@ POLICYGROUPS_DIR="%s/templates"
# Abstraction file for testing # Abstraction file for testing
/%s r, /%s r,
''' % (f) ''' % (f)
open(os.path.join(abstractions_dir, f), 'w').write(contents) with open(os.path.join(abstractions_dir, f), 'w') as fd:
fd.write(contents)
for f in tunables: for f in tunables:
contents = ''' contents = '''
# Tunable file for testing # Tunable file for testing
@{AA_TEST_%s}=foo @{AA_TEST_%s}=foo
''' % (f) ''' % (f)
open(os.path.join(tunables_dir, f), 'w').write(contents) with open(os.path.join(tunables_dir, f), 'w') as fd:
fd.write(contents)
return base_dir return base_dir
@@ -1071,7 +1090,8 @@ POLICYGROUPS_DIR="%s/templates"
#include <abstractions/kde> #include <abstractions/kde>
#include <abstractions/openssl> #include <abstractions/openssl>
''' % (self.test_policygroup) ''' % (self.test_policygroup)
open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w').write(contents) with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
f.write(contents)
groups = "%s,%s" % (self.test_policygroup, test_policygroup2) groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
p = self._gen_policy(extra_args=['--policy-groups=%s' % groups]) p = self._gen_policy(extra_args=['--policy-groups=%s' % groups])
@@ -1364,7 +1384,8 @@ POLICYGROUPS_DIR="%s/templates"
# create a new template # create a new template
template = os.path.join(self.tmpdir, "test-invalid-template") template = os.path.join(self.tmpdir, "test-invalid-template")
shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template) shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), template)
contents = open(template).read() with open(template) as f:
contents = f.read()
bad_pol = "" bad_pol = ""
bad_string = "bzzzt" bad_string = "bzzzt"
for line in contents.splitlines(): for line in contents.splitlines():
@@ -1373,7 +1394,8 @@ POLICYGROUPS_DIR="%s/templates"
else: else:
bad_pol += line bad_pol += line
bad_pol += "\n" bad_pol += "\n"
open(template, 'w').write(bad_pol) with open(template, 'w') as f:
f.write(bad_pol)
try: try:
self._gen_policy(template=template) self._gen_policy(template=template)
except AppArmorException: except AppArmorException:
@@ -1534,7 +1556,8 @@ POLICYGROUPS_DIR="%s/templates"
#include <abstractions/kde> #include <abstractions/kde>
#include <abstractions/openssl> #include <abstractions/openssl>
''' % (self.test_policygroup) ''' % (self.test_policygroup)
open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w').write(contents) with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
f.write(contents)
groups = "%s,%s" % (self.test_policygroup, test_policygroup2) groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
m = Manifest("test_gen_manifest_policy") m = Manifest("test_gen_manifest_policy")

3
utils/test/test-aa-notify.py
View File

@@ -114,14 +114,13 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoc
handle, self.test_logfile = tempfile.mkstemp(prefix='test-aa-notify-') handle, self.test_logfile = tempfile.mkstemp(prefix='test-aa-notify-')
os.close(handle) os.close(handle)
handle = open(self.test_logfile, "w+") with open(self.test_logfile, "w+") as handle:
handle.write( handle.write(
test_logfile_contents_999_days_old + test_logfile_contents_999_days_old +
test_logfile_contents_30_days_old + test_logfile_contents_30_days_old +
test_logfile_contents_unrelevant_entries + test_logfile_contents_unrelevant_entries +
test_logfile_contents_0_seconds_old test_logfile_contents_0_seconds_old
) )
handle.close()
def AATeardown(self): def AATeardown(self):
'''Remove temporary log file after tests ended''' '''Remove temporary log file after tests ended'''