diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof index cde488cce..a9a5ea743 100755 --- a/utils/aa-mergeprof +++ b/utils/aa-mergeprof @@ -24,7 +24,7 @@ import apparmor.cleanprofile as cleanprofile import apparmor.ui as aaui from apparmor.aa import (add_to_options, available_buttons, combine_name, delete_duplicates, - get_profile_filename, is_known_rule, match_includes, + get_profile_filename, is_known_rule, match_includes, profile_storage, set_options_audit_mode, propose_file_rules, selection_to_rule_obj) from apparmor.aare import AARE from apparmor.common import AppArmorException @@ -289,6 +289,39 @@ class Merge(object): sev_db.load_variables(get_profile_filename(profile)) for hat in sorted(other.aa[profile].keys()): + + if not aa[profile].get(hat): + ans = '' + while ans not in ['CMD_ADDHAT', 'CMD_ADDSUBPROFILE', 'CMD_DENY']: + q = aaui.PromptQuestion() + q.headers += [_('Profile'), profile] + + if other.aa[profile][hat]['profile']: + q.headers += [_('Requested Subprofile'), hat] + q.functions.append('CMD_ADDSUBPROFILE') + else: + q.headers += [_('Requested Hat'), hat] + q.functions.append('CMD_ADDHAT') + + q.functions += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'] + + q.default = 'CMD_DENY' + + ans = q.promptUser()[0] + + if ans == 'CMD_FINISHED': + return + + if ans == 'CMD_DENY': + continue # don't ask about individual rules if the user doesn't want the additional subprofile/hat + + if other.aa[profile][hat]['profile']: + aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing subprofile') + aa[profile][hat]['profile'] = True + else: + aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing hat') + aa[profile][hat]['profile'] = False + #Add the includes from the other profile to the user profile done = False diff --git a/utils/apparmor/ui.py b/utils/apparmor/ui.py index 1a1d5a91d..49af11154 100644 --- a/utils/apparmor/ui.py +++ b/utils/apparmor/ui.py @@ -254,6 +254,7 @@ CMDS = {'CMD_ALLOW': _('(A)llow'), 'CMD_GLOB': _('(G)lob'), 'CMD_GLOBEXT': _('Glob with (E)xtension'), 'CMD_ADDHAT': _('(A)dd Requested Hat'), + 'CMD_ADDSUBPROFILE': _('(A)dd Requested Subprofile'), 'CMD_USEDEFAULT': _('(U)se Default Hat'), 'CMD_SCAN': _('(S)can system log for AppArmor events'), 'CMD_HELP': _('(H)elp'), diff --git a/utils/test/test-translations.py b/utils/test/test-translations.py index 5a0228001..0ddd8a484 100644 --- a/utils/test/test-translations.py +++ b/utils/test/test-translations.py @@ -32,6 +32,8 @@ class TestHotkeyConflicts(AATest): (['CMD_YES', 'CMD_NO', 'CMD_CANCEL'], True), # ui.py UI_YesNo() and UI_YesNoCancel (['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY'], True), # aa-mergeprof act() (['CMD_ALLOW', 'CMD_ABORT'], True), # aa-mergeprof conflict_mode() + (['CMD_ADDSUBPROFILE', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa-mergeprof ask_the_questions() - new subprofile + (['CMD_ADDHAT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa-mergeprof ask_the_questions() - new hat ] def _run_test(self, params, expected):