[41/38] let aa-mergeprof ask about new hats and subprofiles

If a merged profile contains additional hats or subprofiles, the "old" aa-mergeprof silently created them as additional hasher elements (partly buggy, because subprofiles would end up as '^/subprofile' instead of 'profile /subprofile'). After switching to FileRule, aa-mergeprof crashes on new hats or subprofiles. This patch adds code to ask the user if the new hat or subprofile should be added - which means this patch replaces two bugs (crash + silently adding subprofiles and hats) with a new feature ;-) The new questions also add a new text CMD_ADDSUBPROFILE in ui.py. Finally, the new "button" combinations get added to test-translations.py. If you want to test, try to aa-mergeprof this profile (the subprofile and hat are dummies, nothing ping would really require): #include <tunables/global> /{usr/,}bin/ping { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> capability net_raw, capability setuid, network inet raw, network inet6 raw, /{,usr/}bin/ping mixr, /etc/modules.conf r, ^hat { /bin/hat r, /bin/bash px, } profile /subprofile { /bin/subprofile r, /bin/bash px, } # Site-specific additions and overrides. See local/README for details. #include <local/bin.ping> } Note that this patch is not covered by unittests, but it passed all my manual tests. Acked-by: Steve Beattie <steve@nxnw.org> Bug: https://launchpad.net/bugs/1507469
2025-08-29 13:28:19 +00:00 · 2016-10-01 20:21:06 +02:00 · 2016-10-01 20:21:06 +02:00 · c9a1a02c83
commit c9a1a02c83
parent 71f67354f3
3 changed files with 37 additions and 1 deletions
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@ -24,7 +24,7 @@ import apparmor.cleanprofile as cleanprofile
 import apparmor.ui as aaui

 from apparmor.aa import (add_to_options, available_buttons, combine_name, delete_duplicates,
-                         get_profile_filename, is_known_rule, match_includes,
+                         get_profile_filename, is_known_rule, match_includes, profile_storage,
                         set_options_audit_mode, propose_file_rules, selection_to_rule_obj)
 from apparmor.aare import AARE
 from apparmor.common import AppArmorException
@ -289,6 +289,39 @@ class Merge(object):
        sev_db.load_variables(get_profile_filename(profile))

        for hat in sorted(other.aa[profile].keys()):
+
+            if not aa[profile].get(hat):
+                ans = ''
+                while ans not in ['CMD_ADDHAT', 'CMD_ADDSUBPROFILE', 'CMD_DENY']:
+                    q = aaui.PromptQuestion()
+                    q.headers += [_('Profile'), profile]
+
+                    if other.aa[profile][hat]['profile']:
+                        q.headers += [_('Requested Subprofile'), hat]
+                        q.functions.append('CMD_ADDSUBPROFILE')
+                    else:
+                        q.headers += [_('Requested Hat'), hat]
+                        q.functions.append('CMD_ADDHAT')
+
+                    q.functions += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED']
+
+                    q.default = 'CMD_DENY'
+
+                    ans = q.promptUser()[0]
+
+                    if ans == 'CMD_FINISHED':
+                        return
+
+                if ans == 'CMD_DENY':
+                    continue  # don't ask about individual rules if the user doesn't want the additional subprofile/hat
+
+                if other.aa[profile][hat]['profile']:
+                    aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing subprofile')
+                    aa[profile][hat]['profile'] = True
+                else:
+                    aa[profile][hat] = profile_storage(profile, hat, 'mergeprof ask_the_questions() - missing hat')
+                    aa[profile][hat]['profile'] = False
+
            #Add the includes from the other profile to the user profile
            done = False

--- a/utils/apparmor/ui.py
+++ b/utils/apparmor/ui.py
@ -254,6 +254,7 @@ CMDS = {'CMD_ALLOW': _('(A)llow'),
        'CMD_GLOB': _('(G)lob'),
        'CMD_GLOBEXT': _('Glob with (E)xtension'),
        'CMD_ADDHAT': _('(A)dd Requested Hat'),
+        'CMD_ADDSUBPROFILE': _('(A)dd Requested Subprofile'),
        'CMD_USEDEFAULT': _('(U)se Default Hat'),
        'CMD_SCAN': _('(S)can system log for AppArmor events'),
        'CMD_HELP': _('(H)elp'),
--- a/utils/test/test-translations.py
+++ b/utils/test/test-translations.py
@ -32,6 +32,8 @@ class TestHotkeyConflicts(AATest):
        (['CMD_YES', 'CMD_NO', 'CMD_CANCEL'],                                                                                               True),  # ui.py UI_YesNo() and UI_YesNoCancel
        (['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY'],                                                         True),  # aa-mergeprof act()
        (['CMD_ALLOW', 'CMD_ABORT'],                                                                                                        True),  # aa-mergeprof conflict_mode()
+        (['CMD_ADDSUBPROFILE', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'],                                                                    True),  # aa-mergeprof ask_the_questions() - new subprofile
+        (['CMD_ADDHAT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'],                                                                           True),  # aa-mergeprof ask_the_questions() - new hat
    ]

    def _run_test(self, params, expected):