mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

ProfileStorage: store correct name

Browse Source 
Instead of always storing the name of the main profile, store the child
profile/hat name if we are in a child profile or hat.

As a result, we always get the correct "profile xy" header even for
child profiles when dumping the ProfileStorage object.

Also extend the tests to check that the name gets stored correctly.
This commit is contained in:
Christian Boltz
2024-10-06 14:34:55 +02:00
parent bb460ba467
commit cb943e4efc
2 changed files with 20 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
utils/apparmor/profile_storage.py
View File

@@ -222,10 +222,12 @@ class ProfileStorage:
% {'profile': profile, 'file': file, 'line': lineno + 1}) % {'profile': profile, 'file': file, 'line': lineno + 1})
hat = matches['profile'] hat = matches['profile']
prof_or_hat_name = hat
pps_set_hat_external = False pps_set_hat_external = False
else: # stand-alone profile else: # stand-alone profile
profile = matches['profile'] profile = matches['profile']
prof_or_hat_name = profile
if len(profile.split('//')) > 2: if len(profile.split('//')) > 2:
raise AppArmorException( raise AppArmorException(
"Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet." "Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet."
@@ -239,7 +241,7 @@ class ProfileStorage:
prof_storage = cls(profile, hat, cls.__name__ + '.parse()') prof_storage = cls(profile, hat, cls.__name__ + '.parse()')
prof_storage['name'] = profile prof_storage['name'] = prof_or_hat_name
prof_storage['filename'] = file prof_storage['filename'] = file
prof_storage['external'] = pps_set_hat_external prof_storage['external'] = pps_set_hat_external
prof_storage['flags'] = matches['flags'] prof_storage['flags'] = matches['flags']

33
utils/test/test-profile-storage.py
View File

@@ -141,28 +141,29 @@ class AaTest_repr(AATest):
class AaTest_parse_profile_start(AATest): class AaTest_parse_profile_start(AATest):
tests = ( tests = (
# profile start line profile hat profile hat attachment xattrs flags pps_set_hat_external # profile start line profile hat name profile hat attachment xattrs flags pps_set_hat_external
(('/foo {', None, None), ('/foo', '/foo', '', '', None, False)), (('/foo {', None, None), ('/foo', '/foo', '/foo', '', '', None, False)),
(('/foo (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)), (('/foo (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
(('profile foo /foo {', None, None), ('foo', 'foo', '/foo', '', None, False)), # named profile (('profile foo /foo {', None, None), ('foo', 'foo', 'foo', '/foo', '', None, False)), # named profile
(('profile /foo {', '/bar', None), ('/bar', '/foo', '', '', None, False)), # child profile (('profile /foo {', '/bar', None), ('/foo', '/bar', '/foo', '', '', None, False)), # child profile
(('/foo//bar {', None, None), ('/foo', 'bar', '', '', None, True)), # external hat (('/foo//bar {', None, None), ('/foo//bar', '/foo', 'bar', '', '', None, True)), # external hat
(('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)), (('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '', 'user.bar=bar', None, False)), (('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar', None, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)), (('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)), (('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)),
) )
def _run_test(self, params, expected): def _run_test(self, params, expected):
(profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2]) (profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
self.assertEqual(profile, expected[0]) self.assertEqual(prof_storage['name'], expected[0])
self.assertEqual(hat, expected[1]) self.assertEqual(profile, expected[1])
self.assertEqual(prof_storage['attachment'], expected[2]) self.assertEqual(hat, expected[2])
self.assertEqual(prof_storage['xattrs'], expected[3]) self.assertEqual(prof_storage['attachment'], expected[3])
self.assertEqual(prof_storage['flags'], expected[4]) self.assertEqual(prof_storage['xattrs'], expected[4])
self.assertEqual(prof_storage['flags'], expected[5])
self.assertEqual(prof_storage['is_hat'], False) self.assertEqual(prof_storage['is_hat'], False)
self.assertEqual(prof_storage['external'], expected[5]) self.assertEqual(prof_storage['external'], expected[6])
class AaTest_parse_profile_start_errors(AATest): class AaTest_parse_profile_start_errors(AATest):