mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

[6/7] make log_dict a parameter of ask_the_questions()

Browse Source 
This allows to hand over any source instead of using the global variable.

Now that the function expects its input as parameter,  get rid of the
global log_dict, which means
- change collapse_log() to initialize log_dict as local variable and
  return it
- change do_logprof_pass() to catch collapse_log()'s return value and
  hand it over to ask_the_questions()
- drop all references to the global log_dict variable
- update test-libapparmor-test_multi to follow the changes

Also fix an if condition that would fail if aa[profile][hat] does not
exist - get() defaults to None if the requested item doesn't exist, and
None.get('file') will raise an Exception.


Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Christian Boltz
2017-01-19 16:52:38 +01:00
parent 4ec82daa00
commit d1fa70ac22
2 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
utils/apparmor/aa.py
View File

@@ -117,7 +117,6 @@ pid = dict()
seen = hasher() # dir() seen = hasher() # dir()
profile_changes = hasher() profile_changes = hasher()
prelog = hasher() prelog = hasher()
log_dict = hasher() # dict()
changed = dict() changed = dict()
created = [] created = []
skip = hasher() skip = hasher()
@@ -1486,7 +1485,7 @@ def order_globs(globs, original_path):
return globs return globs
def ask_the_questions(): def ask_the_questions(log_dict):
for aamode in sorted(log_dict.keys()): for aamode in sorted(log_dict.keys()):
# Describe the type of changes # Describe the type of changes
if aamode == 'PERMITTING': if aamode == 'PERMITTING':
@@ -1513,7 +1512,7 @@ def ask_the_questions():
for hat in hats: for hat in hats:
if not aa[profile].get(hat).get('file'): if not aa[profile].get(hat, {}).get('file'):
if aamode != 'merge': if aamode != 'merge':
# Ignore log events for a non-existing profile or child profile. Such events can occour # Ignore log events for a non-existing profile or child profile. Such events can occour
# after deleting a profile or hat manually, or when processing a foreign log. # after deleting a profile or hat manually, or when processing a foreign log.
@@ -1590,7 +1589,6 @@ def ask_the_questions():
for ruletype in ruletypes: for ruletype in ruletypes:
for rule_obj in log_dict[aamode][profile][hat][ruletype].rules: for rule_obj in log_dict[aamode][profile][hat][ruletype].rules:
# XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
if is_known_rule(aa[profile][hat], ruletype, rule_obj): if is_known_rule(aa[profile][hat], ruletype, rule_obj):
continue continue
@@ -1723,7 +1721,6 @@ def ask_the_questions():
else: else:
done = False done = False
# END of code (mostly) shared with aa-mergeprof
def selection_to_rule_obj(rule_obj, selection): def selection_to_rule_obj(rule_obj, selection):
rule_type = type(rule_obj) rule_type = type(rule_obj)
@@ -1880,7 +1877,6 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
# aa = hasher() # aa = hasher()
# profile_changes = hasher() # profile_changes = hasher()
# prelog = hasher() # prelog = hasher()
# log_dict = hasher()
# changed = dict() # changed = dict()
# skip = hasher() # XXX global? # skip = hasher() # XXX global?
# filelist = hasher() # filelist = hasher()
@@ -1912,9 +1908,9 @@ def do_logprof_pass(logmark='', passno=0, pid=pid):
for pid in sorted(profile_changes.keys()): for pid in sorted(profile_changes.keys()):
set_process(pid, profile_changes[pid]) set_process(pid, profile_changes[pid])
collapse_log() log_dict = collapse_log()
ask_the_questions() ask_the_questions(log_dict)
if aaui.UI_mode == 'yast': if aaui.UI_mode == 'yast':
# To-Do # To-Do
@@ -2120,6 +2116,7 @@ def set_process(pid, profile):
process.close() process.close()
def collapse_log(): def collapse_log():
log_dict = hasher()
for aamode in prelog.keys(): for aamode in prelog.keys():
for profile in prelog[aamode].keys(): for profile in prelog[aamode].keys():
for hat in prelog[aamode][profile].keys(): for hat in prelog[aamode][profile].keys():
@@ -2200,6 +2197,8 @@ def collapse_log():
if not is_known_rule(aa[profile][hat], 'signal', signal_event): if not is_known_rule(aa[profile][hat], 'signal', signal_event):
log_dict[aamode][profile][hat]['signal'].add(signal_event) log_dict[aamode][profile][hat]['signal'].add(signal_event)
return log_dict
def is_skippable_file(path): def is_skippable_file(path):
"""Returns True if filename matches something to be skipped (rpm or dpkg backup files, hidden files etc.) """Returns True if filename matches something to be skipped (rpm or dpkg backup files, hidden files etc.)
The list of skippable files needs to be synced with apparmor initscript and libapparmor _aa_is_blacklisted() The list of skippable files needs to be synced with apparmor initscript and libapparmor _aa_is_blacklisted()

5
utils/test/test-libapparmor-test_multi.py
View File

@@ -214,7 +214,6 @@ class TestLogToProfile(AATest):
apparmor.aa.log = dict() apparmor.aa.log = dict()
apparmor.aa.aa = apparmor.aa.hasher() apparmor.aa.aa = apparmor.aa.hasher()
apparmor.aa.prelog = apparmor.aa.hasher() apparmor.aa.prelog = apparmor.aa.hasher()
apparmor.aa.log_dict = apparmor.aa.hasher()
profile = parsed_event['profile'] profile = parsed_event['profile']
hat = profile hat = profile
@@ -229,12 +228,12 @@ class TestLogToProfile(AATest):
for root in log: for root in log:
apparmor.aa.handle_children('', '', root) # interactive for exec events! apparmor.aa.handle_children('', '', root) # interactive for exec events!
apparmor.aa.collapse_log() log_dict = apparmor.aa.collapse_log()
apparmor.aa.filelist = apparmor.aa.hasher() apparmor.aa.filelist = apparmor.aa.hasher()
apparmor.aa.filelist[profile_dummy_file]['profiles'][profile] = True apparmor.aa.filelist[profile_dummy_file]['profiles'][profile] = True
new_profile = apparmor.aa.serialize_profile(apparmor.aa.log_dict[aamode][profile], profile, None) new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile], profile, None)
expected_profile = read_file('%s.profile' % params) expected_profile = read_file('%s.profile' % params)