2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00

Cleanup old handling of mount rules

Now that we have MountRule and MountRuleset, drop the old "just store
the whole rule" code for mount rules.

Also drop some old tests that used that "store the whole mount rule"
code, and adjust the regex_matches tests to import the regex directly
from apparmor.regex.
This commit is contained in:
Christian Boltz
2024-03-01 19:46:02 +01:00
parent b264bb62c9
commit da75b1c8d8
3 changed files with 3 additions and 84 deletions

View File

@@ -39,7 +39,7 @@ from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletyp
from apparmor.regex import (
RE_HAS_COMMENT_SPLIT, RE_PROFILE_CHANGE_HAT, RE_PROFILE_CONDITIONAL,
RE_PROFILE_CONDITIONAL_BOOLEAN, RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_END,
RE_PROFILE_HAT_DEF, RE_PROFILE_MOUNT, RE_PROFILE_PIVOT_ROOT, RE_PROFILE_START,
RE_PROFILE_HAT_DEF, RE_PROFILE_PIVOT_ROOT, RE_PROFILE_START,
RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, parse_profile_start_line, re_match_include)
from apparmor.rule.abi import AbiRule
from apparmor.rule.capability import CapabilityRule
@@ -1995,29 +1995,6 @@ def parse_profile_data(data, file, do_include, in_preamble):
# Conditional Boolean defined
pass
elif RE_PROFILE_MOUNT.search(line):
matches = RE_PROFILE_MOUNT.search(line).groups()
if not profile:
raise AppArmorException(_('Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s')
% {'file': file, 'line': lineno + 1})
audit = False
if matches[0]:
audit = True
allow = 'allow'
if matches[1] and matches[1].strip() == 'deny':
allow = 'deny'
mount = matches[2]
mount_rule = parse_mount_rule(mount)
mount_rule.audit = audit
mount_rule.deny = (allow == 'deny')
mount_rules = profile_data[profname][allow].get('mount', [])
mount_rules.append(mount_rule)
profile_data[profname][allow]['mount'] = mount_rules
elif RE_PROFILE_PIVOT_ROOT.search(line):
matches = RE_PROFILE_PIVOT_ROOT.search(line).groups()
@@ -2202,11 +2179,6 @@ def split_to_merged(profile_data):
return merged
def parse_mount_rule(line):
# XXX Do real parsing here
return aarules.Raw_Mount_Rule(line)
def parse_pivot_root_rule(line):
# XXX Do real parsing here
return aarules.Raw_Pivot_Root_Rule(line)

View File

@@ -1,53 +0,0 @@
#! /usr/bin/python3
# ------------------------------------------------------------------
#
# Copyright (C) 2014 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
import unittest
import apparmor.aa as aa
from common_test import AAParseTest, setup_aa, setup_regex_tests
class BaseAAParseMountTest(AAParseTest):
def setUp(self):
self.parse_function = aa.parse_mount_rule
class AAParseMountTest(BaseAAParseMountTest):
tests = (
('mount,', 'mount base keyword rule'),
('mount -o ro,', 'mount ro rule'),
('mount -o rw /dev/sdb1 -> /mnt/external,', 'mount rw with mount point'),
)
class AAParseRemountTest(BaseAAParseMountTest):
tests = (
('remount,', 'remount base keyword rule'),
('remount -o ro,', 'remount ro rule'),
('remount -o ro /,', 'remount ro with mountpoint'),
)
class AAParseUmountTest(BaseAAParseMountTest):
tests = (
('umount,', 'umount base keyword rule'),
('umount /mnt/external,', 'umount with mount point'),
('unmount,', 'unmount base keyword rule'),
('unmount /mnt/external,', 'unmount with mount point'),
)
setup_aa(aa)
if __name__ == '__main__':
setup_regex_tests(AAParseMountTest)
setup_regex_tests(AAParseRemountTest)
setup_regex_tests(AAParseUmountTest)
unittest.main(verbosity=1)

View File

@@ -14,7 +14,7 @@ import unittest
import apparmor.aa as aa
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.regex import (
RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_MOUNT, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
RE_PROFILE_START, parse_profile_start_line, re_match_include,
re_match_include_parse, strip_parenthesis, strip_quotes)
from common_test import AATest, setup_aa, setup_all_loops
@@ -248,7 +248,7 @@ class AARegexMount(AARegexTest):
"""Tests for RE_PROFILE_MOUNT"""
def AASetup(self):
self.regex = aa.RE_PROFILE_MOUNT
self.regex = RE_PROFILE_MOUNT
tests = (
(' mount,', (None, None, 'mount,', 'mount', None, None)),