Cleanup old handling of mount rules

Now that we have MountRule and MountRuleset, drop the old "just store the whole rule" code for mount rules. Also drop some old tests that used that "store the whole mount rule" code, and adjust the regex_matches tests to import the regex directly from apparmor.regex.
2025-08-31 14:25:52 +00:00 · 2024-03-01 19:46:02 +01:00
parent b264bb62c9
commit da75b1c8d8
3 changed files with 3 additions and 84 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -39,7 +39,7 @@ from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletyp
 from apparmor.regex import (
    RE_HAS_COMMENT_SPLIT, RE_PROFILE_CHANGE_HAT, RE_PROFILE_CONDITIONAL,
    RE_PROFILE_CONDITIONAL_BOOLEAN, RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_END,
-    RE_PROFILE_HAT_DEF, RE_PROFILE_MOUNT, RE_PROFILE_PIVOT_ROOT, RE_PROFILE_START,
+    RE_PROFILE_HAT_DEF, RE_PROFILE_PIVOT_ROOT, RE_PROFILE_START,
    RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, parse_profile_start_line, re_match_include)
 from apparmor.rule.abi import AbiRule
 from apparmor.rule.capability import CapabilityRule
@@ -1995,29 +1995,6 @@ def parse_profile_data(data, file, do_include, in_preamble):
            # Conditional Boolean defined
            pass

-        elif RE_PROFILE_MOUNT.search(line):
-            matches = RE_PROFILE_MOUNT.search(line).groups()
-
-            if not profile:
-                raise AppArmorException(_('Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s')
-                                        % {'file': file, 'line': lineno + 1})
-
-            audit = False
-            if matches[0]:
-                audit = True
-            allow = 'allow'
-            if matches[1] and matches[1].strip() == 'deny':
-                allow = 'deny'
-            mount = matches[2]
-
-            mount_rule = parse_mount_rule(mount)
-            mount_rule.audit = audit
-            mount_rule.deny = (allow == 'deny')
-
-            mount_rules = profile_data[profname][allow].get('mount', [])
-            mount_rules.append(mount_rule)
-            profile_data[profname][allow]['mount'] = mount_rules
-
        elif RE_PROFILE_PIVOT_ROOT.search(line):
            matches = RE_PROFILE_PIVOT_ROOT.search(line).groups()

@@ -2202,11 +2179,6 @@ def split_to_merged(profile_data):
    return merged


-def parse_mount_rule(line):
-    # XXX Do real parsing here
-    return aarules.Raw_Mount_Rule(line)
-
-
 def parse_pivot_root_rule(line):
    # XXX Do real parsing here
    return aarules.Raw_Pivot_Root_Rule(line)
--- a/utils/test/test-mount_parse.py
+++ b/utils/test/test-mount_parse.py
@@ -1,53 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-#    Copyright (C) 2014 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import unittest
-
-import apparmor.aa as aa
-from common_test import AAParseTest, setup_aa, setup_regex_tests
-
-
-class BaseAAParseMountTest(AAParseTest):
-    def setUp(self):
-        self.parse_function = aa.parse_mount_rule
-
-
-class AAParseMountTest(BaseAAParseMountTest):
-    tests = (
-        ('mount,', 'mount base keyword rule'),
-        ('mount -o ro,', 'mount ro rule'),
-        ('mount -o rw /dev/sdb1 -> /mnt/external,', 'mount rw with mount point'),
-    )
-
-
-class AAParseRemountTest(BaseAAParseMountTest):
-    tests = (
-        ('remount,', 'remount base keyword rule'),
-        ('remount -o ro,', 'remount ro rule'),
-        ('remount -o ro /,', 'remount ro with mountpoint'),
-    )
-
-
-class AAParseUmountTest(BaseAAParseMountTest):
-    tests = (
-        ('umount,', 'umount base keyword rule'),
-        ('umount /mnt/external,', 'umount with mount point'),
-        ('unmount,', 'unmount base keyword rule'),
-        ('unmount /mnt/external,', 'unmount with mount point'),
-    )
-
-
-setup_aa(aa)
-if __name__ == '__main__':
-    setup_regex_tests(AAParseMountTest)
-    setup_regex_tests(AAParseRemountTest)
-    setup_regex_tests(AAParseUmountTest)
-    unittest.main(verbosity=1)
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -14,7 +14,7 @@ import unittest
 import apparmor.aa as aa
 from apparmor.common import AppArmorBug, AppArmorException
 from apparmor.regex import (
-    RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
+    RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_MOUNT, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
    RE_PROFILE_START, parse_profile_start_line, re_match_include,
    re_match_include_parse, strip_parenthesis, strip_quotes)
 from common_test import AATest, setup_aa, setup_all_loops
@@ -248,7 +248,7 @@ class AARegexMount(AARegexTest):
    """Tests for RE_PROFILE_MOUNT"""

    def AASetup(self):
-        self.regex = aa.RE_PROFILE_MOUNT
+        self.regex = RE_PROFILE_MOUNT

    tests = (
        ('   mount,',           (None,    None,   'mount,',   'mount',   None, None)),