mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

parse_profile_start(): get rid of pps_set_profile

Browse Source 
This value is True if we are in a child profile (not: hat), but that's
information we get "for free", so there's no need to hand it around.
Besides that, it was wrongly set to False for main profiles (which are
not hats).

Remove the pps_set_profile return value from parse_profile_start(), and
always assume True unless we were parsing a hat. For completeness,
explicitely set it to False when parsing a hat.

To make sure child profiles and hats don't get mixed up, add a child
profile to cleanprof_test.{in,out}.

test-libapparmor-test_multi.py always interpreted foo//bar as being
a hat, therefore explicitely mark them as such. (Technically not really
needed since this is the default, but it helps to make things clear.)
This commit is contained in:
Christian Boltz
2021-04-12 13:02:58 +02:00
parent a7816e1a8f
commit e1af0cdeca
5 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
utils/test/test-aa.py
View File

@@ -484,16 +484,16 @@ class AaTest_is_skippable_file(AATest):
class AaTest_parse_profile_start(AATest):
tests = [
# profile start line profile hat profile hat attachment xattrs flags pps_set_profile, pps_set_hat_external
(('/foo {', None, None), ('/foo', '/foo', None, None, None, False, False)),
(('/foo (complain) {', None, None), ('/foo', '/foo', None, None, 'complain', False, False)),
(('profile foo /foo {', None, None), ('foo', 'foo', '/foo', None, None, False, False)), # named profile
(('profile /foo {', '/bar', None), ('/bar', '/foo', None, None, None, True, False)), # child profile
(('/foo//bar {', None, None), ('/foo', 'bar', None, None, None, False, True )), # external hat
(('profile "/foo" (complain) {', None, None), ('/foo', '/foo', None, None, 'complain', False, False)),
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', None, 'user.bar=bar', None, False, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', None, 'user.bar=bar user.foo=*', None, False, False)),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', None, 'myvalue="foo.bar"', None, False, False)),
# profile start line profile hat profile hat attachment xattrs flags pps_set_hat_external
(('/foo {', None, None), ('/foo', '/foo', None, None, None, False)),
(('/foo (complain) {', None, None), ('/foo', '/foo', None, None, 'complain', False)),
(('profile foo /foo {', None, None), ('foo', 'foo', '/foo', None, None, False)), # named profile
(('profile /foo {', '/bar', None), ('/bar', '/foo', None, None, None, False)), # child profile
(('/foo//bar {', None, None), ('/foo', 'bar', None, None, None, True )), # external hat
(('profile "/foo" (complain) {', None, None), ('/foo', '/foo', None, None, 'complain', False)),
(('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', None, 'user.bar=bar', None, False)),
(('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', None, 'user.bar=bar user.foo=*', None, False)),
(('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', None, 'myvalue="foo.bar"', None, False)),
]
def _run_test(self, params, expected):
@@ -511,8 +511,8 @@ class AaTest_parse_profile_start(AATest):
self.assertEqual(prof_storage['attachment'], expected[2])
self.assertEqual(prof_storage['xattrs'], expected[3])
self.assertEqual(prof_storage['flags'], expected[4])
self.assertEqual(prof_storage['profile'], expected[5])
self.assertEqual(prof_storage['external'], expected[6])
self.assertEqual(prof_storage['profile'], True)
self.assertEqual(prof_storage['external'], expected[5])
class AaTest_parse_profile_start_errors(AATest):
tests = [