From c5f301f976dd1625721731b114623e0055ec06fa Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 12 May 2024 12:36:09 +0200 Subject: [PATCH 1/2] ProfileStorage: incldue profile header in __repr__() ProfileStorage knows a whole profile, therefore it should also include the profile header in __repr__(). Also add a test for this. --- utils/apparmor/profile_storage.py | 7 +++++-- utils/test/test-profile-storage.py | 11 +++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/utils/apparmor/profile_storage.py b/utils/apparmor/profile_storage.py index df0eb2d21..ce4802026 100644 --- a/utils/apparmor/profile_storage.py +++ b/utils/apparmor/profile_storage.py @@ -132,8 +132,11 @@ class ProfileStorage: raise AppArmorBug('Attempt to overwrite "%s" with %s, type %s' % (key, value, type(value))) def __repr__(self): - name = type(self).__name__ - return '\n<%s>\n%s\n\n' % (name, '\n'.join(self.get_rules_clean(1)), name) + classname = type(self).__name__ + header = '\n'.join(self.get_header(0, self['name'], False)) + rules = '\n'.join(self.get_rules_clean(1)) + endprofile = '}' + return f'\n<{classname}>\n{header}\n{rules}\n{endprofile}\n\n' def get(self, key, fallback=None): if key in self.data: diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py index a970a1457..d33c636f2 100644 --- a/utils/test/test-profile-storage.py +++ b/utils/test/test-profile-storage.py @@ -13,6 +13,7 @@ import unittest from apparmor.common import AppArmorBug, AppArmorException from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, var_transform +from apparmor.rule.capability import CapabilityRule from common_test import AATest, setup_all_loops @@ -122,6 +123,16 @@ class TestSetInvalid(AATest): self.storage[params[0]] = params[1] +class AaTest_repr(AATest): + def testRepr(self): + prof_storage = ProfileStorage('/test/foo', 'hat', 'TEST') + prof_storage['name'] = 'foo' + prof_storage['xattrs'] = 'user.bar=bar' + prof_storage['capability'].add(CapabilityRule('dac_override')) + + self.assertEqual(str(prof_storage), '\n\nprofile foo xattrs=(user.bar=bar) {\n capability dac_override,\n\n}\n\n') + + class AaTest_parse_profile_start(AATest): tests = ( # profile start line profile hat profile hat attachment xattrs flags pps_set_hat_external From eb3550c1b4894ae6ec90a43df11de5d705de9333 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 12 May 2024 12:37:41 +0200 Subject: [PATCH 2/2] ProfileStorage: test invalid type change ... for a type that doesn't have special handling in __setitem__() --- utils/test/test-profile-storage.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py index d33c636f2..1ce6e298b 100644 --- a/utils/test/test-profile-storage.py +++ b/utils/test/test-profile-storage.py @@ -122,6 +122,12 @@ class TestSetInvalid(AATest): with self.assertRaises(expected): self.storage[params[0]] = params[1] + def testInvalidTypeChange(self): + storage = ProfileStorage('/test/foo', 'hat', 'TEST') + storage.data['invalid'] = 42 # manually set behind __setitem__'s back to avoid checks + with self.assertRaises(AppArmorBug): + storage['invalid'] = 'foo' # attempt to change type from int to str + class AaTest_repr(AATest): def testRepr(self):