From e3e5528dbcf4a0426e5bf1616c9a653cbe1abb09 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Tue, 10 Apr 2007 14:45:09 +0000 Subject: [PATCH] Add sketchy profile conversion script. --- utils/convert-profile.pl | 108 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100755 utils/convert-profile.pl diff --git a/utils/convert-profile.pl b/utils/convert-profile.pl new file mode 100755 index 000000000..35a049ea2 --- /dev/null +++ b/utils/convert-profile.pl @@ -0,0 +1,108 @@ +#! /usr/bin/perl -w + +# Very simple script to try converting AppArmor profiles to the new +# profile syntax as of April 2007. +# +# Copyright (C) 2007 Andreas Gruenbacher +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +use FileHandle; +use strict; + +sub match($) { + my ($str) = @_; + + return ($str =~ /^(\s*)(\/\S*)(\s.*,)$/); +} + +sub alterations($) { + my ($str) = @_; + + if ($str =~ /^([^{]*){([^}]*,[^}]*)}(.*)$/) { + my @strs = map { "$1$_$3" } split(/,/, $2); + return map { alterations($_) } @strs; + } else { + return ($str); + } +} + +my %known_dirs; + +sub remember_pathname($) { + my ($str) = @_; + my $pathname; + + for (split /(\/)/, $str) { + if ($_ eq '/' && $pathname ne '') { + #print "<<>> $pathname\n"; + $known_dirs{$pathname} = 1; + } + $pathname .= $_; + } +} + +sub add_slash($$) { + my ($str, $perms) = @_; + + return exists $known_dirs{$str} || $str =~ /\*\*$/ || + -d $str; +} + +sub never_add_slash($$) { + my ($str, $perms) = @_; + + return $perms =~ /[lmx]/ || $str =~ /\.(so|cf|db|conf|config|log|pid|so\*)$/ || + $str =~ /\*\*|\/$/ || (-e $str && ! -d $str); + +} + +foreach my $filename (@ARGV) { + my $fh = new FileHandle("< $filename"); + + while (<$fh>) { + if (my @fields = match($_)) { + for my $x (alterations($fields[1])) { + remember_pathname($x); + } + } + } +} + +if (@ARGV == 0) { + print "Usage: $0 profile ...\n"; + print "Tries to convert the profile to the new profile syntax, and\n" . + "prints the result to standard output. The result may need" . + "further review.\n"; + exit 0; +} + +foreach my $filename (@ARGV) { + my $fh = new FileHandle("< $filename"); + + while (<$fh>) { + if (my @fields = match($_)) { + for my $x (alterations($fields[1])) { + if (never_add_slash($x, $fields[2])) { + print $_; + } elsif (add_slash($x, $fields[2])) { + print "$fields[0]$x/$fields[2] # (dir)\n"; + } else { + print "$fields[0]$x/$fields[2] # (maybe-dir)\n"; + print $_; + } + } + } else { + print $_; + } + } +} + +# vim: smartindent softtabstop=4 shiftwidth=4