Make rule.*_localvars methods private

2025-08-31 14:25:52 +00:00 · 2022-11-19 21:43:33 -05:00
parent b904fe78a7
commit e3eb5288cc
16 changed files with 52 additions and 52 deletions
--- a/utils/apparmor/rule/init.py
+++ b/utils/apparmor/rule/init.py
@@ -37,7 +37,7 @@ class BaseRule(metaclass=ABCMeta):
    #   is_covered(self, other_rule)
    #     - check if other_rule is covered by this rule (i.e. is a
    #       subset of this rule's permissions)
-    #   is_equal_localvars(self, other_rule)
+    #   _is_equal_localvars(self, other_rule)
    #     - equality check for the rule-specific fields

    # decides if the (G)lob and Glob w/ (E)xt options are displayed
@@ -152,10 +152,10 @@ class BaseRule(metaclass=ABCMeta):
            return False

        # still here? -> then the common part is covered, check rule-specific things now
-        return self.is_covered_localvars(other_rule)
+        return self._is_covered_localvars(other_rule)

    @abstractmethod
-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if the rule-specific parts of other_rule is covered by this rule object"""

    def _is_covered_plain(self, self_value, self_all, other_value, other_all, cond_name):
@@ -205,7 +205,7 @@ class BaseRule(metaclass=ABCMeta):

    def is_equal(self, rule_obj, strict=False):
        """compare if rule_obj == self
-           Calls is_equal_localvars() to compare rule-specific variables"""
+           Calls _is_equal_localvars() to compare rule-specific variables"""

        if self.audit != rule_obj.audit or self.deny != rule_obj.deny:
            return False
@@ -217,7 +217,7 @@ class BaseRule(metaclass=ABCMeta):
        ):
            return False

-        return self.is_equal_localvars(rule_obj, strict)
+        return self._is_equal_localvars(rule_obj, strict)

    def _is_equal_aare(self, self_value, self_all, other_value, other_all, cond_name):
        """check if other_* is the same as self_* - for AARE"""
@@ -235,7 +235,7 @@ class BaseRule(metaclass=ABCMeta):
        return True

    @abstractmethod
-    def is_equal_localvars(self, other_rule, strict):
+    def _is_equal_localvars(self, other_rule, strict):
        """compare if rule-specific variables are equal"""

    def severity(self, sev_db):
@@ -264,12 +264,12 @@ class BaseRule(metaclass=ABCMeta):
        if qualifier:
            headers.extend((_('Qualifier'), ' '.join(qualifier)))

-        headers.extend(self.logprof_header_localvars())
+        headers.extend(self._logprof_header_localvars())

        return headers

    @abstractmethod
-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        """return the headers (human-readable version of the rule) to display in aa-logprof for this rule object
           returns {'label1': 'value1', 'label2': 'value2'}"""

--- a/utils/apparmor/rule/abi.py
+++ b/utils/apparmor/rule/abi.py
@@ -52,7 +52,7 @@ class AbiRule(IncludeRule):
        else:
            return ('%s%s "%s",%s' % (space, self.rule_name, self.path, self.comment))

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        return [_('Abi'), self.get_clean()]


--- a/utils/apparmor/rule/alias.py
+++ b/utils/apparmor/rule/alias.py
@@ -81,13 +81,13 @@ class AliasRule(BaseRule):

        return '%salias %s -> %s,' % (space, quote_if_needed(self.orig_path), quote_if_needed(self.target))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        # the only way aliases can be covered are exact duplicates
-        return self.is_equal_localvars(other_rule, False)
+        return self._is_equal_localvars(other_rule, False)

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific aliases are equal"""

        if type(rule_obj) is not type(self):
@@ -101,7 +101,7 @@ class AliasRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        headers = []

        return headers + [
--- a/utils/apparmor/rule/boolean.py
+++ b/utils/apparmor/rule/boolean.py
@@ -82,7 +82,7 @@ class BooleanRule(BaseRule):

        return '%s%s = %s' % (space, self.varname, self.value)

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if self.varname != other_rule.varname:
@@ -94,7 +94,7 @@ class BooleanRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -108,7 +108,7 @@ class BooleanRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        headers = []

        return headers + [
--- a/utils/apparmor/rule/capability.py
+++ b/utils/apparmor/rule/capability.py
@@ -98,7 +98,7 @@ class CapabilityRule(BaseRule):
            else:
                raise AppArmorBug("Empty capability rule")

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_list(self.capability, self.all_caps, other_rule.capability, other_rule.all_caps, 'capability'):
@@ -107,7 +107,7 @@ class CapabilityRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -134,7 +134,7 @@ class CapabilityRule(BaseRule):

        return severity

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        cap_txt = logprof_value_or_all(self.capability, self.all_caps)

        return [
--- a/utils/apparmor/rule/change_profile.py
+++ b/utils/apparmor/rule/change_profile.py
@@ -131,7 +131,7 @@ class ChangeProfileRule(BaseRule):

        return ('%s%schange_profile%s%s%s,%s' % (space, self.modifiers_str(), execmode, execcond, targetprofile, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if (self.execmode != other_rule.execmode
@@ -149,7 +149,7 @@ class ChangeProfileRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -170,7 +170,7 @@ class ChangeProfileRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        headers = []

        if self.execmode:
--- a/utils/apparmor/rule/dbus.py
+++ b/utils/apparmor/rule/dbus.py
@@ -234,7 +234,7 @@ class DbusRule(BaseRule):
        else:
            raise AppArmorBug('Empty %(prefix_name)s in %(rule_name)s rule' % {'prefix_name': prefix, 'rule_name': self.rule_name})

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_list(self.access,       self.all_access,        other_rule.access,      other_rule.all_access,      'access'):
@@ -264,7 +264,7 @@ class DbusRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -297,7 +297,7 @@ class DbusRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        access      = logprof_value_or_all(self.access,     self.all_access)
        bus         = logprof_value_or_all(self.bus,        self.all_buses)
        path        = logprof_value_or_all(self.path,       self.all_paths)
--- a/utils/apparmor/rule/file.py
+++ b/utils/apparmor/rule/file.py
@@ -259,7 +259,7 @@ class FileRule(BaseRule):

        return perm_string

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_aare(self.path, self.all_paths, other_rule.path, other_rule.all_paths, 'path'):
@@ -310,7 +310,7 @@ class FileRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -358,7 +358,7 @@ class FileRule(BaseRule):

        return severity

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        headers = []

        path = logprof_value_or_all(self.path, self.all_paths)
--- a/utils/apparmor/rule/include.py
+++ b/utils/apparmor/rule/include.py
@@ -85,7 +85,7 @@ class IncludeRule(BaseRule):
        else:
            return ('%s%s%s "%s"%s' % (space, self.rule_name, ifexists_txt, self.path, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if (self.path != other_rule.path):
@@ -100,7 +100,7 @@ class IncludeRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -117,7 +117,7 @@ class IncludeRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        return [_('Include'), self.get_clean()]

    def get_full_paths(self, profile_dir):
--- a/utils/apparmor/rule/network.py
+++ b/utils/apparmor/rule/network.py
@@ -147,7 +147,7 @@ class NetworkRule(BaseRule):

        return ('%s%snetwork%s%s,%s' % (space, self.modifiers_str(), domain, type_or_protocol, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_plain(self.domain, self.all_domains, other_rule.domain, other_rule.all_domains, 'domain'):
@@ -159,7 +159,7 @@ class NetworkRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -175,7 +175,7 @@ class NetworkRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        family    = logprof_value_or_all(self.domain,           self.all_domains)  # noqa: E221
        sock_type = logprof_value_or_all(self.type_or_protocol, self.all_type_or_protocols)

--- a/utils/apparmor/rule/ptrace.py
+++ b/utils/apparmor/rule/ptrace.py
@@ -130,7 +130,7 @@ class PtraceRule(BaseRule):

        return ('%s%sptrace%s%s,%s' % (space, self.modifiers_str(), access, peer, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -142,7 +142,7 @@ class PtraceRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -157,7 +157,7 @@ class PtraceRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        access = logprof_value_or_all(self.access, self.all_access)
        peer   = logprof_value_or_all(self.peer,   self.all_peers)  # noqa: E221

--- a/utils/apparmor/rule/rlimit.py
+++ b/utils/apparmor/rule/rlimit.py
@@ -196,7 +196,7 @@ class RlimitRule(BaseRule):

        return number

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_plain(self.rlimit, False, other_rule.rlimit, False, 'rlimit'):  # rlimit can't be ALL, therefore using False
@@ -214,7 +214,7 @@ class RlimitRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -229,7 +229,7 @@ class RlimitRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        rlimit_txt = self.rlimit

        if self.all_values:
--- a/utils/apparmor/rule/signal.py
+++ b/utils/apparmor/rule/signal.py
@@ -182,7 +182,7 @@ class SignalRule(BaseRule):

        return ('%s%ssignal%s%s%s,%s' % (space, self.modifiers_str(), access, signal, peer, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -197,7 +197,7 @@ class SignalRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -216,7 +216,7 @@ class SignalRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        access = logprof_value_or_all(self.access, self.all_access)
        signal = logprof_value_or_all(self.signal, self.all_signals)
        peer   = logprof_value_or_all(self.peer,   self.all_peers)  # noqa: E221
--- a/utils/apparmor/rule/userns.py
+++ b/utils/apparmor/rule/userns.py
@@ -98,7 +98,7 @@ class UserNamespaceRule(BaseRule):

        return('%s%suserns%s,%s' % (space, self.modifiers_str(), access, self.comment))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        '''check if other_rule is covered by this rule object'''

        if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -107,7 +107,7 @@ class UserNamespaceRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        '''compare if rule-specific variables are equal'''

        if type(rule_obj) is not type(self):
@@ -119,7 +119,7 @@ class UserNamespaceRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        access = logprof_value_or_all(self.access, self.all_access)

        return (
--- a/utils/apparmor/rule/variable.py
+++ b/utils/apparmor/rule/variable.py
@@ -95,7 +95,7 @@ class VariableRule(BaseRule):

        return '%s%s %s %s' % (space, self.varname, self.mode, ' '.join(data))

-    def is_covered_localvars(self, other_rule):
+    def _is_covered_localvars(self, other_rule):
        """check if other_rule is covered by this rule object"""

        if self.varname != other_rule.varname:
@@ -110,7 +110,7 @@ class VariableRule(BaseRule):
        # still here? -> then it is covered
        return True

-    def is_equal_localvars(self, rule_obj, strict):
+    def _is_equal_localvars(self, rule_obj, strict):
        """compare if rule-specific variables are equal"""

        if type(rule_obj) is not type(self):
@@ -127,7 +127,7 @@ class VariableRule(BaseRule):

        return True

-    def logprof_header_localvars(self):
+    def _logprof_header_localvars(self):
        headers = []

        return headers + [
--- a/utils/test/test-baserule.py
+++ b/utils/test/test-baserule.py
@@ -29,11 +29,11 @@ class TestBaserule(AATest):

        def get_clean(self, depth=0): pass

-        def is_covered_localvars(self, other_rule): pass
+        def _is_covered_localvars(self, other_rule): pass

-        def is_equal_localvars(self, other_rule, strict): pass
+        def _is_equal_localvars(self, other_rule, strict): pass

-        def logprof_header_localvars(self): pass
+        def _logprof_header_localvars(self): pass

    def test_implemented_abstract_methods(self):
        self.ValidSubclass()