mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Indent line continuations per PEP 8.

Browse Source
This commit is contained in:
Mark Grassi 2022-07-25 21:16:27 -04:00
parent aff9bb8f81
commit e4f88cc3a8
14 changed files with 56 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
parser/tst/caching.py
View File

@ -137,11 +137,13 @@ class AAParserCachingCommon(testlib.AATestTemplate):
with open(features_path) as f: with open(features_path) as f:
features = f.read() features = f.read()
if expected: if expected:
self.assertEqual(expected_output, features, self.assertEqual(
"features contents differ, expected:\n%s\nresult:\n%s" % (expected_output, features)) expected_output, features,
"features contents differ, expected:\n%s\nresult:\n%s" % (expected_output, features))
else: else:
self.assertNotEqual(expected_output, features, self.assertNotEqual(
"features contents equal, expected:\n%s\nresult:\n%s" % (expected_output, features)) expected_output, features,
"features contents equal, expected:\n%s\nresult:\n%s" % (expected_output, features))
class AAParserBasicCachingTests(AAParserCachingCommon): class AAParserBasicCachingTests(AAParserCachingCommon):

3
utils/aa-easyprof
View File

@ -100,8 +100,7 @@ if __name__ == "__main__":
apparmor.easyprof.print_files(files) apparmor.easyprof.print_files(files)
sys.exit(0) sys.exit(0)
elif binary is None and not options.profile_name and \ elif binary is None and not options.profile_name and not options.manifest:
not options.manifest:
error("Must specify binary and/or profile name\n%s" % m) error("Must specify binary and/or profile name\n%s" % m)
params = apparmor.easyprof.gen_policy_params(binary, options) params = apparmor.easyprof.gen_policy_params(binary, options)

32
utils/apparmor/easyprof.py
View File

@ -282,9 +282,9 @@ class AppArmorEasyProfile:
if opt.templates_dir and os.path.isdir(opt.templates_dir): if opt.templates_dir and os.path.isdir(opt.templates_dir):
self.dirs['templates'] = os.path.abspath(opt.templates_dir) self.dirs['templates'] = os.path.abspath(opt.templates_dir)
elif not opt.templates_dir and \ elif not opt.templates_dir and \
opt.template and \ opt.template and \
os.path.isfile(opt.template) and \ os.path.isfile(opt.template) and \
valid_path(opt.template): valid_path(opt.template):
# If we specified the template and it is an absolute path, just set # If we specified the template and it is an absolute path, just set
# the templates directory to the parent of the template so we don't # the templates directory to the parent of the template so we don't
# have to require --template-dir with absolute paths. # have to require --template-dir with absolute paths.
@ -521,18 +521,20 @@ class AppArmorEasyProfile:
return rule return rule
def gen_policy(self, name, def gen_policy(
binary=None, self,
profile_name=None, name,
template_var=[], binary=None,
abstractions=None, profile_name=None,
policy_groups=None, template_var=[],
read_path=[], abstractions=None,
write_path=[], policy_groups=None,
author=None, read_path=[],
comment=None, write_path=[],
copyright=None, author=None,
no_verify=False): comment=None,
copyright=None,
no_verify=False):
def find_prefix(t, s): def find_prefix(t, s):
'''Calculate whitespace prefix based on occurrence of s in t''' '''Calculate whitespace prefix based on occurrence of s in t'''
pat = re.compile(r'^ *%s' % s) pat = re.compile(r'^ *%s' % s)

20
utils/apparmor/rule/__init__.py
View File

@ -80,12 +80,14 @@ class BaseRule:
return None, True return None, True
elif type(rulepart) is str: elif type(rulepart) is str:
if len(rulepart.strip()) == 0: if len(rulepart.strip()) == 0:
raise AppArmorBug('Passed empty %(partname)s to %(classname)s: %(rulepart)s' % raise AppArmorBug(
{'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) 'Passed empty %(partname)s to %(classname)s: %(rulepart)s'
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
return AARE(rulepart, is_path=is_path, log_event=log_event), False return AARE(rulepart, is_path=is_path, log_event=log_event), False
else: else:
raise AppArmorBug('Passed unknown %(partname)s to %(classname)s: %(rulepart)s' raise AppArmorBug(
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) 'Passed unknown %(partname)s to %(classname)s: %(rulepart)s'
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
def __repr__(self): def __repr__(self):
classname = self.__class__.__name__ classname = self.__class__.__name__
@ -506,14 +508,16 @@ def check_and_split_list(lst, allowed_keywords, all_obj, classname, keyword_name
elif type(lst) in (list, tuple, set) and (len(lst) > 0 or allow_empty_list): elif type(lst) in (list, tuple, set) and (len(lst) > 0 or allow_empty_list):
result_list = set(lst) result_list = set(lst)
else: else:
raise AppArmorBug('Passed unknown %(type)s object to %(classname)s: %(unknown_object)s' % raise AppArmorBug(
{'type': type(lst), 'classname': classname, 'unknown_object': str(lst)}) 'Passed unknown %(type)s object to %(classname)s: %(unknown_object)s' %
{'type': type(lst), 'classname': classname, 'unknown_object': str(lst)})
unknown_items = set() unknown_items = set()
for item in result_list: for item in result_list:
if not item.strip(): if not item.strip():
raise AppArmorBug('Passed empty %(keyword_name)s to %(classname)s' % raise AppArmorBug(
{'keyword_name': keyword_name, 'classname': classname}) 'Passed empty %(keyword_name)s to %(classname)s' %
{'keyword_name': keyword_name, 'classname': classname})
if item not in allowed_keywords: if item not in allowed_keywords:
unknown_items.add(item) unknown_items.add(item)

4
utils/apparmor/rule/alias.py
View File

@ -72,8 +72,8 @@ class AliasRule(BaseRule):
orig_path = strip_quotes(matches.group('orig_path').strip()) orig_path = strip_quotes(matches.group('orig_path').strip())
target = strip_quotes(matches.group('target').strip()) target = strip_quotes(matches.group('target').strip())
return AliasRule(orig_path, target, return AliasRule(
audit=False, deny=False, allow_keyword=False, comment=comment) orig_path, target, audit=False, deny=False, allow_keyword=False, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

2
utils/apparmor/rule/dbus.py
View File

@ -190,7 +190,7 @@ class DbusRule(BaseRule):
peerlabel = DbusRule.ALL peerlabel = DbusRule.ALL
return DbusRule(access, bus, path, name, interface, member, peername, peerlabel, return DbusRule(access, bus, path, name, interface, member, peername, peerlabel,
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment) audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

2
utils/apparmor/rule/file.py
View File

@ -188,7 +188,7 @@ class FileRule(BaseRule):
file_keyword = bool(matches.group('file_keyword')) file_keyword = bool(matches.group('file_keyword'))
return FileRule(path, perms, exec_perms, target, owner, file_keyword, leading_perms, return FileRule(path, perms, exec_perms, target, owner, file_keyword, leading_perms,
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment) audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

3
utils/apparmor/rule/include.py
View File

@ -69,8 +69,7 @@ class IncludeRule(BaseRule):
# TODO: move re_match_include_parse() from regex.py to this class after converting all code to use IncludeRule # TODO: move re_match_include_parse() from regex.py to this class after converting all code to use IncludeRule
path, ifexists, ismagic = re_match_include_parse(raw_rule, cls.rule_name) path, ifexists, ismagic = re_match_include_parse(raw_rule, cls.rule_name)
return cls(path, ifexists, ismagic, return cls(path, ifexists, ismagic, audit=False, deny=False, allow_keyword=False, comment=comment)
audit=False, deny=False, allow_keyword=False, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

6
utils/apparmor/rule/ptrace.py
View File

@ -56,7 +56,7 @@ class PtraceRule(BaseRule):
comment='', log_event=None): comment='', log_event=None):
super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword, super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword,
comment=comment, log_event=log_event) comment=comment, log_event=log_event)
self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, PtraceRule.ALL, 'PtraceRule', 'access') self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, PtraceRule.ALL, 'PtraceRule', 'access')
if unknown_items: if unknown_items:
@ -104,8 +104,8 @@ class PtraceRule(BaseRule):
access = PtraceRule.ALL access = PtraceRule.ALL
peer = PtraceRule.ALL peer = PtraceRule.ALL
return PtraceRule(access, peer, return PtraceRule(
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment) access, peer, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

3
utils/apparmor/rule/rlimit.py
View File

@ -131,8 +131,7 @@ class RlimitRule(BaseRule):
else: else:
raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) # pragma: no cover - would need breaking the regex raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) # pragma: no cover - would need breaking the regex
return RlimitRule(rlimit, value, return RlimitRule(rlimit, value, comment=comment)
comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

2
utils/apparmor/rule/signal.py
View File

@ -143,7 +143,7 @@ class SignalRule(BaseRule):
peer = SignalRule.ALL peer = SignalRule.ALL
return SignalRule(access, signal, peer, return SignalRule(access, signal, peer,
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment) audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0): def get_clean(self, depth=0):
'''return rule (in clean/default formatting)''' '''return rule (in clean/default formatting)'''

23
utils/apparmor/sandbox.py
View File

@ -101,8 +101,7 @@ def parse_args(args=None, parser=None):
def gen_policy_name(binary): def gen_policy_name(binary):
'''Generate a temporary policy based on the binary name''' '''Generate a temporary policy based on the binary name'''
return "sandbox-%s%s" % (pwd.getpwuid(os.geteuid())[0], return "sandbox-%s%s" % (pwd.getpwuid(os.geteuid())[0], re.sub(r'/', '_', binary))
re.sub(r'/', '_', binary))
def set_environ(env): def set_environ(env):
keys = env.keys() keys = env.keys()
@ -169,10 +168,7 @@ def run_sandbox(command, opt):
return rc, report return rc, report
class SandboxXserver(): class SandboxXserver():
def __init__(self, title, geometry=None, def __init__(self, title, geometry=None, driver=None, xauth=None, clipboard=False):
driver=None,
xauth=None,
clipboard=False):
self.geometry = geometry self.geometry = geometry
self.title = title self.title = title
self.pids = [] self.pids = []
@ -673,17 +669,14 @@ def run_xsandbox(command, opt):
# first, start X # first, start X
if opt.xserver.lower() == "xephyr": if opt.xserver.lower() == "xephyr":
x = SandboxXephyr(command[0], geometry=opt.xephyr_geometry, x = SandboxXephyr(command[0], geometry=opt.xephyr_geometry, xauth=opt.xauthority)
xauth=opt.xauthority)
elif opt.xserver.lower() == "xpra3d": elif opt.xserver.lower() == "xpra3d":
x = SandboxXpra(command[0], geometry=None, x = SandboxXpra(
driver="xdummy", command[0], geometry=None, driver="xdummy", xauth=opt.xauthority,
xauth=opt.xauthority, clipboard=opt.with_clipboard)
clipboard=opt.with_clipboard)
else: else:
x = SandboxXpra(command[0], geometry=None, x = SandboxXpra(
xauth=opt.xauthority, command[0], geometry=None, xauth=opt.xauthority, clipboard=opt.with_clipboard)
clipboard=opt.with_clipboard)
x.verify_host_setup() x.verify_host_setup()

3
utils/test/test-change_profile.py
View File

@ -144,8 +144,7 @@ class ChangeProfileFromInit(ChangeProfileTest):
(ChangeProfileRule('unsafe', '/foo', '/bar') , exp(False, False, False, '' , 'unsafe', '/foo', False, '/bar' , False)), (ChangeProfileRule('unsafe', '/foo', '/bar') , exp(False, False, False, '' , 'unsafe', '/foo', False, '/bar' , False)),
(ChangeProfileRule(None , '/foo', ChangeProfileRule.ALL) , exp(False, False, False, '' , None , '/foo', False, None , True )), (ChangeProfileRule(None , '/foo', ChangeProfileRule.ALL) , exp(False, False, False, '' , None , '/foo', False, None , True )),
(ChangeProfileRule(None , ChangeProfileRule.ALL, '/bar') , exp(False, False, False, '' , None , None , True , '/bar' , False)), (ChangeProfileRule(None , ChangeProfileRule.ALL, '/bar') , exp(False, False, False, '' , None , None , True , '/bar' , False)),
(ChangeProfileRule(None , ChangeProfileRule.ALL, (ChangeProfileRule(None , ChangeProfileRule.ALL, ChangeProfileRule.ALL), exp(False, False, False, '' , None, None , True , None , True )),
ChangeProfileRule.ALL) , exp(False, False, False, '' , None, None , True , None , True )),
) )
def _run_test(self, obj, expected): def _run_test(self, obj, expected):

3
utils/test/test-regex_matches.py
View File

@ -269,8 +269,7 @@ class AARegexSignal(AARegexTest):
(' signal (send, receive),', (None, None, 'signal (send, receive),', '(send, receive)', None)), (' signal (send, receive),', (None, None, 'signal (send, receive),', '(send, receive)', None)),
(' audit signal (receive),', ('audit', None, 'signal (receive),', '(receive)', None)), (' audit signal (receive),', ('audit', None, 'signal (receive),', '(receive)', None)),
(' signal (send, receive) set=(usr1 usr2),', (None, None, 'signal (send, receive) set=(usr1 usr2),', '(send, receive) set=(usr1 usr2)', None)), (' signal (send, receive) set=(usr1 usr2),', (None, None, 'signal (send, receive) set=(usr1 usr2),', '(send, receive) set=(usr1 usr2)', None)),
(' signal send set=(hup, quit) peer=/usr/sbin/daemon,', (None, None, 'signal send set=(hup, quit) peer=/usr/sbin/daemon,', (' signal send set=(hup, quit) peer=/usr/sbin/daemon,', (None, None, 'signal send set=(hup, quit) peer=/usr/sbin/daemon,', 'send set=(hup, quit) peer=/usr/sbin/daemon', None)),
'send set=(hup, quit) peer=/usr/sbin/daemon', None)),
(' signalling,', False), (' signalling,', False),
(' audit signalling,', False), (' audit signalling,', False),