utils: Require apparmor.aa users to call init_aa()

Introduce an apparmor.aa.init_aa() method and move the initialization code of the apparmor.aa module into it. Note that this change will break any external users of apparmor.aa because global variables that were previously initialized when importing apparmor.aa will not be initialized unless a call to the new apparmor.aa.init_aa() method is made. The main purpose of this change is to allow the utils tests to be able to set a non-default location for configuration files. Instead of hard-coding the location of logprof.conf and other utils related configuration files to /etc/apparmor/, this patch allows it to be configured by calling apparmor.aa.init_aa(confdir=PATH). This allows for the make check target to use the in-tree config file, profiles, and parser by default. A helper method, setup_aa(), is added to common_test.py that checks for an environment variable containing a non-default configuration directory path prior to calling apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated to call setup_aa(). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Suggested-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2025-09-01 23:05:11 +00:00 · 2017-03-02 21:21:53 +00:00
parent f30ab46af7
commit ea0732becc
17 changed files with 65 additions and 27 deletions
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@@ -66,6 +66,7 @@ args = parser.parse_args()
 profiling = args.program
 profiledir = args.dir
 apparmor.init_aa()
 apparmor.set_logfile(args.file)
 aa_mountpoint = apparmor.check_for_apparmor()
--- a/utils/aa-logprof
+++ b/utils/aa-logprof
@@ -34,6 +34,7 @@ args = parser.parse_args()
 profiledir = args.dir
 logmark = args.mark or ''
 apparmor.init_aa()
 apparmor.set_logfile(args.file)
 aa_mountpoint = apparmor.check_for_apparmor()
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@@ -43,6 +43,8 @@ args = parser.parse_args()
 args.other = None
 apparmor.aa.init_aa()
 profiles = args.files
 profiledir = args.dir
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -40,6 +40,7 @@ args = parser.parse_args()
 paranoid = args.paranoid
 aa.init_aa()
 aa_mountpoint = aa.check_for_apparmor()
 if not aa_mountpoint:
    raise aa.AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -73,14 +73,14 @@ _ = init_translation()
 # Setup logging incase of debugging is enabled
 debug_logger = DebugLogger('aa')
 CONFDIR = '/etc/apparmor'
 # The database for severity
 sev_db = None
 # The file to read log messages from
 ### Was our
 logfile = None
 CONFDIR = None
 conf = None
 cfg = None
 repo_cfg = None
@@ -3741,24 +3741,33 @@ def logger_path():
 ######Initialisations######
-conf = apparmor.config.Config('ini', CONFDIR)
+def init_aa(confdir="/etc/apparmor"):
-cfg = conf.read_config('logprof.conf')
+    global CONFDIR
    global conf
    global cfg
    global profile_dir
    global extra_profile_dir
    global parser
-# prevent various failures if logprof.conf doesn't exist
+    CONFDIR = confdir
-if not cfg.sections():
+    conf = apparmor.config.Config('ini', CONFDIR)
-    cfg.add_section('settings')
+    cfg = conf.read_config('logprof.conf')
    cfg.add_section('required_hats')
-if cfg['settings'].get('default_owner_prompt', False):
+    # prevent various failures if logprof.conf doesn't exist
-    cfg['settings']['default_owner_prompt'] = ''
+    if not cfg.sections():
        cfg.add_section('settings')
        cfg.add_section('required_hats')
-profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
+    if cfg['settings'].get('default_owner_prompt', False):
-if not os.path.isdir(profile_dir):
+        cfg['settings']['default_owner_prompt'] = ''
    raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
-extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
+    profile_dir = conf.find_first_dir(cfg['settings'].get('profiledir')) or '/etc/apparmor.d'
    if not os.path.isdir(profile_dir):
        raise AppArmorException('Can\'t find AppArmor profiles in %s' % (profile_dir))
-parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
+    extra_profile_dir = conf.find_first_dir(cfg['settings'].get('inactive_profiledir')) or '/usr/share/apparmor/extra-profiles/'
-if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
+
-    raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
+    parser = conf.find_first_file(cfg['settings'].get('parser')) or '/sbin/apparmor_parser'
    if not os.path.isfile(parser) or not os.access(parser, os.EX_OK):
        raise AppArmorException('Can\'t find apparmor_parser at %s' % (parser))
--- a/utils/apparmor/cleanprofile.py
+++ b/utils/apparmor/cleanprofile.py
@@ -16,6 +16,7 @@ import apparmor.aa as apparmor
 class Prof(object):
    def __init__(self, filename):
        apparmor.init_aa()
        self.aa = apparmor.aa
        self.filelist = apparmor.filelist
        self.include = apparmor.include
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -31,6 +31,8 @@ class aa_tools:
        self.silent = None
        self.do_reload = args.do_reload
        apparmor.init_aa()
        if tool_name in ['audit']:
            self.remove = args.remove
        elif tool_name == 'autodep':
--- a/utils/test/Makefile
+++ b/utils/test/Makefile
@@ -23,11 +23,13 @@ include $(COMMONDIR)/Make.rules
 ifdef USE_SYSTEM
    LD_LIBRARY_PATH=
    PYTHONPATH=
    CONFDIR=
 else
    # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
    PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
    LD_LIBRARY_PATH=../../libraries/libapparmor/src/.libs/
    PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
    CONFDIR=$(CURDIR)
 endif
 .PHONY: __libapparmor
@@ -62,10 +64,10 @@ clean:
 	rm -rf __pycache__/ .coverage htmlcov
 check: __libapparmor
-	export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ; export LC_ALL=C; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
+	export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
 .coverage: $(wildcard ../aa-* ../apparmor/*.py test-*.py) __libapparmor
-	export PYTHONPATH=$(PYTHONPATH) ; export LD_LIBRARY_PATH=$(LD_LIBRARY_PATH); export LC_ALL=C; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
+	export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) ; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
 	$(PYTHON) -m coverage combine
 coverage: .coverage
--- a/utils/test/common_test.py
+++ b/utils/test/common_test.py
@@ -103,6 +103,17 @@ def setup_regex_tests(test_class):
        stub_test.__doc__ = "test '%s': %s" % (line, desc)
        setattr(test_class, 'test_%d' % (i), stub_test)
 def setup_aa(aa):
    confdir = os.getenv('__AA_CONFDIR')
    try:
        if confdir:
            aa.init_aa(confdir=confdir)
        else:
            aa.init_aa()
    except AttributeError:
        # apparmor.aa module versions <= 2.11 do not have the init_aa() method
        pass
 def write_file(directory, file, contents):
    '''construct path, write contents to it, and return the constructed path'''
    path = os.path.join(directory, file)
--- a/utils/test/minitools_test.py
+++ b/utils/test/minitools_test.py
@@ -16,7 +16,7 @@ import shutil
 import subprocess
 import sys
 import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
 import apparmor.aa as apparmor
 from common_test import read_file
@@ -156,6 +156,7 @@ class MinitoolsTest(AATest):
        self.assertEqual(exp_content, real_content, 'Failed to cleanup profile properly')
 setup_aa(apparmor)
 setup_all_loops(__name__)
 if __name__ == '__main__':
    unittest.main(verbosity=2)
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -10,7 +10,7 @@
 # ------------------------------------------------------------------
 import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
 from common_test import read_file, write_file
 import os
@@ -855,6 +855,7 @@ class AaTest_propose_file_rules(AATest):
        proposals = propose_file_rules(profile, rule_obj)
        self.assertEqual(proposals, expected)
 setup_aa(apparmor.aa)
 setup_all_loops(__name__)
 if __name__ == '__main__':
    unittest.main(verbosity=2)
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@@ -10,7 +10,7 @@
 # ------------------------------------------------------------------
 import unittest
-from common_test import AATest, setup_all_loops, read_file
+from common_test import AATest, setup_all_loops, setup_aa, read_file
 import os
 from apparmor.common import open_file_read
@@ -267,6 +267,7 @@ print('Testing libapparmor test_multi tests...')
 TestLibapparmorTestMulti.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
 TestLogToProfile.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
 setup_aa(apparmor.aa)
 setup_all_loops(__name__)
 if __name__ == '__main__':
    unittest.main(verbosity=1)  # reduced verbosity due to the big number of tests
--- a/utils/test/test-mount_parse.py
+++ b/utils/test/test-mount_parse.py
@@ -11,7 +11,7 @@
 import apparmor.aa as aa
 import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
 class BaseAAParseMountTest(AAParseTest):
    def setUp(self):
@@ -39,6 +39,7 @@ class AAParseUmountTest(BaseAAParseMountTest):
        ('unmount /mnt/external,', 'unmount with mount point'),
    ]
 setup_aa(aa)
 if __name__ == '__main__':
    setup_regex_tests(AAParseMountTest)
    setup_regex_tests(AAParseRemountTest)
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -10,7 +10,7 @@
 # ------------------------------------------------------------------
 import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
 import apparmor.aa as apparmor
 import os
@@ -397,6 +397,7 @@ def find_and_setup_test_profiles(profile_dir):
    print('Running %s parser simple_tests...' % len(TestParseParserTests.tests))
 setup_aa(apparmor)
 find_and_setup_test_profiles('../../parser/tst/simple_tests/')
 setup_all_loops(__name__)
--- a/utils/test/test-pivot_root_parse.py
+++ b/utils/test/test-pivot_root_parse.py
@@ -11,7 +11,7 @@
 import apparmor.aa as aa
 import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
 class AAParsePivotRootTest(AAParseTest):
    def setUp(self):
@@ -24,6 +24,7 @@ class AAParsePivotRootTest(AAParseTest):
        ('pivot_root /old /new -> /usr/bin/child,', 'pivot_root child rule'),
    ]
 setup_aa(aa)
 if __name__ == '__main__':
    setup_regex_tests(AAParsePivotRootTest)
    unittest.main(verbosity=2)
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -11,7 +11,7 @@
 import apparmor.aa as aa
 import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops, setup_aa
 from apparmor.common import AppArmorBug, AppArmorException
 from apparmor.regex import ( strip_parenthesis, strip_quotes, parse_profile_start_line, re_match_include,
@@ -502,6 +502,7 @@ class TestStripQuotes(AATest):
 setup_aa(aa)
 setup_all_loops(__name__)
 if __name__ == '__main__':
    # these two are not converted to a tests[] loop yet
--- a/utils/test/test-unix_parse.py
+++ b/utils/test/test-unix_parse.py
@@ -11,7 +11,7 @@
 import apparmor.aa as aa
 import unittest
-from common_test import AAParseTest, setup_regex_tests
+from common_test import AAParseTest, setup_regex_tests, setup_aa
 class AAParseUnixTest(AAParseTest):
@@ -34,6 +34,7 @@ class AAParseUnixTest(AAParseTest):
            'complex unix rule'),
    ]
 setup_aa(aa)
 if __name__ == '__main__':
    setup_regex_tests(AAParseUnixTest)
    unittest.main(verbosity=2)