mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

add --include-templates-dir and --include-policy-groups-dir options to

Browse Source 
easyprof to support framework policy on snappy
This commit is contained in:
Jamie Strandboge
2015-03-26 16:59:05 -05:00
parent 5a17ffb598
commit f47c54984d
4 changed files with 173 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
utils/aa-easyprof
View File

@@ -68,16 +68,38 @@ if __name__ == "__main__":
apparmor.easyprof.print_basefilenames(easyp.get_templates()) apparmor.easyprof.print_basefilenames(easyp.get_templates())
sys.exit(0) sys.exit(0)
elif options.template and options.show_template: elif options.template and options.show_template:
files = [os.path.join(easyp.dirs['templates'], options.template)] sys_t = os.path.join(easyp.dirs['templates'], options.template)
apparmor.easyprof.print_files(files) inc_t = None
if options.include_templates_dir:
inc_t = os.path.join(easyp.dirs['templates_include'],
options.template)
if os.path.exists(sys_t):
apparmor.easyprof.print_files([sys_t])
elif os.path.exists(inc_t):
apparmor.easyprof.print_files([inc_t])
else:
error("Could not find '%s'" % options.template)
sys.exit(0) sys.exit(0)
elif options.list_policy_groups: elif options.list_policy_groups:
apparmor.easyprof.print_basefilenames(easyp.get_policy_groups()) apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
sys.exit(0) sys.exit(0)
elif options.policy_groups and options.show_policy_group: elif options.policy_groups and options.show_policy_group:
files = []
for g in options.policy_groups.split(','): for g in options.policy_groups.split(','):
files = [os.path.join(easyp.dirs['policygroups'], g)] sys_g = os.path.join(easyp.dirs['policygroups'], g)
apparmor.easyprof.print_files(files) inc_g = None
if options.include_policy_groups_dir:
inc_g = os.path.join(easyp.dirs['policygroups_include'], g)
if os.path.exists(sys_g):
files.append(sys_g)
elif os.path.exists(inc_g):
files.append(inc_g)
else:
warn("Could not find '%s'" % g)
apparmor.easyprof.print_files(files)
sys.exit(0) sys.exit(0)
elif binary == None and not options.profile_name and \ elif binary == None and not options.profile_name and \
not options.manifest: not options.manifest:

12
utils/aa-easyprof.pod
View File

@@ -105,6 +105,12 @@ Display template specified with --template.
Use PATH instead of system templates directory. Use PATH instead of system templates directory.
=item --include-templates-dir=PATH
Include PATH when searching for templates in addition to the system templates
directory (or the one specified with --templates-dir). System templates will
match before those in PATH.
=item --list-policy-groups =item --list-policy-groups
List available policy groups. List available policy groups.
@@ -117,6 +123,12 @@ Display policy groups specified with --policy.
Use PATH instead of system policy-groups directory. Use PATH instead of system policy-groups directory.
=item --include-policy-groups-dir=PATH
Include PATH when searching for policy groups in addition to the system
policy-groups directory (or the one specified with --policy-groups-dir). System
policy-groups will match before those in PATH.
=item --policy-version=VERSION =item --policy-version=VERSION
Must be used with --policy-vendor and is used to specify the version of policy Must be used with --policy-vendor and is used to specify the version of policy

83
utils/apparmor/easyprof.py
View File

@@ -312,15 +312,26 @@ class AppArmorEasyProfile:
# the templates directory to the parent of the template so we don't # the templates directory to the parent of the template so we don't
# have to require --template-dir with absolute paths. # have to require --template-dir with absolute paths.
self.dirs['templates'] = os.path.abspath(os.path.dirname(opt.template)) self.dirs['templates'] = os.path.abspath(os.path.dirname(opt.template))
if opt.include_templates_dir and \
os.path.isdir(opt.include_templates_dir):
self.dirs['templates_include'] = os.path.abspath(opt.include_templates_dir)
if opt.policy_groups_dir and os.path.isdir(opt.policy_groups_dir): if opt.policy_groups_dir and os.path.isdir(opt.policy_groups_dir):
self.dirs['policygroups'] = os.path.abspath(opt.policy_groups_dir) self.dirs['policygroups'] = os.path.abspath(opt.policy_groups_dir)
if opt.include_policy_groups_dir and \
os.path.isdir(opt.include_policy_groups_dir):
self.dirs['policygroups_include'] = os.path.abspath(opt.include_policy_groups_dir)
self.policy_version = None self.policy_version = None
self.policy_vendor = None self.policy_vendor = None
if (opt.policy_version and not opt.policy_vendor) or \ if (opt.policy_version and not opt.policy_vendor) or \
(opt.policy_vendor and not opt.policy_version): (opt.policy_vendor and not opt.policy_version):
raise AppArmorException("Must specify both policy version and vendor") raise AppArmorException("Must specify both policy version and vendor")
# If specified --policy-version and --policy-vendor, use
# templates_dir/policy_vendor/policy_version
if opt.policy_version and opt.policy_vendor: if opt.policy_version and opt.policy_vendor:
self.policy_vendor = opt.policy_vendor self.policy_vendor = opt.policy_vendor
self.policy_version = str(opt.policy_version) self.policy_version = str(opt.policy_version)
@@ -361,11 +372,22 @@ class AppArmorEasyProfile:
for f in get_directory_contents(self.dirs['templates']): for f in get_directory_contents(self.dirs['templates']):
if os.path.isfile(f): if os.path.isfile(f):
self.templates.append(f) self.templates.append(f)
if 'templates_include' in self.dirs:
for f in get_directory_contents(self.dirs['templates_include']):
if os.path.isfile(f) and f not in self.templates:
self.templates.append(f)
self.policy_groups = [] self.policy_groups = []
for f in get_directory_contents(self.dirs['policygroups']): for f in get_directory_contents(self.dirs['policygroups']):
if os.path.isfile(f): if os.path.isfile(f):
self.policy_groups.append(f) self.policy_groups.append(f)
if 'policygroups_include' in self.dirs:
for f in get_directory_contents(self.dirs['policygroups_include']):
if os.path.isfile(f) and f not in self.policy_groups:
self.policy_groups.append(f)
def _get_defaults(self): def _get_defaults(self):
'''Read in defaults from configuration''' '''Read in defaults from configuration'''
if not os.path.exists(self.conffile): if not os.path.exists(self.conffile):
@@ -411,13 +433,25 @@ class AppArmorEasyProfile:
elif template.startswith('/') and not allow_abs_path: elif template.startswith('/') and not allow_abs_path:
raise AppArmorException("Cannot use an absolute path template '%s'" % template) raise AppArmorException("Cannot use an absolute path template '%s'" % template)
# If have abs path, just use it
if template.startswith('/'): if template.startswith('/'):
if not os.path.exists(template):
raise AppArmorException('%s does not exist' % (template))
self.template = template self.template = template
else: return
self.template = os.path.join(self.dirs['templates'], template)
if not os.path.exists(self.template): # Find the template since we don't have an abs path
raise AppArmorException('%s does not exist' % (self.template)) sys_t = os.path.join(self.dirs['templates'], template)
inc_t = None
if 'templates_include' in self.dirs:
inc_t = os.path.join(self.dirs['templates_include'], template)
if os.path.exists(sys_t):
self.template = sys_t
elif inc_t is not None and os.path.exists(inc_t):
self.template = inc_t
else:
raise AppArmorException('%s does not exist' % (template))
def get_templates(self): def get_templates(self):
'''Get list of all available templates by filename''' '''Get list of all available templates by filename'''
@@ -427,7 +461,16 @@ class AppArmorEasyProfile:
'''Get contents of specific policygroup''' '''Get contents of specific policygroup'''
p = policygroup p = policygroup
if not p.startswith('/'): if not p.startswith('/'):
p = os.path.join(self.dirs['policygroups'], p) sys_p = os.path.join(self.dirs['policygroups'], p)
inc_p = None
if 'policygroups_include' in self.dirs:
inc_p = os.path.join(self.dirs['policygroups_include'], p)
if os.path.exists(sys_p):
p = sys_p
elif inc_p is not None and os.path.exists(inc_p):
p = inc_p
if self.policy_groups == None or not p in self.policy_groups: if self.policy_groups == None or not p in self.policy_groups:
raise AppArmorException("Policy group '%s' does not exist" % p) raise AppArmorException("Policy group '%s' does not exist" % p)
return open(p).read() return open(p).read()
@@ -437,11 +480,25 @@ class AppArmorEasyProfile:
self.policy_groups = [] self.policy_groups = []
if policygroups != None: if policygroups != None:
for p in policygroups.split(','): for p in policygroups.split(','):
if not p.startswith('/'): # If have abs path, just use it
p = os.path.join(self.dirs['policygroups'], p) if p.startswith('/'):
if not os.path.exists(p): if not os.path.exists(p):
raise AppArmorException('%s does not exist' % (p))
self.policy_groups.append(p)
continue
# Find the policy group since we don't have and abs path
sys_p = os.path.join(self.dirs['policygroups'], p)
inc_p = None
if 'policygroups_include' in self.dirs:
inc_p = os.path.join(self.dirs['policygroups_include'], p)
if os.path.exists(sys_p):
self.policy_groups.append(sys_p)
elif inc_p is not None and os.path.exists(inc_p):
self.policy_groups.append(inc_p)
else:
raise AppArmorException('%s does not exist' % (p)) raise AppArmorException('%s does not exist' % (p))
self.policy_groups.append(p)
def get_policy_groups(self): def get_policy_groups(self):
'''Get list of all policy groups by filename''' '''Get list of all policy groups by filename'''
@@ -777,6 +834,10 @@ def add_parser_policy_args(parser):
dest="templates_dir", dest="templates_dir",
help="Use non-default templates directory", help="Use non-default templates directory",
metavar="DIR") metavar="DIR")
parser.add_option("--include-templates-dir",
dest="include_templates_dir",
help="Also search DIR for templates",
metavar="DIR")
parser.add_option("-p", "--policy-groups", parser.add_option("-p", "--policy-groups",
action="callback", action="callback",
callback=check_for_manifest_arg, callback=check_for_manifest_arg,
@@ -787,6 +848,10 @@ def add_parser_policy_args(parser):
dest="policy_groups_dir", dest="policy_groups_dir",
help="Use non-default policy-groups directory", help="Use non-default policy-groups directory",
metavar="DIR") metavar="DIR")
parser.add_option("--include-policy-groups-dir",
dest="include_policy_groups_dir",
help="Also search DIR for policy groups",
metavar="DIR")
parser.add_option("--policy-version", parser.add_option("--policy-version",
action="callback", action="callback",
callback=check_for_manifest_arg, callback=check_for_manifest_arg,

62
utils/test/test-aa-easyprof.py
View File

@@ -1,7 +1,7 @@
#! /usr/bin/env python #! /usr/bin/env python
# ------------------------------------------------------------------ # ------------------------------------------------------------------
# #
# Copyright (C) 2011-2013 Canonical Ltd. # Copyright (C) 2011-2015 Canonical Ltd.
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -505,6 +505,36 @@ POLICYGROUPS_DIR="%s/templates"
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() open(path).read()
# def test_templates_list_include(self):
# '''Test templates (list with --include-templates-dir)'''
# args = self.full_args
# args.append('--list-templates')
# (self.options, self.args) = easyprof.parse_args(args)
#
# easyp = easyprof.AppArmorEasyProfile(None, self.options)
# for i in easyp.get_templates():
# self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
#
# self.assertTrue(False, "TODO")
#
# def test_templates_show_include(self):
# '''Test templates (show with --include-templates-dir)'''
# files = []
# for f in glob.glob("%s/templates/*" % self.tmpdir):
# files.append(f)
#
# for f in files:
# args = self.full_args
# args += ['--show-template', '--template', f]
# (self.options, self.args) = easyprof.parse_args(args)
# easyp = easyprof.AppArmorEasyProfile(None, self.options)
#
# path = os.path.join(easyp.dirs['templates'], f)
# self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
# open(path).read()
#
# self.assertTrue(False, "TODO")
# #
# Policygroups tests # Policygroups tests
# #
@@ -534,6 +564,36 @@ POLICYGROUPS_DIR="%s/templates"
self.assertTrue(os.path.exists(path), "Could not find '%s'" % path) self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
open(path).read() open(path).read()
# def test_policygroups_list_include(self):
# '''Test policygroups (list with --include-policy-groups-dir)'''
# args = self.full_args
# args.append('--list-policy-groups')
# (self.options, self.args) = easyprof.parse_args(args)
#
# easyp = easyprof.AppArmorEasyProfile(None, self.options)
# for i in easyp.get_templates():
# self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
#
# self.assertTrue(False, "TODO")
#
# def test_policygroups_show_include(self):
# '''Test policygroups (show with --include-policy-groups-dir)'''
# files = []
# for f in glob.glob("%s/policygroups/*" % self.tmpdir):
# files.append(f)
#
# for f in files:
# args = self.full_args
# args += ['--show-template', '--template', f]
# (self.options, self.args) = easyprof.parse_args(args)
# easyp = easyprof.AppArmorEasyProfile(None, self.options)
#
# path = os.path.join(easyp.dirs['policygroups'], f)
# self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
# open(path).read()
#
# self.assertTrue(False, "TODO")
# #
# Manifest file argument tests # Manifest file argument tests
# #