mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 06:45:38 +00:00
Code Issues Releases Wiki Activity

load variables in ask_the_questions()

Browse Source 
Variables can be used in several rule types (from the existing *Rule
classes: change_profile, dbus, ptrace, signal). It seems nobody uses
variables with those rules, otherwise we'd have received a bugreport ;-)

I noticed this while working on FileRule, where usage of variables is
more common. The file code in bzr (not using a *Rule class) already
loads the variables, so old versions don't need changes for file rule
handling.

However, 2.10 already has ChangeProfileRule and therefore also needs
this fix.


Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
This commit is contained in:
Christian Boltz
2016-05-10 14:32:46 +02:00
parent b7449494de
commit f6d2ef85f5
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
utils/aa-mergeprof
View File

@@ -1,7 +1,7 @@
#! /usr/bin/env python #! /usr/bin/env python
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com> # Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
# Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de> # Copyright (C) 2014-2016 Christian Boltz <apparmor@cboltz.de>
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -18,7 +18,7 @@ import re
import os import os
import apparmor.aa import apparmor.aa
from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes from apparmor.aa import available_buttons, combine_name, delete_duplicates, get_profile_filename, is_known_rule, match_includes
import apparmor.aamode import apparmor.aamode
from apparmor.common import AppArmorException from apparmor.common import AppArmorException
from apparmor.regex import re_match_include from apparmor.regex import re_match_include
@@ -284,6 +284,9 @@ class Merge(object):
if not sev_db: if not sev_db:
sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown')) sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))
sev_db.unload_variables()
sev_db.load_variables(get_profile_filename(profile))
for hat in sorted(other.aa[profile].keys()): for hat in sorted(other.aa[profile].keys()):
#Add the includes from the other profile to the user profile #Add the includes from the other profile to the user profile
done = False done = False

6
utils/apparmor/aa.py
View File

@@ -1,6 +1,6 @@
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com> # Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
# Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de> # Copyright (C) 2014-2016 Christian Boltz <apparmor@cboltz.de>
# #
# This program is free software; you can redistribute it and/or # This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public # modify it under the terms of version 2 of the GNU General Public
@@ -1607,6 +1607,10 @@ def ask_the_questions():
UI_SelectUpdatedRepoProfile(profile, p) UI_SelectUpdatedRepoProfile(profile, p)
found += 1 found += 1
sev_db.unload_variables()
sev_db.load_variables(get_profile_filename(profile))
# Sorted list of hats with the profile name coming first # Sorted list of hats with the profile name coming first
hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys()))) hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys())))
if log_dict[aamode][profile].get(profile, False): if log_dict[aamode][profile].get(profile, False):