parse_profile_data(): Use BooleanRule

... and save rules at the right place (ProfileList) where they actually get written when writing the profile. This is also a bugfix - the previous code saved boolean variables at a wrong place, and they were silently lost when writing the profile. Extend cleanprof_test.{in,out} to ensure that this doesn't break again. Also remove boolean_bad_[2-4] from the test-parser-simple-tests.py exception_not_raised list because these test profiles now get correctly detected as invalid.
2025-08-31 06:16:03 +00:00 · 2020-12-25 17:55:15 +01:00
parent a108934091
commit f7e6f795c3
4 changed files with 12 additions and 12 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -38,7 +38,7 @@ from apparmor.common import (AppArmorException, AppArmorBug, is_skippable_file,
 import apparmor.ui as aaui

 from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END,
-                            RE_PROFILE_BOOLEAN, RE_PROFILE_CONDITIONAL,
+                            RE_PROFILE_CONDITIONAL,
                            RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_CONDITIONAL_BOOLEAN,
                            RE_PROFILE_CHANGE_HAT,
                            RE_PROFILE_HAT_DEF, RE_PROFILE_MOUNT,
@@ -54,6 +54,7 @@ import apparmor.rules as aarules

 from apparmor.rule.abi              import AbiRule
 from apparmor.rule.alias            import AliasRule
+from apparmor.rule.boolean          import BooleanRule
 from apparmor.rule.capability       import CapabilityRule
 from apparmor.rule.change_profile   import ChangeProfileRule
 from apparmor.rule.dbus             import DbusRule
@@ -1903,17 +1904,12 @@ def parse_profile_data(data, file, do_include):

            profile_data[profile][hat]['rlimit'].add(RlimitRule.parse(line))

-        elif RE_PROFILE_BOOLEAN.search(line):
-            matches = RE_PROFILE_BOOLEAN.search(line).groups()
-
+        elif BooleanRule.match(line):
            if profile and not do_include:
                raise AppArmorException(_('Syntax Error: Unexpected boolean definition found inside profile in file: %(file)s line: %(line)s') % {
                        'file': file, 'line': lineno + 1 })
-
-            bool_var = matches[0]
-            value = matches[1]
-
-            profile_data[profile][hat]['lvar'][bool_var] = value
+            else:
+                active_profiles.add_boolean(file, BooleanRule.parse(line))

        elif VariableRule.match(line):
            if profile and not do_include:
--- a/utils/test/cleanprof_test.in
+++ b/utils/test/cleanprof_test.in
@@ -14,6 +14,10 @@

  @{asdf}       =   foo           ""

+$foo = false
+
+   $bar    =    true
+
 /usr/bin/a/simple/cleanprof/test/profile {
 	# Just for the heck of it, this comment won't see the day of light
 	#include <abstractions/base>
--- a/utils/test/cleanprof_test.out
+++ b/utils/test/cleanprof_test.out
@@ -8,6 +8,9 @@ include if exists <tunables/nothing>
@{xy} = x y
@{asdf} = "" foo

+$foo = false
+$bar = true
+
 # A simple test comment which will persist


--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -176,9 +176,6 @@ exception_not_raised = [
    'unix/bad_attr_5.sd',
    'unix/bad_opt_5.sd',
    'unix/bad_shutdown_3.sd',
-    'vars/boolean/boolean_bad_2.sd',
-    'vars/boolean/boolean_bad_3.sd',
-    'vars/boolean/boolean_bad_4.sd',
    'vars/vars_bad_3.sd',
    'vars/vars_bad_4.sd',
    'vars/vars_bad_5.sd',