From f826be087d9e15cdad43226dba4b88947809d552 Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Thu, 23 Aug 2012 17:12:14 -0500
Subject: [PATCH] utils/aa-sandbox: use msq() instead of print
 utils/apparmor/common.py: adjust for python3 (ie, make bi-lingual)
 utils/apparmor/sandbox.py: - set reasonable default template -
 gen_policy_name() uses full pathname - adjust for python3

---
 utils/aa-sandbox          |  2 +-
 utils/apparmor/common.py  | 26 ++++++++++++++++++--------
 utils/apparmor/sandbox.py | 17 +++++++++++++----
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/utils/aa-sandbox b/utils/aa-sandbox
index 3ec5f52e7..0452fe89a 100755
--- a/utils/aa-sandbox
+++ b/utils/aa-sandbox
@@ -33,5 +33,5 @@ if __name__ == "__main__":
     else:
         rc, report = apparmor.sandbox.run_sandbox(args, opt)
 
-    print report
+    apparmor.common.msg(report)
     sys.exit(rc)
diff --git a/utils/apparmor/common.py b/utils/apparmor/common.py
index c58fda813..32ccc1672 100644
--- a/utils/apparmor/common.py
+++ b/utils/apparmor/common.py
@@ -8,6 +8,7 @@
 #
 # ------------------------------------------------------------------
 
+from __future__ import print_function
 import subprocess
 import sys
 
@@ -30,7 +31,7 @@ class AppArmorException(Exception):
 def error(out, exit_code=1, do_exit=True):
     '''Print error message and exit'''
     try:
-        print >> sys.stderr, "ERROR: %s" % (out)
+        print("ERROR: %s" % (out), file=sys.stderr)
     except IOError:
         pass
 
@@ -40,14 +41,14 @@ def error(out, exit_code=1, do_exit=True):
 def warn(out):
     '''Print warning message'''
     try:
-        print >> sys.stderr, "WARN: %s" % (out)
+        print("WARN: %s" % (out), file=sys.stderr)
     except IOError:
         pass
 
 def msg(out, output=sys.stdout):
     '''Print message'''
     try:
-        print >> output, "%s" % (out)
+        print("%s" % (out), file=sys.stdout)
     except IOError:
         pass
 
@@ -56,7 +57,7 @@ def debug(out):
     global DEBUGGING
     if DEBUGGING:
         try:
-            print >> sys.stderr, "DEBUG: %s" % (out)
+            print("DEBUG: %s" % (out), file=sys.stderr)
         except IOError:
             pass
 
@@ -66,20 +67,29 @@ def cmd(command):
     try:
         sp = subprocess.Popen(command, stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
-    except OSError, ex:
+    except OSError as ex:
         return [127, str(ex)]
 
-    out = sp.communicate()[0]
+    if sys.version_info[0] >= 3:
+        out = sp.communicate()[0].decode('ascii', 'ignore')
+    else:
+        out = sp.communicate()[0]
+
     return [sp.returncode, out]
 
+
 def cmd_pipe(command1, command2):
     '''Try to pipe command1 into command2.'''
     try:
         sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE)
         sp2 = subprocess.Popen(command2, stdin=sp1.stdout)
-    except OSError, ex:
+    except OSError as ex:
         return [127, str(ex)]
 
-    out = sp2.communicate()[0]
+    if sys.version_info[0] >= 3:
+        out = sp2.communicate()[0].decode('ascii', 'ignore')
+    else:
+        out = sp2.communicate()[0]
+
     return [sp2.returncode, out]
 
diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py
index 579c6be51..c6648beb0 100644
--- a/utils/apparmor/sandbox.py
+++ b/utils/apparmor/sandbox.py
@@ -13,6 +13,7 @@ import apparmor.easyprof
 import optparse
 import os
 import pwd
+import re
 import sys
 import tempfile
 import time
@@ -55,14 +56,19 @@ def parse_args(args=None, parser=None):
     (my_opt, my_args) = parser.parse_args()
     if my_opt.debug == True:
         apparmor.common.DEBUGGING = True
+    if my_opt.template == "default":
+        if my_opt.withx:
+            my_opt.template = "sandbox-x"
+        else:
+            my_opt.template = "sandbox"
+        
 
     return (my_opt, my_args)
 
 def gen_policy_name(binary):
     '''Generate a temporary policy based on the binary name'''
-    # TODO: this may not be good enough
     return "sandbox-%s-%s" % (pwd.getpwuid(os.getuid())[0],
-                              os.path.basename(binary))
+                              re.sub(r'/', '_', binary))
 
 def aa_exec(command, opt):
     '''Execute binary under specified policy'''
@@ -81,7 +87,11 @@ def aa_exec(command, opt):
 
     # TODO: get rid of sudo
     tmp = tempfile.NamedTemporaryFile(prefix = '%s-' % policy_name)
-    tmp.write(policy)
+    if sys.version_info[0] >= 3:
+        tmp.write(bytes(policy, 'utf-8'))
+    else:
+        tmp.write(policy)
+
     tmp.flush()
     debug("using '%s' template" % opt.template)
     rc, report = cmd(['sudo', 'apparmor_parser', '-r', tmp.name])
@@ -165,7 +175,6 @@ def run_xsandbox(command, opt):
     time.sleep(0.2) # FIXME: detect if running
 
     # aa-exec
-    #opt.template = "sandbox-x"
     rc, report = aa_exec(command, opt)
 
     # reset environment