From fce7d080dfdda8b900df4cff7b6a1796d0b5898b Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Fri, 4 Dec 2015 12:01:32 +0100
Subject: [PATCH] Centralize the 'ruletypes' list

Having a list of rule types/classes at several places is annoying and
error-prone. This patch centralizes the list in aa.py.

This also means ask_the_question() in aa.py will now (in theory) support
'change_profile' and 'rlimit'. In practise, that doesn't change anything
because logparser.py doesn't support change_profile events yet - and
rlimit doesn't cause any log events.

Also add some long overdue copyright headers.



Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 utils/aa-mergeprof             | 3 ++-
 utils/apparmor/aa.py           | 6 +++---
 utils/apparmor/cleanprofile.py | 3 ++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof
index f2fab7fd6..e1be53cb2 100755
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@@ -1,6 +1,7 @@
 #! /usr/bin/env python
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+#    Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -631,7 +632,7 @@ class Merge(object):
                             elif re.search('\d', ans):
                                 default_option = ans
 
-            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
+            for ruletype in apparmor.aa.ruletypes:
                 if other.aa[profile][hat].get(ruletype, False): # needed until we have proper profile initialization
                     for rule_obj in other.aa[profile][hat][ruletype].rules:
 
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index f80ab6805..3e12fe4ff 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -60,6 +60,8 @@ from apparmor.rule.rlimit     import RlimitRuleset,    RlimitRule
 from apparmor.rule.signal     import SignalRuleset,    SignalRule
 from apparmor.rule import parse_modifiers, quote_if_needed
 
+ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
+
 from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
 
 # setup module translations
@@ -1644,7 +1646,7 @@ def ask_the_questions():
                             signal_obj = SignalRule(access, signal, peer, log_event=aamode)
                             log_obj[profile][hat]['signal'].add(signal_obj)
 
-                for ruletype in ['capability', 'network', 'signal']:
+                for ruletype in ruletypes:
                     # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
                     for rule_obj in log_obj[profile][hat][ruletype].rules:
 
@@ -2128,8 +2130,6 @@ def delete_duplicates(profile, incname):
     # Allow rules covered by denied rules shouldn't be deleted
     # only a subset allow rules may actually be denied
 
-    ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
-
     if include.get(incname, False):
         for rule_type in ruletypes:
             deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py
index ff72a9bf2..126b7f873 100644
--- a/utils/apparmor/cleanprofile.py
+++ b/utils/apparmor/cleanprofile.py
@@ -1,5 +1,6 @@
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+#    Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -64,7 +65,7 @@ class CleanProf(object):
                 deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)
 
             #Clean duplicate rules in other profile
-            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
+            for ruletype in apparmor.ruletypes:
                 if not self.same_file:
                     deleted += self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype])
                 else: