Centralize the 'ruletypes' list

Having a list of rule types/classes at several places is annoying and error-prone. This patch centralizes the list in aa.py. This also means ask_the_question() in aa.py will now (in theory) support 'change_profile' and 'rlimit'. In practise, that doesn't change anything because logparser.py doesn't support change_profile events yet - and rlimit doesn't cause any log events. Also add some long overdue copyright headers. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-30 05:47:59 +00:00 · 2015-12-04 12:01:32 +01:00 · 2015-12-04 12:01:32 +01:00 · fce7d080df
commit fce7d080df
parent 1d51eef8ca
3 changed files with 7 additions and 5 deletions
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@ -1,6 +1,7 @@
 #! /usr/bin/env python
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+#    Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -631,7 +632,7 @@ class Merge(object):
                            elif re.search('\d', ans):
                                default_option = ans

-            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
+            for ruletype in apparmor.aa.ruletypes:
                if other.aa[profile][hat].get(ruletype, False): # needed until we have proper profile initialization
                    for rule_obj in other.aa[profile][hat][ruletype].rules:

--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -60,6 +60,8 @@ from apparmor.rule.rlimit     import RlimitRuleset,    RlimitRule
 from apparmor.rule.signal     import SignalRuleset,    SignalRule
 from apparmor.rule import parse_modifiers, quote_if_needed

+ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
+
 from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast

 # setup module translations
@ -1644,7 +1646,7 @@ def ask_the_questions():
                            signal_obj = SignalRule(access, signal, peer, log_event=aamode)
                            log_obj[profile][hat]['signal'].add(signal_obj)

-                for ruletype in ['capability', 'network', 'signal']:
+                for ruletype in ruletypes:
                    # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
                    for rule_obj in log_obj[profile][hat][ruletype].rules:

@ -2128,8 +2130,6 @@ def delete_duplicates(profile, incname):
    # Allow rules covered by denied rules shouldn't be deleted
    # only a subset allow rules may actually be denied

-    ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
-
    if include.get(incname, False):
        for rule_type in ruletypes:
            deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
--- a/utils/apparmor/cleanprofile.py
+++ b/utils/apparmor/cleanprofile.py
@ -1,5 +1,6 @@
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+#    Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -64,7 +65,7 @@ class CleanProf(object):
                deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)

            #Clean duplicate rules in other profile
-            for ruletype in ['capability', 'change_profile', 'network', 'rlimit', 'signal']:
+            for ruletype in apparmor.ruletypes:
                if not self.same_file:
                    deleted += self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype])
                else: