MR !1735 mistakenly assumed that x.is_covered(y) means "x is covered by
y" when the opposite is true
Fix the logic of is_covered and associated tests.
Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
... and change all *TestParseInvalid classes to use it, instead of
having (nearly) the same function in every test-*.py.
While at it, enable the tests for abi and include rules.
Add basic support for the priority rules prefix. This patch does not
allow the utils to set or suggest priorities. It allows parsing and
retaining of the priority prefix if it already exists on rules and
checking if it's in the supported range.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
The wrong clean rule is generated when unix rules contain qualifiers,
with the order inverted with the rule name.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/511
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
In UnixRule (and probably also in other rules that use
print_dict_values()` and `initialize_cond_dict()`), the handling of
peers with a value that is quoted and/or needs to be quoted was broken
because
- quotes didn't get stripped in `initialize_cond_dict()`
- `print_dict_values()` didn't use `quote_if_needed()`
Note: print_dict_values also handles integers (like network ports).
Convert them to a string so that `if ' ' in data` in `quote_if_needed()`
doesn't explode.
Also enable the test that uncovered this bug.
`?` is a valid AARE char, add it to the regexes that match the AARE.
Also add some tests to ensure this is really fixed, and make the error
output of the tests more useful/verbose.
Note: One of the added tests (with a space in the peer name) uncovered a
bug in quote handling. This will be fixed in the next commit.
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/404
