diff --git a/pkg/aa/all.go b/pkg/aa/all.go index 1ca5ba70e..3e29505ad 100644 --- a/pkg/aa/all.go +++ b/pkg/aa/all.go @@ -20,8 +20,8 @@ func (r *All) Kind() Kind { return ALL } -func (r *All) Constraint() constraint { - return blockKind +func (r *All) Constraint() Constraint { + return BlockRule } func (r *All) String() string { diff --git a/pkg/aa/blocks.go b/pkg/aa/blocks.go index ecc931d0d..6aa10c94d 100644 --- a/pkg/aa/blocks.go +++ b/pkg/aa/blocks.go @@ -19,8 +19,8 @@ func (p *Hat) Kind() Kind { return HAT } -func (p *Hat) Constraint() constraint { - return blockKind +func (p *Hat) Constraint() Constraint { + return BlockRule } func (p *Hat) String() string { diff --git a/pkg/aa/capability.go b/pkg/aa/capability.go index a91fad7ab..e438a7614 100644 --- a/pkg/aa/capability.go +++ b/pkg/aa/capability.go @@ -55,8 +55,8 @@ func (r *Capability) Kind() Kind { return CAPABILITY } -func (r *Capability) Constraint() constraint { - return blockKind +func (r *Capability) Constraint() Constraint { + return BlockRule } func (r *Capability) String() string { diff --git a/pkg/aa/change_profile.go b/pkg/aa/change_profile.go index f0e9a5d0b..15e357d91 100644 --- a/pkg/aa/change_profile.go +++ b/pkg/aa/change_profile.go @@ -71,8 +71,8 @@ func (r *ChangeProfile) Kind() Kind { return CHANGEPROFILE } -func (r *ChangeProfile) Constraint() constraint { - return blockKind +func (r *ChangeProfile) Constraint() Constraint { + return BlockRule } func (r *ChangeProfile) String() string { diff --git a/pkg/aa/dbus.go b/pkg/aa/dbus.go index 13a600280..23c517f6e 100644 --- a/pkg/aa/dbus.go +++ b/pkg/aa/dbus.go @@ -78,8 +78,8 @@ func (r *Dbus) Kind() Kind { return DBUS } -func (r *Dbus) Constraint() constraint { - return blockKind +func (r *Dbus) Constraint() Constraint { + return BlockRule } func (r *Dbus) String() string { diff --git a/pkg/aa/file.go b/pkg/aa/file.go index 4255c4de7..31ebf3fdf 100644 --- a/pkg/aa/file.go +++ b/pkg/aa/file.go @@ -107,8 +107,8 @@ func (r *File) Kind() Kind { return FILE } -func (r *File) Constraint() constraint { - return blockKind +func (r *File) Constraint() Constraint { + return BlockRule } func (r *File) String() string { @@ -213,8 +213,8 @@ func (r *Link) Kind() Kind { return LINK } -func (r *Link) Constraint() constraint { - return blockKind +func (r *Link) Constraint() Constraint { + return BlockRule } func (r *Link) String() string { diff --git a/pkg/aa/io_uring.go b/pkg/aa/io_uring.go index 6d7755d1e..ceda00c76 100644 --- a/pkg/aa/io_uring.go +++ b/pkg/aa/io_uring.go @@ -49,8 +49,8 @@ func (r *IOUring) Kind() Kind { return IOURING } -func (r *IOUring) Constraint() constraint { - return blockKind +func (r *IOUring) Constraint() Constraint { + return BlockRule } func (r *IOUring) String() string { diff --git a/pkg/aa/mount.go b/pkg/aa/mount.go index 9833ac8f1..822d11933 100644 --- a/pkg/aa/mount.go +++ b/pkg/aa/mount.go @@ -124,8 +124,8 @@ func (r *Mount) Kind() Kind { return MOUNT } -func (r *Mount) Constraint() constraint { - return blockKind +func (r *Mount) Constraint() Constraint { + return BlockRule } func (r *Mount) String() string { @@ -206,8 +206,8 @@ func (r *Umount) Kind() Kind { return UMOUNT } -func (r *Umount) Constraint() constraint { - return blockKind +func (r *Umount) Constraint() Constraint { + return BlockRule } func (r *Umount) String() string { @@ -285,8 +285,8 @@ func (r *Remount) Kind() Kind { return REMOUNT } -func (r *Remount) Constraint() constraint { - return blockKind +func (r *Remount) Constraint() Constraint { + return BlockRule } func (r *Remount) String() string { diff --git a/pkg/aa/mqueue.go b/pkg/aa/mqueue.go index b511666c6..927606c9b 100644 --- a/pkg/aa/mqueue.go +++ b/pkg/aa/mqueue.go @@ -77,8 +77,8 @@ func (r *Mqueue) Kind() Kind { return MQUEUE } -func (r *Mqueue) Constraint() constraint { - return blockKind +func (r *Mqueue) Constraint() Constraint { + return BlockRule } func (r *Mqueue) String() string { diff --git a/pkg/aa/network.go b/pkg/aa/network.go index 383d8692a..aa7d89da6 100644 --- a/pkg/aa/network.go +++ b/pkg/aa/network.go @@ -103,8 +103,8 @@ func (r *Network) Kind() Kind { return NETWORK } -func (r *Network) Constraint() constraint { - return blockKind +func (r *Network) Constraint() Constraint { + return BlockRule } func (r *Network) String() string { diff --git a/pkg/aa/parse.go b/pkg/aa/parse.go index 24117700a..90286f4d5 100644 --- a/pkg/aa/parse.go +++ b/pkg/aa/parse.go @@ -188,7 +188,7 @@ func parseParagraph(input string) (Rules, error) { res = append(res, rrr...) for _, r := range res { - if r.Constraint() == preambleKind { + if r.Constraint() == PreambleRule { return nil, fmt.Errorf("Rule not allowed in block: %s", r) } } @@ -588,7 +588,7 @@ func (f *AppArmorProfileFile) parsePreamble(preamble string) error { f.Preamble = append(f.Preamble, commaRules...) for _, r := range f.Preamble { - if r.Constraint() == blockKind { + if r.Constraint() == BlockRule { f.Preamble = nil return fmt.Errorf("Rule not allowed in preamble: %s", r) } diff --git a/pkg/aa/pivot_root.go b/pkg/aa/pivot_root.go index 255e6563f..7366be189 100644 --- a/pkg/aa/pivot_root.go +++ b/pkg/aa/pivot_root.go @@ -54,8 +54,8 @@ func (r *PivotRoot) Kind() Kind { return PIVOTROOT } -func (r *PivotRoot) Constraint() constraint { - return blockKind +func (r *PivotRoot) Constraint() Constraint { + return BlockRule } func (r *PivotRoot) String() string { diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go index 7b3d372cd..eeae1a5c6 100644 --- a/pkg/aa/preamble.go +++ b/pkg/aa/preamble.go @@ -33,8 +33,8 @@ func (r *Comment) Kind() Kind { return COMMENT } -func (r *Comment) Constraint() constraint { - return anyKind +func (r *Comment) Constraint() Constraint { + return AnyRule } func (r *Comment) String() string { @@ -85,8 +85,8 @@ func (r *Abi) Kind() Kind { return ABI } -func (r *Abi) Constraint() constraint { - return preambleKind +func (r *Abi) Constraint() Constraint { + return PreambleRule } func (r *Abi) String() string { @@ -133,8 +133,8 @@ func (r *Alias) Kind() Kind { return ALIAS } -func (r *Alias) Constraint() constraint { - return preambleKind +func (r *Alias) Constraint() Constraint { + return PreambleRule } func (r *Alias) String() string { @@ -200,8 +200,8 @@ func (r *Include) Kind() Kind { return INCLUDE } -func (r *Include) Constraint() constraint { - return anyKind +func (r *Include) Constraint() Constraint { + return AnyRule } func (r *Include) String() string { @@ -272,8 +272,8 @@ func (r *Variable) Kind() Kind { return VARIABLE } -func (r *Variable) Constraint() constraint { - return preambleKind +func (r *Variable) Constraint() Constraint { + return PreambleRule } func (r *Variable) String() string { diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index 15d05cff0..ee359beec 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -73,8 +73,8 @@ func (p *Profile) Kind() Kind { return PROFILE } -func (p *Profile) Constraint() constraint { - return blockKind +func (p *Profile) Constraint() Constraint { + return BlockRule } func (p *Profile) String() string { diff --git a/pkg/aa/ptrace.go b/pkg/aa/ptrace.go index e4b174a88..8f0dc1c62 100644 --- a/pkg/aa/ptrace.go +++ b/pkg/aa/ptrace.go @@ -51,8 +51,8 @@ func (r *Ptrace) Kind() Kind { return PTRACE } -func (r *Ptrace) Constraint() constraint { - return blockKind +func (r *Ptrace) Constraint() Constraint { + return BlockRule } func (r *Ptrace) String() string { diff --git a/pkg/aa/rlimit.go b/pkg/aa/rlimit.go index 8efe2fa14..9ad1dd30f 100644 --- a/pkg/aa/rlimit.go +++ b/pkg/aa/rlimit.go @@ -55,8 +55,8 @@ func (r *Rlimit) Kind() Kind { return RLIMIT } -func (r *Rlimit) Constraint() constraint { - return blockKind +func (r *Rlimit) Constraint() Constraint { + return BlockRule } func (r *Rlimit) String() string { diff --git a/pkg/aa/rules.go b/pkg/aa/rules.go index 6a0d68519..077a6506e 100644 --- a/pkg/aa/rules.go +++ b/pkg/aa/rules.go @@ -13,12 +13,12 @@ import ( type requirement map[string][]string -type constraint uint +type Constraint uint const ( - anyKind constraint = iota // The rule can be found in either preamble or profile - preambleKind // The rule can only be found in the preamble - blockKind // The rule can only be found in a profile + AnyRule Constraint = iota // The rule can be found in either preamble or profile + PreambleRule // The rule can only be found in the preamble + BlockRule // The rule can only be found in a profile ) // Kind represents an AppArmor rule kind. @@ -37,12 +37,12 @@ func (k Kind) Tok() string { // Rule generic interface for all AppArmor rules type Rule interface { - Kind() Kind - Constraint() constraint - String() string - Validate() error - Compare(other Rule) int - Merge(other Rule) bool + Kind() Kind // Kind of the rule + Constraint() Constraint // Where the rule can be found (preamble, profile, any) + String() string // Render the rule as a string + Validate() error // Validate the rule. Return an error if the rule is invalid + Compare(other Rule) int // Compare two rules. Return 0 if they are identical + Merge(other Rule) bool // Merge rules of same kind together. Return true if merged } type Rules []Rule diff --git a/pkg/aa/signal.go b/pkg/aa/signal.go index 29ce88740..62c41f0aa 100644 --- a/pkg/aa/signal.go +++ b/pkg/aa/signal.go @@ -71,8 +71,8 @@ func (r *Signal) Kind() Kind { return SIGNAL } -func (r *Signal) Constraint() constraint { - return blockKind +func (r *Signal) Constraint() Constraint { + return BlockRule } func (r *Signal) String() string { diff --git a/pkg/aa/unix.go b/pkg/aa/unix.go index 7d882ea40..a14c5816b 100644 --- a/pkg/aa/unix.go +++ b/pkg/aa/unix.go @@ -74,8 +74,8 @@ func (r *Unix) Kind() Kind { return UNIX } -func (r *Unix) Constraint() constraint { - return blockKind +func (r *Unix) Constraint() Constraint { + return BlockRule } func (r *Unix) String() string { diff --git a/pkg/aa/userns.go b/pkg/aa/userns.go index baa50f0cc..a594bd487 100644 --- a/pkg/aa/userns.go +++ b/pkg/aa/userns.go @@ -46,8 +46,8 @@ func (r *Userns) Kind() Kind { return USERNS } -func (r *Userns) Constraint() constraint { - return blockKind +func (r *Userns) Constraint() Constraint { + return BlockRule } func (r *Userns) String() string {