feat(aa): modify the apparmor struct to support multiple profiles and subprofile.
This commit is contained in:
Alexandre Pujol
parent
507002c660
commit
4b753210e7
12 changed files with 467 additions and 394 deletions
|
|
@ -97,7 +97,8 @@ func (d Dbus) sanityCheck(opt *Option) string {
|
|||
|
||||
func (d Dbus) own(rules map[string]string) *aa.AppArmorProfile {
|
||||
interfaces := setInterfaces(rules)
|
||||
p := &aa.AppArmorProfile{}
|
||||
profile := &aa.AppArmorProfile{}
|
||||
p := profile.GetDefaultProfile()
|
||||
p.Rules = append(p.Rules, &aa.Dbus{
|
||||
Access: "bind", Bus: rules["bus"], Name: rules["name"],
|
||||
})
|
||||
|
|
@ -127,12 +128,13 @@ func (d Dbus) own(rules map[string]string) *aa.AppArmorProfile {
|
|||
Member: "Introspect",
|
||||
PeerName: `":1.@{int}"`,
|
||||
})
|
||||
return p
|
||||
return profile
|
||||
}
|
||||
|
||||
func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfile {
|
||||
interfaces := setInterfaces(rules)
|
||||
p := &aa.AppArmorProfile{}
|
||||
profile := &aa.AppArmorProfile{}
|
||||
p := profile.GetDefaultProfile()
|
||||
for _, iface := range interfaces {
|
||||
p.Rules = append(p.Rules, &aa.Dbus{
|
||||
Access: "send",
|
||||
|
|
@ -153,5 +155,5 @@ func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfile {
|
|||
PeerLabel: rules["label"],
|
||||
})
|
||||
}
|
||||
return p
|
||||
return profile
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func init() {
|
|||
})
|
||||
}
|
||||
|
||||
func (d Exec) Apply(opt *Option, profile string) string {
|
||||
func (d Exec) Apply(opt *Option, profileRaw string) string {
|
||||
transition := "Px"
|
||||
transitions := []string{"P", "U", "p", "u", "PU", "pu"}
|
||||
t := opt.ArgList[0]
|
||||
|
|
@ -36,7 +36,8 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
|||
delete(opt.ArgMap, t)
|
||||
}
|
||||
|
||||
p := &aa.AppArmorProfile{}
|
||||
profile := &aa.AppArmorProfile{}
|
||||
p := profile.GetDefaultProfile()
|
||||
for name := range opt.ArgMap {
|
||||
profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
|
||||
dstProfile := aa.DefaultTunables()
|
||||
|
|
@ -53,9 +54,9 @@ func (d Exec) Apply(opt *Option, profile string) string {
|
|||
}
|
||||
}
|
||||
}
|
||||
p.Sort()
|
||||
rules := p.String()
|
||||
profile.Sort()
|
||||
rules := profile.String()
|
||||
lenRules := len(rules)
|
||||
rules = rules[:lenRules-1]
|
||||
return strings.Replace(profile, opt.Raw, rules, -1)
|
||||
return strings.Replace(profileRaw, opt.Raw, rules, -1)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue