feat(aa): rewrite the toAccess function to parse, convert and verify the access values.

2024-05-25 22:14:43 +01:00 · 2024-05-25 22:14:43 +01:00 · 656aa15836
commit 656aa15836
parent 05de39d92a
10 changed files with 134 additions and 53 deletions
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@ -45,9 +45,11 @@ var (

 	// convert apparmor requested mask to apparmor access mode
 	maskToAccess = map[string]string{
-		"a": "w",
-		"c": "w",
-		"d": "w",
+		"a":  "w",
+		"c":  "w",
+		"d":  "w",
+		"wc": "w",
+		"x":  "ix",
 	}

 	// The order the apparmor rules should be sorted
@ -230,39 +232,3 @@ func getLetterIn(alphabet []string, in string) string {
 	}
 	return ""
 }
-
-// Helper function to convert a access string to slice of access
-func toAccess(constraint string, input string) []string {
-	var res []string
-
-	switch constraint {
-	case "file", "file-log":
-		raw := strings.Split(input, "")
-		trans := []string{}
-		for _, access := range raw {
-			if slices.Contains(fileAccess, access) {
-				res = append(res, access)
-			} else if maskToAccess[access] != "" {
-				res = append(res, maskToAccess[access])
-				trans = append(trans, access)
-			}
-		}
-
-		if constraint != "file-log" {
-			transition := strings.Join(trans, "")
-			if len(transition) > 0 {
-				if slices.Contains(fileExecTransition, transition) {
-					res = append(res, transition)
-				} else {
-					panic("unrecognized pattern: " + transition)
-				}
-			}
-		}
-		return res
-
-	default:
-		res = strings.Fields(input)
-		slices.Sort(res)
-		return slices.Compact(res)
-	}
-}