Merge branch 'feat/aa'

Improve go apparmor lib. * aa: (62 commits) feat(aa): handle appending value to defined variables. chore(aa): cosmetic. fix: userspace prebuild test. chore: cleanup unit test. feat(aa): improve log conversion. feat(aa): move conversion function to its own file & add unit tests. fix: go linter issue & not defined variables. tests(aa): improve aa unit tests. tests(aa): improve rules unit tests. feat(aa): ensure the prebuild jobs are working. feat(aa): add more unit tests. chore(aa): cleanup. feat(aa): Move sort, merge and format methods to the rules interface. feat(aa): add the hat template. feat(aa): add the Kind struct to manage aa rules. feat(aa): cleanup rules methods. feat(aa): add function to resolve include preamble. feat(aa): updaqte mount flags order. feat(aa): update default tunable selection. feat(aa): parse apparmor preamble files. ...
2024-05-30 19:29:34 +01:00 · 2024-05-30 19:29:34 +01:00 · 89abbae6bd
commit 89abbae6bd
parent d12db8a8dc 7f1de3626e
90 changed files with 4995 additions and 2012 deletions
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -197,8 +197,8 @@ func (aaLogs AppArmorLogs) String() string {
 }

 // ParseToProfiles convert the log data into a new AppArmorProfiles
-func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfiles {
-	profiles := make(aa.AppArmorProfiles, 0)
+func (aaLogs AppArmorLogs) ParseToProfiles() map[string]*aa.Profile {
+	profiles := make(map[string]*aa.Profile, 0)
 	for _, log := range aaLogs {
 		name := ""
 		if strings.Contains(log["operation"], "dbus") {
@ -208,8 +208,7 @@ func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfiles {
 		}

 		if _, ok := profiles[name]; !ok {
-			profile := &aa.AppArmorProfile{}
-			profile.Name = name
+			profile := &aa.Profile{Header: aa.Header{Name: name}}
 			profile.AddRule(log)
 			profiles[name] = profile
 		} else {
--- a/pkg/logs/logs_test.go
+++ b/pkg/logs/logs_test.go
@ -292,44 +292,40 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) {
 	tests := []struct {
 		name   string
 		aaLogs AppArmorLogs
-		want   aa.AppArmorProfiles
+		want   map[string]*aa.Profile
 	}{
 		{
 			name:   "",
 			aaLogs: append(append(refKmod, refPowerProfiles...), refKmod...),
-			want: aa.AppArmorProfiles{
-				"kmod": &aa.AppArmorProfile{
-					Profile: aa.Profile{
-						Name: "kmod",
-						Rules: aa.Rules{
-							&aa.Unix{
-								Qualifier: aa.Qualifier{FileInherit: true},
-								Access:    "send receive",
-								Type:      "stream",
-								Protocol:  "0",
-							},
-							&aa.Unix{
-								Qualifier: aa.Qualifier{FileInherit: true},
-								Access:    "send receive",
-								Type:      "stream",
-								Protocol:  "0",
-							},
+			want: map[string]*aa.Profile{
+				"kmod": {
+					Header: aa.Header{Name: "kmod"},
+					Rules: aa.Rules{
+						&aa.Unix{
+							RuleBase: aa.RuleBase{FileInherit: true},
+							Access:   []string{"send", "receive"},
+							Type:     "stream",
+							Protocol: "0",
+						},
+						&aa.Unix{
+							RuleBase: aa.RuleBase{FileInherit: true},
+							Access:   []string{"send", "receive"},
+							Type:     "stream",
+							Protocol: "0",
 						},
 					},
 				},
-				"power-profiles-daemon": &aa.AppArmorProfile{
-					Profile: aa.Profile{
-						Name: "power-profiles-daemon",
-						Rules: aa.Rules{
-							&aa.Dbus{
-								Access:    "send",
-								Bus:       "system",
-								Name:      "org.freedesktop.DBus",
-								Path:      "/org/freedesktop/DBus",
-								Interface: "org.freedesktop.DBus",
-								Member:    "AddMatch",
-								Label:     "dbus-daemon",
-							},
+				"power-profiles-daemon": {
+					Header: aa.Header{Name: "power-profiles-daemon"},
+					Rules: aa.Rules{
+						&aa.Dbus{
+							Access:    []string{"send"},
+							Bus:       "system",
+							Path:      "/org/freedesktop/DBus",
+							Interface: "org.freedesktop.DBus",
+							Member:    "AddMatch",
+							PeerName:  "org.freedesktop.DBus",
+							PeerLabel: "dbus-daemon",
 						},
 					},
 				},