feat(prebuilt): update aa usage to the last changes.
This commit is contained in:
Alexandre Pujol
parent
de73c9b706
commit
8bb6f07950
3 changed files with 37 additions and 34 deletions
|
|
@ -51,17 +51,20 @@ func setInterfaces(rules map[string]string) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d Dbus) Apply(opt *Option, profile string) string {
|
func (d Dbus) Apply(opt *Option, profile string) string {
|
||||||
var p *aa.AppArmorProfileFile
|
var r aa.Rules
|
||||||
|
|
||||||
action := d.sanityCheck(opt)
|
action := d.sanityCheck(opt)
|
||||||
switch action {
|
switch action {
|
||||||
case "own":
|
case "own":
|
||||||
p = d.own(opt.ArgMap)
|
r = d.own(opt.ArgMap)
|
||||||
case "talk":
|
case "talk":
|
||||||
p = d.talk(opt.ArgMap)
|
r = d.talk(opt.ArgMap)
|
||||||
}
|
}
|
||||||
|
|
||||||
generatedDbus := p.String()
|
aa.TemplateIndentationLevel = strings.Count(
|
||||||
|
strings.SplitN(opt.Raw, Keyword, 1)[0], aa.TemplateIndentation,
|
||||||
|
)
|
||||||
|
generatedDbus := r.String()
|
||||||
lenDbus := len(generatedDbus)
|
lenDbus := len(generatedDbus)
|
||||||
generatedDbus = generatedDbus[:lenDbus-1]
|
generatedDbus = generatedDbus[:lenDbus-1]
|
||||||
profile = strings.Replace(profile, opt.Raw, generatedDbus, -1)
|
profile = strings.Replace(profile, opt.Raw, generatedDbus, -1)
|
||||||
|
|
@ -95,16 +98,15 @@ func (d Dbus) sanityCheck(opt *Option) string {
|
||||||
return action
|
return action
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d Dbus) own(rules map[string]string) *aa.AppArmorProfileFile {
|
func (d Dbus) own(rules map[string]string) aa.Rules {
|
||||||
interfaces := setInterfaces(rules)
|
interfaces := setInterfaces(rules)
|
||||||
profile := &aa.AppArmorProfileFile{}
|
res := aa.Rules{}
|
||||||
p := profile.GetDefaultProfile()
|
res = append(res, &aa.Dbus{
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
Access: []string{"bind"}, Bus: rules["bus"], Name: rules["name"],
|
||||||
Access: "bind", Bus: rules["bus"], Name: rules["name"],
|
|
||||||
})
|
})
|
||||||
for _, iface := range interfaces {
|
for _, iface := range interfaces {
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
res = append(res, &aa.Dbus{
|
||||||
Access: "receive",
|
Access: []string{"receive"},
|
||||||
Bus: rules["bus"],
|
Bus: rules["bus"],
|
||||||
Path: rules["path"],
|
Path: rules["path"],
|
||||||
Interface: iface,
|
Interface: iface,
|
||||||
|
|
@ -112,32 +114,31 @@ func (d Dbus) own(rules map[string]string) *aa.AppArmorProfileFile {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
for _, iface := range interfaces {
|
for _, iface := range interfaces {
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
res = append(res, &aa.Dbus{
|
||||||
Access: "send",
|
Access: []string{"send"},
|
||||||
Bus: rules["bus"],
|
Bus: rules["bus"],
|
||||||
Path: rules["path"],
|
Path: rules["path"],
|
||||||
Interface: iface,
|
Interface: iface,
|
||||||
PeerName: `"{:1.@{int},org.freedesktop.DBus}"`,
|
PeerName: `"{:1.@{int},org.freedesktop.DBus}"`,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
res = append(res, &aa.Dbus{
|
||||||
Access: "receive",
|
Access: []string{"receive"},
|
||||||
Bus: rules["bus"],
|
Bus: rules["bus"],
|
||||||
Path: rules["path"],
|
Path: rules["path"],
|
||||||
Interface: "org.freedesktop.DBus.Introspectable",
|
Interface: "org.freedesktop.DBus.Introspectable",
|
||||||
Member: "Introspect",
|
Member: "Introspect",
|
||||||
PeerName: `":1.@{int}"`,
|
PeerName: `":1.@{int}"`,
|
||||||
})
|
})
|
||||||
return profile
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
|
func (d Dbus) talk(rules map[string]string) aa.Rules {
|
||||||
interfaces := setInterfaces(rules)
|
interfaces := setInterfaces(rules)
|
||||||
profile := &aa.AppArmorProfileFile{}
|
res := aa.Rules{}
|
||||||
p := profile.GetDefaultProfile()
|
|
||||||
for _, iface := range interfaces {
|
for _, iface := range interfaces {
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
res = append(res, &aa.Dbus{
|
||||||
Access: "send",
|
Access: []string{"send"},
|
||||||
Bus: rules["bus"],
|
Bus: rules["bus"],
|
||||||
Path: rules["path"],
|
Path: rules["path"],
|
||||||
Interface: iface,
|
Interface: iface,
|
||||||
|
|
@ -146,8 +147,8 @@ func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
for _, iface := range interfaces {
|
for _, iface := range interfaces {
|
||||||
p.Rules = append(p.Rules, &aa.Dbus{
|
res = append(res, &aa.Dbus{
|
||||||
Access: "receive",
|
Access: []string{"receive"},
|
||||||
Bus: rules["bus"],
|
Bus: rules["bus"],
|
||||||
Path: rules["path"],
|
Path: rules["path"],
|
||||||
Interface: iface,
|
Interface: iface,
|
||||||
|
|
@ -155,5 +156,5 @@ func (d Dbus) talk(rules map[string]string) *aa.AppArmorProfileFile {
|
||||||
PeerLabel: rules["label"],
|
PeerLabel: rules["label"],
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
return profile
|
return res
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -36,8 +36,7 @@ func (d Exec) Apply(opt *Option, profileRaw string) string {
|
||||||
delete(opt.ArgMap, t)
|
delete(opt.ArgMap, t)
|
||||||
}
|
}
|
||||||
|
|
||||||
profile := &aa.AppArmorProfileFile{}
|
rules := aa.Rules{}
|
||||||
p := profile.GetDefaultProfile()
|
|
||||||
for name := range opt.ArgMap {
|
for name := range opt.ArgMap {
|
||||||
profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
|
profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
|
||||||
dstProfile := aa.DefaultTunables()
|
dstProfile := aa.DefaultTunables()
|
||||||
|
|
@ -45,18 +44,21 @@ func (d Exec) Apply(opt *Option, profileRaw string) string {
|
||||||
for _, variable := range dstProfile.Variables {
|
for _, variable := range dstProfile.Variables {
|
||||||
if variable.Name == "exec_path" {
|
if variable.Name == "exec_path" {
|
||||||
for _, v := range variable.Values {
|
for _, v := range variable.Values {
|
||||||
p.Rules = append(p.Rules, &aa.File{
|
rules = append(rules, &aa.File{
|
||||||
Path: v,
|
Path: v,
|
||||||
Access: transition,
|
Access: []string{transition},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
profile.Sort()
|
|
||||||
rules := profile.String()
|
aa.TemplateIndentationLevel = strings.Count(
|
||||||
lenRules := len(rules)
|
strings.SplitN(opt.Raw, Keyword, 1)[0], aa.TemplateIndentation,
|
||||||
rules = rules[:lenRules-1]
|
)
|
||||||
return strings.Replace(profileRaw, opt.Raw, rules, -1)
|
rules.Sort()
|
||||||
|
new := rules.String()
|
||||||
|
new = new[:len(new)-1]
|
||||||
|
return strings.Replace(profileRaw, opt.Raw, new, -1)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ func TestExec_Apply(t *testing.T) {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
cfg.RootApparmord = tt.rootApparmord
|
cfg.RootApparmord = tt.rootApparmord
|
||||||
if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
|
if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||||
t.Errorf("Exec.Apply() = %v, want %v", got, tt.want)
|
t.Errorf("Exec.Apply() = |%v|, want |%v|", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue