feat(aa): add initial profile validation structure.

2024-05-25 22:36:39 +01:00 · 2024-05-25 22:36:39 +01:00 · 92641e7e28
commit 92641e7e28
parent 2dd6046697
20 changed files with 222 additions and 2 deletions
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -5,6 +5,7 @@
 package aa

 import (
+	"fmt"
 	"maps"
 	"reflect"
 	"slices"
@ -18,6 +19,17 @@ const (
 	tokPROFILE    = "profile"
 )

+func init() {
+	requirements[tokPROFILE] = requirement{
+		tokFLAGS: {
+			"enforce", "complain", "kill", "default_allow", "unconfined",
+			"prompt", "audit", "mediate_deleted", "attach_disconnected",
+			"attach_disconneced.path=", "chroot_relative", "debug",
+			"interruptible", "kill", "kill.signal=",
+		},
+	}
+}
+
 // Profile represents a single AppArmor profile.
 type Profile struct {
 	RuleBase
@ -33,6 +45,13 @@ type Header struct {
 	Flags       []string
 }

+func (r *Profile) Validate() error {
+	if err := validateValues(r.Kind(), tokFLAGS, r.Flags); err != nil {
+		return fmt.Errorf("profile %s: %w", r.Name, err)
+	}
+	return r.Rules.Validate()
+}
+
 func (p *Profile) Less(other any) bool {
 	o, _ := other.(*Profile)
 	if p.Name != o.Name {