felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): formatter: add support for abstraction & tunables.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-22 20:20:34 +01:00
parent 42ca1be858
commit a91e2ddf56
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 50 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

60
cmd/aa/main.go
View file

@ -40,6 +40,14 @@ var (
tree bool tree bool
) )
type kind uint8
const (
isProfile kind = iota
isAbstraction
isTunable
)
func init() { func init() {
flag.BoolVar(&help, "h", false, "Show this help message and exit.") flag.BoolVar(&help, "h", false, "Show this help message and exit.")
flag.BoolVar(&help, "help", false, "Show this help message and exit.") flag.BoolVar(&help, "help", false, "Show this help message and exit.")
@ -68,25 +76,40 @@ func getIndentationLevel(input string) int {
return level return level
} }
func parse(profile string) (*aa.AppArmorProfileFile, []aa.Rules, []string, error) { func parse(kind kind, profile string) ([]aa.Rules, []string, error) {
var raw string
paragraphs := []string{}
rulesByParagraph := []aa.Rules{}
switch kind {
case isTunable, isProfile:
f := &aa.AppArmorProfileFile{} f := &aa.AppArmorProfileFile{}
nb, err := f.Parse(profile) nb, err := f.Parse(profile)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, err
} }
paragraphRules, paragraphs, err := aa.ParseRules(strings.Join(strings.Split(profile, "\n")[nb:], "\n")) lines := strings.Split(profile, "\n")
if err != nil { raw = strings.Join(lines[nb:], "\n")
return nil, nil, nil, err
} case isAbstraction:
return f, paragraphRules, paragraphs, nil raw = profile
} }
func formatFile(profile string) (string, error) { r, par, err := aa.ParseRules(raw)
_, paragraphRules, paragraphs, err := parse(profile) if err != nil {
return nil, nil, err
}
rulesByParagraph = append(rulesByParagraph, r...)
paragraphs = append(paragraphs, par...)
return rulesByParagraph, paragraphs, nil
}
func formatFile(kind kind, profile string) (string, error) {
rulesByParagraph, paragraphs, err := parse(kind, profile)
if err != nil { if err != nil {
return "", err return "", err
} }
for idx, rules := range paragraphRules { for idx, rules := range rulesByParagraph {
if err := rules.Validate(); err != nil { if err := rules.Validate(); err != nil {
return "", err return "", err
} }
@ -97,6 +120,20 @@ func formatFile(profile string) (string, error) {
return profile, nil return profile, nil
} }
// getKind checks if the file is a full apparmor profile file or an
// included (abstraction or tunable) file.
func getKind(file *paths.Path) kind {
dirname := file.Parent().String()
switch {
case strings.Contains(dirname, "abstractions"):
return isAbstraction
case strings.Contains(dirname, "tunables"):
return isTunable
default:
return isProfile
}
}
func aaFormat(files paths.PathList) error { func aaFormat(files paths.PathList) error {
for _, file := range files { for _, file := range files {
if !file.Exist() { if !file.Exist() {
@ -106,7 +143,8 @@ func aaFormat(files paths.PathList) error {
if err != nil { if err != nil {
return err return err
} }
profile, err = formatFile(profile)
profile, err = formatFile(getKind(file), profile)
if err != nil { if err != nil {
return err return err
} }