feat(aa): parse apparmor preamble files.

2024-05-27 18:55:21 +01:00 · 2024-05-27 18:55:21 +01:00 · a99387c323
commit a99387c323
parent 2e043d4ec8
6 changed files with 710 additions and 8 deletions
--- a/pkg/aa/preamble.go
+++ b/pkg/aa/preamble.go
@ -5,7 +5,9 @@
 package aa

 import (
+	"fmt"
 	"slices"
+	"strings"
 )

 const (
@ -21,6 +23,12 @@ type Comment struct {
 	RuleBase
 }

+func newComment(rule []string) (Rule, error) {
+	base := newRule(rule)
+	base.IsLineRule = true
+	return &Comment{RuleBase: base}, nil
+}
+
 func (r *Comment) Validate() error {
 	return nil
 }
@ -55,6 +63,31 @@ type Abi struct {
 	IsMagic bool
 }

+func newAbi(rule []string) (Rule, error) {
+	var magic bool
+	if len(rule) > 0 && rule[0] == tokABI {
+		rule = rule[1:]
+	}
+	if len(rule) != 1 {
+		return nil, fmt.Errorf("invalid abi format: %s", rule)
+	}
+
+	path := rule[0]
+	switch {
+	case path[0] == '"':
+		magic = false
+	case path[0] == '<':
+		magic = true
+	default:
+		return nil, fmt.Errorf("invalid path %s in rule: %s", path, rule)
+	}
+	return &Abi{
+		RuleBase: newRule(rule),
+		Path:     strings.Trim(path, "\"<>"),
+		IsMagic:  magic,
+	}, nil
+}
+
 func (r *Abi) Validate() error {
 	return nil
 }
@ -90,6 +123,23 @@ type Alias struct {
 	RewrittenPath string
 }

+func newAlias(rule []string) (Rule, error) {
+	if len(rule) > 0 && rule[0] == tokALIAS {
+		rule = rule[1:]
+	}
+	if len(rule) != 3 {
+		return nil, fmt.Errorf("invalid alias format: %s", rule)
+	}
+	if rule[1] != tokARROW {
+		return nil, fmt.Errorf("invalid alias format, missing %s in: %s", tokARROW, rule)
+	}
+	return &Alias{
+		RuleBase:      newRule(rule),
+		Path:          rule[0],
+		RewrittenPath: rule[2],
+	}, nil
+}
+
 func (r *Alias) Validate() error {
 	return nil
 }
@ -126,6 +176,41 @@ type Include struct {
 	IsMagic  bool
 }

+func newInclude(rule []string) (Rule, error) {
+	var magic bool
+	var ifexists bool
+
+	if len(rule) > 0 && rule[0] == tokINCLUDE {
+		rule = rule[1:]
+	}
+
+	size := len(rule)
+	if size == 0 {
+		return nil, fmt.Errorf("invalid include format: %v", rule)
+	}
+
+	if size >= 3 && strings.Join(rule[:2], " ") == tokIFEXISTS {
+		ifexists = true
+		rule = rule[2:]
+	}
+
+	path := rule[0]
+	switch {
+	case path[0] == '"':
+		magic = false
+	case path[0] == '<':
+		magic = true
+	default:
+		return nil, fmt.Errorf("invalid path format: %v", path)
+	}
+	return &Include{
+		RuleBase: newRule(rule),
+		IfExists: ifexists,
+		Path:     strings.Trim(path, "\"<>"),
+		IsMagic:  magic,
+	}, nil
+}
+
 func (r *Include) Validate() error {
 	return nil
 }
@ -165,6 +250,35 @@ type Variable struct {
 	Define bool
 }

+func newVariable(rule []string) (Rule, error) {
+	var define bool
+	var values []string
+	if len(rule) < 3 {
+		return nil, fmt.Errorf("invalid variable format: %v", rule)
+	}
+
+	name := strings.Trim(rule[0], tokVARIABLE+"}")
+	switch rule[1] {
+	case tokEQUAL:
+		define = true
+		values = tokensStripComment(rule[2:])
+	case tokPLUS:
+		if rule[2] != tokEQUAL {
+			return nil, fmt.Errorf("invalid operator in variable: %v", rule)
+		}
+		define = false
+		values = tokensStripComment(rule[3:])
+	default:
+		return nil, fmt.Errorf("invalid operator in variable: %v", rule)
+	}
+	return &Variable{
+		RuleBase: newRule(rule),
+		Name:     name,
+		Values:   values,
+		Define:   define,
+	}, nil
+}
+
 func (r *Variable) Validate() error {
 	return nil
 }