feat(build): add the exec directive.
This commit is contained in:
Alexandre Pujol
parent
8e5f83df34
commit
b32ee4a5a9
2 changed files with 92 additions and 0 deletions
48
pkg/prebuild/directive/exec.go
Normal file
48
pkg/prebuild/directive/exec.go
Normal file
|
|
@ -0,0 +1,48 @@
|
||||||
|
// apparmor.d - Full set of apparmor profiles
|
||||||
|
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
// SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
package directive
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/roddhjav/apparmor.d/pkg/aa"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Exec struct {
|
||||||
|
DirectiveBase
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
Directives["exec"] = &Exec{
|
||||||
|
DirectiveBase: DirectiveBase{
|
||||||
|
message: "Exec directive applied",
|
||||||
|
usage: `#aa:exec [P|U|p|u|i|] profiles_name...`,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d Exec) Apply(opt *Option, profile string) string {
|
||||||
|
res := ""
|
||||||
|
transition := "Px"
|
||||||
|
for name := range opt.Args {
|
||||||
|
tmp, err := rootApparmord.Join(name).ReadFile()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
profiletoTransition := string(tmp)
|
||||||
|
|
||||||
|
p := aa.DefaultTunables()
|
||||||
|
p.ParseVariables(profiletoTransition)
|
||||||
|
for _, variable := range p.Variables {
|
||||||
|
if variable.Name == "exec_path" {
|
||||||
|
for _, value := range variable.Values {
|
||||||
|
res += " " + value + " " + transition + ",\n"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
profile = strings.Replace(profile, opt.Raw, res, -1)
|
||||||
|
}
|
||||||
|
return profile
|
||||||
|
}
|
||||||
44
pkg/prebuild/directive/exec_test.go
Normal file
44
pkg/prebuild/directive/exec_test.go
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
// apparmor.d - Full set of apparmor profiles
|
||||||
|
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
// SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
package directive
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/arduino/go-paths-helper"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestExec_Apply(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
rootApparmord *paths.Path
|
||||||
|
opt *Option
|
||||||
|
profile string
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "exec",
|
||||||
|
rootApparmord: paths.New("../../../apparmor.d/groups/kde/"),
|
||||||
|
opt: &Option{
|
||||||
|
Name: "exec",
|
||||||
|
Args: map[string]string{"DiscoverNotifier": ""},
|
||||||
|
File: nil,
|
||||||
|
Raw: " #aa:exec DiscoverNotifier",
|
||||||
|
},
|
||||||
|
profile: ` #aa:exec DiscoverNotifier`,
|
||||||
|
want: ` @{lib}/DiscoverNotifier Px,
|
||||||
|
@{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
|
||||||
|
`,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
rootApparmord = tt.rootApparmord
|
||||||
|
if got := Directives["exec"].Apply(tt.opt, tt.profile); got != tt.want {
|
||||||
|
t.Errorf("Exec.Apply() = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue