feat(aa): use profile guideline to sort file rules.

2023-09-30 13:54:04 +01:00 · 2023-09-30 13:54:04 +01:00 · c0bc903101
commit c0bc903101
parent 4dfc1388e3
4 changed files with 57 additions and 11 deletions
--- a/pkg/aa/file.go
+++ b/pkg/aa/file.go
@ -4,6 +4,10 @@

 package aa

+import (
+	"strings"
+)
+
 type File struct {
 	Qualifier
 	Path   string
@ -22,16 +26,30 @@ func FileFromLog(log map[string]string) ApparmorRule {

 func (r *File) Less(other any) bool {
 	o, _ := other.(*File)
-	if r.Qualifier.Equals(o.Qualifier) {
+	letterR := ""
+	letterO := ""
+	for _, letter := range fileAlphabet {
+		if strings.HasPrefix(r.Path, letter) {
+			letterR = letter
+		}
+		if strings.HasPrefix(o.Path, letter) {
+			letterO = letter
+		}
+	}
+
+	if fileWeights[letterR] == fileWeights[letterO] || letterR == "" || letterO == "" {
 		if r.Path == o.Path {
-			if r.Access == o.Access {
-				return r.Target < o.Target
+			if r.Qualifier.Equals(o.Qualifier) {
+				if r.Access == o.Access {
+					return r.Target < o.Target
+				}
+				return r.Access < o.Access
 			}
-			return r.Access < o.Access
+			return r.Qualifier.Less(o.Qualifier)
 		}
 		return r.Path < o.Path
 	}
-	return r.Qualifier.Less(o.Qualifier)
+	return fileWeights[letterR] < fileWeights[letterO]
 }

 func (r *File) Equals(other any) bool {
@ -39,4 +57,3 @@ func (r *File) Equals(other any) bool {
 	return r.Path == o.Path && r.Access == o.Access &&
 		r.Target == o.Target && r.Qualifier.Equals(o.Qualifier)
 }
-