feat(aa): ensure accesses are slice of string.

2024-04-23 21:17:25 +01:00 · 2024-04-23 21:17:25 +01:00 · c719a0a109
commit c719a0a109
parent a2910122d2
16 changed files with 240 additions and 210 deletions
--- a/pkg/aa/apparmor.go
+++ b/pkg/aa/apparmor.go
@ -61,77 +61,6 @@ func (f *AppArmorProfileFile) GetDefaultProfile() *Profile {
 	return f.Profiles[0]
 }

-// AddRule adds a new rule to the profile from a log map
-// See utils/apparmor/logparser.py for the format of the log map
-func (f *AppArmorProfileFile) AddRule(log map[string]string) {
-	p := f.GetDefaultProfile()
-
-	// Generate profile flags and extra rules
-	switch log["error"] {
-	case "-2":
-		if !slices.Contains(p.Flags, "mediate_deleted") {
-			p.Flags = append(p.Flags, "mediate_deleted")
-		}
-	case "-13":
-		if strings.Contains(log["info"], "namespace creation restricted") {
-			p.Rules = append(p.Rules, newUsernsFromLog(log))
-		} else if strings.Contains(log["info"], "disconnected path") && !slices.Contains(p.Flags, "attach_disconnected") {
-			p.Flags = append(p.Flags, "attach_disconnected")
-		}
-	default:
-	}
-
-	switch log["class"] {
-	case "cap":
-		p.Rules = append(p.Rules, newCapabilityFromLog(log))
-	case "net":
-		if log["family"] == "unix" {
-			p.Rules = append(p.Rules, newUnixFromLog(log))
-		} else {
-			p.Rules = append(p.Rules, newNetworkFromLog(log))
-		}
-	case "mount":
-		if strings.Contains(log["flags"], "remount") {
-			p.Rules = append(p.Rules, newRemountFromLog(log))
-		} else {
-			switch log["operation"] {
-			case "mount":
-				p.Rules = append(p.Rules, newMountFromLog(log))
-			case "umount":
-				p.Rules = append(p.Rules, newUmountFromLog(log))
-			case "remount":
-				p.Rules = append(p.Rules, newRemountFromLog(log))
-			case "pivotroot":
-				p.Rules = append(p.Rules, newPivotRootFromLog(log))
-			}
-		}
-	case "posix_mqueue", "sysv_mqueue":
-		p.Rules = append(p.Rules, newMqueueFromLog(log))
-	case "signal":
-		p.Rules = append(p.Rules, newSignalFromLog(log))
-	case "ptrace":
-		p.Rules = append(p.Rules, newPtraceFromLog(log))
-	case "namespace":
-		p.Rules = append(p.Rules, newUsernsFromLog(log))
-	case "unix":
-		p.Rules = append(p.Rules, newUnixFromLog(log))
-	case "dbus":
-		p.Rules = append(p.Rules, newDbusFromLog(log))
-	case "file":
-		if log["operation"] == "change_onexec" {
-			p.Rules = append(p.Rules, newChangeProfileFromLog(log))
-		} else {
-			p.Rules = append(p.Rules, newFileFromLog(log))
-		}
-	default:
-		if strings.Contains(log["operation"], "dbus") {
-			p.Rules = append(p.Rules, newDbusFromLog(log))
-		} else if log["family"] == "unix" {
-			p.Rules = append(p.Rules, newUnixFromLog(log))
-		}
-	}
-}
-
 // Sort the rules in the profile
 // Follow: https://apparmor.pujol.io/development/guidelines/#guidelines
 func (f *AppArmorProfileFile) Sort() {