feat(aa): ensure accesses are slice of string.

2024-04-23 21:17:25 +01:00 · 2024-04-23 21:17:25 +01:00 · c719a0a109
commit c719a0a109
parent a2910122d2
16 changed files with 240 additions and 210 deletions
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@ -197,8 +197,8 @@ func (aaLogs AppArmorLogs) String() string {
 }

 // ParseToProfiles convert the log data into a new AppArmorProfiles
-func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfileFiles {
-	profiles := make(aa.AppArmorProfileFiles, 0)
+func (aaLogs AppArmorLogs) ParseToProfiles() map[string]*aa.Profile {
+	profiles := make(map[string]*aa.Profile, 0)
 	for _, log := range aaLogs {
 		name := ""
 		if strings.Contains(log["operation"], "dbus") {
@ -208,9 +208,7 @@ func (aaLogs AppArmorLogs) ParseToProfiles() aa.AppArmorProfileFiles {
 		}

 		if _, ok := profiles[name]; !ok {
-			profile := &aa.AppArmorProfileFile{
-				Profiles: []*aa.Profile{{Header: aa.Header{Name: name}}},
-			}
+			profile := &aa.Profile{Header: aa.Header{Name: name}}
 			profile.AddRule(log)
 			profiles[name] = profile
 		} else {
--- a/pkg/logs/logs_test.go
+++ b/pkg/logs/logs_test.go
@ -292,46 +292,42 @@ func TestAppArmorLogs_ParseToProfiles(t *testing.T) {
 	tests := []struct {
 		name   string
 		aaLogs AppArmorLogs
-		want   aa.AppArmorProfileFiles
+		want   map[string]*aa.Profile
 	}{
 		{
 			name:   "",
 			aaLogs: append(append(refKmod, refPowerProfiles...), refKmod...),
-			want: aa.AppArmorProfileFiles{
-				"kmod": &aa.AppArmorProfileFile{
-					Profiles: []*aa.Profile{{
-						Header: aa.Header{Name: "kmod"},
-						Rules: aa.Rules{
-							&aa.Unix{
-								RuleBase: aa.RuleBase{FileInherit: true},
-								Access:   "send receive",
-								Type:     "stream",
-								Protocol: "0",
-							},
-							&aa.Unix{
-								RuleBase: aa.RuleBase{FileInherit: true},
-								Access:   "send receive",
-								Type:     "stream",
-								Protocol: "0",
-							},
+			want: map[string]*aa.Profile{
+				"kmod": {
+					Header: aa.Header{Name: "kmod"},
+					Rules: aa.Rules{
+						&aa.Unix{
+							RuleBase: aa.RuleBase{FileInherit: true},
+							Access:   []string{"receive", "send"},
+							Type:     "stream",
+							Protocol: "0",
 						},
-					}},
+						&aa.Unix{
+							RuleBase: aa.RuleBase{FileInherit: true},
+							Access:   []string{"receive", "send"},
+							Type:     "stream",
+							Protocol: "0",
+						},
+					},
 				},
-				"power-profiles-daemon": &aa.AppArmorProfileFile{
-					Profiles: []*aa.Profile{{
-						Header: aa.Header{Name: "power-profiles-daemon"},
-						Rules: aa.Rules{
-							&aa.Dbus{
-								Access:    "send",
-								Bus:       "system",
-								Path:      "/org/freedesktop/DBus",
-								Interface: "org.freedesktop.DBus",
-								Member:    "AddMatch",
-								PeerName:  "org.freedesktop.DBus",
-								PeerLabel: "dbus-daemon",
-							},
+				"power-profiles-daemon": {
+					Header: aa.Header{Name: "power-profiles-daemon"},
+					Rules: aa.Rules{
+						&aa.Dbus{
+							Access:    []string{"send"},
+							Bus:       "system",
+							Path:      "/org/freedesktop/DBus",
+							Interface: "org.freedesktop.DBus",
+							Member:    "AddMatch",
+							PeerName:  "org.freedesktop.DBus",
+							PeerLabel: "dbus-daemon",
 						},
-					}},
+					},
 				},
 			},
 		},