felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): a Constraint and Kind method to the Rule interface.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-04 23:41:47 +01:00
parent a5c4eab0cf
commit f763d31a07
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
18 changed files with 210 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pkg/aa/base.go
View file

@ -66,6 +66,14 @@ func (r RuleBase) String() string {
return renderTemplate("comment", r) return renderTemplate("comment", r)
} }
func (r RuleBase) Constraint() constraint {
return anyKind
}
func (r RuleBase) Kind() string {
return "base"
}
type Qualifier struct { type Qualifier struct {
Audit bool Audit bool
AccessType string AccessType string
@ -104,5 +112,13 @@ func (r *All) Equals(other any) bool {
} }
func (r *All) String() string { func (r *All) String() string {
return renderTemplate(tokALL, r) return renderTemplate(r.Kind(), r)
}
func (r *All) Constraint() constraint {
return blockKind
}
func (r *All) Kind() string {
return tokALL
} }

10
pkg/aa/capability.go
View file

@ -39,5 +39,13 @@ func (r *Capability) Equals(other any) bool {
} }
func (r *Capability) String() string { func (r *Capability) String() string {
return renderTemplate(tokCAPABILITY, r) return renderTemplate(r.Kind(), r)
}
func (r *Capability) Constraint() constraint {
return blockKind
}
func (r *Capability) Kind() string {
return tokCAPABILITY
} }

8
pkg/aa/change_profile.go
View file

@ -47,3 +47,11 @@ func (r *ChangeProfile) Equals(other any) bool {
func (r *ChangeProfile) String() string { func (r *ChangeProfile) String() string {
return renderTemplate(tokCHANGEPROFILE, r) return renderTemplate(tokCHANGEPROFILE, r)
} }
func (r *ChangeProfile) Constraint() constraint {
return blockKind
}
func (r *ChangeProfile) Kind() string {
return tokCHANGEPROFILE
}

10
pkg/aa/dbus.go
View file

@ -81,5 +81,13 @@ func (r *Dbus) Equals(other any) bool {
} }
func (r *Dbus) String() string { func (r *Dbus) String() string {
return renderTemplate(tokDBUS, r) return renderTemplate(r.Kind(), r)
}
func (r *Dbus) Constraint() constraint {
return blockKind
}
func (r *Dbus) Kind() string {
return tokDBUS
} }

9
pkg/aa/file.go
View file

@ -60,8 +60,13 @@ func (r *File) Equals(other any) bool {
} }
func (r *File) String() string { func (r *File) String() string {
return renderTemplate("file", r) return renderTemplate(r.Kind(), r)
} }
r.Target == o.Target && r.Qualifier.Equals(o.Qualifier) func (r *File) Constraint() constraint {
return blockKind
}
func (r *File) Kind() string {
return "file"
} }

10
pkg/aa/io_uring.go
View file

@ -40,5 +40,13 @@ func (r *IOUring) Equals(other any) bool {
} }
func (r *IOUring) String() string { func (r *IOUring) String() string {
return renderTemplate(tokIOURING, r) return renderTemplate(r.Kind(), r)
}
func (r *IOUring) Constraint() constraint {
return blockKind
}
func (r *IOUring) Kind() string {
return tokIOURING
} }

30
pkg/aa/mount.go
View file

@ -83,7 +83,15 @@ func (r *Mount) Equals(other any) bool {
} }
func (r *Mount) String() string { func (r *Mount) String() string {
return renderTemplate(tokMOUNT, r) return renderTemplate(r.Kind(), r)
}
func (r *Mount) Constraint() constraint {
return blockKind
}
func (r *Mount) Kind() string {
return tokMOUNT
} }
type Umount struct { type Umount struct {
@ -121,7 +129,15 @@ func (r *Umount) Equals(other any) bool {
} }
func (r *Umount) String() string { func (r *Umount) String() string {
return renderTemplate(tokUMOUNT, r) return renderTemplate(r.Kind(), r)
}
func (r *Umount) Constraint() constraint {
return blockKind
}
func (r *Umount) Kind() string {
return tokUMOUNT
} }
type Remount struct { type Remount struct {
@ -159,5 +175,13 @@ func (r *Remount) Equals(other any) bool {
} }
func (r *Remount) String() string { func (r *Remount) String() string {
return renderTemplate(tokREMOUNT, r) return renderTemplate(r.Kind(), r)
}
func (r *Remount) Constraint() constraint {
return blockKind
}
func (r *Remount) Kind() string {
return tokREMOUNT
} }

10
pkg/aa/mqueue.go
View file

@ -58,5 +58,13 @@ func (r *Mqueue) Equals(other any) bool {
} }
func (r *Mqueue) String() string { func (r *Mqueue) String() string {
return renderTemplate(tokMQUEUE, r) return renderTemplate(r.Kind(), r)
}
func (r *Mqueue) Constraint() constraint {
return blockKind
}
func (r *Mqueue) Kind() string {
return tokMQUEUE
} }

10
pkg/aa/network.go
View file

@ -81,5 +81,13 @@ func (r *Network) Equals(other any) bool {
} }
func (r *Network) String() string { func (r *Network) String() string {
return renderTemplate(tokNETWORK, r) return renderTemplate(r.Kind(), r)
}
func (r *Network) Constraint() constraint {
return blockKind
}
func (r *Network) Kind() string {
return tokNETWORK
} }

10
pkg/aa/pivot_root.go
View file

@ -46,5 +46,13 @@ func (r *PivotRoot) Equals(other any) bool {
} }
func (r *PivotRoot) String() string { func (r *PivotRoot) String() string {
return renderTemplate(tokPIVOTROOT, r) return renderTemplate(r.Kind(), r)
}
func (r *PivotRoot) Constraint() constraint {
return blockKind
}
func (r *PivotRoot) Kind() string {
return tokPIVOTROOT
} }

34
pkg/aa/preamble.go
View file

@ -40,7 +40,7 @@ func (r *Comment) IsPreamble() bool {
return true return true
} }
func (r *Comment) Constraint() RuleConstraint { func (r *Comment) Constraint() constraint {
return anyKind return anyKind
} }
@ -71,6 +71,14 @@ func (r *Abi) String() string {
return renderTemplate(tokABI, r) return renderTemplate(tokABI, r)
} }
func (r *Abi) Constraint() constraint {
return preambleKind
}
func (r *Abi) Kind() string {
return tokABI
}
type Alias struct { type Alias struct {
RuleBase RuleBase
Path string Path string
@ -94,6 +102,14 @@ func (r *Alias) String() string {
return renderTemplate(tokALIAS, r) return renderTemplate(tokALIAS, r)
} }
func (r *Alias) Constraint() constraint {
return preambleKind
}
func (r *Alias) Kind() string {
return tokALIAS
}
type Include struct { type Include struct {
RuleBase RuleBase
IfExists bool IfExists bool
@ -121,6 +137,14 @@ func (r *Include) String() string {
return renderTemplate(tokINCLUDE, r) return renderTemplate(tokINCLUDE, r)
} }
func (r *Include) Constraint() constraint {
return anyKind
}
func (r *Include) Kind() string {
return tokINCLUDE
}
type Variable struct { type Variable struct {
RuleBase RuleBase
Name string Name string
@ -146,3 +170,11 @@ func (r *Variable) Equals(other any) bool {
func (r *Variable) String() string { func (r *Variable) String() string {
return renderTemplate("variable", r) return renderTemplate("variable", r)
} }
func (r *Variable) Constraint() constraint {
return preambleKind
}
func (r *Variable) Kind() string {
return tokVARIABLE
}

10
pkg/aa/profile.go
View file

@ -48,7 +48,15 @@ func (p *Profile) Equals(other any) bool {
} }
func (p *Profile) String() string { func (p *Profile) String() string {
return renderTemplate(tokPROFILE, p) return renderTemplate(p.Kind(), p)
}
func (p *Profile) Constraint() constraint {
return blockKind
}
func (p *Profile) Kind() string {
return tokPROFILE
} }
// Merge merge similar rules together. // Merge merge similar rules together.

10
pkg/aa/ptrace.go
View file

@ -40,5 +40,13 @@ func (r *Ptrace) Equals(other any) bool {
} }
func (r *Ptrace) String() string { func (r *Ptrace) String() string {
return renderTemplate(tokPTRACE, r) return renderTemplate(r.Kind(), r)
}
func (r *Ptrace) Constraint() constraint {
return blockKind
}
func (r *Ptrace) Kind() string {
return tokPTRACE
} }

10
pkg/aa/rlimit.go
View file

@ -43,5 +43,13 @@ func (r *Rlimit) Equals(other any) bool {
} }
func (r *Rlimit) String() string { func (r *Rlimit) String() string {
return renderTemplate(tokRLIMIT, r) return renderTemplate(r.Kind(), r)
}
func (r *Rlimit) Constraint() constraint {
return blockKind
}
func (r *Rlimit) Kind() string {
return tokRLIMIT
} }

10
pkg/aa/rules.go
View file

@ -16,11 +16,21 @@ const (
tokDENY = "deny" tokDENY = "deny"
) )
type constraint uint
const (
anyKind constraint = iota // The rule can be found in either preamble or profile
preambleKind // The rule can only be found in the preamble
blockKind // The rule can only be found in a profile
)
// Rule generic interface for all AppArmor rules // Rule generic interface for all AppArmor rules
type Rule interface { type Rule interface {
Less(other any) bool Less(other any) bool
Equals(other any) bool Equals(other any) bool
String() string String() string
Constraint() constraint
Kind() string
} }
type Rules []Rule type Rules []Rule

10
pkg/aa/signal.go
View file

@ -46,5 +46,13 @@ func (r *Signal) Equals(other any) bool {
} }
func (r *Signal) String() string { func (r *Signal) String() string {
return renderTemplate(tokSIGNAL, r) return renderTemplate(r.Kind(), r)
}
func (r *Signal) Constraint() constraint {
return blockKind
}
func (r *Signal) Kind() string {
return tokSIGNAL
} }

10
pkg/aa/unix.go
View file

@ -78,5 +78,13 @@ func (r *Unix) Equals(other any) bool {
} }
func (r *Unix) String() string { func (r *Unix) String() string {
return renderTemplate(tokUNIX, r) return renderTemplate(r.Kind(), r)
}
func (r *Unix) Constraint() constraint {
return blockKind
}
func (r *Unix) Kind() string {
return tokUNIX
} }

10
pkg/aa/userns.go
View file

@ -34,5 +34,13 @@ func (r *Userns) Equals(other any) bool {
} }
func (r *Userns) String() string { func (r *Userns) String() string {
return renderTemplate(tokUSERNS, r) return renderTemplate(r.Kind(), r)
}
func (r *Userns) Constraint() constraint {
return blockKind
}
func (r *Userns) Kind() string {
return tokUSERNS
} }