feat(aa): a Constraint and Kind method to the Rule interface.

2024-05-04 23:41:47 +01:00 · 2024-05-04 23:41:47 +01:00 · f763d31a07
commit f763d31a07
parent a5c4eab0cf
18 changed files with 210 additions and 19 deletions
--- a/pkg/aa/base.go
+++ b/pkg/aa/base.go
@ -66,6 +66,14 @@ func (r RuleBase) String() string {
 	return renderTemplate("comment", r)
 }

+func (r RuleBase) Constraint() constraint {
+	return anyKind
+}
+
+func (r RuleBase) Kind() string {
+	return "base"
+}
+
 type Qualifier struct {
 	Audit      bool
 	AccessType string
@ -104,5 +112,13 @@ func (r *All) Equals(other any) bool {
 }

 func (r *All) String() string {
-	return renderTemplate(tokALL, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *All) Constraint() constraint {
+	return blockKind
+}
+
+func (r *All) Kind() string {
+	return tokALL
 }
--- a/pkg/aa/capability.go
+++ b/pkg/aa/capability.go
@ -39,5 +39,13 @@ func (r *Capability) Equals(other any) bool {
 }

 func (r *Capability) String() string {
-	return renderTemplate(tokCAPABILITY, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Capability) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Capability) Kind() string {
+	return tokCAPABILITY
 }
--- a/pkg/aa/change_profile.go
+++ b/pkg/aa/change_profile.go
@ -47,3 +47,11 @@ func (r *ChangeProfile) Equals(other any) bool {
 func (r *ChangeProfile) String() string {
 	return renderTemplate(tokCHANGEPROFILE, r)
 }
+
+func (r *ChangeProfile) Constraint() constraint {
+	return blockKind
+}
+
+func (r *ChangeProfile) Kind() string {
+	return tokCHANGEPROFILE
+}
--- a/pkg/aa/dbus.go
+++ b/pkg/aa/dbus.go
@ -81,5 +81,13 @@ func (r *Dbus) Equals(other any) bool {
 }

 func (r *Dbus) String() string {
-	return renderTemplate(tokDBUS, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Dbus) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Dbus) Kind() string {
+	return tokDBUS
 }
--- a/pkg/aa/file.go
+++ b/pkg/aa/file.go
@ -60,8 +60,13 @@ func (r *File) Equals(other any) bool {
 }

 func (r *File) String() string {
-	return renderTemplate("file", r)
+	return renderTemplate(r.Kind(), r)
 }

-		r.Target == o.Target && r.Qualifier.Equals(o.Qualifier)
+func (r *File) Constraint() constraint {
+	return blockKind
+}
+
+func (r *File) Kind() string {
+	return "file"
 }
--- a/pkg/aa/io_uring.go
+++ b/pkg/aa/io_uring.go
@ -40,5 +40,13 @@ func (r *IOUring) Equals(other any) bool {
 }

 func (r *IOUring) String() string {
-	return renderTemplate(tokIOURING, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *IOUring) Constraint() constraint {
+	return blockKind
+}
+
+func (r *IOUring) Kind() string {
+	return tokIOURING
 }
--- a/pkg/aa/mount.go
+++ b/pkg/aa/mount.go
@ -83,7 +83,15 @@ func (r *Mount) Equals(other any) bool {
 }

 func (r *Mount) String() string {
-	return renderTemplate(tokMOUNT, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Mount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Mount) Kind() string {
+	return tokMOUNT
 }

 type Umount struct {
@ -121,7 +129,15 @@ func (r *Umount) Equals(other any) bool {
 }

 func (r *Umount) String() string {
-	return renderTemplate(tokUMOUNT, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Umount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Umount) Kind() string {
+	return tokUMOUNT
 }

 type Remount struct {
@ -159,5 +175,13 @@ func (r *Remount) Equals(other any) bool {
 }

 func (r *Remount) String() string {
-	return renderTemplate(tokREMOUNT, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Remount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Remount) Kind() string {
+	return tokREMOUNT
 }
--- a/pkg/aa/mqueue.go
+++ b/pkg/aa/mqueue.go
@ -58,5 +58,13 @@ func (r *Mqueue) Equals(other any) bool {
 }

 func (r *Mqueue) String() string {
-	return renderTemplate(tokMQUEUE, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Mqueue) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Mqueue) Kind() string {
+	return tokMQUEUE
 }
--- a/pkg/aa/network.go
+++ b/pkg/aa/network.go
@ -81,5 +81,13 @@ func (r *Network) Equals(other any) bool {
 }

 func (r *Network) String() string {
-	return renderTemplate(tokNETWORK, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Network) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Network) Kind() string {
+	return tokNETWORK
 }
--- a/pkg/aa/pivot_root.go
+++ b/pkg/aa/pivot_root.go
@ -46,5 +46,13 @@ func (r *PivotRoot) Equals(other any) bool {
 }

 func (r *PivotRoot) String() string {
-	return renderTemplate(tokPIVOTROOT, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *PivotRoot) Constraint() constraint {
+	return blockKind
+}
+
+func (r *PivotRoot) Kind() string {
+	return tokPIVOTROOT
 }
--- a/pkg/aa/preamble.go
+++ b/pkg/aa/preamble.go
@ -40,7 +40,7 @@ func (r *Comment) IsPreamble() bool {
 	return true
 }

-func (r *Comment) Constraint() RuleConstraint {
+func (r *Comment) Constraint() constraint {
 	return anyKind
 }

@ -71,6 +71,14 @@ func (r *Abi) String() string {
 	return renderTemplate(tokABI, r)
 }

+func (r *Abi) Constraint() constraint {
+	return preambleKind
+}
+
+func (r *Abi) Kind() string {
+	return tokABI
+}
+
 type Alias struct {
 	RuleBase
 	Path          string
@ -94,6 +102,14 @@ func (r *Alias) String() string {
 	return renderTemplate(tokALIAS, r)
 }

+func (r *Alias) Constraint() constraint {
+	return preambleKind
+}
+
+func (r *Alias) Kind() string {
+	return tokALIAS
+}
+
 type Include struct {
 	RuleBase
 	IfExists bool
@ -121,6 +137,14 @@ func (r *Include) String() string {
 	return renderTemplate(tokINCLUDE, r)
 }

+func (r *Include) Constraint() constraint {
+	return anyKind
+}
+
+func (r *Include) Kind() string {
+	return tokINCLUDE
+}
+
 type Variable struct {
 	RuleBase
 	Name   string
@ -146,3 +170,11 @@ func (r *Variable) Equals(other any) bool {
 func (r *Variable) String() string {
 	return renderTemplate("variable", r)
 }
+
+func (r *Variable) Constraint() constraint {
+	return preambleKind
+}
+
+func (r *Variable) Kind() string {
+	return tokVARIABLE
+}
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -48,7 +48,15 @@ func (p *Profile) Equals(other any) bool {
 }

 func (p *Profile) String() string {
-	return renderTemplate(tokPROFILE, p)
+	return renderTemplate(p.Kind(), p)
+}
+
+func (p *Profile) Constraint() constraint {
+	return blockKind
+}
+
+func (p *Profile) Kind() string {
+	return tokPROFILE
 }

 // Merge merge similar rules together.
--- a/pkg/aa/ptrace.go
+++ b/pkg/aa/ptrace.go
@ -40,5 +40,13 @@ func (r *Ptrace) Equals(other any) bool {
 }

 func (r *Ptrace) String() string {
-	return renderTemplate(tokPTRACE, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Ptrace) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Ptrace) Kind() string {
+	return tokPTRACE
 }
--- a/pkg/aa/rlimit.go
+++ b/pkg/aa/rlimit.go
@ -43,5 +43,13 @@ func (r *Rlimit) Equals(other any) bool {
 }

 func (r *Rlimit) String() string {
-	return renderTemplate(tokRLIMIT, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Rlimit) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Rlimit) Kind() string {
+	return tokRLIMIT
 }
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@ -16,11 +16,21 @@ const (
 	tokDENY  = "deny"
 )

+type constraint uint
+
+const (
+	anyKind      constraint = iota // The rule can be found in either preamble or profile
+	preambleKind                   // The rule can only be found in the preamble
+	blockKind                      // The rule can only be found in a profile
+)
+
 // Rule generic interface for all AppArmor rules
 type Rule interface {
 	Less(other any) bool
 	Equals(other any) bool
 	String() string
+	Constraint() constraint
+	Kind() string
 }

 type Rules []Rule
--- a/pkg/aa/signal.go
+++ b/pkg/aa/signal.go
@ -46,5 +46,13 @@ func (r *Signal) Equals(other any) bool {
 }

 func (r *Signal) String() string {
-	return renderTemplate(tokSIGNAL, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Signal) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Signal) Kind() string {
+	return tokSIGNAL
 }
--- a/pkg/aa/unix.go
+++ b/pkg/aa/unix.go
@ -78,5 +78,13 @@ func (r *Unix) Equals(other any) bool {
 }

 func (r *Unix) String() string {
-	return renderTemplate(tokUNIX, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Unix) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Unix) Kind() string {
+	return tokUNIX
 }
--- a/pkg/aa/userns.go
+++ b/pkg/aa/userns.go
@ -34,5 +34,13 @@ func (r *Userns) Equals(other any) bool {
 }

 func (r *Userns) String() string {
-	return renderTemplate(tokUSERNS, r)
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Userns) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Userns) Kind() string {
+	return tokUSERNS
 }