[apparmor] [patch] fix and improve recursive_print()
Steve Beattie
steve at nxnw.org
Mon Nov 17 21:18:11 UTC 2014
On Sat, Nov 15, 2014 at 01:32:36AM +0100, Christian Boltz wrote:
> IMHO we should keep the object type as a "headline", so please add
> (untested, please adjust if needed)
>
> print (tabs + '%s' % src)
>
> This will also print the memory address, which can be helpful to find
> out if you have multiple references to the same object or separate
> objects.
I don't mind having a headline that indicates what type it is, but I
don't particularly care for printing raw memory locations, and I note
that this would be the only bits of the recursive tree that we emit this
for.
Update patch follows. It adds a header such that sample results look like:
[unix]
[
[Raw_Unix_Rule]
audit = False
deny = False
raw rule = unix peer=(label=@{profile_name}),
[Raw_Unix_Rule]
audit = False
deny = False
raw rule = unix (receive) peer=(label=unconfined),
[Raw_Unix_Rule]
audit = False
deny = False
raw rule = unix (create),
[Raw_Unix_Rule]
audit = False
deny = False
raw rule = unix (getattr, getopt, setopt, shutdown),
]
[ptrace]
[
[Raw_Ptrace_Rule]
audit = False
deny = False
raw rule = ptrace (readby),
[Raw_Ptrace_Rule]
audit = False
deny = False
raw rule = ptrace (tracedby),
[Raw_Ptrace_Rule]
audit = False
deny = False
raw rule = ptrace (read) peer=@{profile_name},
]
It also fixes a situation where, when the list or tuple is empty, it would output:
[@{DOVECOT_MAILSTORE}]
[
[--- empty ---]
]
and instead corrects it to just output:
[@{DOVECOT_MAILSTORE}]
[--- empty ---]
It also reduces the indention for lists and tuples by one to one, as it
was causing the raw rules to be overly indented.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
utils/apparmor/common.py | 16 +++++++++-------
utils/apparmor/rules.py | 8 ++++++++
2 files changed, 17 insertions(+), 7 deletions(-)
Index: b/utils/apparmor/common.py
===================================================================
--- a/utils/apparmor/common.py
+++ b/utils/apparmor/common.py
@@ -20,6 +20,7 @@ import subprocess
import sys
import termios
import tty
+import apparmor.rules as rules
DEBUGGING = False
@@ -93,14 +94,15 @@ def recursive_print(src, dpth = 0, key =
if empty:
print (tabs + '[--- empty ---]')
elif isinstance(src, list) or isinstance(src, tuple):
- empty = True
- print (tabs + "[")
- for litem in src:
- recursive_print(litem, dpth + 2)
- empty = False
- if empty:
+ if len(src) == 0:
print (tabs + '[--- empty ---]')
- print (tabs + "]")
+ else:
+ print (tabs + "[")
+ for litem in src:
+ recursive_print(litem, dpth + 1)
+ print (tabs + "]")
+ elif isinstance(src, rules._Raw_Rule):
+ src.recursive_print(dpth)
else:
if key:
print (tabs + '%s = %s' % (key, src))
Index: b/utils/apparmor/rules.py
===================================================================
--- a/utils/apparmor/rules.py
+++ b/utils/apparmor/rules.py
@@ -56,6 +56,14 @@ class _Raw_Rule(object):
'deny ' if self.deny else '',
self.rule)
+ def recursive_print(self, depth):
+ tabs = ' ' * depth * 4
+ print('%s[%s]' % (tabs, type(self).__name__))
+ tabs += ' ' * 4
+ print('%saudit = %s' % (tabs, self.audit))
+ print('%sdeny = %s' % (tabs, self.deny))
+ print('%sraw rule = %s' % (tabs, self.rule))
+
class Raw_DBUS_Rule(_Raw_Rule):
pass
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141117/4b18156f/attachment.pgp>
More information about the AppArmor
mailing list