[apparmor] [patch] convert CapabilityRule to using set()s

Christian Boltz apparmor at cboltz.de
Tue Nov 25 23:14:45 UTC 2014 

Hello,

Am Dienstag, 25. November 2014 schrieb Steve Beattie:
> On Mon, Nov 24, 2014 at 12:46:11PM -0800, Steve Beattie wrote:
> > In python, a set() is very similar to a list, except that it
> > guarantees uniqueness amongst its member elements (which means that
> > there's an additional constraint that the elements have to be
> > hashable). As a bonus, you also have common set operations
> > available, like issubset(), issuperset(), union(), intersection(),
> > etc. These may be really helpful for dealing with capability rules
> > that contain multiple capabilities.
> > 
> > See https://docs.python.org/3/library/stdtypes.html#set for details.
> 
> Attached is a patch that converts from using a list to using a set().
> It doesn't take much advantage of that ability, other than to use
> issubset() instead of manually walking the list and confirming that
> all elements of one rule are in another. But more interesting stuff
> could be done to delete a multi-capability subset from another
> superset capability rule, if need be.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Thanks for the patch!

I'll include it in my patch set with some small changes:
- I simplified self.capability = set([parsed_log_event['name']])
  to self.capability = {parsed_log_event['name']}
- test_empty_init() is meant to make sure that obj and obj2 have 
  separate storage instances, which is also the reason why I used 
  obj.capability.add (which _adds_ to obj.capability) instead of 
  obj.set_param (which replaces obj.capability)
  (I added a comment explaining the goal of the test)
- you missed to replace [ ] with { } in test_write_manually() ;-)

The updated patch is attached in case you want to check it.


Regards,

Christian Boltz
-- 
That depends. Opinions on this change about every week. During even
weeks, the "kernel driver makes the device useful" approach is chosen.
During odd weeks, the "we need userspace crap like usb_modeswitch to
make the device useful" approach is chosen.
[Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: utils-convert_to_using_set-v2.patch
Type: text/x-patch
Size: 6482 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141126/cdee7128/attachment.bin>

More information about the AppArmor mailing list