[apparmor] [patch] fix parsing of "hat foo {" lines
Steve Beattie
steve at nxnw.org
Thu Oct 16 21:20:46 UTC 2014
On Thu, Oct 16, 2014 at 09:00:03PM +0200, Christian Boltz wrote:
> the python utils didn't know about the hat keyword, for example
> hat foo {
>
> This patch changes RE_PROFILE_HAT_DEF to add support for the hat keyword.
>
> Note that this patch only changes profile reading - when saving a
> profile, the ^hat syntax will always be used.
>
> While on it, also convert the regex to named matches - the result
> numbering changed anyway ;-)
Very nice, Acked-by: Steve Beattie <steve at nxnw.org>. Thanks!
> === modified file 'utils/apparmor/aa.py'
> --- utils/apparmor/aa.py 2014-10-14 19:28:32 +0000
> +++ utils/apparmor/aa.py 2014-10-16 18:52:37 +0000
> @@ -2634,7 +2634,7 @@
> RE_NETWORK_FAMILY_TYPE = re.compile('\s+(\S+)\s+(\S+)\s*,$')
> RE_NETWORK_FAMILY = re.compile('\s+(\S+)\s*,$')
> RE_PROFILE_CHANGE_HAT = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
> -RE_PROFILE_HAT_DEF = re.compile('^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{' + RE_EOL)
> +RE_PROFILE_HAT_DEF = re.compile('^\s*(\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
> RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
> RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal\s+[^#]*\s*,)' + RE_EOL)
> @@ -3144,14 +3144,14 @@
>
> elif RE_PROFILE_HAT_DEF.search(line):
> # An embedded hat syntax definition starts
> - matches = RE_PROFILE_HAT_DEF.search(line).groups()
> + matches = RE_PROFILE_HAT_DEF.search(line)
> if not profile:
> raise AppArmorException(_('Syntax Error: Unexpected hat definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
>
> in_contained_hat = True
> - hat = matches[0]
> + hat = matches.group('hat')
> hat = strip_quotes(hat)
> - flags = matches[3]
> + flags = matches.group('flags')
>
> profile_data[profile][hat]['flags'] = flags
> profile_data[profile][hat]['declared'] = False
> @@ -4321,11 +4321,12 @@
> #To-Do
> pass
> elif RE_PROFILE_HAT_DEF.search(line):
> - matches = RE_PROFILE_HAT_DEF.search(line).groups()
> + matches = RE_PROFILE_HAT_DEF.search(line)
> in_contained_hat = True
> - hat = matches[0]
> + hat = matches.group('hat')
> hat = strip_quotes(hat)
> - flags = matches[3]
> + flags = matches.group('flags')
> +
> if not write_prof_data[hat]['flags'] == flags:
> correct = False
> if not write_prof_data[hat]['declared'] is False:
>
>
>
> Regards,
>
> Christian Boltz
> --
> > 8.1 ist nicht 9.0
> Also in der Quersumme schon ;-)
> [> Henne Vogelsang und Manfred Tremmel in suse-linux]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141016/519041d6/attachment.pgp>
More information about the AppArmor
mailing list