[apparmor] [patch] split off _is_equal_aare()

Christian Boltz apparmor at cboltz.de
Wed Dec 23 21:02:08 UTC 2015 

Hello,

checking if two AARE objects are equal is not hard, but also not a
one-liner.

Since we need to do this more than once (and even more often in other
outstanding rule classes), split that code into an _is_equal_aare()
function and change PtraceRule and SignalRule to use it.

To make things even more easier, the parameters to use match the
_is_covered_aare() syntax.



[ 44-split-off-_is_equal_aare.diff ]

=== modified file ./utils/apparmor/rule/__init__.py
--- utils/apparmor/rule/__init__.py     2015-12-21 23:03:28.883275939 +0100
+++ utils/apparmor/rule/__init__.py     2015-12-23 21:36:16.194205414 +0100
@@ -213,6 +213,21 @@
 
         return self.is_equal_localvars(rule_obj)
 
+    def _is_equal_aare(self, self_value, self_all, other_value, other_all, cond_name):
+        '''check if other_* is the same as self_* - for AARE'''
+
+        if not other_value and not other_all:
+            raise AppArmorBug('No %(cond_name)s specified in other %(rule_name)s rule' % {'cond_name': cond_name, 'rule_name': self.rule_name})
+
+        if self_all != other_all:
+            return False
+
+        if self_value and not self_value.is_equal(other_value):
+            return False
+
+        # still here? -> then it is equal
+        return True
+
     # @abstractmethod  FIXME - uncomment when python3 only
     def is_equal_localvars(self, other_rule):
         '''compare if rule-specific variables are equal'''
=== modified file ./utils/apparmor/rule/ptrace.py
--- utils/apparmor/rule/ptrace.py       2015-12-21 22:03:04.895715006 +0100
+++ utils/apparmor/rule/ptrace.py       2015-12-23 21:37:38.485590731 +0100
@@ -154,10 +154,7 @@
                 or self.all_access != rule_obj.all_access):
             return False
 
-        if self.all_peers != rule_obj.all_peers:
-            return False
-
-        if self.peer and not self.peer.is_equal(rule_obj.peer):
+        if not self._is_equal_aare(self.peer, self.all_peers, rule_obj.peer, rule_obj.all_peers, 'peer'):
             return False
 
         return True
=== modified file ./utils/apparmor/rule/signal.py
--- utils/apparmor/rule/signal.py       2015-12-21 22:03:04.895715006 +0100
+++ utils/apparmor/rule/signal.py       2015-12-23 21:39:47.048630569 +0100
@@ -208,10 +208,7 @@
                 or self.all_signals != rule_obj.all_signals):
             return False
 
-        if self.all_peers != rule_obj.all_peers:
-            return False
-
-        if self.peer and not self.peer.is_equal(rule_obj.peer):
+        if not self._is_equal_aare(self.peer, self.all_peers, rule_obj.peer, rule_obj.all_peers, 'peer'):
             return False
 
         return True


Regards,

Christian Boltz
-- 
Ich lasse ihn lieber im Glauben, er sei kein Idiot, damit
es besser wirkt, wenn ich ihn mal wieder Idiot nenne. :-)
                                  [Frank Toennes in dag°]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151223/3da3411a/attachment.pgp>

More information about the AppArmor mailing list