[apparmor] [patch] split off serialize_parse_profile_start_line()

Steve Beattie steve at nxnw.org
Tue Mar 10 01:45:31 UTC 2015 

On Tue, Mar 03, 2015 at 11:43:28PM +0100, Christian Boltz wrote:
> Hello,
> 
> this patch splits off serialize_parse_profile_start_line() from 
> serialize_profile_from_old_profile() in aa.py, as a preparation to add 
> tests and then switch to the upcoming RE_PROFILE_START wrapper function.
> 
> Besides moving the code, I replaced write_prof_data[profile][hat]['profile'] 
> and write_prof_data[profile][hat]['external'] with function parameters
> to avoid that I have to pass around the full write_prof_data.
> 
> Note: The "lineno" parameter is technically superfluous - I kept it to
> have the parameters as close to parse_profile_start() as possible and
> hope that I can merge those functions later (when we have test coverage).
> 
> BTW: serialize_profile_from_old_profile() is the function behind
> "(V)iew changes)" in aa-logprof.
> 
> 
> As usual, I propose this patch for 2.9 and trunk.

I'm okay with this as is, so Acked-by: Steve Beattie <steve at nxnw.org>
for trunk and 2.9.

However, a couple of things make me scratch my head a bit:

  1) I can't tell entirely from the complicated regex and from the code
     paths, but is it possible that the boolean value of 'in_contained_hat'
     can be derived from the other return values?

  2) I don't get the purpose of the correct variable and wonder if
     we should be raising an exception here?

Thanks.

> [ split-off-serialize_parse_profile_start.diff ]
> 
> === modified file 'utils/apparmor/aa.py'
> --- utils/apparmor/aa.py        2015-03-03 19:15:00 +0000
> +++ utils/apparmor/aa.py        2015-03-03 22:26:27 +0000
> @@ -3715,6 +3720,35 @@
>  
>      return string + '\n'
>  
> +def serialize_parse_profile_start(line, file, lineno, profile, hat, prof_data_profile, prof_data_external, correct):
> +    matches = RE_PROFILE_START.search(line).groups()
> +    if profile and profile == hat and matches[3]:
> +        hat = matches[3]
> +        in_contained_hat = True
> +        if prof_data_profile:
> +            pass
> +    else:
> +        if matches[1]:
> +            profile = matches[1]
> +        else:
> +            profile = matches[3]
> +        if len(profile.split('//')) >= 2:
> +            profile, hat = profile.split('//')[:2]
> +        else:
> +            hat = None
> +        in_contained_hat = False
> +        if hat and not prof_data_external:
> +            correct = False
> +        else:
> +            hat = profile
> +
> +    flags = matches[6]
> +    profile = strip_quotes(profile)
> +    if hat:
> +        hat = strip_quotes(hat)
> +
> +    return (profile, hat, flags, in_contained_hat, correct)
> +
>  def serialize_profile_from_old_profile(profile_data, name, options):
>      data = []
>      string = ''
> @@ -3821,31 +3855,9 @@
>              line = line.rstrip('\n')
>              #data.append(' ')#data.append('read: '+line)
>              if RE_PROFILE_START.search(line):
> -                matches = RE_PROFILE_START.search(line).groups()
> -                if profile and profile == hat and matches[3]:
> -                    hat = matches[3]
> -                    in_contained_hat = True
> -                    if write_prof_data[profile][hat]['profile']:
> -                        pass
> -                else:
> -                    if matches[1]:
> -                        profile = matches[1]
> -                    else:
> -                        profile = matches[3]
> -                    if len(profile.split('//')) >= 2:
> -                        profile, hat = profile.split('//')[:2]
> -                    else:
> -                        hat = None
> -                    in_contained_hat = False
> -                    if hat and not write_prof_data[profile][hat]['external']:
> -                        correct = False
> -                    else:
> -                        hat = profile
>  
> -                flags = matches[6]
> -                profile = strip_quotes(profile)
> -                if hat:
> -                    hat = strip_quotes(hat)
> +                (profile, hat, flags, in_contained_hat, correct) = serialize_parse_profile_start(
> +                        line, prof_filename, None, profile, hat, write_prof_data[profile][hat]['profile'], write_prof_data[profile][hat]['external'], correct)
>  
>                  if not write_prof_data[hat]['name'] == profile:
>                      correct = False
> 
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> BUGS
>        It is not yet possible to change operating system by writing
>        to /proc/sys/kernel/ostype.       -- Linux sysctl(2) manpage
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150309/8247e513/attachment.pgp>

More information about the AppArmor mailing list