[apparmor] [patch] [5/7] move ask_conflict_mode() to aa.py

Christian Boltz apparmor at cboltz.de
Sun Jan 15 15:25:19 UTC 2017 

Hello,

The function is a exact copy of the code in aa-mergeprof (except
removing the 'self' function parameter and changing the whitespace
level)

Also add a ask_conflict_mode() call to aa.py ask_the_questions().
This is needed for aa-mergeprof, and won't hurt in aa-logprof mode
because handle_children() already handles all exec events.


[ 05-move-ask_conflict_mode.diff ]

--- utils/apparmor/aa.py	2017-01-14 23:20:29.014791326 +0100
+++ utils/apparmor/aa.py	2017-01-14 23:47:42.507418770 +0100
@@ -1585,6 +1585,9 @@
                     elif ans == 'CMD_FINISHED':
                         return
 
+                # check for and ask about conflicting exec modes
+                apparmor.aa.ask_conflict_mode(profile, hat, aa[profile][hat], log_dict[aamode][profile][hat])
+
                 for ruletype in ruletypes:
                     for rule_obj in log_dict[aamode][profile][hat][ruletype].rules:
                         # XXX aa-mergeprof also has this code - if you change it, keep aa-mergeprof in sync!
@@ -1791,6 +1794,39 @@
 
     return deleted
 
+def ask_conflict_mode(profile, hat, old_profile, merge_profile):
+    '''ask user about conflicting exec rules'''
+    for oldrule in old_profile['file'].rules:
+        conflictingrules = merge_profile['file'].get_exec_conflict_rules(oldrule)
+
+        if conflictingrules.rules:
+            q = aaui.PromptQuestion()
+            q.headers = [_('Path'), oldrule.path.regex]
+            q.headers += [_('Select the appropriate mode'), '']
+            options = []
+            options.append(oldrule.get_clean())
+            for rule in conflictingrules.rules:
+                options.append(rule.get_clean())
+            q.options = options
+            q.functions = ['CMD_ALLOW', 'CMD_ABORT']
+            done = False
+            while not done:
+                ans, selected = q.promptUser()
+                if ans == 'CMD_ALLOW':
+                    if selected == 0:
+                        pass  # just keep the existing rule
+                    elif selected > 0:
+                        # replace existing rule with merged one
+                        old_profile['file'].delete(oldrule)
+                        old_profile['file'].add(conflictingrules.rules[selected - 1])
+                    else:
+                        raise AppArmorException(_('Unknown selection'))
+
+                    for rule in conflictingrules.rules:
+                        merge_profile['file'].delete(rule)  # make sure aa-mergeprof doesn't ask to add conflicting rules later
+
+                    done = True
+
 def match_includes(profile, rule_type, rule_obj):
     newincludes = []
     for incname in include.keys():
--- utils/aa-mergeprof	2017-01-14 22:46:14.191632249 +0100
+++ utils/aa-mergeprof	2017-01-14 23:46:55.755628680 +0100
@@ -156,38 +156,6 @@
         user_base = cleanprofile.CleanProf(False, self.user, self.base)
         deleted += user_base.compare_profiles()
 
-    def ask_conflict_mode(self, profile, hat, old_profile, merge_profile):
-        '''ask user about conflicting exec rules'''
-        for oldrule in old_profile['file'].rules:
-            conflictingrules = merge_profile['file'].get_exec_conflict_rules(oldrule)
-
-            if conflictingrules.rules:
-                q = aaui.PromptQuestion()
-                q.headers = [_('Path'), oldrule.path.regex]
-                q.headers += [_('Select the appropriate mode'), '']
-                options = []
-                options.append(oldrule.get_clean())
-                for rule in conflictingrules.rules:
-                    options.append(rule.get_clean())
-                q.options = options
-                q.functions = ['CMD_ALLOW', 'CMD_ABORT']
-                done = False
-                while not done:
-                    ans, selected = q.promptUser()
-                    if ans == 'CMD_ALLOW':
-                        if selected == 0:
-                            pass  # just keep the existing rule
-                        elif selected > 0:
-                            # replace existing rule with merged one
-                            old_profile['file'].delete(oldrule)
-                            old_profile['file'].add(conflictingrules.rules[selected - 1])
-                        else:
-                            raise AppArmorException(_('Unknown selection'))
-
-                        for rule in conflictingrules.rules:
-                            merge_profile['file'].delete(rule)  # make sure aa-mergeprof doesn't ask to add conflicting rules later
-
-                        done = True
 
     def ask_the_questions(self, profile):
         aa = self.user.aa  # keep references so that the code in this function can use the short name



Regards,

Christian Boltz
-- 
Wer es sicher haben will, muss halt lesen. Was sollen wir tun? Die
Leute zuhause besuchen, mit Broschüren in der Hand, "Guten Tag - ich
möchte gern mit ihnen über Gott^W^W^W^Wihren Webserver sprechen"?
[Ratti in fontlinge-devel]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170115/404ae4de/attachment.pgp>

More information about the AppArmor mailing list