[apparmor] [patch] [3/3] Move 'ruletypes' to profile_storage.py

Christian Boltz apparmor at cboltz.de
Sun Jul 9 19:33:58 UTC 2017 

Hello,

$subject.

Also make 'ruletypes' a dict pointing to the *Ruleset class, and change
ProfileStorage __init__() to iterate over 'ruleset'.


[ 04-move-ruletypes.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2017-07-09 18:40:49.205839507 +0200
+++ utils/apparmor/aa.py        2017-07-09 16:33:42.196851342 +0200
@@ -49,7 +49,7 @@
                             RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, RE_HAS_COMMENT_SPLIT,
                             strip_quotes, parse_profile_start_line, re_match_include )
 
-from apparmor.profile_storage import ProfileStorage
+from apparmor.profile_storage import ProfileStorage, ruletypes
 
 import apparmor.rules as aarules
 
@@ -63,8 +63,6 @@
 from apparmor.rule.signal           import SignalRule
 from apparmor.rule import quote_if_needed
 
-ruletypes = ['capability', 'change_profile', 'dbus', 'file', 'network', 'ptrace', 'rlimit', 'signal']
-
 # setup module translations
 from apparmor.translations import init_translation
 _ = init_translation()
=== modified file ./utils/apparmor/profile_storage.py
--- utils/apparmor/profile_storage.py   2017-07-09 18:40:49.205839507 +0200
+++ utils/apparmor/profile_storage.py   2017-07-09 18:48:23.944151067 +0200
@@ -25,6 +25,17 @@
 from apparmor.rule.rlimit           import RlimitRuleset
 from apparmor.rule.signal           import SignalRuleset
 
+ruletypes = {
+    'capability':       {'ruleset': CapabilityRuleset},
+    'change_profile':   {'ruleset': ChangeProfileRuleset},
+    'dbus':             {'ruleset': DbusRuleset},
+    'file':             {'ruleset': FileRuleset},
+    'network':          {'ruleset': NetworkRuleset},
+    'ptrace':           {'ruleset': PtraceRuleset},
+    'rlimit':           {'ruleset': RlimitRuleset},
+    'signal':           {'ruleset': SignalRuleset},
+}
+
 class ProfileStorage:
     '''class to store the content (header, rules, comments) of a profilename
 
@@ -36,14 +47,8 @@
         # self.data['info'] isn't used anywhere, but can be helpful in debugging.
         data['info'] = {'profile': profilename, 'hat': hat, 'calledby': calledby}
 
-        data['capability']       = CapabilityRuleset()
-        data['dbus']             = DbusRuleset()
-        data['file']             = FileRuleset()
-        data['change_profile']   = ChangeProfileRuleset()
-        data['network']          = NetworkRuleset()
-        data['ptrace']           = PtraceRuleset()
-        data['rlimit']           = RlimitRuleset()
-        data['signal']           = SignalRuleset()
+        for rule in ruletypes:
+            data[rule] = ruletypes[rule]['ruleset']()
 
         data['alias']            = dict()
         data['include']          = dict()



Regards,

Christian Boltz
-- 
seccheck runs here on a host that contains 3 daily backups of 10+ SAP
hosts, and the "Local Monthly Security" Mail size is 562 MB. This mail
size causes an unfriednly, suspicious grin on the face of my mail
admin... [Werner Flamme in opensuse-security]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170709/f8edf8ec/attachment.pgp>

More information about the AppArmor mailing list