attr generation to mkprofile

Steve Beattie Thu, 12 Jan 2012 01:10:15 -0800

This patch moves the generation of the rules that grant write access
to /proc/*/attr/current to mkprofile.pl from prologue.inc.


---
 tests/regression/apparmor/mkprofile.pl |    8 ++++++--
 tests/regression/apparmor/prologue.inc |   13 ++-----------
 2 files changed, 8 insertions(+), 13 deletions(-)

Index: b/tests/regression/apparmor/mkprofile.pl
===================================================================
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -32,7 +32,7 @@ sub usage {
   print STDERR "  help:        print this message\n";
 }
 
-&usage && exit 0 if ($help || @ARGV < 1); 
+&usage && exit 0 if ($help || @ARGV < 1);
 
 sub emit_netdomain {
   my $rule = shift;
@@ -95,13 +95,17 @@ sub emit_hat {
     (!$nowarn) && print STDERR "Warning: invalid hat description '$rule', 
ignored\n";
   } else {
     $hat = $rules[1];
-    $output_rules{$hat} = ( );
+    # give every profile/hat access to change_hat
+    @{$output_rules{$hat}} = ( "  /proc/*/attr/current w,\n",);
   }
 }
 
 my $bin = shift @ARGV;
 !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file 
or directory\n";
 
+# give every profile/hat access to change_hat
+emit_file("/proc/*/attr/current:w");
+
 for my $rule (@ARGV) {
   #($fn, @rules) = split (/:/, $rule);
   if ($rule =~ /^(tcp|udp)/) {
Index: b/tests/regression/apparmor/prologue.inc
===================================================================
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -433,9 +433,7 @@ fi
                                 ;;
                esac
 
-               #give every profile/hat access to change_hat
-               args[0]="/proc/*/attr/current:w"
-               num_args=1
+               num_args=0
                while [ $# -gt 0 ]
                do
                        arg="$1"
@@ -447,15 +445,8 @@ fi
                                eval emit_profile \"$imagename\" \"$imageperm\" 
\
                                        $(for i in $(seq 0 $((${num_args} - 
1))) ; do echo \"\${args[${i}]}\" ; done)
                                num_emitted=$((num_emitted + 1))
-                               #give every profile/hat access to change_hat
-                               args[0]="/proc/*/attr/current:w"
-                               num_args=1
+                               num_args=0
                                continue 2
-                       elif [ ${arg:0:4} == "hat:" ] ; then
-                               args[${num_args}]=${arg}
-                               num_args=$(($num_args + 1))
-                               args[${num_args}]="/proc/*/attr/current:w"
-                               num_args=$(($num_args + 1))
                        else
                                args[${num_args}]=${arg}
                                num_args=$(($num_args + 1))


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch 1/8] testsuite - move /proc/attr generation to mkprofile

Reply via email to