This adds support to the profile generator script for change_profile rules, giving the ability to write the 3 factor version of the rule (e.g. "change_profile /t -> A_PROFILE") which was significantly more difficult using straight raw rules, which is why we don't have any 3 factor rule tests.
Signed-off-by: Steve Beattie <[email protected]> --- parser/tst/equality.sh | 4 ++++ tests/regression/apparmor/mkprofile.pl | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) Index: b/tests/regression/apparmor/mkprofile.pl =================================================================== --- a/tests/regression/apparmor/mkprofile.pl +++ b/tests/regression/apparmor/mkprofile.pl @@ -334,6 +334,22 @@ sub gen_flag($) { } } +sub gen_change_profile($) { + my $rule = shift; + my @rules = split (/:/, $rule); + if (@rules == 2) { + if ($rules[1] =~ /^ALL$/) { + push (@{$output_rules{$hat}}, " change_profile,\n",); + } else { + push (@{$output_rules{$hat}}, " change_profile -> $rules[1],\n",); + } + } elsif (@rules == 3) { + push (@{$output_rules{$hat}}, " change_profile $rules[1] -> $rules[2],\n",); + } else { + (!$nowarn) && print STDERR "Warning: invalid change_profile description '$rule', ignored\n"; + } +} + sub gen_hat($) { my $rule = shift; my @rules = split (/:/, $rule); @@ -406,6 +422,8 @@ sub gen_from_args() { gen_flag($rule); } elsif ($rule =~ /^hat:/) { gen_hat($rule); + } elsif ($rule =~ /^change_profile:/) { + gen_change_profile($rule); } elsif ($rule =~ /^addimage:/) { gen_addimage($rule); $addimage = 1; -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
