Hello, this patch adds the glob() and glob_ext() functions to FileRule, and sets self.can_glob and self.can_glob_ext. Also add some tests (just enough to make sure the FileRule integration works - the globbing is handled inside AARE,and the AARE tests contain more testcases).
Note that the implementation differs from the original plan (which was to have globbing in *Ruleset). Therefore add can_glob and can_glob_ext to BaseRule (both default to False), and add a comment to BaseRuleset that globbing needs to be removed from all *Ruleset classes. [ 17-FileRule-implement-globbing.diff ] === modified file ./utils/apparmor/rule/file.py --- utils/apparmor/rule/file.py 2016-03-28 17:32:56.609926116 +0200 +++ utils/apparmor/rule/file.py 2016-03-28 18:52:17.516735648 +0200 @@ -64,6 +64,9 @@ self.path, self.all_paths = self._aare_or_all(path, 'path', True, log_event) self.target, self.all_targets, = self._aare_or_all(target, 'target', False, log_event) + self.can_glob = not self.all_paths + self.can_glob_ext = not self.all_paths + if type_is_str(perms): perms, tmp_exec_perms = split_perms(perms, deny) if tmp_exec_perms: @@ -320,14 +323,27 @@ # file_keyword and leading_perms are not really relevant ] + def glob(self): + '''Change path to next possible glob''' + if self.all_paths: + return + + self.path = self.path.glob_path() + self.raw_rule = None + + def glob_ext(self): + '''Change path to next possible glob with extension''' + if self.all_paths: + return + + self.path = self.path.glob_path_withext() + self.raw_rule = None + class FileRuleset(BaseRuleset): '''Class to handle and store a collection of file rules''' - def get_glob(self, path_or_rule): - '''Return the next possible glob. For file rules, that means removing owner or globbing the path''' - # XXX only remove one part, not all - return 'file,' + pass def split_perms(perm_string, deny): === modified file ./utils/apparmor/rule/__init__.py --- utils/apparmor/rule/__init__.py 2016-03-28 17:32:56.601926157 +0200 +++ utils/apparmor/rule/__init__.py 2016-03-28 17:53:05.623627412 +0200 @@ -39,6 +39,10 @@ # is_equal_localvars(self, other_rule) # - equality check for the rule-specific fields + # decides if the (G)lob and Glob w/ (E)xt options are displayed + can_glob = False + can_glob_ext = False + def __init__(self, audit=False, deny=False, allow_keyword=False, comment='', log_event=None): '''initialize variables needed by all rule types''' @@ -291,6 +295,7 @@ '''Base class to handle and store a collection of rules''' # decides if the (G)lob and Glob w/ (E)xt options are displayed + # XXX TODO: remove in all *Ruleset classes (moved to *Rule) can_glob = True can_glob_ext = False === modified file ./utils/test/test-file.py --- utils/test/test-file.py 2016-03-28 17:32:56.609926116 +0200 +++ utils/test/test-file.py 2016-03-28 18:39:47.232683951 +0200 @@ -317,7 +317,34 @@ with self.assertRaises(AppArmorBug): self.obj.get_clean(1) +class FileGlobTest(AATest): + def _run_test(self, params, expected): + exp_can_glob, exp_can_glob_ext, exp_rule_glob, exp_rule_glob_ext = expected + + # test glob() + rule_obj = FileRule.parse(params) + self.assertEqual(exp_can_glob, rule_obj.can_glob) + self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext) + + rule_obj.glob() + self.assertEqual(rule_obj.get_clean(), exp_rule_glob) + + # test glob_ext() + rule_obj = FileRule.parse(params) + self.assertEqual(exp_can_glob, rule_obj.can_glob) + self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext) + rule_obj.glob_ext() + self.assertEqual(rule_obj.get_clean(), exp_rule_glob_ext) + + tests = [ + # rule can glob can glob_ext globbed rule globbed_ext rule + ('/foo/bar r,', (True, True, '/foo/* r,', '/foo/bar r,')), + ('/foo/* r,', (True, True, '/** r,', '/foo/* r,')), + ('/foo/bar.xy r,', (True, True, '/foo/* r,', '/foo/*.xy r,')), + ('/foo/*.xy r,', (True, True, '/foo/* r,', '/**.xy r,')), + ('file,', (False, False, 'file,', 'file,')), # bare 'file,' rules can't be globbed + ] class WriteFileTest(AATest): def _run_test(self, rawrule, expected): @@ -760,24 +787,6 @@ self.assertEqual(expected_clean, ruleset.get_clean(1)) -#class FileGlobTest(AATest): -# XXX not (really) implemented yet -# def setUp(self): -# self.maxDiff = None -# self.ruleset = FileRuleset() -# -# def test_glob_1(self): -# self.assertEqual(self.ruleset.get_glob('file send,'), 'file,') -# -# # not supported or used yet -# # def test_glob_2(self): -# # self.assertEqual(self.ruleset.get_glob('file send raw,'), 'file send,') -# -# def test_glob_ext(self): -# with self.assertRaises(NotImplementedError): -# # get_glob_ext is not available for file rules -# self.ruleset.get_glob_ext('file send peer=(label=foo),') - #class FileDeleteTest(AATest): # pass Regards, Christian Boltz -- Leider ist hier nicht SuSe Talk [...], denn sonst würde ich hier diese Trolls, ...... unter einen solchen Psychoterror setzen, dass die die Alkaida Sprengen hehe..... [Thilo Alfred Bätzig in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor