Hello, we need to check a rule part if it is *Rule.ALL or a string at various places. Therefore split off the checks in PtraceRule's and SignalRule's __init__() to the new _aare_or_alll() function in BaseRule.
This also makes the *Rule __init__() much more readable because we now have one line to set self.foo and self.all_foo instead of 10 lines of nested if conditions. [ 39-split-off-aare_or_all.diff ] === modified file ./utils/apparmor/rule/__init__.py --- utils/apparmor/rule/__init__.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/__init__.py 2015-12-20 19:30:40.931501227 +0100 @@ -13,6 +13,7 @@ # # ---------------------------------------------------------------------- +from apparmor.aare import AARE from apparmor.common import AppArmorBug, type_is_str # setup module translations @@ -50,6 +51,29 @@ # Set only in the parse() class method self.raw_rule = None + def _aare_or_all(self, rulepart, partname, log_event): + '''checks rulepart and returns + - (AARE, False) if rulepart is a (non-empty) string + - (None, True) if rulepart is all_obj (typically *Rule.ALL) + - raises AppArmorBug if rulepart is an empty string or has a wrong type + + Parameters: + - rulepart: the rule part to check (string or *Rule.ALL object) + - partname: the name of the rulepart (for example 'peer', used for exception messages) + - log_event (passed through to AARE) + ''' + + if rulepart == self.ALL: + return None, True + elif type_is_str(rulepart): + if len(rulepart.strip()) == 0: + raise AppArmorBug('Passed empty %(partname)s to %(classname)s: %(rulepart)s' % + {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) + return AARE(rulepart, False, log_event=log_event), False + else: + raise AppArmorBug('Passed unknown %(partname)s to %(classname)s: %(rulepart)s' + % {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) + def __repr__(self): classname = self.__class__.__name__ try: === modified file ./utils/apparmor/rule/ptrace.py --- utils/apparmor/rule/ptrace.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/ptrace.py 2015-12-20 19:27:22.024780366 +0100 @@ -14,9 +14,8 @@ import re -from apparmor.aare import AARE from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME -from apparmor.common import AppArmorBug, AppArmorException, type_is_str +from apparmor.common import AppArmorBug, AppArmorException from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed # setup module translations @@ -63,18 +62,7 @@ if unknown_items: raise AppArmorException(_('Passed unknown access keyword to PtraceRule: %s') % ' '.join(unknown_items)) - # XXX same as in SignalRule - move to _init_peer() function! - self.peer = None - self.all_peers = False - if peer == PtraceRule.ALL: - self.all_peers = True - elif type_is_str(peer): - if len(peer.strip()) == 0: - raise AppArmorBug('Passed empty peer to PtraceRule: %s' % str(peer)) - self.peer = AARE(peer, False, log_event=log_event) - else: - raise AppArmorBug('Passed unknown object to PtraceRule: %s' % str(peer)) - + self.peer, self.all_peers = self._aare_or_all(peer, 'peer', log_event) @classmethod def _match(cls, raw_rule): === modified file ./utils/apparmor/rule/signal.py --- utils/apparmor/rule/signal.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/signal.py 2015-12-20 19:27:09.752859340 +0100 @@ -14,9 +14,8 @@ import re -from apparmor.aare import AARE from apparmor.regex import RE_PROFILE_SIGNAL, RE_PROFILE_NAME -from apparmor.common import AppArmorBug, AppArmorException, type_is_str +from apparmor.common import AppArmorBug, AppArmorException from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed # setup module translations @@ -92,17 +91,7 @@ else: raise AppArmorException(_('Passed unknown signal keyword to SignalRule: %s') % item) - self.peer = None - self.all_peers = False - if peer == SignalRule.ALL: - self.all_peers = True - elif type_is_str(peer): - if len(peer.strip()) == 0: - raise AppArmorBug('Passed empty peer to SignalRule: %s' % str(peer)) - self.peer = AARE(peer, False, log_event=log_event) - else: - raise AppArmorBug('Passed unknown object to SignalRule: %s' % str(peer)) - + self.peer, self.all_peers = self._aare_or_all(peer, 'peer', log_event) @classmethod def _match(cls, raw_rule): Regards, Christian Boltz -- Non-understandable error messages are trademark of someone else, so SUSE is not allowed to submit them. ;-)) [Eberhard Moenkeberg in https://bugzilla.novell.com/show_bug.cgi?id=209354]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor