Hello, Am Sonntag, 20. Dezember 2015 schrieb Christian Boltz: > we need to check a rule part if it is *Rule.ALL or a string at various > places. Therefore split off the checks in PtraceRule's and > SignalRule's __init__() to the new _aare_or_alll() function in > BaseRule. > > This also makes the *Rule __init__() much more readable because we now > have one line to set self.foo and self.all_foo instead of 10 lines of > nested if conditions.
I missed that we need the is_path flag, so here's v2: [ 39-split-off-aare_or_all.diff ] === modified file ./utils/apparmor/rule/__init__.py --- utils/apparmor/rule/__init__.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/__init__.py 2015-12-20 19:30:40.931501227 +0100 @@ -13,6 +13,7 @@ # # ---------------------------------------------------------------------- +from apparmor.aare import AARE from apparmor.common import AppArmorBug, type_is_str # setup module translations @@ -50,6 +51,30 @@ # Set only in the parse() class method self.raw_rule = None + def _aare_or_all(self, rulepart, partname, is_path, log_event): + '''checks rulepart and returns + - (AARE, False) if rulepart is a (non-empty) string + - (None, True) if rulepart is all_obj (typically *Rule.ALL) + - raises AppArmorBug if rulepart is an empty string or has a wrong type + + Parameters: + - rulepart: the rule part to check (string or *Rule.ALL object) + - partname: the name of the rulepart (for example 'peer', used for exception messages) + - is_path (passed through to AARE) + - log_event (passed through to AARE) + ''' + + if rulepart == self.ALL: + return None, True + elif type_is_str(rulepart): + if len(rulepart.strip()) == 0: + raise AppArmorBug('Passed empty %(partname)s to %(classname)s: %(rulepart)s' % + {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) + return AARE(rulepart, is_path=is_path, log_event=log_event), False + else: + raise AppArmorBug('Passed unknown %(partname)s to %(classname)s: %(rulepart)s' + % {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)}) + def __repr__(self): classname = self.__class__.__name__ try: === modified file ./utils/apparmor/rule/ptrace.py --- utils/apparmor/rule/ptrace.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/ptrace.py 2015-12-20 19:27:22.024780366 +0100 @@ -14,9 +14,8 @@ import re -from apparmor.aare import AARE from apparmor.regex import RE_PROFILE_PTRACE, RE_PROFILE_NAME -from apparmor.common import AppArmorBug, AppArmorException, type_is_str +from apparmor.common import AppArmorBug, AppArmorException from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed # setup module translations @@ -63,18 +62,7 @@ if unknown_items: raise AppArmorException(_('Passed unknown access keyword to PtraceRule: %s') % ' '.join(unknown_items)) - # XXX same as in SignalRule - move to _init_peer() function! - self.peer = None - self.all_peers = False - if peer == PtraceRule.ALL: - self.all_peers = True - elif type_is_str(peer): - if len(peer.strip()) == 0: - raise AppArmorBug('Passed empty peer to PtraceRule: %s' % str(peer)) - self.peer = AARE(peer, False, log_event=log_event) - else: - raise AppArmorBug('Passed unknown object to PtraceRule: %s' % str(peer)) - + self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event) @classmethod def _match(cls, raw_rule): === modified file ./utils/apparmor/rule/signal.py --- utils/apparmor/rule/signal.py 2015-12-20 19:28:07.516487665 +0100 +++ utils/apparmor/rule/signal.py 2015-12-20 19:27:09.752859340 +0100 @@ -14,9 +14,8 @@ import re -from apparmor.aare import AARE from apparmor.regex import RE_PROFILE_SIGNAL, RE_PROFILE_NAME -from apparmor.common import AppArmorBug, AppArmorException, type_is_str +from apparmor.common import AppArmorBug, AppArmorException from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, parse_modifiers, quote_if_needed # setup module translations @@ -92,17 +91,7 @@ else: raise AppArmorException(_('Passed unknown signal keyword to SignalRule: %s') % item) - self.peer = None - self.all_peers = False - if peer == SignalRule.ALL: - self.all_peers = True - elif type_is_str(peer): - if len(peer.strip()) == 0: - raise AppArmorBug('Passed empty peer to SignalRule: %s' % str(peer)) - self.peer = AARE(peer, False, log_event=log_event) - else: - raise AppArmorBug('Passed unknown object to SignalRule: %s' % str(peer)) - + self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event) @classmethod def _match(cls, raw_rule): Regards, Christian Boltz -- > Das hatte ich (samt Kommentar aus der /etc/postfix/transport) doch > schon in meiner letzten Mail erklärt ... ;) Sandy ist schuld ;-) Erst mit seiner Erklärung ist mir aufgefallen, dass ich es nicht verstanden habe. [> David Haller und Peter Mc Donough in opensuse-de]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor