def cmd_audit(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(
                    profile):
                aaui.UI_Info(
                    _('Profile for %s not found, skipping') % output_name)
                continue

            # keep this to allow toggling 'audit' flags
            if not self.remove:
                aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
            else:
                aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
            apparmor.change_profile_flags(profile, program, 'audit',
                                          not self.remove)

            disable_link = '%s/disable/%s' % (apparmor.profile_dir,
                                              os.path.basename(profile))

            if os.path.exists(disable_link):
                aaui.UI_Info(
                    _('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.'
                      ) % os.path.basename(profile))

            self.reload_profile(profile)
def find_and_setup_test_profiles(profile_dir):
    '''find all profiles in the given profile_dir, excluding
    - skippable files
    - include directories
    - files in the main directory (readme, todo etc.)
    '''
    skipped = 0

    profile_dir = os.path.abspath(profile_dir)

    apparmor.profile_dir = profile_dir

    print('Searching for parser simple_tests... (this will take a while)')

    for root, dirs, files in os.walk(profile_dir):
        relpath = os.path.relpath(root, profile_dir)

        if relpath == '.':
            # include files are checked as part of the profiles that include them (also, they don't contain EXRESULT)
            dirs.remove('includes')
            dirs.remove('include_tests')
            dirs.remove('includes-preamble')

        for file in files:
            file_with_path = os.path.join(root, file)
            if not apparmor.is_skippable_file(file) and relpath != '.':
                skipped += parse_test_profiles(file_with_path)

    if skipped:
        print('Skipping %s test profiles listed in skip_startswith.' % skipped)

    print('Running %s parser simple_tests...' %
          len(TestParseParserTests.tests))
Beispiel #3
0
    def cmd_complain(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
                continue

            apparmor.set_complain(profile, program)

            self.reload_profile(profile)
Beispiel #4
0
    def cmd_complain(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
                continue

            apparmor.set_complain(profile, program)

            self.reload_profile(profile)
    def act(self):
        # used by aa-cleanprof
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():
            if program is None:
                program = profile

            if not program or not (os.path.exists(program)
                                   or apparmor.profile_exists(program)):
                if program and not program.startswith('/'):
                    program = aaui.UI_GetString(
                        _('The given program cannot be found, please try with the fully qualified path name of the program: '
                          ), '')
                else:
                    aaui.UI_Info(
                        _("%s does not exist, please double-check the path.") %
                        program)
                    sys.exit(1)

            if program and apparmor.profile_exists(program):
                if self.name == 'cleanprof':
                    self.clean_profile(program)

                else:
                    filename = apparmor.get_profile_filename(program)

                    if not os.path.isfile(
                            filename) or apparmor.is_skippable_file(filename):
                        aaui.UI_Info(
                            _('Profile for %s not found, skipping') % program)

                    else:
                        # One simply does not walk in here!
                        raise apparmor.AppArmorException('Unknown tool: %s' %
                                                         self.name)

                    self.reload_profile(profile)

            else:
                if '/' not in program:
                    aaui.UI_Info(
                        _("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter."
                          ) % {'program': program})
                else:
                    aaui.UI_Info(
                        _("%s does not exist, please double-check the path.") %
                        program)
                    sys.exit(1)
Beispiel #6
0
    def cmd_disable(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
                continue

            aaui.UI_Info(_('Disabling %s.') % output_name)
            self.disable_profile(profile)

            self.unload_profile(profile)
Beispiel #7
0
    def cmd_disable(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
                continue

            aaui.UI_Info(_('Disabling %s.') % output_name)
            self.disable_profile(profile)

            self.unload_profile(profile)
Beispiel #8
0
    def act(self):
        # used by aa-cleanprof
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():
            if program is None:
                program = profile

            if not program or not(os.path.exists(program) or apparmor.profile_exists(program)):
                if program and not program.startswith('/'):
                    program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '')
                else:
                    aaui.UI_Info(_("%s does not exist, please double-check the path.") % program)
                    sys.exit(1)

            if program and apparmor.profile_exists(program):
                if self.name == 'cleanprof':
                    self.clean_profile(program)

                else:
                    filename = apparmor.get_profile_filename(program)

                    if not os.path.isfile(filename) or apparmor.is_skippable_file(filename):
                        aaui.UI_Info(_('Profile for %s not found, skipping') % program)

                    else:
                        # One simply does not walk in here!
                        raise apparmor.AppArmorException('Unknown tool: %s' % self.name)

                    self.reload_profile(profile)

            else:
                if '/' not in program:
                    aaui.UI_Info(_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % { 'program': program })
                else:
                    aaui.UI_Info(_("%s does not exist, please double-check the path.") % program)
                    sys.exit(1)
Beispiel #9
0
    def cmd_audit(self):
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():

            output_name = profile if program is None else program

            if not os.path.isfile(profile) or apparmor.is_skippable_file(profile):
                aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
                continue

            # keep this to allow toggling 'audit' flags
            if not self.remove:
                aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
            else:
                aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
            apparmor.change_profile_flags(profile, program, 'audit', not self.remove)

            disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(profile))

            if os.path.exists(disable_link):
                aaui.UI_Info(_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.') % os.path.basename(profile))

            self.reload_profile(profile)
Beispiel #10
0
 def test_skippable_08(self):
     self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
Beispiel #11
0
 def test_skippable_06(self):
     self.assertTrue(is_skippable_file('bin.ping.pacsave'))
Beispiel #12
0
 def test_skippable_04(self):
     self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
Beispiel #13
0
 def test_skippable_02(self):
     self.assertTrue(is_skippable_file('bin.ping.dpkg-old'))
Beispiel #14
0
 def test_not_skippable_06(self):
     self.assertFalse(is_skippable_file('bin.pingrej'))
Beispiel #15
0
 def test_skippable_14(self):
     self.assertTrue(is_skippable_file(''))  # empty filename
Beispiel #16
0
 def test_skippable_04(self):
     self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
Beispiel #17
0
 def test_skippable_03(self):
     self.assertTrue(is_skippable_file('bin.ping..dpkg-dist'))
Beispiel #18
0
 def test_skippable_02(self):
     self.assertTrue(is_skippable_file('bin.ping.dpkg-old'))
Beispiel #19
0
 def test_skippable_01(self):
     self.assertTrue(is_skippable_file('bin.ping.dpkg-new'))
Beispiel #20
0
 def test_not_skippable_06(self):
     self.assertFalse(is_skippable_file('bin.pingrej'))
Beispiel #21
0
 def test_not_skippable_05(self):
     # normally is_skippable_file should be called without directory, but it shouldn't hurt too much
     self.assertFalse(is_skippable_file('/etc/apparmor.d/bin.ping'))
Beispiel #22
0
 def test_skippable_10(self):
     self.assertTrue(is_skippable_file('bin.ping.orig'))
Beispiel #23
0
 def test_skippable_12(self):
     self.assertTrue(is_skippable_file('bin.ping~'))
Beispiel #24
0
 def test_skippable_05(self):
     self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
Beispiel #25
0
 def test_skippable_16(self):
     self.assertTrue(is_skippable_file('README'))
Beispiel #26
0
 def test_skippable_06(self):
     self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
Beispiel #27
0
 def test_not_skippable_04(self):
     self.assertFalse(is_skippable_file('bin.rpmsave.ping'))
Beispiel #28
0
 def test_skippable_07(self):
     self.assertTrue(is_skippable_file('bin.ping.orig'))
Beispiel #29
0
 def test_skippable_01(self):
     self.assertTrue(is_skippable_file('bin.ping.dpkg-new'))
Beispiel #30
0
 def test_skippable_08(self):
     self.assertTrue(is_skippable_file('bin.ping.rej'))
Beispiel #31
0
 def test_skippable_03(self):
     self.assertTrue(is_skippable_file('bin.ping..dpkg-dist'))
Beispiel #32
0
 def test_skippable_09(self):
     self.assertTrue(is_skippable_file('bin.ping~'))
Beispiel #33
0
 def test_skippable_05(self):
     self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
Beispiel #34
0
 def test_skippable_10(self):
     self.assertTrue(is_skippable_file('.bin.ping'))
Beispiel #35
0
 def test_skippable_07(self):
     self.assertTrue(is_skippable_file('bin.ping.pacnew'))
Beispiel #36
0
 def test_skippable_11(self):
     self.assertTrue(is_skippable_file(''))  # empty filename
Beispiel #37
0
 def test_skippable_09(self):
     self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
Beispiel #38
0
 def test_skippable_12(self):
     self.assertTrue(is_skippable_file('/etc/apparmor.d/'))  # directory without filename
Beispiel #39
0
 def test_skippable_11(self):
     self.assertTrue(is_skippable_file('bin.ping.rej'))
Beispiel #40
0
 def test_skippable_13(self):
     self.assertTrue(is_skippable_file('README'))
Beispiel #41
0
 def test_skippable_13(self):
     self.assertTrue(is_skippable_file('.bin.ping'))
Beispiel #42
0
 def test_not_skippable_02(self):
     self.assertFalse(is_skippable_file('usr.lib.dovecot.anvil'))
Beispiel #43
0
 def test_skippable_15(self):
     self.assertTrue(is_skippable_file('/etc/apparmor.d/'))  # directory without filename
Beispiel #44
0
 def test_not_skippable_03(self):
     self.assertFalse(is_skippable_file('bin.~ping'))
Beispiel #45
0
 def test_not_skippable_04(self):
     self.assertFalse(is_skippable_file('bin.rpmsave.ping'))
Beispiel #46
0
 def test_not_skippable_05(self):
     # normally is_skippable_file should be called without directory, but it shouldn't hurt too much
     self.assertFalse(is_skippable_file('/etc/apparmor.d/bin.ping'))
Beispiel #47
0
 def test_not_skippable_02(self):
     self.assertFalse(is_skippable_file('usr.lib.dovecot.anvil'))
Beispiel #48
0
 def test_not_skippable_03(self):
     self.assertFalse(is_skippable_file('bin.~ping'))