def _parse(cls, raw_rule):
'''parse raw_rule and return ChangeProfileRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(
_("Invalid change_profile rule '%s'") % raw_rule)
audit, deny, allow_keyword, comment = parse_modifiers(matches)
execmode = matches.group('execmode')
if matches.group('execcond'):
execcond = strip_quotes(matches.group('execcond'))
else:
execcond = ChangeProfileRule.ALL
if matches.group('targetprofile'):
targetprofile = strip_quotes(matches.group('targetprofile'))
else:
targetprofile = ChangeProfileRule.ALL
return ChangeProfileRule(execmode,
execcond,
targetprofile,
audit=audit,
deny=deny,
allow_keyword=allow_keyword,
comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return AliasRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid alias rule '%s'") % raw_rule)
comment = parse_comment(matches)
orig_path = strip_quotes(matches.group('orig_path').strip())
target = strip_quotes(matches.group('target').strip())
return AliasRule(orig_path,
target,
audit=False,
deny=False,
allow_keyword=False,
comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return FileRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid file rule '%s'") % raw_rule)
audit, deny, allow_keyword, comment = parse_modifiers(matches)
owner = bool(matches.group('owner'))
leading_perms = False
if matches.group('path'):
path = strip_quotes(matches.group('path'))
elif matches.group('path2'):
path = strip_quotes(matches.group('path2'))
leading_perms = True
else:
path = FileRule.ALL
if matches.group('perms'):
perms = matches.group('perms')
perms, exec_perms = split_perms(perms, deny)
elif matches.group('perms2'):
perms = matches.group('perms2')
perms, exec_perms = split_perms(perms, deny)
leading_perms = True
else:
perms = FileRule.ALL
exec_perms = None
if matches.group('target'):
target = strip_quotes(matches.group('target'))
else:
target = FileRule.ALL
file_keyword = bool(matches.group('file_keyword'))
return FileRule(path, perms, exec_perms, target, owner, file_keyword, leading_perms,
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return ChangeProfileRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid change_profile rule '%s'") % raw_rule)
audit, deny, allow_keyword, comment = parse_modifiers(matches)
if matches.group('execcond'):
execcond = strip_quotes(matches.group('execcond'))
else:
execcond = ChangeProfileRule.ALL
if matches.group('targetprofile'):
targetprofile = strip_quotes(matches.group('targetprofile'))
else:
targetprofile = ChangeProfileRule.ALL
return ChangeProfileRule(execcond, targetprofile,
audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return RlimitRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid rlimit rule '%s'") % raw_rule)
comment = parse_comment(matches)
if matches.group('rlimit'):
rlimit = strip_quotes(matches.group('rlimit'))
else:
raise AppArmorException(_("Invalid rlimit rule '%s' - keyword missing") % raw_rule)
if matches.group('value'):
if matches.group('value') == 'infinity':
value = RlimitRule.ALL
else:
value = strip_quotes(matches.group('value'))
else:
raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule)
return RlimitRule(rlimit, value,
comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return RlimitRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid rlimit rule '%s'") % raw_rule)
comment = parse_comment(matches)
if matches.group('rlimit'):
rlimit = strip_quotes(matches.group('rlimit'))
else:
raise AppArmorException(_("Invalid rlimit rule '%s' - keyword missing") % raw_rule) # pragma: no cover - would need breaking the regex
if matches.group('value'):
if matches.group('value') == 'infinity':
value = RlimitRule.ALL
else:
value = strip_quotes(matches.group('value'))
else:
raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) # pragma: no cover - would need breaking the regex
return RlimitRule(rlimit, value,
comment=comment)
def _parse(cls, raw_rule):
'''parse raw_rule and return PtraceRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid ptrace rule '%s'") % raw_rule)
audit, deny, allow_keyword, comment = parse_modifiers(matches)
rule_details = ''
if matches.group('details'):
rule_details = matches.group('details')
if rule_details:
details = RE_PTRACE_DETAILS.search(rule_details)
if not details:
raise AppArmorException(
_("Invalid or unknown keywords in 'ptrace %s" %
rule_details))
if details.group('access'):
# XXX move to function _split_access()?
access = details.group('access')
if access.startswith('(') and access.endswith(')'):
access = access[1:-1]
access = access.replace(
',', ' ').split() # split by ',' or whitespace
else:
access = PtraceRule.ALL
if details.group('peer'):
peer = strip_quotes(details.group('peer'))
else:
peer = PtraceRule.ALL
else:
access = PtraceRule.ALL
peer = PtraceRule.ALL
return PtraceRule(access,
peer,
audit=audit,
deny=deny,
allow_keyword=allow_keyword,
comment=comment)
def separate_vars(vs):
"""Returns a list of all the values for a variable"""
data = set()
vs = vs.strip()
RE_VARS = re.compile('^(("[^"]*")|([^"\s]+))\s*(.*)$')
while RE_VARS.search(vs):
matches = RE_VARS.search(vs).groups()
if matches[0].endswith(','):
raise AppArmorException(
_('Variable declarations do not accept trailing commas'))
data.add(strip_quotes(matches[0]))
vs = matches[3].strip()
if vs:
raise AppArmorException(
'Variable assignments contains invalid parts (unbalanced quotes?): %s'
% vs)
return data
def test_strip_quotes_03(self):
self.assertEqual('"foo', strip_quotes('"foo'))
def test_strip_quotes_03(self):
self.assertEqual('"foo', strip_quotes('"foo'))
def _parse(cls, raw_rule):
'''parse raw_rule and return DbusRule'''
matches = cls._match(raw_rule)
if not matches:
raise AppArmorException(_("Invalid dbus rule '%s'") % raw_rule)
audit, deny, allow_keyword, comment = parse_modifiers(matches)
rule_details = ''
if matches.group('details'):
rule_details = matches.group('details')
if rule_details:
details = RE_DBUS_DETAILS.search(rule_details)
if not details:
raise AppArmorException(
_("Invalid or unknown keywords in 'dbus %s" %
rule_details))
if details.group('access'):
# XXX move to function _split_access()?
access = strip_parenthesis(details.group('access'))
access = access.replace(
',', ' ').split() # split by ',' or whitespace
if access == []: # XXX that happens for "dbus ( )," rules - correct behaviour? (also: same for signal rules?)
access = DbusRule.ALL
else:
access = DbusRule.ALL
if details.group('bus'):
bus = strip_parenthesis(strip_quotes(details.group('bus')))
else:
bus = DbusRule.ALL
if details.group('path'):
path = strip_parenthesis(strip_quotes(details.group('path')))
else:
path = DbusRule.ALL
if details.group('name'):
name = strip_parenthesis(strip_quotes(details.group('name')))
else:
name = DbusRule.ALL
if details.group('interface'):
interface = strip_parenthesis(
strip_quotes(details.group('interface')))
else:
interface = DbusRule.ALL
if details.group('member'):
member = strip_parenthesis(
strip_quotes(details.group('member')))
else:
member = DbusRule.ALL
if details.group('peername1'):
peername = strip_parenthesis(
strip_quotes(details.group('peername1')))
elif details.group('peername2'):
peername = strip_parenthesis(
strip_quotes(details.group('peername2')))
elif details.group('peername3'):
peername = strip_parenthesis(
strip_quotes(details.group('peername3')))
else:
peername = DbusRule.ALL
if details.group('peerlabel1'):
peerlabel = strip_parenthesis(
strip_quotes(details.group('peerlabel1')))
elif details.group('peerlabel2'):
peerlabel = strip_parenthesis(
strip_quotes(details.group('peerlabel2')))
elif details.group('peerlabel3'):
peerlabel = strip_parenthesis(
strip_quotes(details.group('peerlabel3')))
else:
peerlabel = DbusRule.ALL
else:
access = DbusRule.ALL
bus = DbusRule.ALL
path = DbusRule.ALL
name = DbusRule.ALL
interface = DbusRule.ALL
member = DbusRule.ALL
peername = DbusRule.ALL
peerlabel = DbusRule.ALL
return DbusRule(access,
bus,
path,
name,
interface,
member,
peername,
peerlabel,
audit=audit,
deny=deny,
allow_keyword=allow_keyword,
comment=comment)
def test_strip_quotes_08(self):
self.assertEqual('"""foo"bar"""', strip_quotes('""""foo"bar""""'))
def test_strip_quotes_07(self):
self.assertEqual('foo"bar', strip_quotes('"foo"bar"'))
def test_strip_quotes_05(self):
self.assertEqual('', strip_quotes('""'))
def test_strip_quotes_08(self):
self.assertEqual('"""foo"bar"""', strip_quotes('""""foo"bar""""'))
def test_strip_quotes_07(self):
self.assertEqual('foo"bar', strip_quotes('"foo"bar"'))
def test_strip_quotes_05(self):
self.assertEqual('', strip_quotes('""'))
def test_strip_quotes_04(self):
self.assertEqual('foo"', strip_quotes('foo"'))
def test_strip_quotes_04(self):
self.assertEqual('foo"', strip_quotes('foo"'))
def _run_test(self, params, expected):
self.assertEqual(strip_quotes(params), expected)
