def check_profile_dir(self):
        if self.profiledir:
            apparmor.profile_dir = apparmor.get_full_path(self.profiledir)
            if not os.path.isdir(apparmor.profile_dir):
                raise apparmor.AppArmorException("%s is not a directory." %
                                                 self.profiledir)

        if not user_perm(apparmor.profile_dir):
            raise apparmor.AppArmorException(
                "Cannot write to profile directory: %s" %
                (apparmor.profile_dir))
Exemple #2
0
    def clean_profile(self, program):
        filename = apparmor.get_profile_filename_from_attachment(program, True)
        import apparmor.cleanprofile as cleanprofile
        prof = cleanprofile.Prof(filename)
        cleanprof = cleanprofile.CleanProf(True, prof, prof)
        deleted = cleanprof.remove_duplicate_rules(program)
        aaui.UI_Info(_("\nDeleted %s rules.") % deleted)
        apparmor.changed[program] = True

        if filename:
            if not self.silent:
                q = aaui.PromptQuestion()
                q.title = 'Changed Local Profiles'
                q.explanation = _('The local profile for %(program)s in file %(file)s was changed. Would you like to save it?') % { 'program': program, 'file': filename }
                q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT']
                q.default = 'CMD_VIEW_CHANGES'
                q.options = []
                q.selected = 0
                ans = ''
                arg = None
                while ans != 'CMD_SAVE_CHANGES':
                    ans, arg = q.promptUser()
                    if ans == 'CMD_SAVE_CHANGES':
                        apparmor.write_profile_ui_feedback(program, True)
                        self.reload_profile(filename)
                    elif ans == 'CMD_VIEW_CHANGES':
                        #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, {})
                        newprofile = apparmor.serialize_profile(apparmor.aa[program], program, {'is_attachment': True})
                        aaui.UI_Changes(filename, newprofile, comments=True)
            else:
                apparmor.write_profile_ui_feedback(program, True)
                self.reload_profile(filename)
        else:
            raise apparmor.AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
Exemple #3
0
    def reload_profile(self, profile):
        if not self.do_reload:
            return

        cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-r', profile])

        if cmd_info[0] != 0:
            raise apparmor.AppArmorException(cmd_info[1])
Exemple #4
0
    def unload_profile(self, profile):
        if not self.do_reload:
            return

        # FIXME: should ensure profile is loaded before unloading
        cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', profile])

        if cmd_info[0] != 0:
            raise apparmor.AppArmorException(cmd_info[1])
    def act(self):
        # used by aa-cleanprof
        apparmor.read_profiles()

        for (program, profile) in self.get_next_to_profile():
            if program is None:
                program = profile

            if not program or not (os.path.exists(program)
                                   or apparmor.profile_exists(program)):
                if program and not program.startswith('/'):
                    program = aaui.UI_GetString(
                        _('The given program cannot be found, please try with the fully qualified path name of the program: '
                          ), '')
                else:
                    aaui.UI_Info(
                        _("%s does not exist, please double-check the path.") %
                        program)
                    sys.exit(1)

            if program and apparmor.profile_exists(program):
                if self.name == 'cleanprof':
                    self.clean_profile(program)

                else:
                    filename = apparmor.get_profile_filename(program)

                    if not os.path.isfile(
                            filename) or apparmor.is_skippable_file(filename):
                        aaui.UI_Info(
                            _('Profile for %s not found, skipping') % program)

                    else:
                        # One simply does not walk in here!
                        raise apparmor.AppArmorException('Unknown tool: %s' %
                                                         self.name)

                    self.reload_profile(profile)

            else:
                if '/' not in program:
                    aaui.UI_Info(
                        _("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter."
                          ) % {'program': program})
                else:
                    aaui.UI_Info(
                        _("%s does not exist, please double-check the path.") %
                        program)
                    sys.exit(1)
Exemple #6
0
 def check_profile_dir(self):
     if not user_perm(apparmor.profile_dir):
         raise apparmor.AppArmorException("Cannot write to profile directory: %s" % (apparmor.profile_dir))