def __init__(self, profilename, hat, calledby):
data = dict()
# self.data['info'] isn't used anywhere, but can be helpful in debugging.
data['info'] = {
'profile': profilename,
'hat': hat,
'calledby': calledby
}
for rule in ruletypes:
data[rule] = ruletypes[rule]['ruleset']()
data['alias'] = dict()
data['include'] = dict()
data['localinclude'] = dict()
data['lvar'] = dict()
data['repo'] = dict()
data['filename'] = ''
data['name'] = ''
data['attachment'] = ''
data['flags'] = ''
data['external'] = False
data[
'header_comment'] = '' # currently only set by set_profile_flags()
data['initial_comment'] = ''
data[
'profile_keyword'] = False # currently only set by set_profile_flags()
data['profile'] = False # profile or hat?
data['allow'] = dict()
data['deny'] = dict()
data['allow']['link'] = hasher()
data['deny']['link'] = hasher()
# mount, pivot_root, unix have a .get() fallback to list() - initialize them nevertheless
data['allow']['mount'] = list()
data['deny']['mount'] = list()
data['allow']['pivot_root'] = list()
data['deny']['pivot_root'] = list()
data['allow']['unix'] = list()
data['deny']['unix'] = list()
self.data = data
def test_delete_duplicates_hasher(self):
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
' deny capability chgrp, # example comment',
'',
]
expected_clean = [
' deny capability chgrp, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
'',
]
self.assertEqual(self.ruleset.delete_duplicates(hasher()), 0)
self.assertEqual(expected_raw, self.ruleset.get_raw(1))
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
def test_delete_duplicates_hasher(self):
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
' deny capability chgrp, # example comment',
'',
]
expected_clean = [
' deny capability chgrp, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
'',
]
self.assertEqual(self.ruleset.delete_duplicates(hasher()), 0)
self.assertEqual(expected_raw, self.ruleset.get_raw(1))
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
def init_hashlog(self, aamode, profile):
''' initialize self.hashlog[aamode][profile] for all rule types'''
if profile in self.hashlog[aamode].keys():
return # already initialized, don't overwrite existing data
self.hashlog[aamode][profile] = {
'final_name':
profile, # might be changed for null-* profiles based on exec decisions
'capability': {}, # flat, no hasher needed
'change_hat': {}, # flat, no hasher needed
'change_profile':
{}, # flat, no hasher needed (at least in logparser which doesn't support EXEC MODE and EXEC COND)
'dbus': hasher(),
'exec': hasher(),
'network': hasher(),
'path': hasher(),
'ptrace': hasher(),
'signal': hasher(),
}