def cmd_audit(self): apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): output_name = profile if program is None else program if not os.path.isfile(profile) or apparmor.is_skippable_file( profile): aaui.UI_Info( _('Profile for %s not found, skipping') % output_name) continue # keep this to allow toggling 'audit' flags if not self.remove: aaui.UI_Info(_('Setting %s to audit mode.') % output_name) else: aaui.UI_Info(_('Removing audit mode from %s.') % output_name) apparmor.change_profile_flags(profile, program, 'audit', not self.remove) disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(profile)) if os.path.exists(disable_link): aaui.UI_Info( _('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.' ) % os.path.basename(profile)) self.reload_profile(profile)
def find_and_setup_test_profiles(profile_dir): '''find all profiles in the given profile_dir, excluding - skippable files - include directories - files in the main directory (readme, todo etc.) ''' skipped = 0 profile_dir = os.path.abspath(profile_dir) apparmor.profile_dir = profile_dir print('Searching for parser simple_tests... (this will take a while)') for root, dirs, files in os.walk(profile_dir): relpath = os.path.relpath(root, profile_dir) if relpath == '.': # include files are checked as part of the profiles that include them (also, they don't contain EXRESULT) dirs.remove('includes') dirs.remove('include_tests') dirs.remove('includes-preamble') for file in files: file_with_path = os.path.join(root, file) if not apparmor.is_skippable_file(file) and relpath != '.': skipped += parse_test_profiles(file_with_path) if skipped: print('Skipping %s test profiles listed in skip_startswith.' % skipped) print('Running %s parser simple_tests...' % len(TestParseParserTests.tests))
def cmd_complain(self): apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): output_name = profile if program is None else program if not os.path.isfile(profile) or apparmor.is_skippable_file(profile): aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) continue apparmor.set_complain(profile, program) self.reload_profile(profile)
def act(self): # used by aa-cleanprof apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): if program is None: program = profile if not program or not (os.path.exists(program) or apparmor.profile_exists(program)): if program and not program.startswith('/'): program = aaui.UI_GetString( _('The given program cannot be found, please try with the fully qualified path name of the program: ' ), '') else: aaui.UI_Info( _("%s does not exist, please double-check the path.") % program) sys.exit(1) if program and apparmor.profile_exists(program): if self.name == 'cleanprof': self.clean_profile(program) else: filename = apparmor.get_profile_filename(program) if not os.path.isfile( filename) or apparmor.is_skippable_file(filename): aaui.UI_Info( _('Profile for %s not found, skipping') % program) else: # One simply does not walk in here! raise apparmor.AppArmorException('Unknown tool: %s' % self.name) self.reload_profile(profile) else: if '/' not in program: aaui.UI_Info( _("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter." ) % {'program': program}) else: aaui.UI_Info( _("%s does not exist, please double-check the path.") % program) sys.exit(1)
def cmd_disable(self): apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): output_name = profile if program is None else program if not os.path.isfile(profile) or apparmor.is_skippable_file(profile): aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) continue aaui.UI_Info(_('Disabling %s.') % output_name) self.disable_profile(profile) self.unload_profile(profile)
def act(self): # used by aa-cleanprof apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): if program is None: program = profile if not program or not(os.path.exists(program) or apparmor.profile_exists(program)): if program and not program.startswith('/'): program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '') else: aaui.UI_Info(_("%s does not exist, please double-check the path.") % program) sys.exit(1) if program and apparmor.profile_exists(program): if self.name == 'cleanprof': self.clean_profile(program) else: filename = apparmor.get_profile_filename(program) if not os.path.isfile(filename) or apparmor.is_skippable_file(filename): aaui.UI_Info(_('Profile for %s not found, skipping') % program) else: # One simply does not walk in here! raise apparmor.AppArmorException('Unknown tool: %s' % self.name) self.reload_profile(profile) else: if '/' not in program: aaui.UI_Info(_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.") % { 'program': program }) else: aaui.UI_Info(_("%s does not exist, please double-check the path.") % program) sys.exit(1)
def cmd_audit(self): apparmor.read_profiles() for (program, profile) in self.get_next_to_profile(): output_name = profile if program is None else program if not os.path.isfile(profile) or apparmor.is_skippable_file(profile): aaui.UI_Info(_('Profile for %s not found, skipping') % output_name) continue # keep this to allow toggling 'audit' flags if not self.remove: aaui.UI_Info(_('Setting %s to audit mode.') % output_name) else: aaui.UI_Info(_('Removing audit mode from %s.') % output_name) apparmor.change_profile_flags(profile, program, 'audit', not self.remove) disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(profile)) if os.path.exists(disable_link): aaui.UI_Info(_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.') % os.path.basename(profile)) self.reload_profile(profile)
def test_skippable_08(self): self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
def test_skippable_06(self): self.assertTrue(is_skippable_file('bin.ping.pacsave'))
def test_skippable_04(self): self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
def test_skippable_02(self): self.assertTrue(is_skippable_file('bin.ping.dpkg-old'))
def test_not_skippable_06(self): self.assertFalse(is_skippable_file('bin.pingrej'))
def test_skippable_14(self): self.assertTrue(is_skippable_file('')) # empty filename
def test_skippable_03(self): self.assertTrue(is_skippable_file('bin.ping..dpkg-dist'))
def test_skippable_01(self): self.assertTrue(is_skippable_file('bin.ping.dpkg-new'))
def test_not_skippable_05(self): # normally is_skippable_file should be called without directory, but it shouldn't hurt too much self.assertFalse(is_skippable_file('/etc/apparmor.d/bin.ping'))
def test_skippable_10(self): self.assertTrue(is_skippable_file('bin.ping.orig'))
def test_skippable_12(self): self.assertTrue(is_skippable_file('bin.ping~'))
def test_skippable_05(self): self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
def test_skippable_16(self): self.assertTrue(is_skippable_file('README'))
def test_skippable_06(self): self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
def test_not_skippable_04(self): self.assertFalse(is_skippable_file('bin.rpmsave.ping'))
def test_skippable_07(self): self.assertTrue(is_skippable_file('bin.ping.orig'))
def test_skippable_08(self): self.assertTrue(is_skippable_file('bin.ping.rej'))
def test_skippable_09(self): self.assertTrue(is_skippable_file('bin.ping~'))
def test_skippable_05(self): self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
def test_skippable_10(self): self.assertTrue(is_skippable_file('.bin.ping'))
def test_skippable_07(self): self.assertTrue(is_skippable_file('bin.ping.pacnew'))
def test_skippable_11(self): self.assertTrue(is_skippable_file('')) # empty filename
def test_skippable_09(self): self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
def test_skippable_12(self): self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
def test_skippable_11(self): self.assertTrue(is_skippable_file('bin.ping.rej'))
def test_skippable_13(self): self.assertTrue(is_skippable_file('README'))
def test_skippable_13(self): self.assertTrue(is_skippable_file('.bin.ping'))
def test_not_skippable_02(self): self.assertFalse(is_skippable_file('usr.lib.dovecot.anvil'))
def test_skippable_15(self): self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
def test_not_skippable_03(self): self.assertFalse(is_skippable_file('bin.~ping'))