More robust aa-status output parser

yast · Jan 23, 2019 · 8f25ff5 · 8f25ff5
1 parent 7609c3d
commit 8f25ff5
Showing 1 changed file with 69 additions and 14 deletions.
diff --git a/src/lib/apparmor/profiles.rb b/src/lib/apparmor/profiles.rb
@@ -48,7 +48,7 @@ def toggle
     end
 
     def to_s
-      @name + ', ' + @status + ', ' + @pid
+      "#{@name}, #{@status}, #{@pid}"
     end
 
     def to_array
@@ -77,22 +77,15 @@ def execute(*args)
 
   # Class representing a list of profiles
   class Profiles
+    include Yast::Logger
     attr_reader :prof
     def initialize
-      status_output = command_output("/usr/sbin/aa-status", "--json")
-
-      jtext = JSON.parse(status_output)
-      h = jtext['profiles']
       @prof = {}
-      h.each do |name, status|
-        @prof[name] = Profile.new(name, status)
-      end
-      h = jtext['processes']
-      h.each do |name, pidmap|
-        pidmap.each do |p|
-          @prof[name].addPid(p['pid'])
-        end
-      end
+      status_output = command_output("/usr/sbin/aa-status", "--pretty-json")
+      log.info("aa-status output:\n#{status_output}\n")
+      jtext = JSON.parse(status_output)
+      add_profiles(jtext["profiles"])
+      add_processes(jtext["processes"])
     end
 
     def active
@@ -110,6 +103,68 @@ def toggle(name)
 
   private
 
+    # Add all profiles from the "profiles" section of the parsed JSON output of
+    # the aa-status command.
+    #
+    # Sample JSON:
+    #
+    #  "profiles": {
+    #      "/usr/bin/lessopen.sh": "enforce",
+    #      "/usr/lib/colord": "enforce",
+    #      "/usr/{bin,sbin}/dnsmasq": "enforce",
+    #      "nscd": "enforce",
+    #      "ntpd": "enforce",
+    #      "syslogd": "enforce",
+    #      "traceroute": "enforce",
+    #      "winbindd": "enforce"
+    #  }
+    def add_profiles(profiles)
+      return if profiles.nil?
+      profiles.each do |name, status|
+        log.info("Profile name: #{name} status: #{status}")
+        @prof[name] = Profile.new(name, status)
+      end
+    end
+
+    # Add all processesfrom the "profiles" section of the parsed JSON output of
+    # the aa-status command.
+    #
+    # Sample JSON:
+    #
+    # "processes": {
+    #     "/usr/sbin/nscd": [
+    #         {
+    #             "profile": "nscd",
+    #             "pid": "805",
+    #             "status": "enforce"
+    #         }
+    #     ],
+    #     "/usr/lib/colord": [
+    #         {
+    #             "profile": "/usr/lib/colord",
+    #             "pid": "1790",
+    #             "status": "enforce"
+    #         }
+    #     ]
+    # }
+    def add_processes(processes)
+      return if processes.nil?
+      processes.each do |executable_name, pidmap_list|
+        pidmap_list.each do |pidmap|
+          profile_name = pidmap["profile"] || executable_name
+          pid = pidmap["pid"]
+          if @prof.key?(profile_name)
+            msg = "Active process #{pid} #{executable_name}"
+            msg += " profile name #{profile_name}" if executable_name != profile_name
+            log.info(msg)
+            @prof[profile_name].addPid(pid)
+          else
+            log.warn("No profile #{profile_name}")
+          end
+        end
+      end
+    end
+
     # Returns the output of the given command
     #
     # @param args [Array<String>, Array<Array<String>>] the command to execute and