-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apparmor prompting: store decisions by ID #29
Apparmor prompting: store decisions by ID #29
Commits on Jun 14, 2023
-
prompting/storage: defined
StoredDecision
type and added it to Prom……ptsDB` Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 0d0439a - Browse repository at this point
Copy the full SHA 0d0439aView commit details -
prompting: modified
notifier.Request
andstorage.StoredDecision
Added `Snap` and `App` information to requests so that prompt clients do not have to parse apparmor labels, and because that is used in the `StoredDecision` struct. Also added `ResourceType` to the request so that this information can be displayed in the prompt to the user. The `newRequest()` function has been modified to parse the label from apparmor into `Snap` and `App`, and to assign a `ResourceType` of `"file"` if `msg.Class == apparmor.MediationClassFile` (which is the only handled case in `newRequest()` at the moment). Also, a `newStoredDecision()` function has been added which constructs a new `StoredDecision` struct based on the information from a given `notifier.Request` and other information which is produced early on during the `Set()` function. The purpose of `newStoredDecision()` is to be a helper function for `Set()` which create decisions with unique IDs and sets up most of the boilerplate for the decisions. The `Permissions` field is left as an empty list to which `Set()` will append each permission which is actually added to the DB, since any which are implied by previous decisions are not added. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 1fde78b - Browse repository at this point
Copy the full SHA 1fde78bView commit details -
prompting/storage: integrated
Request.{Snap,App}
and updated testsSigned-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for c15573f - Browse repository at this point
Copy the full SHA c15573fView commit details -
prompting/storage: integrated
StoredDecision
into storage.go -- WIPSigned-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 339174d - Browse repository at this point
Copy the full SHA 339174dView commit details
Commits on Jun 17, 2023
-
prompting/storage: renamed
permissionMap
topermissionsMap
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 597fcfc - Browse repository at this point
Copy the full SHA 597fcfcView commit details -
prompting/storage: added error handling before struct dereference
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 9a25015 - Browse repository at this point
Copy the full SHA 9a25015View commit details -
prompting/storage: correctly update timestamps of decisions when modi…
…fied Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for e0e7cbd - Browse repository at this point
Copy the full SHA e0e7cbdView commit details -
prompting/storage: return original state of modified decisions
Previously, only the IDs of modified and deleted decisions were returned by functions which caused those modifications (`Set()` being the primary exported one). These modifications and deletions can occur as the result of pruning when a new decision overrides a previous. However, since stored decisions are modified immediately during pruning when a corresponding leaf is removed from the allow tree, and the `ById` map is immediately updated to reflect that change, before the end of the overarching function call which results in the changes, the original states of the modified decisions have been list, and any deleted decisions have been removed from the storage entirely. This commit changes that. Now, whenever a stored decision is modified for the first time as a result of pruning, its original state is deep copied and stored so that it can be later returned to the caller. As this is more complicated than simply returning the IDs of changed decisions, some refactoring was done in an attempt to reduce duplicate code and increase modularity. Some helper functions were also exported for testing. Still TODO: now that the original state of changes decisions are stored, use that to roll back changes to other decisions if/when an error occurs. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for d30eba1 - Browse repository at this point
Copy the full SHA d30eba1View commit details -
prompting/storage: partially refactored tests to reflect new ID-based…
… decision storage -- WIP Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 4a4ac68 - Browse repository at this point
Copy the full SHA 4a4ac68View commit details
Commits on Jun 21, 2023
-
prompting/storage: added changed decision rollback on error
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 3b2fc4c - Browse repository at this point
Copy the full SHA 3b2fc4cView commit details -
prompting/storage: fixed types in storage_test.go
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for b63c12d - Browse repository at this point
Copy the full SHA b63c12dView commit details