This file is indexed.

/usr/bin/aa-easyprof is in apparmor-easyprof 2.9.0-3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#! /usr/bin/python3.4
# ------------------------------------------------------------------
#
#    Copyright (C) 2011-2013 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import apparmor.easyprof
from apparmor.easyprof import AppArmorException, error
import os
import sys

if __name__ == "__main__":
    def usage():
        '''Return usage information'''
        return 'USAGE: %s [options] <path to binary>' % \
               os.path.basename(sys.argv[0])

    (opt, args) = apparmor.easyprof.parse_args()
    binary = None
    manifest = None

    m = usage()
    if opt.show_policy_group and not opt.policy_groups:
        error("Must specify -p with --show-policy-group")
    elif not opt.template and not opt.policy_groups and len(args) < 1:
        error("Must specify full path to binary\n%s" % m)

    binary = None
    if len(args) >= 1:
        binary = args[0]

    # parse_manifest() returns a list of tuples (binary, options). Create a
    # list of these profile tuples to support multiple profiles in one manifest
    profiles = []
    if opt.manifest:
        try:
            # should hide this in a common function
            if sys.version_info[0] >= 3:
                f = open(opt.manifest, "r", encoding="utf-8")
            else:
                f = open(opt.manifest, "r")
            manifest = f.read()
        except EnvironmentError as e:
            error("Could not read '%s': %s (%d)\n" % (opt.manifest,
                                                      os.strerror(e.errno),
                                                      e.errno))
        profiles = apparmor.easyprof.parse_manifest(manifest, opt)
    else: # fake up a tuple list when processing command line args
        profiles.append( (binary, opt) )

    count = 0
    for (binary, options) in profiles:
        if len(profiles) > 1:
            count += 1
        try:
            easyp = apparmor.easyprof.AppArmorEasyProfile(binary, options)
        except AppArmorException as e:
            error(e.value)
        except Exception:
            raise

        if options.list_templates:
            apparmor.easyprof.print_basefilenames(easyp.get_templates())
            sys.exit(0)
        elif options.template and options.show_template:
            files = [os.path.join(easyp.dirs['templates'], options.template)]
            apparmor.easyprof.print_files(files)
            sys.exit(0)
        elif options.list_policy_groups:
            apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
            sys.exit(0)
        elif options.policy_groups and options.show_policy_group:
            for g in options.policy_groups.split(','):
                files = [os.path.join(easyp.dirs['policygroups'], g)]
                apparmor.easyprof.print_files(files)
            sys.exit(0)
        elif binary == None and not options.profile_name and \
             not options.manifest:
            error("Must specify binary and/or profile name\n%s" % m)

        params = apparmor.easyprof.gen_policy_params(binary, options)
        if options.manifest and options.verify_manifest and \
           not apparmor.easyprof.verify_manifest(params):
            error("Manifest file requires review")

        if options.output_format == "json":
            sys.stdout.write('%s\n' % easyp.gen_manifest(params))
        else:
            params['no_verify'] = options.no_verify
            try:
                easyp.output_policy(params, count, opt.output_directory)
            except AppArmorException as e:
                error(e)