This file is indexed.

/usr/bin/aa-easyprof is in apparmor-easyprof 2.11.0-3+deb9u2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#! /usr/bin/python3.5
# ------------------------------------------------------------------
#
#    Copyright (C) 2011-2015 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

import apparmor.easyprof
from apparmor.easyprof import error
import os
import sys

# setup exception handling
from apparmor.fail import enable_aa_exception_handler
enable_aa_exception_handler()

if __name__ == "__main__":
    def usage():
        '''Return usage information'''
        return 'USAGE: %s [options] <path to binary>' % \
               os.path.basename(sys.argv[0])

    (opt, args) = apparmor.easyprof.parse_args()
    binary = None
    manifest = None

    m = usage()
    if opt.show_policy_group and not opt.policy_groups:
        error("Must specify -p with --show-policy-group")
    elif not opt.template and not opt.policy_groups and len(args) < 1:
        error("Must specify full path to binary\n%s" % m)

    binary = None
    if len(args) >= 1:
        binary = args[0]

    # parse_manifest() returns a list of tuples (binary, options). Create a
    # list of these profile tuples to support multiple profiles in one manifest
    profiles = []
    if opt.manifest:
        try:
            # should hide this in a common function
            if sys.version_info[0] >= 3:
                f = open(opt.manifest, "r", encoding="utf-8")
            else:
                f = open(opt.manifest, "r")
            manifest = f.read()
        except EnvironmentError as e:
            error("Could not read '%s': %s (%d)\n" % (opt.manifest,
                                                      os.strerror(e.errno),
                                                      e.errno))
        profiles = apparmor.easyprof.parse_manifest(manifest, opt)
    else: # fake up a tuple list when processing command line args
        profiles.append( (binary, opt) )

    count = 0
    for (binary, options) in profiles:
        if len(profiles) > 1:
            count += 1
        easyp = apparmor.easyprof.AppArmorEasyProfile(binary, options)

        if options.list_templates:
            apparmor.easyprof.print_basefilenames(easyp.get_templates())
            sys.exit(0)
        elif options.template and options.show_template:
            sys_t = os.path.join(easyp.dirs['templates'], options.template)
            inc_t = None
            if options.include_templates_dir:
                inc_t = os.path.join(easyp.dirs['templates_include'],
                                     options.template)

            if os.path.exists(sys_t):
                apparmor.easyprof.print_files([sys_t])
            elif os.path.exists(inc_t):
                apparmor.easyprof.print_files([inc_t])
            else:
                error("Could not find '%s'" % options.template)
            sys.exit(0)
        elif options.list_policy_groups:
            apparmor.easyprof.print_basefilenames(easyp.get_policy_groups())
            sys.exit(0)
        elif options.policy_groups and options.show_policy_group:
            files = []
            for g in options.policy_groups.split(','):
                sys_g = os.path.join(easyp.dirs['policygroups'], g)
                inc_g = None
                if options.include_policy_groups_dir:
                    inc_g = os.path.join(easyp.dirs['policygroups_include'], g)

                if os.path.exists(sys_g):
                    files.append(sys_g)
                elif os.path.exists(inc_g):
                    files.append(inc_g)
                else:
                    error("Could not find '%s'" % g)

            apparmor.easyprof.print_files(files)
            sys.exit(0)
        elif binary == None and not options.profile_name and \
             not options.manifest:
            error("Must specify binary and/or profile name\n%s" % m)

        params = apparmor.easyprof.gen_policy_params(binary, options)
        if options.manifest and options.verify_manifest and \
           not apparmor.easyprof.verify_manifest(params):
            error("Manifest file requires review")

        if options.output_format == "json":
            sys.stdout.write('%s\n' % easyp.gen_manifest(params))
        else:
            params['no_verify'] = options.no_verify
            easyp.output_policy(params, count, opt.output_directory)