/usr/sbin/aa-update-browser is in apparmor-utils 2.12-4ubuntu5.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | #!/bin/sh
#
# Copyright (C) 2010 Canonical, Ltd.
# Author: Jamie Strandboge <jamie@canonical.com>
# License: GPLv2
#
# Program for updating browser abstractions in Ubuntu. The program will
# search the specified profile for an include directive for a file in
# abstractions/ubuntu-browsers.d and update this file with the specified
# browsers abstractions.
set -e
topdir="/etc/apparmor.d"
reldir="abstractions/ubuntu-browsers.d"
dir="$topdir/$reldir"
if [ ! -d "$dir" ]; then
echo "'$dir' is not a directory" >&2
exit 1
fi
help() {
cat <<EOM
`basename $0`
Usage: `basename $0` [OPTIONS] <profile>
-u comma separated list of abstractions for profile to use
-d dry-run. Only show what would be done.
-l list available abstractions
-h this message
Eg:
$ aa-update-browser -l
# aa-update-browser -u multimedia,productivity /etc/apparmor.d/usr.bin.firefox
EOM
}
find_browser_include() {
fn="$1"
r=`egrep " *#include <$reldir/.*> *(|#.*)" "$fn" | cut -f 2 -d '<' | cut -f 1 -d '>'`
if [ -z "$r" ]; then
echo "Could not find '#include <$reldir/...>' in" >&2
echo "$fn" >&2
return
fi
basename "$r"
}
existing_abstractions=""
for i in $dir/* ; do
if [ ! -s "$i" ]; then
continue
fi
if head -1 "$i" | grep -q '^# This file is updated' ; then
continue
fi
# This has a leading space, which we use below.
existing_abstractions="$existing_abstractions `basename $i`"
done
updated=
dryrun=
while getopts "dhlu:" opt
do
case "$opt" in
d) dryrun="yes";;
u) updated="$OPTARG";;
l)
echo "$existing_abstractions"
exit 0
;;
h)
help
exit 0
;;
?)
help
exit 1
;;
esac
done
shift $(($OPTIND - 1))
if [ -z "$1" ]; then
help
exit 1
fi
for p in $* ; do
if [ ! -s "$p" ]; then
echo "Could not find '$p'" >&2
exit 1
fi
include=`find_browser_include $p`
if [ -z "$include" ]; then
exit 1
fi
if echo "$existing_abstractions" | grep -q " $include" ; then
echo "'$reldir/$include' is an existing abstraction" >&2
exit 1
fi
tmp=`mktemp`
plugins_common_path="$dir/plugins-common"
cat > "$tmp" <<EOM
# This file is updated by '`basename $0`' and may be overwritten on
# upgrades.
#
# For site-specific adjustments, please see /etc/apparmor.d/local/<binary>
EOM
for a in `echo "$updated" | tr [,] ' '`; do
echo "$existing_abstractions" | egrep -q " $a( |$)" || {
echo "'$a' is not an existing abstraction. Skipping." >&2
continue
}
if [ -f "$dir/$a" ]; then
# TODO: add $plugins_common_path only for those browser abstractions
# that actually need it.
if [ -n "$plugins_common_path" ] && [ -e "$plugins_common_path" ]; then
echo "#include <$reldir/`basename $plugins_common_path`>" >> "$tmp"
plugins_common_path=""
fi
echo "#include <$reldir/$a>" >> "$tmp"
else
echo "Skipping '$a' (not found in '$dir')" >&2
continue
fi
done
if [ "$dryrun" = "yes" ]; then
echo "Skipping commit to '$dir/$include' (dry run)" >&2
cat "$tmp"
rm -f "$tmp"
continue
fi
mv -f "$tmp" "$dir/$include" || {
rm -f "$tmp"
exit 1
}
chmod 644 "$dir/$include"
done
|