diff --git a/hassio/addons/build.py b/hassio/addons/build.py index b857b01ef..2f7a300ef 100644 --- a/hassio/addons/build.py +++ b/hassio/addons/build.py @@ -20,7 +20,6 @@ class AddonBuild(JsonConfig, CoreSysAttributes): def save_data(self): """Ignore save function.""" - pass @property def addon(self): diff --git a/hassio/addons/utils.py b/hassio/addons/utils.py index c1be14a64..91ad08088 100644 --- a/hassio/addons/utils.py +++ b/hassio/addons/utils.py @@ -7,7 +7,8 @@ import re from ..const import ( SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE, - PRIVILEGED_DAC_READ_SEARCH, ROLE_ADMIN, ROLE_MANAGER) + PRIVILEGED_DAC_READ_SEARCH, PRIVILEGED_SYS_MODULE, ROLE_ADMIN, + ROLE_MANAGER) RE_SHA1 = re.compile(r"[a-f0-9]{8}") @@ -33,10 +34,17 @@ def rating_security(addon): rating += 1 # Privileged options - if any(privilege in addon.privileged - for privilege in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, - PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE, - PRIVILEGED_DAC_READ_SEARCH)): + if any( + privilege in addon.privileged + for privilege in ( + PRIVILEGED_NET_ADMIN, + PRIVILEGED_SYS_ADMIN, + PRIVILEGED_SYS_RAWIO, + PRIVILEGED_SYS_PTRACE, + PRIVILEGED_SYS_MODULE, + PRIVILEGED_DAC_READ_SEARCH, + ) + ): rating += -1 # API Hass.io role @@ -81,6 +89,7 @@ def extract_hash_from_path(path): def check_installed(method): """Wrap function with check if add-on is installed.""" + async def wrap_check(addon, *args, **kwargs): """Return False if not installed or the function.""" if not addon.is_installed: @@ -95,8 +104,7 @@ async def remove_data(folder): """Remove folder and reset privileged.""" try: proc = await asyncio.create_subprocess_exec( - "rm", "-rf", str(folder), - stdout=asyncio.subprocess.DEVNULL + "rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL ) _, error_msg = await proc.communicate() diff --git a/hassio/addons/validate.py b/hassio/addons/validate.py index 81a1f43af..d96293fa2 100644 --- a/hassio/addons/validate.py +++ b/hassio/addons/validate.py @@ -24,7 +24,8 @@ from ..const import ( PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE, PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH, - ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP) + PRIVILEGED_SYS_MODULE, ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, + ROLE_ADMIN, ROLE_BACKUP) from ..validate import ( NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256) from ..services.validate import DISCOVERY_SERVICES @@ -82,6 +83,7 @@ PRIVILEGED_ALL = [ PRIVILEGED_SYS_NICE, PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, + PRIVILEGED_SYS_MODULE, PRIVILEGED_DAC_READ_SEARCH, ] diff --git a/hassio/const.py b/hassio/const.py index 24fff6bd0..af62cb941 100644 --- a/hassio/const.py +++ b/hassio/const.py @@ -244,6 +244,7 @@ PRIVILEGED_SYS_RAWIO = "SYS_RAWIO" PRIVILEGED_IPC_LOCK = "IPC_LOCK" PRIVILEGED_SYS_TIME = "SYS_TIME" PRIVILEGED_SYS_NICE = "SYS_NICE" +PRIVILEGED_SYS_MODULE = "SYS_MODULE" PRIVILEGED_SYS_RESOURCE = "SYS_RESOURCE" PRIVILEGED_SYS_PTRACE = "SYS_PTRACE" PRIVILEGED_DAC_READ_SEARCH = "DAC_READ_SEARCH" diff --git a/hassio/exceptions.py b/hassio/exceptions.py index 66f9d48bb..850fb17da 100644 --- a/hassio/exceptions.py +++ b/hassio/exceptions.py @@ -3,118 +3,98 @@ class HassioError(Exception): """Root exception.""" - pass class HassioNotSupportedError(HassioError): """Function is not supported.""" - pass # HomeAssistant class HomeAssistantError(HassioError): """Home Assistant exception.""" - pass class HomeAssistantUpdateError(HomeAssistantError): """Error on update of a Home Assistant.""" - pass class HomeAssistantAPIError(HomeAssistantError): """Home Assistant API exception.""" - pass class HomeAssistantAuthError(HomeAssistantAPIError): """Home Assistant Auth API exception.""" - pass # HassOS class HassOSError(HassioError): """HassOS exception.""" - pass class HassOSUpdateError(HassOSError): """Error on update of a HassOS.""" - pass class HassOSNotSupportedError(HassioNotSupportedError): """Function not supported by HassOS.""" - pass # Updater class HassioUpdaterError(HassioError): """Error on Updater.""" - pass # Auth class AuthError(HassioError): """Auth errors.""" - pass # Host class HostError(HassioError): """Internal Host error.""" - pass class HostNotSupportedError(HassioNotSupportedError): """Host function is not supprted.""" - pass class HostServiceError(HostError): """Host service functions fails.""" - pass class HostAppArmorError(HostError): """Host apparmor functions fails.""" - pass # API class APIError(HassioError, RuntimeError): """API errors.""" - pass class APIForbidden(APIError): """API forbidden error.""" - pass # Service / Discovery class DiscoveryError(HassioError): """Discovery Errors.""" - pass class ServicesError(HassioError): """Services Errors.""" - pass # utils/gdbus class DBusError(HassioError): """DBus generic error.""" - pass class DBusNotConnectedError(HostNotSupportedError): @@ -123,26 +103,21 @@ class DBusNotConnectedError(HostNotSupportedError): class DBusFatalError(DBusError): """DBus call going wrong.""" - pass class DBusParseError(DBusError): """DBus parse error.""" - pass # util/apparmor class AppArmorError(HostAppArmorError): """General AppArmor error.""" - pass class AppArmorFileError(AppArmorError): """AppArmor profile file error.""" - pass class AppArmorInvalidError(AppArmorError): """AppArmor profile validate error.""" - pass diff --git a/tox.ini b/tox.ini index 70f3d55f4..a1462d249 100644 --- a/tox.ini +++ b/tox.ini @@ -4,8 +4,8 @@ envlist = lint, tests [testenv] deps = flake8==3.6.0 - pylint==2.1.1 - pytest==4.0.0 + pylint==2.2.2 + pytest==4.1.1 -r{toxinidir}/requirements.txt [testenv:lint]