mirror of
https://github.com/home-assistant/supervisor.git
synced 2025-07-23 09:06:29 +00:00
Add support for SYS_MODULE (#889)
* Add support for SYS_MODULE * Update flake stuff * Fix lint * Fix lint * Fix lint * Fix lint
This commit is contained in:
parent
e78385e7ea
commit
aa1c765c4b
@ -20,7 +20,6 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
|
|||||||
|
|
||||||
def save_data(self):
|
def save_data(self):
|
||||||
"""Ignore save function."""
|
"""Ignore save function."""
|
||||||
pass
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def addon(self):
|
def addon(self):
|
||||||
|
@ -7,7 +7,8 @@ import re
|
|||||||
from ..const import (
|
from ..const import (
|
||||||
SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
|
SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
|
||||||
PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE,
|
PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE,
|
||||||
PRIVILEGED_DAC_READ_SEARCH, ROLE_ADMIN, ROLE_MANAGER)
|
PRIVILEGED_DAC_READ_SEARCH, PRIVILEGED_SYS_MODULE, ROLE_ADMIN,
|
||||||
|
ROLE_MANAGER)
|
||||||
|
|
||||||
RE_SHA1 = re.compile(r"[a-f0-9]{8}")
|
RE_SHA1 = re.compile(r"[a-f0-9]{8}")
|
||||||
|
|
||||||
@ -33,10 +34,17 @@ def rating_security(addon):
|
|||||||
rating += 1
|
rating += 1
|
||||||
|
|
||||||
# Privileged options
|
# Privileged options
|
||||||
if any(privilege in addon.privileged
|
if any(
|
||||||
for privilege in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN,
|
privilege in addon.privileged
|
||||||
PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE,
|
for privilege in (
|
||||||
PRIVILEGED_DAC_READ_SEARCH)):
|
PRIVILEGED_NET_ADMIN,
|
||||||
|
PRIVILEGED_SYS_ADMIN,
|
||||||
|
PRIVILEGED_SYS_RAWIO,
|
||||||
|
PRIVILEGED_SYS_PTRACE,
|
||||||
|
PRIVILEGED_SYS_MODULE,
|
||||||
|
PRIVILEGED_DAC_READ_SEARCH,
|
||||||
|
)
|
||||||
|
):
|
||||||
rating += -1
|
rating += -1
|
||||||
|
|
||||||
# API Hass.io role
|
# API Hass.io role
|
||||||
@ -81,6 +89,7 @@ def extract_hash_from_path(path):
|
|||||||
|
|
||||||
def check_installed(method):
|
def check_installed(method):
|
||||||
"""Wrap function with check if add-on is installed."""
|
"""Wrap function with check if add-on is installed."""
|
||||||
|
|
||||||
async def wrap_check(addon, *args, **kwargs):
|
async def wrap_check(addon, *args, **kwargs):
|
||||||
"""Return False if not installed or the function."""
|
"""Return False if not installed or the function."""
|
||||||
if not addon.is_installed:
|
if not addon.is_installed:
|
||||||
@ -95,8 +104,7 @@ async def remove_data(folder):
|
|||||||
"""Remove folder and reset privileged."""
|
"""Remove folder and reset privileged."""
|
||||||
try:
|
try:
|
||||||
proc = await asyncio.create_subprocess_exec(
|
proc = await asyncio.create_subprocess_exec(
|
||||||
"rm", "-rf", str(folder),
|
"rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL
|
||||||
stdout=asyncio.subprocess.DEVNULL
|
|
||||||
)
|
)
|
||||||
|
|
||||||
_, error_msg = await proc.communicate()
|
_, error_msg = await proc.communicate()
|
||||||
|
@ -24,7 +24,8 @@ from ..const import (
|
|||||||
PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
|
PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
|
||||||
PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
|
PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
|
||||||
PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH,
|
PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH,
|
||||||
ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP)
|
PRIVILEGED_SYS_MODULE, ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER,
|
||||||
|
ROLE_ADMIN, ROLE_BACKUP)
|
||||||
from ..validate import (
|
from ..validate import (
|
||||||
NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256)
|
NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256)
|
||||||
from ..services.validate import DISCOVERY_SERVICES
|
from ..services.validate import DISCOVERY_SERVICES
|
||||||
@ -82,6 +83,7 @@ PRIVILEGED_ALL = [
|
|||||||
PRIVILEGED_SYS_NICE,
|
PRIVILEGED_SYS_NICE,
|
||||||
PRIVILEGED_SYS_RESOURCE,
|
PRIVILEGED_SYS_RESOURCE,
|
||||||
PRIVILEGED_SYS_PTRACE,
|
PRIVILEGED_SYS_PTRACE,
|
||||||
|
PRIVILEGED_SYS_MODULE,
|
||||||
PRIVILEGED_DAC_READ_SEARCH,
|
PRIVILEGED_DAC_READ_SEARCH,
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -244,6 +244,7 @@ PRIVILEGED_SYS_RAWIO = "SYS_RAWIO"
|
|||||||
PRIVILEGED_IPC_LOCK = "IPC_LOCK"
|
PRIVILEGED_IPC_LOCK = "IPC_LOCK"
|
||||||
PRIVILEGED_SYS_TIME = "SYS_TIME"
|
PRIVILEGED_SYS_TIME = "SYS_TIME"
|
||||||
PRIVILEGED_SYS_NICE = "SYS_NICE"
|
PRIVILEGED_SYS_NICE = "SYS_NICE"
|
||||||
|
PRIVILEGED_SYS_MODULE = "SYS_MODULE"
|
||||||
PRIVILEGED_SYS_RESOURCE = "SYS_RESOURCE"
|
PRIVILEGED_SYS_RESOURCE = "SYS_RESOURCE"
|
||||||
PRIVILEGED_SYS_PTRACE = "SYS_PTRACE"
|
PRIVILEGED_SYS_PTRACE = "SYS_PTRACE"
|
||||||
PRIVILEGED_DAC_READ_SEARCH = "DAC_READ_SEARCH"
|
PRIVILEGED_DAC_READ_SEARCH = "DAC_READ_SEARCH"
|
||||||
|
@ -3,118 +3,98 @@
|
|||||||
|
|
||||||
class HassioError(Exception):
|
class HassioError(Exception):
|
||||||
"""Root exception."""
|
"""Root exception."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HassioNotSupportedError(HassioError):
|
class HassioNotSupportedError(HassioError):
|
||||||
"""Function is not supported."""
|
"""Function is not supported."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# HomeAssistant
|
# HomeAssistant
|
||||||
|
|
||||||
class HomeAssistantError(HassioError):
|
class HomeAssistantError(HassioError):
|
||||||
"""Home Assistant exception."""
|
"""Home Assistant exception."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HomeAssistantUpdateError(HomeAssistantError):
|
class HomeAssistantUpdateError(HomeAssistantError):
|
||||||
"""Error on update of a Home Assistant."""
|
"""Error on update of a Home Assistant."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HomeAssistantAPIError(HomeAssistantError):
|
class HomeAssistantAPIError(HomeAssistantError):
|
||||||
"""Home Assistant API exception."""
|
"""Home Assistant API exception."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HomeAssistantAuthError(HomeAssistantAPIError):
|
class HomeAssistantAuthError(HomeAssistantAPIError):
|
||||||
"""Home Assistant Auth API exception."""
|
"""Home Assistant Auth API exception."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# HassOS
|
# HassOS
|
||||||
|
|
||||||
class HassOSError(HassioError):
|
class HassOSError(HassioError):
|
||||||
"""HassOS exception."""
|
"""HassOS exception."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HassOSUpdateError(HassOSError):
|
class HassOSUpdateError(HassOSError):
|
||||||
"""Error on update of a HassOS."""
|
"""Error on update of a HassOS."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HassOSNotSupportedError(HassioNotSupportedError):
|
class HassOSNotSupportedError(HassioNotSupportedError):
|
||||||
"""Function not supported by HassOS."""
|
"""Function not supported by HassOS."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# Updater
|
# Updater
|
||||||
|
|
||||||
class HassioUpdaterError(HassioError):
|
class HassioUpdaterError(HassioError):
|
||||||
"""Error on Updater."""
|
"""Error on Updater."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# Auth
|
# Auth
|
||||||
|
|
||||||
class AuthError(HassioError):
|
class AuthError(HassioError):
|
||||||
"""Auth errors."""
|
"""Auth errors."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# Host
|
# Host
|
||||||
|
|
||||||
class HostError(HassioError):
|
class HostError(HassioError):
|
||||||
"""Internal Host error."""
|
"""Internal Host error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HostNotSupportedError(HassioNotSupportedError):
|
class HostNotSupportedError(HassioNotSupportedError):
|
||||||
"""Host function is not supprted."""
|
"""Host function is not supprted."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HostServiceError(HostError):
|
class HostServiceError(HostError):
|
||||||
"""Host service functions fails."""
|
"""Host service functions fails."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class HostAppArmorError(HostError):
|
class HostAppArmorError(HostError):
|
||||||
"""Host apparmor functions fails."""
|
"""Host apparmor functions fails."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# API
|
# API
|
||||||
|
|
||||||
class APIError(HassioError, RuntimeError):
|
class APIError(HassioError, RuntimeError):
|
||||||
"""API errors."""
|
"""API errors."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class APIForbidden(APIError):
|
class APIForbidden(APIError):
|
||||||
"""API forbidden error."""
|
"""API forbidden error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# Service / Discovery
|
# Service / Discovery
|
||||||
|
|
||||||
class DiscoveryError(HassioError):
|
class DiscoveryError(HassioError):
|
||||||
"""Discovery Errors."""
|
"""Discovery Errors."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class ServicesError(HassioError):
|
class ServicesError(HassioError):
|
||||||
"""Services Errors."""
|
"""Services Errors."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# utils/gdbus
|
# utils/gdbus
|
||||||
|
|
||||||
class DBusError(HassioError):
|
class DBusError(HassioError):
|
||||||
"""DBus generic error."""
|
"""DBus generic error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class DBusNotConnectedError(HostNotSupportedError):
|
class DBusNotConnectedError(HostNotSupportedError):
|
||||||
@ -123,26 +103,21 @@ class DBusNotConnectedError(HostNotSupportedError):
|
|||||||
|
|
||||||
class DBusFatalError(DBusError):
|
class DBusFatalError(DBusError):
|
||||||
"""DBus call going wrong."""
|
"""DBus call going wrong."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class DBusParseError(DBusError):
|
class DBusParseError(DBusError):
|
||||||
"""DBus parse error."""
|
"""DBus parse error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
# util/apparmor
|
# util/apparmor
|
||||||
|
|
||||||
class AppArmorError(HostAppArmorError):
|
class AppArmorError(HostAppArmorError):
|
||||||
"""General AppArmor error."""
|
"""General AppArmor error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class AppArmorFileError(AppArmorError):
|
class AppArmorFileError(AppArmorError):
|
||||||
"""AppArmor profile file error."""
|
"""AppArmor profile file error."""
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class AppArmorInvalidError(AppArmorError):
|
class AppArmorInvalidError(AppArmorError):
|
||||||
"""AppArmor profile validate error."""
|
"""AppArmor profile validate error."""
|
||||||
pass
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user