Merge pull request #1835 from nickanderson/CFE-3426/master

Added ability to extend known paths without modifying vendored policy

Author: nickanderson

lib/paths.cf

@@ -26,6 +26,48 @@ bundle common paths
 # }
 # ```
 #
+# The paths bundle can be extended with custom paths by tagging *classic array* variables with `paths.cf`.
+#
+# **Example:**
+#
+# ```cf3
+# bundle agent extended_paths_example
+# {
+#   meta:
+#       "tags" slist => { "autorun" };
+#
+#   vars:
+#       # NOTE: the key will be canonified when it's pulled in to the paths bundle.
+#       "path[orange]" string => "/bin/true", meta => { "paths.cf" };
+#       "path[true-blue]" string => "/bin/true", meta => { "paths.cf" };
+#       "foo[bar]" string => "/bin/true", meta => { "paths.cf" };
+#
+#     this_context_isnt_defined_so_no_path::
+#       "path[red]" string => "/bin/true", meta => { "paths.cf" };
+#
+#   reports:
+#     _stdlib_path_exists_orange::
+#       "path paths.orange == $(paths.orange)";
+#       "path paths.path[orange] == $(paths.path[orange])";
+#
+#     _stdlib_path_exists_bar::
+#       "path paths.bar == $(paths.bar)";
+#       "path paths.path[bar] == $(paths.path[bar])";
+#
+#     _stdlib_path_exists_true_blue::
+#       "path paths.true_blue == $(paths.true_blue)";
+#       "path paths.path[true_blue] == $(paths.path[true_blue])";
+#
+#     _stdlib_path_exists_red::
+#       "path paths.red == $(paths.red)";
+#       "path paths.path[red] == $(paths.path[red])";
+#
+#     !_stdlib_path_exists_red::
+#       "path paths.red was not found";
+#       "path paths.path[red] was not found";
+# }
+# ```
+#
 # Additionally several path entries are present to aid in policy sharing between
 # unix systems and Android Termux environments.
 #
@@ -41,6 +83,10 @@ bundle common paths
 # ```
 #
 # In case of termux, `paths.etc_path` will be `/data/data/com.termux/files/usr/etc`.
+#
+# **History:**
+#
+# - Ability to extend paths by tagging classic array variables added 3.17.0 (works with binary version 3.11.0 and greater)
 {
   vars:
 
@@ -613,6 +659,16 @@ bundle common paths
       "var_path" string => "/var";
 
     any::
+@if minimum_version(3.11.0)
+      # Pull in variables tagged with `paths.cf`
+      "_extended_path_data" -> { "CFE-3426" }
+        data => variablesmatching_as_data( ".*", "paths.cf" );
+      "_i" -> { "CFE-3426" }
+        slist => getindices( _extended_path_data );
+      "path[$(with)]" -> { "CFE-3426" }
+        string => "$(_extended_path_data[$(_i)])",
+        with => canonify( regex_replace( $(_i), ".*\[(.*)\]", "$1", "") );
+@endif
 
       "all_paths"     slist => getindices("path");
       "$(all_paths)" string => "$(path[$(all_paths)])";