Add support for SYS_MODULE (#889)

* Add support for SYS_MODULE

* Update flake stuff

* Fix lint

* Fix lint

* Fix lint

* Fix lint

hassio/addons/build.py

@@ -20,7 +20,6 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
 
     def save_data(self):
         """Ignore save function."""
-        pass
 
     @property
     def addon(self):

hassio/addons/utils.py

@@ -7,7 +7,8 @@ import re
 from ..const import (
     SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
     PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE,
-    PRIVILEGED_DAC_READ_SEARCH, ROLE_ADMIN, ROLE_MANAGER)
+    PRIVILEGED_DAC_READ_SEARCH, PRIVILEGED_SYS_MODULE, ROLE_ADMIN,
+    ROLE_MANAGER)
 
 RE_SHA1 = re.compile(r"[a-f0-9]{8}")
 
@@ -33,10 +34,17 @@ def rating_security(addon):
         rating += 1
 
     # Privileged options
-    if any(privilege in addon.privileged
-           for privilege in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN,
-                             PRIVILEGED_SYS_RAWIO, PRIVILEGED_SYS_PTRACE,
-                             PRIVILEGED_DAC_READ_SEARCH)):
+    if any(
+            privilege in addon.privileged
+            for privilege in (
+                    PRIVILEGED_NET_ADMIN,
+                    PRIVILEGED_SYS_ADMIN,
+                    PRIVILEGED_SYS_RAWIO,
+                    PRIVILEGED_SYS_PTRACE,
+                    PRIVILEGED_SYS_MODULE,
+                    PRIVILEGED_DAC_READ_SEARCH,
+            )
+    ):
         rating += -1
 
     # API Hass.io role
@@ -81,6 +89,7 @@ def extract_hash_from_path(path):
 
 def check_installed(method):
     """Wrap function with check if add-on is installed."""
+
     async def wrap_check(addon, *args, **kwargs):
         """Return False if not installed or the function."""
         if not addon.is_installed:
@@ -95,8 +104,7 @@ async def remove_data(folder):
     """Remove folder and reset privileged."""
     try:
         proc = await asyncio.create_subprocess_exec(
-            "rm", "-rf", str(folder),
-            stdout=asyncio.subprocess.DEVNULL
+            "rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL
         )
 
         _, error_msg = await proc.communicate()

hassio/addons/validate.py

@@ -24,7 +24,8 @@ from ..const import (
     PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
     PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
     PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH,
-    ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP)
+    PRIVILEGED_SYS_MODULE, ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER,
+    ROLE_ADMIN, ROLE_BACKUP)
 from ..validate import (
     NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256)
 from ..services.validate import DISCOVERY_SERVICES
@@ -82,6 +83,7 @@ PRIVILEGED_ALL = [
     PRIVILEGED_SYS_NICE,
     PRIVILEGED_SYS_RESOURCE,
     PRIVILEGED_SYS_PTRACE,
+    PRIVILEGED_SYS_MODULE,
     PRIVILEGED_DAC_READ_SEARCH,
 ]
 

hassio/const.py

@@ -244,6 +244,7 @@ PRIVILEGED_SYS_RAWIO = "SYS_RAWIO"
 PRIVILEGED_IPC_LOCK = "IPC_LOCK"
 PRIVILEGED_SYS_TIME = "SYS_TIME"
 PRIVILEGED_SYS_NICE = "SYS_NICE"
+PRIVILEGED_SYS_MODULE = "SYS_MODULE"
 PRIVILEGED_SYS_RESOURCE = "SYS_RESOURCE"
 PRIVILEGED_SYS_PTRACE = "SYS_PTRACE"
 PRIVILEGED_DAC_READ_SEARCH = "DAC_READ_SEARCH"

hassio/exceptions.py

@@ -3,118 +3,98 @@
 
 class HassioError(Exception):
     """Root exception."""
-    pass
 
 
 class HassioNotSupportedError(HassioError):
     """Function is not supported."""
-    pass
 
 
 # HomeAssistant
 
 class HomeAssistantError(HassioError):
     """Home Assistant exception."""
-    pass
 
 
 class HomeAssistantUpdateError(HomeAssistantError):
     """Error on update of a Home Assistant."""
-    pass
 
 
 class HomeAssistantAPIError(HomeAssistantError):
     """Home Assistant API exception."""
-    pass
 
 
 class HomeAssistantAuthError(HomeAssistantAPIError):
     """Home Assistant Auth API exception."""
-    pass
 
 
 # HassOS
 
 class HassOSError(HassioError):
     """HassOS exception."""
-    pass
 
 
 class HassOSUpdateError(HassOSError):
     """Error on update of a HassOS."""
-    pass
 
 
 class HassOSNotSupportedError(HassioNotSupportedError):
     """Function not supported by HassOS."""
-    pass
 
 
 # Updater
 
 class HassioUpdaterError(HassioError):
     """Error on Updater."""
-    pass
 
 
 # Auth
 
 class AuthError(HassioError):
     """Auth errors."""
-    pass
 
 
 # Host
 
 class HostError(HassioError):
     """Internal Host error."""
-    pass
 
 
 class HostNotSupportedError(HassioNotSupportedError):
     """Host function is not supprted."""
-    pass
 
 
 class HostServiceError(HostError):
     """Host service functions fails."""
-    pass
 
 
 class HostAppArmorError(HostError):
     """Host apparmor functions fails."""
-    pass
 
 
 # API
 
 class APIError(HassioError, RuntimeError):
     """API errors."""
-    pass
 
 
 class APIForbidden(APIError):
     """API forbidden error."""
-    pass
 
 
 # Service / Discovery
 
 class DiscoveryError(HassioError):
     """Discovery Errors."""
-    pass
 
 
 class ServicesError(HassioError):
     """Services Errors."""
-    pass
 
 
 # utils/gdbus
 
 class DBusError(HassioError):
     """DBus generic error."""
-    pass
 
 
 class DBusNotConnectedError(HostNotSupportedError):
@@ -123,26 +103,21 @@ class DBusNotConnectedError(HostNotSupportedError):
 
 class DBusFatalError(DBusError):
     """DBus call going wrong."""
-    pass
 
 
 class DBusParseError(DBusError):
     """DBus parse error."""
-    pass
 
 
 # util/apparmor
 
 class AppArmorError(HostAppArmorError):
     """General AppArmor error."""
-    pass
 
 
 class AppArmorFileError(AppArmorError):
     """AppArmor profile file error."""
-    pass
 
 
 class AppArmorInvalidError(AppArmorError):
     """AppArmor profile validate error."""
-    pass

tox.ini

@@ -4,8 +4,8 @@ envlist = lint, tests
 [testenv]
 deps =
     flake8==3.6.0
-    pylint==2.1.1
-    pytest==4.0.0
+    pylint==2.2.2
+    pytest==4.1.1
     -r{toxinidir}/requirements.txt
 
 [testenv:lint]