From 62e429bc4bb92802ec3248c755880d967a51b6e0 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sat, 5 May 2018 20:58:34 +0200 Subject: [PATCH] Drop some safety nets in aa.py match_includes() and is_known_rule() have safety nets to avoid troube if include[incname][incname] is not a valid ProfileStorage object. However, this situation shouldn't happen in practise anymore, so let's drop these now superfluous safety nets. I use this patch locally since months without problems. --- utils/apparmor/aa.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index b699da434..03d952976 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -1749,7 +1749,7 @@ def match_includes(profile, rule_type, rule_obj): newincludes = [] for incname in include.keys(): # XXX type check should go away once we init all profiles correctly - if valid_include(profile, incname) and include[incname][incname].get(rule_type, False) and include[incname][incname][rule_type].is_covered(rule_obj): + if valid_include(profile, incname) and include[incname][incname][rule_type].is_covered(rule_obj): newincludes.append(incname) return newincludes @@ -3385,9 +3385,8 @@ def is_known_rule(profile, rule_type, rule_obj): if os.path.isdir(get_include_path(incname)): includelist += include_dir_filelist(profile_dir, incname) else: - if include[incname][incname].get(rule_type, False): - if include[incname][incname][rule_type].is_covered(rule_obj, False): - return True + if include[incname][incname][rule_type].is_covered(rule_obj, False): + return True for childinc in include[incname][incname]['include'].keys(): if childinc not in checked: