Handle #include <directory> in is_known_rule()

is_known_rule() ignored directory includes, which resulted in asking for and adding superfluous rules that are already covered by a file in the included directory. This patch looks bigger than it is because it moves quite some lines into the "else:" branch. Everything inside the "else:" just got an additional whitespace level. References: https://bugs.launchpad.net/apparmor/+bug/1471425 (however, trunk didn't crash, it "just" ignored directory includes) Acked-by: Steve Beattie <steve@nxnw.org>
2025-08-30 05:47:59 +00:00 · 2015-07-08 22:46:01 +02:00 · 2015-07-08 22:46:01 +02:00 · 0d842eae34
commit 0d842eae34
parent 16de4ee43d
1 changed files with 9 additions and 6 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -4078,13 +4078,16 @@ def is_known_rule(profile, rule_type, rule_obj):
        incname = includelist.pop(0)
        checked.append(incname)

-        if include[incname][incname].get(rule_type, False):
-            if include[incname][incname][rule_type].is_covered(rule_obj, False):
-                return True
+        if os.path.isdir(profile_dir + '/' + incname):
+            includelist += include_dir_filelist(profile_dir, incname)
+        else:
+            if include[incname][incname].get(rule_type, False):
+                if include[incname][incname][rule_type].is_covered(rule_obj, False):
+                    return True

-        for childinc in include[incname][incname]['include'].keys():
-            if childinc not in checked:
-                includelist += [childinc]
+            for childinc in include[incname][incname]['include'].keys():
+                if childinc not in checked:
+                    includelist += [childinc]

    return False