From f1ab009a095f1c5d3678f29cf37ee5b7a9382d5a Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 19 Jul 2023 21:29:33 +0200
Subject: [PATCH] ask_exec: Stop checking for CMD_nx (named exec)

... because it gets translated to CMD_px or CMD_cx earlier in the
function.

Also add a safety check for unknown answers.
---
 utils/apparmor/aa.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 61616ea75..ded7cd4b8 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1031,7 +1031,7 @@ def ask_exec(hashlog):
                         if target_profile and hashlog[aamode].get(target_profile):
                             hashlog[aamode][target_profile]['final_name'] = profile
 
-                    elif re.search('^CMD_(px|nx|pix|nix)', ans):
+                    elif ans.startswith('CMD_px') or ans.startswith('CMD_pix'):
                         if to_name:
                             exec_target = to_name
 
@@ -1087,6 +1087,8 @@ def ask_exec(hashlog):
                     elif ans.startswith('CMD_ux'):
                         continue
 
+                    else:
+                        raise AppArmorBug('Unhandled ans %s, please open a bugreport!' % ans)
 
 def order_globs(globs, original_path):
     """Returns the globs in sorted order, more specific behind"""