mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Carry over all autodep-generated rules in handle_children()

Browse Source 
When creating a new child profile, handle_children() did only copy over
include and path rules. While this was correct in the past, path rules
got changed to FileRule in the meantime and were therefore lost.
(In practise, this means the "$binary mr," rule wasn't added to the new
child profile, causing a "superfluous" question in aa-logprof.)

This patch changes handle_children() to carry over the complete new
child profile instead of only cherry-picking include and path rules.


Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.11.

Older versions (with path as hasher) are not affected.
This commit is contained in:
Christian Boltz 2017-08-02 13:01:03 +02:00
parent 5e535b246a
commit 1d0790c0c6
1 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
utils/apparmor/aa.py
View File

@ -1266,24 +1266,16 @@ def handle_children(profile, hat, root):
if ynans == 'y':
hat = exec_target
if not aa[profile].get(hat, False):
aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children()')
stub_profile = create_new_profile(hat, True)
aa[profile][hat] = stub_profile[hat][hat]
aa[profile][hat]['profile'] = True
if profile != hat:
aa[profile][hat]['flags'] = aa[profile][profile]['flags']
stub_profile = create_new_profile(hat, True)
aa[profile][hat]['flags'] = 'complain'
aa[profile][hat]['allow']['path'] = hasher()
if stub_profile[hat][hat]['allow'].get('path', False):
aa[profile][hat]['allow']['path'] = stub_profile[hat][hat]['allow']['path']
aa[profile][hat]['include'] = hasher()
if stub_profile[hat][hat].get('include', False):
aa[profile][hat]['include'] = stub_profile[hat][hat]['include']
file_name = aa[profile][profile]['filename']
filelist[file_name]['profiles'][profile][hat] = True