From 1d0790c0c60f986f935e08119317ffea0e77e51d Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Wed, 2 Aug 2017 13:01:03 +0200 Subject: [PATCH] Carry over all autodep-generated rules in handle_children() When creating a new child profile, handle_children() did only copy over include and path rules. While this was correct in the past, path rules got changed to FileRule in the meantime and were therefore lost. (In practise, this means the "$binary mr," rule wasn't added to the new child profile, causing a "superfluous" question in aa-logprof.) This patch changes handle_children() to carry over the complete new child profile instead of only cherry-picking include and path rules. Acked-by: Steve Beattie for trunk and 2.11. Older versions (with path as hasher) are not affected. --- utils/apparmor/aa.py | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 541d5260d..eb5b920a9 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -1266,24 +1266,16 @@ def handle_children(profile, hat, root): if ynans == 'y': hat = exec_target if not aa[profile].get(hat, False): - aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children()') + stub_profile = create_new_profile(hat, True) + aa[profile][hat] = stub_profile[hat][hat] + aa[profile][hat]['profile'] = True if profile != hat: aa[profile][hat]['flags'] = aa[profile][profile]['flags'] - stub_profile = create_new_profile(hat, True) - aa[profile][hat]['flags'] = 'complain' - aa[profile][hat]['allow']['path'] = hasher() - if stub_profile[hat][hat]['allow'].get('path', False): - aa[profile][hat]['allow']['path'] = stub_profile[hat][hat]['allow']['path'] - - aa[profile][hat]['include'] = hasher() - if stub_profile[hat][hat].get('include', False): - aa[profile][hat]['include'] = stub_profile[hat][hat]['include'] - file_name = aa[profile][profile]['filename'] filelist[file_name]['profiles'][profile][hat] = True