From 66928660f53e3a124e73f87d25ca14d7962c1c02 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Wed, 2 Aug 2017 13:26:49 +0200 Subject: [PATCH] Carry over all autodep-generated rules in handle_children() When creating a new child profile, handle_children() did only copy over include and path rules. While this was correct in the past, path rules got changed to FileRule in the meantime and were therefore lost. (In practise, this means the "$binary mr," rule wasn't added to the new child profile, causing a "superfluous" question in aa-logprof.) This patch changes handle_children() to carry over the complete new child profile instead of only cherry-picking include and path rules. Acked-by: Steve Beattie for trunk and 2.11. Older versions (with path as hasher) are not affected. --- utils/apparmor/aa.py | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index d3b3fce67..d31edf2ad 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -1374,24 +1374,16 @@ def handle_children(profile, hat, root): if ynans == 'y': hat = exec_target if not aa[profile].get(hat, False): - aa[profile][hat] = profile_storage(profile, hat, 'handle_children()') + stub_profile = create_new_profile(hat, True) + aa[profile][hat] = stub_profile[hat][hat] + aa[profile][hat]['profile'] = True if profile != hat: aa[profile][hat]['flags'] = aa[profile][profile]['flags'] - stub_profile = create_new_profile(hat, True) - aa[profile][hat]['flags'] = 'complain' - aa[profile][hat]['allow']['path'] = hasher() - if stub_profile[hat][hat]['allow'].get('path', False): - aa[profile][hat]['allow']['path'] = stub_profile[hat][hat]['allow']['path'] - - aa[profile][hat]['include'] = hasher() - if stub_profile[hat][hat].get('include', False): - aa[profile][hat]['include'] = stub_profile[hat][hat]['include'] - file_name = aa[profile][profile]['filename'] filelist[file_name]['profiles'][profile][hat] = True