mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 23:35:37 +00:00
Code Issues Releases Wiki Activity

Don't store exec modes in transtions[]

Browse Source 
exec choices are stored in transitions[], but that's never used
(and I don't see a need for it), therefore stop storing it.


Note: hat choices (CMD_ADDHAT, CMD_USEDEFAULT and CMD_DENY) get still
stored in transitions[], and that information is used if the same hat
name appears again.


Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Christian Boltz
2016-03-29 12:58:15 +02:00
parent 86017c770d
commit 733d5faa78
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
utils/apparmor/aa.py
View File

@@ -1202,7 +1202,6 @@ def handle_children(profile, hat, root):
context_new = context_new + '^%s' % hat context_new = context_new + '^%s' % hat
context_new = context_new + ' -> %s' % exec_target context_new = context_new + ' -> %s' % exec_target
# ans_new = transitions.get(context_new, '') # XXX ans meant here?
combinedmode = set() combinedmode = set()
combinedaudit = set() combinedaudit = set()
## Check return Value Consistency ## Check return Value Consistency
@@ -1412,7 +1411,6 @@ def handle_children(profile, hat, root):
exec_mode = exec_mode - (apparmor.aamode.AA_EXEC_UNSAFE | AA_OTHER(apparmor.aamode.AA_EXEC_UNSAFE)) exec_mode = exec_mode - (apparmor.aamode.AA_EXEC_UNSAFE | AA_OTHER(apparmor.aamode.AA_EXEC_UNSAFE))
else: else:
ans = 'INVALID' ans = 'INVALID'
transitions[context_new] = ans
regex_options = re.compile('CMD_(ix|px|cx|nx|pix|cix|nix)') regex_options = re.compile('CMD_(ix|px|cx|nx|pix|cix|nix)')
if regex_options.search(ans): if regex_options.search(ans):