[05/38] Make sanity check in _is_covered_list() optional

_is_covered_list() has a sanity check that raises an exception if both other_value and other_all evaluate to False. This breaks when using _is_covered_list() for FileRule.perms which can be empty if exec_perms are specified. This patch adds an optional parameter that allows to skip the sanity check. Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-31 14:25:52 +00:00 · 2016-10-01 19:47:19 +02:00
parent 9eb7ce5992
commit 8a875d84d2
1 changed files with 2 additions and 2 deletions
--- a/utils/apparmor/rule/init.py
+++ b/utils/apparmor/rule/init.py
@@ -167,10 +167,10 @@ class BaseRule(object):
        # still here? -> then it is covered
        return True

-    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name):
+    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name, sanity_check=True):
        '''check if other_* is covered by self_* - for lists'''

-        if not other_value and not other_all:
+        if sanity_check and not other_value and not other_all:
            raise AppArmorBug('No %(cond_name)s specified in other %(rule_name)s rule' % {'cond_name': cond_name, 'rule_name': self.rule_name})

        if not self_all: