Prevent crash on log entries for non-existing profile

If audit.log contains entries for a profile that doesn't exist (for example when working with a log file from another system), skip these log entries instead of crashing. Reproducer (crashes without this patch): aa-logprof -f <(echo 'type=AVC msg=audit(1661739121.578:77893): apparmor="DENIED" operation="open" profile="no_such_profile" name="/run/" pid=33099 comm="no" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0')
2025-09-05 00:35:13 +00:00 · 2022-08-29 14:36:18 +02:00
parent 447199029e
commit 94c7c79c8b
1 changed files with 1 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1118,7 +1118,7 @@ def ask_the_questions(log_dict):
            else:
                sev_db.set_variables({})

-            if True:
+            if aa.get(profile):  # only continue/ask if the parent profile exists
                if not aa[profile].get(hat, {}).get('file'):
                    if aamode != 'merge':
                        # Ignore log events for a non-existing profile or child profile. Such events can occur