Regression testsuite: move the generation of the rules that grant

write access to /proc/*/attr/current to mkprofile.pl from prologue.inc.

Signed-Off-By: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>

tests/regression/apparmor/mkprofile.pl

@@ -32,7 +32,7 @@ sub usage {
   print STDERR "  help:        print this message\n";
 }
 
-&usage && exit 0 if ($help || @ARGV < 1); 
+&usage && exit 0 if ($help || @ARGV < 1);
 
 sub emit_netdomain {
   my $rule = shift;
@@ -95,13 +95,17 @@ sub emit_hat {
     (!$nowarn) && print STDERR "Warning: invalid hat description '$rule', ignored\n";
   } else {
     $hat = $rules[1];
-    $output_rules{$hat} = ( );
+    # give every profile/hat access to change_hat
+    @{$output_rules{$hat}} = ( "  /proc/*/attr/current w,\n",);
   }
 }
 
 my $bin = shift @ARGV;
 !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
 
+# give every profile/hat access to change_hat
+emit_file("/proc/*/attr/current:w");
+
 for my $rule (@ARGV) {
   #($fn, @rules) = split (/:/, $rule);
   if ($rule =~ /^(tcp|udp)/) {

tests/regression/apparmor/prologue.inc

@@ -433,9 +433,7 @@ fi
 				 ;;
 		esac
 
-		#give every profile/hat access to change_hat
+		num_args=0
-		args[0]="/proc/*/attr/current:w"
-		num_args=1
 		while [ $# -gt 0 ]
 		do
 			arg="$1"
@@ -447,15 +445,8 @@ fi
 				eval emit_profile \"$imagename\" \"$imageperm\" \
 					$(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)
 				num_emitted=$((num_emitted + 1))
-				#give every profile/hat access to change_hat
+				num_args=0
-				args[0]="/proc/*/attr/current:w"
-				num_args=1
 				continue 2
-			elif [ ${arg:0:4} == "hat:" ] ; then
-				args[${num_args}]=${arg}
-				num_args=$(($num_args + 1))
-				args[${num_args}]="/proc/*/attr/current:w"
-				num_args=$(($num_args + 1))
 			else
 				args[${num_args}]=${arg}
 				num_args=$(($num_args + 1))