From c65206f16c8d0a595a06421477b63e9bc8ebf67d Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Thu, 8 Apr 2021 23:42:56 +0200
Subject: [PATCH] create_new_profile(): use and return merged profile names

... and adjust all callers and the tests.

For bonus points ;-) this also removes a hasher usage, and extends the
test to check that only the expected profile gets created.
---
 utils/apparmor/aa.py  | 15 ++++++++-------
 utils/test/test-aa.py | 10 ++++++----
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 6bafeb026..510ae18db 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -446,7 +446,7 @@ def get_interpreter_and_abstraction(exec_target):
     return interpreter_path, abstraction
 
 def create_new_profile(localfile, is_stub=False):
-    local_profile = hasher()
+    local_profile = {}
     local_profile[localfile] = ProfileStorage('NEW', localfile, 'create_new_profile()')
     local_profile[localfile]['flags'] = 'complain'
 
@@ -477,16 +477,17 @@ def create_new_profile(localfile, is_stub=False):
     for hatglob in cfg['required_hats'].keys():
         if re.search(hatglob, localfile):
             for hat in sorted(cfg['required_hats'][hatglob].split()):
-                if not local_profile.get(hat, False):
-                    local_profile[hat] = ProfileStorage('NEW', hat, 'create_new_profile() required_hats')
-                local_profile[hat]['flags'] = 'complain'
+                full_hat = combine_profname([localfile, hat])
+                if not local_profile.get(full_hat, False):
+                    local_profile[full_hat] = ProfileStorage('NEW', hat, 'create_new_profile() required_hats')
+                local_profile[full_hat]['flags'] = 'complain'
 
     if not is_stub:
         created.append(localfile)
         changed[localfile] = True
 
     debug_logger.debug("Profile for %s:\n\t%s" % (localfile, local_profile.__str__()))
-    return {localfile: local_profile}
+    return local_profile
 
 def delete_profile(local_prof):
     """Deletes the specified file from the disk and remove it from our list"""
@@ -579,7 +580,7 @@ def autodep(bin_name, pname=''):
     profile_data = get_profile(pname)
     # Create a new profile if no existing profile
     if not profile_data:
-        profile_data = create_new_profile(pname)
+        profile_data = merged_to_split(create_new_profile(pname))
     file = get_profile_filename_from_profile_name(pname, True)
     profile_data[pname][pname]['filename'] = file  # change filename from extra_profile_dir to /etc/apparmor.d/
 
@@ -1025,7 +1026,7 @@ def ask_exec(hashlog):
                                 ynans = aaui.UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') % exec_target, 'n')
                             if ynans == 'y':
                                 if not aa[profile].get(exec_target, False):
-                                    stub_profile = create_new_profile(exec_target, True)
+                                    stub_profile = merged_to_split(create_new_profile(exec_target, True))
                                     aa[profile][exec_target] = stub_profile[exec_target][exec_target]
 
                                 aa[profile][exec_target]['profile'] = True
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
index a51fa374d..ce70ef870 100644
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -143,16 +143,18 @@ class AaTest_create_new_profile(AATest):
         program = self.writeTmpfile('script', params)
         profile = create_new_profile(program)
 
+        self.assertEqual(list(profile.keys()), [program])
+
         if exp_interpreter_path:
-            self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
+            self.assertEqual(set(profile[program]['file'].get_clean()), {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
                     '/AATest/lib64/libtinfo.so.* mr,', '/AATest/lib64/libc.so.* mr,', '/AATest/lib64/libdl.so.* mr,', '/AATest/lib64/libreadline.so.* mr,', '/AATest/lib64/ld-linux-x86-64.so.* mr,' })
         else:
-            self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s mr,' % program, ''})
+            self.assertEqual(set(profile[program]['file'].get_clean()), {'%s mr,' % program, ''})
 
         if exp_abstraction:
-            self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
+            self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
         else:
-            self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])
+            self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])
 
 class AaTest_get_interpreter_and_abstraction(AATest):
     tests = [