create_new_profile(): use and return merged profile names

... and adjust all callers and the tests. For bonus points ;-) this also removes a hasher usage, and extends the test to check that only the expected profile gets created.
2025-08-31 06:16:03 +00:00 · 2021-04-08 23:42:56 +02:00
parent 286761271b
commit c65206f16c
2 changed files with 14 additions and 11 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -446,7 +446,7 @@ def get_interpreter_and_abstraction(exec_target):
    return interpreter_path, abstraction

 def create_new_profile(localfile, is_stub=False):
-    local_profile = hasher()
+    local_profile = {}
    local_profile[localfile] = ProfileStorage('NEW', localfile, 'create_new_profile()')
    local_profile[localfile]['flags'] = 'complain'

@@ -477,16 +477,17 @@ def create_new_profile(localfile, is_stub=False):
    for hatglob in cfg['required_hats'].keys():
        if re.search(hatglob, localfile):
            for hat in sorted(cfg['required_hats'][hatglob].split()):
-                if not local_profile.get(hat, False):
-                    local_profile[hat] = ProfileStorage('NEW', hat, 'create_new_profile() required_hats')
-                local_profile[hat]['flags'] = 'complain'
+                full_hat = combine_profname([localfile, hat])
+                if not local_profile.get(full_hat, False):
+                    local_profile[full_hat] = ProfileStorage('NEW', hat, 'create_new_profile() required_hats')
+                local_profile[full_hat]['flags'] = 'complain'

    if not is_stub:
        created.append(localfile)
        changed[localfile] = True

    debug_logger.debug("Profile for %s:\n\t%s" % (localfile, local_profile.__str__()))
-    return {localfile: local_profile}
+    return local_profile

 def delete_profile(local_prof):
    """Deletes the specified file from the disk and remove it from our list"""
@@ -579,7 +580,7 @@ def autodep(bin_name, pname=''):
    profile_data = get_profile(pname)
    # Create a new profile if no existing profile
    if not profile_data:
-        profile_data = create_new_profile(pname)
+        profile_data = merged_to_split(create_new_profile(pname))
    file = get_profile_filename_from_profile_name(pname, True)
    profile_data[pname][pname]['filename'] = file  # change filename from extra_profile_dir to /etc/apparmor.d/

@@ -1025,7 +1026,7 @@ def ask_exec(hashlog):
                                ynans = aaui.UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') % exec_target, 'n')
                            if ynans == 'y':
                                if not aa[profile].get(exec_target, False):
-                                    stub_profile = create_new_profile(exec_target, True)
+                                    stub_profile = merged_to_split(create_new_profile(exec_target, True))
                                    aa[profile][exec_target] = stub_profile[exec_target][exec_target]

                                aa[profile][exec_target]['profile'] = True
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -143,16 +143,18 @@ class AaTest_create_new_profile(AATest):
        program = self.writeTmpfile('script', params)
        profile = create_new_profile(program)

+        self.assertEqual(list(profile.keys()), [program])
+
        if exp_interpreter_path:
-            self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
+            self.assertEqual(set(profile[program]['file'].get_clean()), {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
                    '/AATest/lib64/libtinfo.so.* mr,', '/AATest/lib64/libc.so.* mr,', '/AATest/lib64/libdl.so.* mr,', '/AATest/lib64/libreadline.so.* mr,', '/AATest/lib64/ld-linux-x86-64.so.* mr,' })
        else:
-            self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s mr,' % program, ''})
+            self.assertEqual(set(profile[program]['file'].get_clean()), {'%s mr,' % program, ''})

        if exp_abstraction:
-            self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
+            self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
        else:
-            self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])
+            self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])

 class AaTest_get_interpreter_and_abstraction(AATest):
    tests = [