diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index bccb8b9f2..8823acfe8 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -49,7 +49,7 @@ from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
                             RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, RE_HAS_COMMENT_SPLIT,
                             strip_quotes, parse_profile_start_line, re_match_include )
 
-from apparmor.profile_storage import (ProfileStorage, ruletypes, write_alias,
+from apparmor.profile_storage import (ProfileStorage, split_flags, ruletypes, write_alias,
                             write_includes, write_list_vars )
 
 import apparmor.rules as aarules
@@ -625,17 +625,8 @@ def get_profile_flags(filename, program):
 
 def change_profile_flags(filename, program, flag, set_flag):
     old_flags = get_profile_flags(filename, program)
-    newflags = []
-    if old_flags:
-        # Flags maybe white-space and/or , separated
-        old_flags = old_flags.split(',')
 
-        if not isinstance(old_flags, str):
-            for i in old_flags:
-                newflags += i.split()
-        else:
-            newflags = old_flags.split()
-        #newflags = [lambda x:x.strip(), oldflags]
+    newflags = split_flags(old_flags)
 
     if set_flag:
         if flag not in newflags:
diff --git a/utils/apparmor/profile_storage.py b/utils/apparmor/profile_storage.py
index 40757d5e0..8caa49a5b 100644
--- a/utils/apparmor/profile_storage.py
+++ b/utils/apparmor/profile_storage.py
@@ -159,6 +159,17 @@ class ProfileStorage:
         return data
 
 
+def split_flags(flags):
+    '''split the flags given as string into a sorted, de-duplicated list'''
+
+    if flags is None:
+        flags = ''
+
+    # Flags may be whitespace and/or comma separated
+    flags_list = flags.replace(',', ' ').split()
+    # sort and remove duplicates
+    return sorted(set(flags_list))
+
 def set_allow_str(allow):
     if allow == 'deny':
         return 'deny '
diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py
index e946aba44..15f1e995c 100644
--- a/utils/test/test-profile-storage.py
+++ b/utils/test/test-profile-storage.py
@@ -13,7 +13,7 @@ import unittest
 from common_test import AATest, setup_all_loops
 
 from apparmor.common import AppArmorBug
-from apparmor.profile_storage import ProfileStorage, var_transform
+from apparmor.profile_storage import ProfileStorage, split_flags, var_transform
 
 class TestUnknownKey(AATest):
     def AASetup(self):
@@ -35,6 +35,22 @@ class TestUnknownKey(AATest):
         with self.assertRaises(AppArmorBug):
             self.storage['foo'] = 'bar'
 
+class AaTest_split_flags(AATest):
+    tests = [
+        (None                               , []                                    ),
+        (''                                 , []                                    ),
+        ('       '                          , []                                    ),
+        ('  ,       '                       , []                                    ),
+        ('complain'                         , ['complain']                          ),
+        ('  complain   attach_disconnected' , ['attach_disconnected', 'complain']   ),
+        ('  complain , attach_disconnected' , ['attach_disconnected', 'complain']   ),
+        ('  complain , , audit , , '        , ['audit', 'complain']                 ),
+    ]
+
+    def _run_test(self, params, expected):
+        split = split_flags(params)
+        self.assertEqual(split, expected)
+
 class AaTest_var_transform(AATest):
     tests = [
         (['foo', ''],           '"" foo'        ),