Drop is_skippable_dir()

Since loadincludes() now only loads a specified list of subdirectories, we no longer need a directory blacklist. The only possibly remaining part are .git subdirectories (for example tunables/.git or abstractions/.git). Since it's very unlikely that someone would have only a subdirectory of /etc/apparmor.d/ in git, drop that check.
2025-08-29 13:28:19 +00:00 · 2021-02-22 22:42:03 +01:00 · 2021-02-22 22:42:03 +01:00 · d0693b09b5
commit d0693b09b5
parent bb5ca91e7e
2 changed files with 1 additions and 40 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1672,11 +1672,6 @@ def collapse_log(hashlog, ignore_null_profiles=True):

    return log_dict

-def is_skippable_dir(path):
-    if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|abi|\.git)/?$', path):
-        return True
-    return False
-
 def read_profiles(ui_msg=False):
    # we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
    # a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
@ -2488,8 +2483,6 @@ def loadincludes_dir(subdir):

    if os.path.isdir(idir):  # if directory doesn't exist, silently skip loading it
        for dirpath, dirname, files in os.walk(idir):
-            if is_skippable_dir(dirpath):
-                continue
            for fi in files:
                if is_skippable_file(fi):
                    continue
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@ -19,7 +19,7 @@ import sys

 import apparmor.aa  # needed to set global vars in some tests
 from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
-     get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file, is_skippable_dir,
+     get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file,
     parse_profile_start, parse_profile_start_to_storage, parse_profile_data, write_header,
     get_file_perms, propose_file_rules)
 from apparmor.aare import AARE
@ -473,38 +473,6 @@ class AaTest_is_skippable_file(AATest):
        self.assertTrue(is_skippable_file('README'))


-class AaTest_is_skippable_dir(AATest):
-    tests = [
-        ('disable',                     True),
-        ('cache',                       True),
-        ('lxc',                         True),
-        ('force-complain',              True),
-        ('/etc/apparmor.d/cache',       True),
-        ('/etc/apparmor.d/cache.d',     True),
-        ('/etc/apparmor.d/cache.d/',    True),
-        ('/etc/apparmor.d/lxc/',        True),
-        ('/etc/apparmor.d/.git/',       True),
-
-        ('dont_disable',                False),
-        ('/etc/apparmor.d/cache_foo',   False),
-        ('abstractions',                False),
-        ('apache2.d',                   False),
-        ('/etc/apparmor.d/apache2.d',   False),
-        ('local',                       False),
-        ('/etc/apparmor.d/local/',      False),
-        ('tunables',                    False),
-        ('/etc/apparmor.d/tunables',    False),
-        ('/etc/apparmor.d/tunables/multiarch.d',            False),
-        ('/etc/apparmor.d/tunables/xdg-user-dirs.d',        False),
-        ('/etc/apparmor.d/tunables/home.d',                 False),
-        ('/etc/apparmor.d/abstractions',                    False),
-        ('/etc/apparmor.d/abstractions/ubuntu-browsers.d',  False),
-        ('/etc/apparmor.d/abstractions/apparmor_api',       False),
-    ]
-
-    def _run_test(self, params, expected):
-        self.assertEqual(is_skippable_dir(params), expected)
-
 class AaTest_parse_profile_start(AATest):
    tests = [
        # profile start line                                    profile hat          profile                    hat                attachment   xattrs                      flags       pps_set_profile, pps_set_hat_external