From f39d5c7c097e0942a0ceef1a55c08f32f98f48d2 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 18 Sep 2021 19:02:56 +0200
Subject: [PATCH] aa-unconfined: Improve fallback handling to attr/current

If /proc/*/attr/apparmor/current exists, only read that - instead of
falling back to /proc/*/attr/current if a process is for example
unconfined so that read_proc_current returns None.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/199
---
 utils/aa-unconfined | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/utils/aa-unconfined b/utils/aa-unconfined
index c2a60b339..f7f67791a 100755
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -129,8 +129,10 @@ for pid in sorted(map(int, pids)):
     except OSError:
         continue
 
-    attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
-    if not attr:
+    if os.path.exists("/proc/%s/attr/apparmor/current" % pid):
+        attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
+    else:
+        # fallback to shared attr/current if attr/apparmor/current doesn't exist
         attr = read_proc_current("/proc/%s/attr/current" % pid)
 
     pname = None