Fix parsing/storing bare file rules

We replaced parse_audit_allow() with parse_modifiers() in r2833, but overlooked that parse_modifiers() returns allow/deny as boolean. This resulted in storing bare file rules in aa[profile][hat]['path'][False] instead of aa[profile][hat]['path']['allow'] (or True instead of 'deny' for 'deny file,' rules), with the user-visible result of loosing bare file rules when saving the profile. This patch converts the boolean value from parse_modifiers back to a string. Note: 2.9 is not affected because the old parse_audit_allow() returns 'allow' or 'deny' as string, not as boolean. Acked-by: Kshitij Gupta <kgupta8592@gmail.com> for trunk and 2.10
2025-03-04 16:35:02 +01:00 · 2015-11-18 21:31:14 +01:00 · 2015-11-18 21:31:14 +01:00 · 28d46e96ab
commit 28d46e96ab
parent 98841b102a
1 changed files with 5 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -2768,8 +2768,12 @@ def parse_profile_data(data, file, do_include):
            if not profile:
                raise AppArmorException(_('Syntax Error: Unexpected bare file rule found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })

-            audit, allow, allow_keyword, comment = parse_modifiers(matches)
+            audit, deny, allow_keyword, comment = parse_modifiers(matches)
            # TODO: honor allow_keyword and comment
+            if deny:
+                allow = 'deny'
+            else:
+                allow = 'allow'

            mode = apparmor.aamode.AA_BARE_FILE_MODE
            if not matches.group('owner'):