Store and write 'include if exists' rules in the preamble

... using the new storage in ProfileList.

Also add a test rule to cleanprof.{in,out} to ensure the rule is kept.

utils/apparmor/aa.py

@@ -2193,10 +2193,10 @@ def parse_profile_data(data, file, do_include):
 
         # IncludeRule can handle 'include' and 'include if exists' - place it after the "old" 'include' handling so that it only catches 'include if exists' for now
         elif IncludeRule.match(line):
-            if not profile:
-                raise AppArmorException(_('"include if exists" outside of a profile not supported in the tools yet - found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })  # TODO
-
-            profile_data[profile][hat]['inc_ie'].add(IncludeRule.parse(line))
+            if profile:
+                profile_data[profile][hat]['inc_ie'].add(IncludeRule.parse(line))
+            else:
+                active_profiles.add_inc_ie(file, IncludeRule.parse(line))
 
         elif NetworkRule.match(line):
             if not profile:
@@ -2561,6 +2561,8 @@ def serialize_profile(profile_data, name, options):
         data += write_list_vars(filelist[prof_filename], 0)
         data += write_includes(filelist[prof_filename], 0)
 
+        data += active_profiles.get_clean(prof_filename, 0)
+
     #Here should be all the profiles from the files added write after global/common stuff
     for prof in sorted(filelist[prof_filename]['profiles'].keys()):
         if prof != name:

utils/test/cleanprof_test.in

@@ -1,6 +1,9 @@
 # A simple test comment which will persist
 #include <tunables/global>
 
+#include  if  exists <tunables/nothing>
+
+
 		alias /foo    ->    /bar	,
 
 @{xy}    =   y   x

utils/test/cleanprof_test.out

@@ -7,6 +7,8 @@ alias /foo -> /bar,
 
 #include <tunables/global>
 
+include if exists <tunables/nothing>
+
 # A simple test comment which will persist