From 57e5d6cc4e42dcb3ecaf795421b3056558513432 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 25 Jul 2018 20:59:34 +0200
Subject: [PATCH] extend add_or_remove_flag() to handle str for old flags

If the old flags are given as str (or None), call split_flags() to
convert them to a list.

This allows to simplify change_profile_flags() which now doesn't need to
call split_flags() on its own.

Also add some tests with a str for the old flags

(cherry picked from commit e80caa130ad716dcc2d1e75c192fb6ec6ee93935 +
 conflict resolution)
---
 utils/apparmor/aa.py               | 6 ++----
 utils/apparmor/profile_storage.py  | 5 ++++-
 utils/test/test-profile-storage.py | 4 ++++
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 802ee5e65..ed912d985 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -49,7 +49,7 @@ from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
                             RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, RE_HAS_COMMENT_SPLIT,
                             strip_quotes, parse_profile_start_line, re_match_include )
 
-from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, ruletypes
+from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletypes
 
 import apparmor.rules as aarules
 
@@ -622,9 +622,7 @@ def get_profile_flags(filename, program):
 def change_profile_flags(filename, program, flag, set_flag):
     old_flags = get_profile_flags(filename, program)
 
-    newflags = split_flags(old_flags)
-
-    newflags = add_or_remove_flag(newflags, flag, set_flag)
+    newflags = add_or_remove_flag(old_flags, flag, set_flag)
 
     newflags = ','.join(newflags)
 
diff --git a/utils/apparmor/profile_storage.py b/utils/apparmor/profile_storage.py
index 49eb4d125..a3eb4934c 100644
--- a/utils/apparmor/profile_storage.py
+++ b/utils/apparmor/profile_storage.py
@@ -14,7 +14,7 @@
 # ----------------------------------------------------------------------
 
 
-from apparmor.common import AppArmorBug, hasher
+from apparmor.common import AppArmorBug, hasher, type_is_str
 
 from apparmor.rule.capability       import CapabilityRuleset
 from apparmor.rule.change_profile   import ChangeProfileRuleset
@@ -120,6 +120,9 @@ def split_flags(flags):
 def add_or_remove_flag(flags, flag_to_change, set_flag):
     '''add (if set_flag == True) or remove the given flag_to_change to flags'''
 
+    if type_is_str(flags) or flags is None:
+        flags = split_flags(flags)
+
     if set_flag:
         if flag_to_change not in flags:
             flags.append(flag_to_change)
diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py
index 3f8532891..2a88bd760 100644
--- a/utils/test/test-profile-storage.py
+++ b/utils/test/test-profile-storage.py
@@ -46,6 +46,10 @@ class AaTest_add_or_remove_flag(AATest):
         ([ [],                  'audit',        False           ],  []                          ),
         ([ ['complain'],        'audit',        True            ],  ['audit', 'complain']       ),
         ([ ['complain'],        'audit',        False           ],  ['complain']                ),
+        ([ '',                  'audit',        True            ],  ['audit']                   ),
+        ([ None,                'audit',        False           ],  []                          ),
+        ([ 'complain',          'audit',        True            ],  ['audit', 'complain']       ),
+        ([ '  complain  ',      'audit',        False           ],  ['complain']                ),
     ]
 
     def _run_test(self, params, expected):