parse_profile_start(): Error out on nested child profiles

The tools can't handle nested child profiles yet. Instead of failing in funny[tm] ways (parse_profile_start() only returned the first two segments of the profile name) better error out with a clear message.
2025-03-04 08:24:42 +01:00 · 2018-06-20 14:36:28 +02:00 · 2018-06-20 14:36:28 +02:00 · 8462c39b14
commit 8462c39b14
parent 288ae9049a
2 changed files with 7 additions and 2 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -2145,8 +2145,10 @@ def parse_profile_start(line, file, lineno, profile, hat):

    else:  # stand-alone profile
        profile = matches['profile']
-        if len(profile.split('//')) >= 2:
-            profile, hat = profile.split('//')[:2]
+        if len(profile.split('//')) > 2:
+            raise AppArmorException("Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet." % {'profile': profile, 'file': file})
+        elif len(profile.split('//')) == 2:
+            profile, hat = profile.split('//')
            pps_set_hat_external = True
        else:
            hat = profile
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@ -544,6 +544,9 @@ class AaTest_parse_profile_start(AATest):
        expected = ('/foo', '/foo', None, 'complain', False, False, False)
        self.assertEqual(result, expected)

+    def test_parse_profile_start_unsupported_01(self):
+        with self.assertRaises(AppArmorException):
+            self._parse('/foo///bar///baz {', None, None)  # XXX deeply nested external hat

    def test_parse_profile_start_invalid_01(self):
        with self.assertRaises(AppArmorException):