load variables in ask_the_questions()

Variables can be used in several rule types (from the existing *Rule classes: change_profile, dbus, ptrace, signal). It seems nobody uses variables with those rules, otherwise we'd have received a bugreport ;-) I noticed this while working on FileRule, where usage of variables is more common. The file code in bzr (not using a *Rule class) already loads the variables, so old versions don't need changes for file rule handling. However, 2.10 already has ChangeProfileRule and therefore also needs this fix. Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk and 2.10.
2025-03-05 17:01:00 +01:00 · 2016-05-10 14:34:40 +02:00 · 2016-05-10 14:34:40 +02:00 · 90e5294578
commit 90e5294578
parent 6d19a507ae
2 changed files with 10 additions and 2 deletions
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@ -1,6 +1,7 @@
 #! /usr/bin/env python
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+#    Copyright (C) 2014-2016 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -17,7 +18,7 @@ import re
 import os

 import apparmor.aa
-from apparmor.aa import available_buttons, combine_name, delete_duplicates, is_known_rule, match_includes
+from apparmor.aa import available_buttons, combine_name, delete_duplicates, get_profile_filename, is_known_rule, match_includes
 import apparmor.aamode
 from apparmor.common import AppArmorException
 from apparmor.regex import re_match_include
@ -283,6 +284,9 @@ class Merge(object):
        if not sev_db:
            sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))

+        sev_db.unload_variables()
+        sev_db.load_variables(get_profile_filename(profile))
+
        for hat in sorted(other.aa[profile].keys()):
            #Add the includes from the other profile to the user profile
            done = False
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1,6 +1,6 @@
 # ----------------------------------------------------------------------
 #    Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
-#    Copyright (C) 2014-2015 Christian Boltz <apparmor@cboltz.de>
+#    Copyright (C) 2014-2016 Christian Boltz <apparmor@cboltz.de>
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@ -1590,6 +1590,10 @@ def ask_the_questions():
                UI_SelectUpdatedRepoProfile(profile, p)

            found += 1
+
+            sev_db.unload_variables()
+            sev_db.load_variables(get_profile_filename(profile))
+
            # Sorted list of hats with the profile name coming first
            hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys())))
            if log_dict[aamode][profile].get(profile, False):