Fix serialize_profile_from_old_profiles() to not crash on "@{var} +="

serialize_profile_from_old_profiles() calls store_list_var() with an empty hasher. This fails for "+=" because in this case store_list_var() expects a non-empty hasher with the variable already defined, and raises an exception because of the empty hasher. This patch sets "correct = False" if a "+=" operation appears, which means the variable will be written in "clean" mode instead. Adding proper support for "add to variable" needs big changes (like storing a variable's "history" - where it was initially defined and what got added where). Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9.
2025-03-04 16:35:02 +01:00 · 2015-04-16 02:01:10 +02:00 · 2015-04-16 02:01:10 +02:00 · cc946bca8d
commit cc946bca8d
parent 1f9474e653
1 changed files with 5 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -4053,7 +4053,11 @@ def serialize_profile_from_old_profile(profile_data, name, options):
                var_operation = matches[1]
                value = strip_quotes(matches[2])
                var_set = hasher()
-                if profile:
+                if var_operation == '+=':
+                    correct = False  # adding proper support for "add to variable" needs big changes
+                    # (like storing a variable's "history" - where it was initially defined and what got added where)
+                    # so just skip any comparison and assume a non-match
+                elif profile:
                    store_list_var(var_set, list_var, value, var_operation, prof_filename)
                    if not var_set[list_var] == write_prof_data['lvar'].get(list_var, False):
                        correct = False