From 87f91864be516f9e6d2ee8d797fe74ddbf298391 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Thu, 2 May 2019 22:42:03 +0200
Subject: [PATCH] handle_children: Fix denying of adding a hat

Choosing "Deny" when handle_children() asks about adding a hat should
not add that hat, but it should _not_ leave the function because that
means all the other log events that were not migrated to prelog yet will
be lost.

Change "return" to "continue" to fix this.
---
 utils/apparmor/aa.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 23c6b729f..f9cd871e8 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -992,7 +992,7 @@ def handle_children(profile, hat, root):
                     hat = default_hat
                 elif ans == 'CMD_DENY':
                     # As unknown hat is denied no entry for it should be made
-                    return None
+                    continue
 
             elif typ == 'capability':
                 # If capability then we (should) have pid, profile, hat, program, mode, capability