From ece49eefc8430577739922bd8f323b29d3883e88 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Mon, 6 Jul 2015 14:44:34 +0200
Subject: [PATCH] Move file mode regexes and add "pux"

Add the missing "pux" to PROFILE_MODE_RE and PROFILE_MODE_NT_RE.

Also move those regexes and PROFILE_MODE_DENY_RE directly above
validate_profile_mode() which is the only user.


Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
---
 utils/apparmor/aa.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index ae79ec395..74194078d 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1503,10 +1503,6 @@ def handle_children(profile, hat, root):
 
     return None
 
-PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
-PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
-PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x')
-
 ##### Repo related functions
 
 def UI_SelectUpdatedRepoProfile(profile, p):
@@ -2426,6 +2422,9 @@ def collapse_log():
                         if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)):
                             log_dict[aamode][profile][hat]['netdomain'][family][sock_type] = True
 
+PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
+PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
+PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x')
 
 def validate_profile_mode(mode, allow, nt_name=None):
     if allow == 'deny':