parse_profile_data(): error out on alias inside profile

Defining an alias is only allowed outside of a profile. Also add a parser test with an alias inside a profile.
2025-03-04 08:24:42 +01:00 · 2018-05-06 14:14:53 +02:00 · 2018-05-06 14:14:53 +02:00 · f910cb5559
commit f910cb5559
parent eca16ae6cf
2 changed files with 9 additions and 2 deletions
--- a/parser/tst/simple_tests/rewrite/bad_alias_inside_profile.sd
+++ b/parser/tst/simple_tests/rewrite/bad_alias_inside_profile.sd
@ -0,0 +1,6 @@
+#=DESCRIPTION alias definition inside a profile
+#=EXRESULT FAIL
+
+/bin/foo {
+  alias /tmp -> /var/tmp,
+}
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -2279,8 +2279,9 @@ def parse_profile_data(data, file, do_include):
            from_name = strip_quotes(matches[0])
            to_name = strip_quotes(matches[1])

-            if profile:
-                profile_data[profile][hat]['alias'][from_name] = to_name
+            if profile and not do_include:
+                raise AppArmorException(_('Syntax Error: Unexpected alias definition found inside profile in file: %(file)s line: %(line)s') % {
+                        'file': file, 'line': lineno + 1 })
            else:
                if not filelist.get(file, False):
                    filelist[file] = hasher()