mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Christian Boltz b8171d547e [08/38] Drop dead code in aa.py handle_children() 
The 'exec' handling in handle_children starts with

     if do_execute:
         if profile_known_exec(...)
            continue

which means if profile_known_exec() returns True, the rest of the loop
will be skipped. profile_known_exec() will return True if it finds an
exec rule in the profile or an include (independent of the exec type,
and (thanks to rematchfrag()) even if the path is globbed.

Later in the loop, there are checks for various exec modes - but those
checks can only be reached without an existing x rule, so they'll never
be hit.

This patch removes the dead code in the handle_children() / 'exec' / 'no
existing x rule found' section.

I confirmed that this code is really dead by
a) reading the code and, after being confused
b) two manual aa-logprof runs with coverage enabled - in one of them, I
   added some ix, Px and Cx rules, and in the second one, no more exec
   rules were needed/asked.

After dropping the dead code, combinedmode and combinedaudit are no
longer used, so we can also drop the code that sets those variables.


Sidenote: this patch drops 2% of the lines in aa.py ;-)



Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-10-01 19:49:50 +02:00
..
apparmor [08/38] Drop dead code in aa.py handle_children() 2016-10-01 19:49:50 +02:00
easyprof Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 2014-02-13 17:53:40 -08:00
po translations: fix up msgfmt warnings 2016-05-24 13:08:06 -07:00
test [07/38] Add tests for FileRule 2016-10-01 19:49:00 +02:00
vim Update change_profile highlighting in apparmor.vim 2016-05-27 20:05:21 +02:00
aa-audit Improve exception handling 2015-07-06 22:02:34 +02:00
aa-audit.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-autodep Add --no-reload option to aa-autodep 2015-07-14 01:45:42 +02:00
aa-autodep.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-cleanprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-cleanprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-complain Improve exception handling 2015-07-06 22:02:34 +02:00
aa-complain.pod Add a note about still enforcing deny rules to aa-complain manpage 2016-06-05 23:43:29 +02:00
aa-decode speed up aa-decode by using a bash regex matching instead of calling egrep for each line. 2013-01-01 20:15:04 +01:00
aa-decode.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-disable Improve exception handling 2015-07-06 22:02:34 +02:00
aa-disable.pod utils: remove aa-enforce '--remove' option 2014-03-03 14:59:47 -08:00
aa-easyprof utils: Use apparmor.fail for AppArmorException handling in aa-easyprof 2015-12-16 16:12:43 -06:00
aa-easyprof.pod utils/aa-easyprof.pod: corrections for --show-templates and 2015-03-27 16:33:35 -05:00
aa-enforce Improve exception handling 2015-07-06 22:02:34 +02:00
aa-enforce.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-genprof Get rid of global variable 'logger' 2015-10-20 22:03:58 +02:00
aa-genprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-logprof Improve exception handling 2015-07-06 22:02:34 +02:00
aa-logprof.pod utils/aa-logprof.pod: fix typo in manpage 2015-08-25 14:53:55 -07:00
aa-mergeprof Re-order imports in aa-mergeprof and rule/capability.py 2016-06-10 01:18:32 +05:30
aa-mergeprof.pod update the aa-mergeprof manpage to match the new commandline syntax 2014-10-16 20:26:45 +02:00
aa-notify aa-notify: also display notifications for complain mode events 2015-04-29 01:03:17 +02:00
aa-notify.pod add missing --display to aa-notify.pod 2014-09-08 20:40:33 +02:00
aa-sandbox Improve exception handling 2015-07-06 22:02:34 +02:00
aa-sandbox.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-status Add a JSON output option to aa-status 2016-03-24 10:59:45 -04:00
aa-status.pod Add a JSON output option to aa-status 2016-03-24 10:59:45 -04:00
aa-unconfined Improve exception handling 2015-07-06 22:02:34 +02:00
aa-unconfined.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
check_po.pl utitlity to look for problems in the po files. 2007-08-15 19:24:49 +00:00
logprof.conf Also add python 3.5 to logprof.conf 2015-11-19 20:22:40 +01:00
logprof.conf.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
Makefile binutils: Replace Perl aa-exec with C aa-exec 2015-12-17 19:19:23 -06:00
notify.conf Here is a patch to standardize on all utils using the "aa-" prefix instead 2010-11-03 17:03:52 -07:00
python-tools-setup.py utils: fix python install for rule/ subdirectory 2015-01-13 13:03:11 -08:00
README.md Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.