mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
b8171d547e
The 'exec' handling in handle_children starts with
if do_execute:
if profile_known_exec(...)
continue
which means if profile_known_exec() returns True, the rest of the loop
will be skipped. profile_known_exec() will return True if it finds an
exec rule in the profile or an include (independent of the exec type,
and (thanks to rematchfrag()) even if the path is globbed.
Later in the loop, there are checks for various exec modes - but those
checks can only be reached without an existing x rule, so they'll never
be hit.
This patch removes the dead code in the handle_children() / 'exec' / 'no
existing x rule found' section.
I confirmed that this code is really dead by
a) reading the code and, after being confused
b) two manual aa-logprof runs with coverage enabled - in one of them, I
added some ix, Px and Cx rules, and in the second one, no more exec
rules were needed/asked.
After dropping the dead code, combinedmode and combinedaudit are no
longer used, so we can also drop the code that sets those variables.
Sidenote: this patch drops 2% of the lines in aa.py ;-)
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|---|---|---|
| .. | ||
| rule | ||
| __init__.py | ||
| aa.py | ||
| aamode.py | ||
| aare.py | ||
| cleanprofile.py | ||
| common.py | ||
| config.py | ||
| easyprof.py | ||
| fail.py | ||
| logparser.py | ||
| regex.py | ||
| rules.py | ||
| sandbox.py | ||
| severity.py | ||
| tools.py | ||
| translations.py | ||
| ui.py | ||
| yasti.py | ||