[apparmor] [patch] Fix serialize_profile_from_old_profiles() to not crash on "@{var} +="

[Christian Boltz]

Hello,

serialize_profile_from_old_profiles() calls store_list_var() with an
empty hasher. This fails for "+=" because in this case store_list_var()
expects a non-empty hasher with the variable already defined, and raises
an exception because of the empty hasher.

This patch sets "correct = False" if a "+=" operation appears, which
means the variable will be written in "clean" mode instead.

Adding proper support for "add to variable" needs big changes (like
storing a variable's "history" - where it was initially defined and what
got added where).


I propose this patch for trunk and 2.9.


[ 35-fix-serialize_profile_from_old_profiles-variable-add.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-04-08 22:31:08.899387134 +0200
+++ utils/apparmor/aa.py        2015-04-08 22:54:51.961744989 +0200
@@ -4049,7 +4050,11 @@
                 var_operation = matches[1]
                 value = strip_quotes(matches[2])
                 var_set = hasher()
-                if profile:
+                if var_operation == '+=':
+                    correct = False  # adding proper support for "add to variable" needs big changes
+                    # (like storing a variable's "history" - where it was initially defined and what got added where)
+                    # so just skip any comparison and assume a non-match
+                elif profile:
                     store_list_var(var_set, list_var, value, var_operation, prof_filename)
                     if not var_set[list_var] == write_prof_data['lvar'].get(list_var, False):
                         correct = False



Regards,

Christian Boltz
-- 
Oh, ich hatte einen ";)))" vergessen. Ich liebe die Community! Denn die
bringt mir bei der Konferenz Kaffee! [Lars Müller in opensuse-de]