[apparmor] [patch] Allow boolean definitions outside profiles, not inside

[Christian Boltz]

Hello,

according to the parser test profiles (which are the only
"documentation" I found about this), definition of boolean variables
is only allowed outside profiles, not inside them.

parse_profile_data() got it the wrong way round, therefore this patch
fixes the condition and updates the error message.


I propose this patch for trunk and 2.9.


[ 65-bool-definitions-outside-profile.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-07-05 15:41:24.923042155 +0200
+++ utils/apparmor/aa.py        2015-07-05 15:33:14.837384490 +0200
@@ -2683,8 +2683,9 @@
         elif RE_PROFILE_BOOLEAN.search(line):
             matches = RE_PROFILE_BOOLEAN.search(line).groups()
 
-            if not profile:
-                raise AppArmorException(_('Syntax Error: Unexpected boolean definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
+            if profile and not do_include:
+                raise AppArmorException(_('Syntax Error: Unexpected boolean definition found inside profile in file: %(file)s line: %(line)s') % {
+                        'file': file, 'line': lineno + 1 })
 
             bool_var = matches[0]
             value = matches[1]


Regards,

Christian Boltz
-- 
<cboltz> jjohansen: you are making it too easy for kshitij8 ;-)
<jjohansen> cboltz: oops sorry, now I'll have to come up with a new task
            to make him suffer :)
<sarnold> review the c++11 conversion? :)
* sarnold runs
<jjohansen> haha, sarnold I said suffer, not drive him to commit suicide
[from #apparmor]