[apparmor] [patch] aa-mergeprof: move creating the headers for capabilty and network rules inside the loop

Christian Boltz apparmor at cboltz.de
Sun May 24 21:25:45 UTC 2015 

Hello,

this patch moves the code to set q.headers, q.functions and q.default 
for network and capability rules inside the "while not done" loop. This 
ensures to always have valid headers (for example, after changing the 
audit qualifier, the severity was "lost" before) and avoids some 
duplicated code.

Also drop a useless "if True:" condition and change the whitespace of
the following lines.


[ 25-mergeprof-move-headers-inside-loop.diff ]

=== modified file utils/aa-mergeprof
--- utils/aa-mergeprof  2015-05-24 22:57:24.925551732 +0200
+++ utils/aa-mergeprof  2015-05-24 23:02:24.519856316 +0200
@@ -635,23 +635,23 @@
                         q = aaui.PromptQuestion()
                         if newincludes:
                             options += list(map(lambda inc: '#include <%s>' % inc, sorted(set(newincludes))))
-                        if True:#options:
-                            options.append(rule_obj.get_clean())
-                            q.options = options
-                            q.selected = default_option - 1
-
-                        q.headers = [_('Profile'), apparmor.aa.combine_name(profile, hat)]
-                        q.headers += rule_obj.logprof_header()
-
-                        severity = rule_obj.severity(sev_db)
-                        if severity != '--':
-                            q.headers += [_('Severity'), severity]
 
-                        q.functions = available_buttons(rule_obj)
-                        q.default = q.functions[0]
+                        options.append(rule_obj.get_clean())
+                        q.options = options
+                        q.selected = default_option - 1
 
                         done = False
                         while not done:
+                            q.headers = [_('Profile'), apparmor.aa.combine_name(profile, hat)]
+                            q.headers += rule_obj.logprof_header()
+
+                            severity = rule_obj.severity(sev_db)
+                            if severity != '--':
+                                q.headers += [_('Severity'), severity]
+
+                            q.functions = available_buttons(rule_obj)
+                            q.default = q.functions[0]
+
                             ans, selected = q.promptUser()
                             if ans == 'CMD_IGNORE_ENTRY':
                                 done = True
@@ -668,13 +668,9 @@
                                     rule_obj.audit = False
                                     rule_obj.raw_rule = None
 
-                                q.functions = available_buttons(rule_obj)
                                 options[len(options) - 1] = rule_obj.get_clean()
                                 q.options = options
 
-                                q.headers = [_('Profile'), apparmor.aa.combine_name(profile, hat)]
-                                q.headers += rule_obj.logprof_header()
-
                             elif ans == 'CMD_ALLOW':
                                 done = True
                                 apparmor.aa.changed[profile] = True



Regards,

Christian Boltz
-- 
Schlagen. Verklagen. Z.B. bei der c't verpfeifen, auf daß es fortan
die Spatzen von den Dächern pfeifen, was für Pfeifen das bei $Firma
sind. *scnr* [David Haller in suse-linux]

More information about the AppArmor mailing list