[apparmor] [patch] [08/38] Drop dead code in aa.py handle_children()
Seth Arnold
seth.arnold at canonical.com
Wed Sep 14 07:27:48 UTC 2016
On Fri, Aug 12, 2016 at 10:48:13PM +0200, Christian Boltz wrote:
> Hello,
>
> The 'exec' handling in handle_children starts with
>
> if do_execute:
> if profile_known_exec(...)
> continue
>
> which means if profile_known_exec() returns True, the rest of the loop
> will be skipped. profile_known_exec() will return True if it finds an
> exec rule in the profile or an include (independent of the exec type,
> and (thanks to rematchfrag()) even if the path is globbed.
>
> Later in the loop, there are checks for various exec modes - but those
> checks can only be reached without an existing x rule, so they'll never
> be hit.
>
> This patch removes the dead code in the handle_children() / 'exec' / 'no
> existing x rule found' section.
>
> I confirmed that this code is really dead by
> a) reading the code and, after being confused
> b) two manual aa-logprof runs with coverage enabled - in one of them, I
> added some ix, Px and Cx rules, and in the second one, no more exec
> rules were needed/asked.
>
> After dropping the dead code, combinedmode and combinedaudit are no
> longer used, so we can also drop the code that sets those variables.
>
>
> Sidenote: this patch drops 2% of the lines in aa.py ;-)
>
>
> [ 08-handle-children-drop-dead-code.diff ]
>
> - else:
> +
> + if True:
> options = cfg['qualifiers'].get(exec_target, 'ipcnu')
> if to_name:
> fatal_error(_('%s has transition name but not transition mode') % entry)
>
>
It could drop a bit more if you removed the 'if True:' line and all those
needless spaces :D
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160914/2bd9797e/attachment.pgp>
More information about the AppArmor
mailing list