[apparmor] [patch] [05/38] Make sanity check in _is_covered_list() optional

[Seth Arnold]

On Fri, Aug 12, 2016 at 10:46:32PM +0200, Christian Boltz wrote:
> Hello,
> 
> _is_covered_list() has a sanity check that raises an exception if both
> other_value and other_all evaluate to False. This breaks when using
> _is_covered_list() for FileRule.perms which can be empty if exec_perms
> are specified.
> 
> This patch adds an optional parameter that allows to skip the sanity
> check.
> 
> 
> [ 05-is_covered_list-make-sanity-check-optional.diff ]

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> 
> --- utils/apparmor/rule/__init__.py	2016-01-18 18:59:53.451076435 +0100
> +++ utils/apparmor/rule/__init__.py	2016-01-18 18:56:44.740261951 +0100
> @@ -167,10 +167,10 @@
>          # still here? -> then it is covered
>          return True
>  
> -    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name):
> +    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name, sanity_check=True):
>          '''check if other_* is covered by self_* - for lists'''
>  
> -        if not other_value and not other_all:
> +        if sanity_check and not other_value and not other_all:
>              raise AppArmorBug('No %(cond_name)s specified in other %(rule_name)s rule' % {'cond_name': cond_name, 'rule_name': self.rule_name})
>  
>          if not self_all:
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160913/13c2b02f/attachment.pgp>