This file is indexed.

/usr/sbin/aa-autodep is in apparmor-utils 2.7.102-0ubuntu3.11.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/usr/bin/perl
# ----------------------------------------------------------------------
#    Copyright (c) 2005 Novell, Inc. All Rights Reserved.
#    Copyright (c) 2011 Canonical, Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, contact Novell, Inc.
#
#    To contact Novell about this file by physical or electronic mail,
#    you may find current contact information at www.novell.com.
# ----------------------------------------------------------------------

use strict;
use FindBin;
use Getopt::Long;

use Immunix::AppArmor;

use Data::Dumper;

use Locale::gettext;
use POSIX;

# force $PATH to be sane
$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";

# initialize the local poo
setlocale(LC_MESSAGES, "");
textdomain("apparmor-utils");

$UI_Mode = "text";

# options variables
my $help  = '';
my $force = undef;

GetOptions(
    'force'   => \$force,
    'dir|d=s' => \$profiledir,
    'help|h'  => \$help,
);

# tell 'em how to use it...
&usage && exit if $help;

my $sd_mountpoint = check_for_subdomain();

# let's convert it to full path...
$profiledir = get_full_path($profiledir);

unless (-d $profiledir) {
    UI_Important(sprintf(gettext('Can\'t find AppArmor profiles in %s.'), $profiledir));
    exit 1;
}

# what are we profiling?
my @profiling = @ARGV;

unless (@profiling) {
    @profiling = (UI_GetString(gettext("Please enter the program to create a profile for: "), ""));
}

for my $profiling (@profiling) {

    next unless $profiling;

    my $fqdbin;
    if (-e $profiling) {
        $fqdbin = get_full_path($profiling);
        chomp($fqdbin);
    } else {
        if ($profiling !~ /\//) {
            my $which = which($profiling);
            if ($which) {
                $fqdbin = get_full_path($which);
            }
        }
    }

    # make sure that the app they're requesting to profile is not marked as
    # not allowed to have it's own profile
    if ($qualifiers{$fqdbin}) {
        unless ($qualifiers{$fqdbin} =~ /p/) {
            UI_Info(sprintf(gettext('%s is currently marked as a program that should not have it\'s own profile.  Usually, programs are marked this way if creating a profile for them is likely to break the rest of the system.  If you know what you\'re doing and are certain you want to create a profile for this program, edit the corresponding entry in the [qualifiers] section in /etc/apparmor/logprof.conf.'), $fqdbin));
            exit 1;
        }
    }

    if (-e $fqdbin) {
        if (-e getprofilefilename($fqdbin) && !$force) {
            UI_Info(sprintf(gettext('Profile for %s already exists - skipping.'), $fqdbin));
        } else {
            autodep($fqdbin);
            reload($fqdbin) if $sd_mountpoint;
        }
    } else {
        if ($profiling =~ /^[^\/]+$/) {
            UI_Info(sprintf(gettext('Can\'t find %s in the system path list.  If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
            exit 1;
        } else {
            UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
            exit 1;
        }
    }
}

exit 0;

sub usage {
    UI_Info("usage: $0 [ --force ] [ -d /path/to/profiles ]");
    exit 0;
}