(command.CommandList children: [ (C {(.)} {(/lib/apparmor/functions)}) (C {(.)} {(/lib/lsb/init-functions)}) (command.FuncDef name: usage body: (command.BraceGroup children: [ (C {(echo)} { (DQ ('Usage: ') ($ VSub_Number '$0') (' {start|stop|restart|reload|force-reload|status|recache}') ) } ) ] spids: [113] ) spids: [109 112] ) (command.AndOr ops: [Op_DPipe] children: [ (C {(test)} {(-x)} {(${ VSub_Name PARSER)}) (command.ControlFlow token:<ControlFlow_Exit exit> arg_word:{(0)}) ] ) (command.AndOr ops: [Op_DPipe] children: [ (C {(test)} {(-d)} {(/sys/module/apparmor)}) (command.ControlFlow token:<ControlFlow_Exit exit> arg_word:{(0)}) ] ) (command.FuncDef name: securityfs body: (command.BraceGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(Lit_Other '[')} {(KW_Bang '!')} {(-d)} {(DQ (${ VSub_Name AA_SFS))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (C {(cut)} {(-d) (DQ (' '))} {(-f2) (Lit_Comma ',') (3)} {(/proc/mounts)} ) (C {(grep)} {(-q)} {(DQ ('^') (${ VSub_Name SECURITYFS) (' securityfs')) (SQ <'$'>) } ) ] negated: F ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_action_msg)} {(DQ ('AppArmor not available as kernel LSM.'))}) (C {(log_end_msg)} {(1)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(1)} ) ] spids: [16777215 225] ) ] else_action: [ (C {(log_action_begin_msg)} {(DQ ('Mounting securityfs on ') (${ VSub_Name SECURITYFS))} ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (C {(mount)} {(-t)} {(securityfs)} {(none)} {(DQ (${ VSub_Name SECURITYFS))} ) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_action_end_msg)} {(1)}) (C {(log_end_msg)} {(1)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(1)} ) ] spids: [16777215 277] ) ] spids: [16777215 295] ) ] spids: [245 298] ) ] spids: [16777215 188] ) ] spids: [16777215 301] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(Lit_Other '[')} {(KW_Bang '!')} {(-w)} {(DQ ($ VSub_DollarName '$AA_SFS')) (/.load)} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_action_msg)} {(DQ ('Insufficient privileges to change profiles.'))}) (C {(log_end_msg)} {(1)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(1)} ) ] spids: [16777215 320] ) ] spids: [16777215 340] ) ] spids: [164] ) spids: [160 163] ) (command.FuncDef name: handle_system_policy_package_updates body: (command.BraceGroup children: [ (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:apparmor_was_updated spids:[352]) op: Equal rhs: {(0)} spids: [352] ) ] spids: [352] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children:[(C {(compare_previous_version)})] negated:T) terminator: <Op_Semi ';'> ) ] action: [ (C {(clear_cache_system)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:apparmor_was_updated spids:[391]) op: Equal rhs: {(1)} spids: [391] ) ] spids: [391] ) ] spids: [16777215 365] ) (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [(C {(compare_and_save_debsums)} {(apparmor)})] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (C {(clear_cache)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:apparmor_was_updated spids:[435]) op: Equal rhs: {(1)} spids: [435] ) ] spids: [435] ) ] spids: [395 405] ) ] spids: [16777215 439] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DPipe] children: [ (C {(Lit_Other '[')} {(-x)} {(/usr/bin/aa-clickhook)} {(Lit_Other ']')}) (C {(Lit_Other '[')} {(-x)} {(/usr/bin/aa-profile-hook)} {(Lit_Other ']')}) ] ) terminator: <Op_Semi ';'> ) ] action: [ (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_clickhook spids:[476]) op: Equal rhs: {(0)} spids: [476] ) ] spids: [476] ) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_profile_hook spids:[480]) op: Equal rhs: {(0)} spids: [480] ) ] spids: [480] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (C {(compare_and_save_debsums)} {(apparmor-easyprof-ubuntu)}) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_clickhook spids:[497]) op: Equal rhs: {(1)} spids: [497] ) ] spids: [497] ) ] spids: [16777215 494] ) ] spids: [16777215 501] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (C {(compare_and_save_debsums)} {(apparmor-easyprof-ubuntu-snappy)}) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_clickhook spids:[517]) op: Equal rhs: {(1)} spids: [517] ) ] spids: [517] ) ] spids: [16777215 514] ) ] spids: [16777215 521] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [(C {(compare_and_save_debsums)} {(click-apparmor)})] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_clickhook spids:[537]) op: Equal rhs: {(1)} spids: [537] ) ] spids: [537] ) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:force_profile_hook spids:[541]) op: Equal rhs: {(1)} spids: [541] ) ] spids: [541] ) ] spids: [16777215 534] ) ] spids: [16777215 545] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DAmp] children: [ (C {(Lit_Other '[')} {(-x)} {(/usr/bin/aa-clickhook)} {(Lit_Other ']')} ) (command.Subshell child: (command.AndOr ops: [Op_DPipe] children: [ (C {(Lit_Other '[')} {($ VSub_DollarName '$force_clickhook')} {(-eq)} {(1)} {(Lit_Other ']')} ) (C {(Lit_Other '[')} {($ VSub_DollarName '$apparmor_was_updated')} {(-eq)} {(1)} {(Lit_Other ']')} ) ] ) spids: [560 582] ) ] ) terminator: <Op_Semi ';'> ) ] action: [(C {(aa-clickhook)} {(-f)})] spids: [16777215 586] ) ] spids: [16777215 594] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DAmp] children: [ (C {(Lit_Other '[')} {(-x)} {(/usr/bin/aa-profile-hook)} {(Lit_Other ']')} ) (command.Subshell child: (command.AndOr ops: [Op_DPipe] children: [ (C {(Lit_Other '[')} {($ VSub_DollarName '$force_profile_hook')} {(-eq)} {(1)} {(Lit_Other ']')} ) (C {(Lit_Other '[')} {($ VSub_DollarName '$apparmor_was_updated')} {(-eq)} {(1)} {(Lit_Other ']')} ) ] ) spids: [609 631] ) ] ) terminator: <Op_Semi ';'> ) ] action: [(C {(aa-profile-hook)} {(-f)})] spids: [16777215 635] ) ] spids: [16777215 643] ) ] spids: [16777215 465] ) ] spids: [16777215 646] ) ] spids: [349] ) spids: [345 348] ) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(Lit_Other '[')} {(DQ ($ VSub_Number '$1'))} {(Lit_Other '=')} {(DQ (recache))} {(Lit_Other ']')} ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_daemon_msg)} {(DQ ('Recaching AppArmor profiles'))}) (C {(recache_profiles)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[684]) op: Equal rhs: {($ VSub_QMark '$?')} spids: [684] ) ] spids: [684] ) (C {(log_end_msg)} {(DQ ($ VSub_DollarName '$rc'))}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {($ VSub_DollarName '$rc')} ) ] spids: [16777215 671] ) ] spids: [16777215 699] ) (command.AndOr ops: [Op_DAmp] children: [ (C {(test)} {(-d)} {(/rofs/etc/apparmor.d)}) (command.ControlFlow token:<ControlFlow_Exit exit> arg_word:{(0)}) ] ) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[718]) op: Equal rhs: {(255)} spids: [718] ) ] spids: [718] ) (command.Case to_match: {(DQ ($ VSub_Number '$1'))} arms: [ (case_arm pat_list: [{(start)}] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DAmp] children: [ (C {(systemd-detect-virt)} {(--quiet)} {(--container)}) (command.Pipeline children: [(C {(is_container_with_internal_policy)})] negated: T ) ] ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_daemon_msg)} {(DQ ('Not starting AppArmor in container'))}) (C {(log_end_msg)} {(0)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(0)} ) ] spids: [16777215 751] ) ] spids: [16777215 771] ) (C {(log_daemon_msg)} {(DQ ('Starting AppArmor profiles'))}) (C {(securityfs)}) (C {(handle_system_policy_package_updates)}) (C {(load_configured_profiles)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[790]) op: Equal rhs: {($ VSub_QMark '$?')} spids: [790] ) ] spids: [790] ) (C {(log_end_msg)} {(DQ ($ VSub_DollarName '$rc'))}) ] spids: [730 731 801 16777215] ) (case_arm pat_list: [{(stop)}] action: [ (C {(log_daemon_msg)} {(DQ ('Clearing AppArmor profiles cache'))}) (C {(clear_cache)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[818]) op: Equal rhs: {($ VSub_QMark '$?')} spids: [818] ) ] spids: [818] ) (C {(log_end_msg)} {(DQ ($ VSub_DollarName '$rc'))}) (command.SimpleCommand words: [{(cat)}] redirects: [ (redir.Redir op:<Redir_GreatAnd '>&'> fd:16777215 arg_word:{(2)}) (redir.HereDoc op: <Redir_DLess '<<'> fd: 16777215 here_begin: {(EOM)} here_end_span_id: 847 stdin_parts: [ ('All profile caches have been cleared, but no profiles have been unloaded.\n') ('Unloading profiles will leave already running processes permanently\n') ('unconfined, which can lead to unexpected situations.\n') ('\n') ('To set a process to complain mode, use the command line tool\n') ("'aa-complain'. To really tear down all profiles, run the init script\n") ("with the 'teardown' option.") (Right_DoubleQuote '"') ('\n') ] ) ] ) ] spids: [804 805 849 16777215] ) (case_arm pat_list: [{(teardown)}] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DAmp] children: [ (C {(systemd-detect-virt)} {(--quiet)} {(--container)}) (command.Pipeline children: [(C {(is_container_with_internal_policy)})] negated: T ) ] ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_daemon_msg)} {(DQ ('Not tearing down AppArmor in container'))}) (C {(log_end_msg)} {(0)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(0)} ) ] spids: [16777215 873] ) ] spids: [16777215 893] ) (C {(log_daemon_msg)} {(DQ ('Unloading AppArmor profiles'))}) (C {(securityfs)}) (command.Pipeline children: [ (C {(running_profile_names)}) (command.WhileUntil keyword: <KW_While while> cond: [(command.Sentence child:(C {(read)} {(profile)}) terminator:<Op_Semi ';'>)] body: (command.DoGroup children: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.Pipeline children: [ (C {(unload_profile)} {(DQ ($ VSub_DollarName '$profile'))}) ] negated: T ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_end_msg)} {(1)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(1)} ) ] spids: [16777215 932] ) ] spids: [16777215 945] ) ] spids: [917 948] ) ) ] negated: F ) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[951]) op: Equal rhs: {(0)} spids: [951] ) ] spids: [951] ) (C {(log_end_msg)} {($ VSub_DollarName '$rc')}) ] spids: [852 853 960 16777215] ) (case_arm pat_list: [{(restart)} {(reload)} {(force-reload)}] action: [ (command.If arms: [ (if_arm cond: [ (command.Sentence child: (command.AndOr ops: [Op_DAmp] children: [ (C {(systemd-detect-virt)} {(--quiet)} {(--container)}) (command.Pipeline children: [(C {(is_container_with_internal_policy)})] negated: T ) ] ) terminator: <Op_Semi ';'> ) ] action: [ (C {(log_daemon_msg)} {(DQ ('Not reloading AppArmor in container'))}) (C {(log_end_msg)} {(0)}) (command.ControlFlow token: <ControlFlow_Exit exit> arg_word: {(0)} ) ] spids: [16777215 988] ) ] spids: [16777215 1008] ) (C {(log_daemon_msg)} {(DQ ('Reloading AppArmor profiles'))}) (C {(securityfs)}) (C {(clear_cache)}) (C {(load_configured_profiles)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[1027]) op: Equal rhs: {($ VSub_QMark '$?')} spids: [1027] ) ] spids: [1027] ) (C {(log_end_msg)} {(DQ ($ VSub_DollarName '$rc'))}) ] spids: [963 968 1039 16777215] ) (case_arm pat_list: [{(status)}] action: [ (C {(securityfs)}) (command.If arms: [ (if_arm cond: [ (command.Sentence child: (C {(Lit_Other '[')} {(-x)} {(/usr/sbin/aa-status)} {(Lit_Other ']')}) terminator: <Op_Semi ';'> ) ] action: [(C {(aa-status)} {(--verbose)})] spids: [16777215 1060] ) ] else_action: [(C {(cat)} {(DQ ($ VSub_DollarName '$AA_SFS')) (/profiles)})] spids: [1068 1079] ) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[1082]) op: Equal rhs: {($ VSub_QMark '$?')} spids: [1082] ) ] spids: [1082] ) ] spids: [1042 1043 1086 16777215] ) (case_arm pat_list: [{(Lit_Other '*')}] action: [ (C {(usage)}) (command.Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (lhs_expr.LhsName name:rc spids:[1096]) op: Equal rhs: {(1)} spids: [1096] ) ] spids: [1096] ) ] spids: [1089 1090 1100 16777215] ) ] spids: [721 727 1103] ) (command.ControlFlow token:<ControlFlow_Exit exit> arg_word:{($ VSub_DollarName '$rc')}) ] )