From 65e351b0808770d6c7487f128d53777a866469b2 Mon Sep 17 00:00:00 2001
From: Eduardo Barretto <eduardo.barretto@canonical.com>
Date: Mon, 11 Mar 2024 13:35:59 +0100
Subject: [PATCH] all_apparmor_profiles_in_enforce_complain_mode: Fix OVAL
 logic

Current OVAL fails with unknown result because the variables are looking
for a subexpression of the subject when there's none. Also remove check
for unconfined as it is not needed
---
 .../oval/shared.xml                               | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
index 9347535cf47e..c18fca49b1fc 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
@@ -13,18 +13,12 @@
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_enforced_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^.*\(enforce\)$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*(\(enforce)\))$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_complaining_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^.*\(complain\)$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" version="1">
-    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match"
-      datatype="string">^\.*processes are unconfined.*$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*(\(complain\))$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_profiles" version="1"
@@ -47,11 +41,6 @@
       </count>
     </arithmetic>
   </local_variable>
-  <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_unconfined_profiles"
-    version="1" comment="apparmor profiles with unconfined processes">
-    <object_component item_field="subexpression"
-     object_ref="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" />
-  </local_variable>
 
   <ind:variable_object id="{{{ rule_id }}}_obj_all_apparmor_profiles" version="1">
     <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_profiles</ind:var_ref>