parser: implement dedup of network rules

Since network rules don't use the "perms" attribute, it is using the
dedup class in which duplicate rules are removed.

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

parser/network.cc

@@ -309,7 +309,7 @@ void network_rule::set_netperm(unsigned int family, unsigned int type)
 
 network_rule::network_rule(const char *family, const char *type,
 			   const char *protocol):
-	perms_rule_t(AA_CLASS_NETV8)
+	dedup_perms_rule_t(AA_CLASS_NETV8)
 {
 	if (!family && !type && !protocol) {
 		size_t family_index;
@@ -337,7 +337,7 @@ network_rule::network_rule(const char *family, const char *type,
 }
 
 network_rule::network_rule(unsigned int family, unsigned int type):
-	perms_rule_t(AA_CLASS_NETV8)
+	dedup_perms_rule_t(AA_CLASS_NETV8)
 {
 	network_map[family].push_back({ family, type, 0xFFFFFFFF });
 	set_netperm(family, type);
@@ -421,7 +421,7 @@ bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mas
 	buf = buffer.str();
 
 	if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(AA_VALID_NET_PERMS),
-					 perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
+					 dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
 					 parseopts))
 		return false;
 
@@ -520,3 +520,25 @@ void network_rule::update_compat_net(void)
 		}
 	}
 }
+
+static int cmp_network_map(std::unordered_map<unsigned int, perms_t> lhs,
+			   std::unordered_map<unsigned int, perms_t> rhs)
+{
+	int res;
+	size_t family_index;
+	for (family_index = AF_UNSPEC; family_index < get_af_max(); family_index++) {
+		res = lhs[family_index] - rhs[family_index];
+		if (res)
+			return res;
+	}
+	return 0;
+}
+
+int network_rule::cmp(rule_t const &rhs) const
+{
+	int res = dedup_perms_rule_t::cmp(rhs);
+	if (res)
+		return res;
+	network_rule const &nrhs = rule_cast<network_rule const &>(rhs);
+	return cmp_network_map(network_perms, nrhs.network_perms);
+};

parser/network.h

@@ -104,7 +104,7 @@ int net_find_type_val(const char *type);
 const char *net_find_type_name(int type);
 const char *net_find_af_name(unsigned int af);
 
-class network_rule: public perms_rule_t {
+class network_rule: public dedup_perms_rule_t {
 public:
 	std::unordered_map<unsigned int, std::vector<struct aa_network_entry>> network_map;
 	std::unordered_map<unsigned int, perms_t> network_perms;
@@ -112,7 +112,7 @@ public:
 	/* empty constructor used only for the profile to access
 	 * static elements to maintain compatibility with
 	 * AA_CLASS_NET */
-	network_rule(): perms_rule_t(AA_CLASS_NETV8) { }
+	network_rule(): dedup_perms_rule_t(AA_CLASS_NETV8) { }
 	network_rule(const char *family, const char *type,
 		     const char *protocol);
 	network_rule(unsigned int family, unsigned int type);
@@ -150,7 +150,10 @@ public:
 	virtual ostream &dump(ostream &os);
 	virtual int expand_variables(void);
 	virtual int gen_policy_re(Profile &prof);
-	// TODO: implement rule dedup cmp member function
+
+	virtual bool is_mergeable(void) { return true; }
+	virtual int cmp(rule_t const &rhs) const;
+
 	/* array of type masks indexed by AF_FAMILY */
 	/* allow, audit, deny and quiet are used for compatibility with AA_CLASS_NET */
 	static unsigned int *allow;