parser: fix encoding of unix permissions for setopt and getopt

The permissions for AA_NET_OPT need to be bounded by mask so we can make sure it matches when a policy specified only setopt or only getopt. This was causing failures on the regression tests unix_socket_pathname, unix_socket_abstract, unix_socket_unnamed and unix_socket_autobind Fixes: 44f3be091 ("parser: convert the stored audit from a bit mask to a bool") Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-08-31 06:16:03 +00:00 · 2023-08-01 14:19:31 -03:00
parent 93dff6a806
commit 210ad63cbf
1 changed files with 1 additions and 1 deletions
--- a/parser/af_unix.cc
+++ b/parser/af_unix.cc
@@ -413,7 +413,7 @@ int unix_rule::gen_policy_re(Profile &prof)
 			tmp << "..";
 			buf = tmp.str();
 			if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY,
-							 map_perms(AA_NET_OPT),
+							 map_perms(mask & AA_NET_OPT),
 							 map_perms(audit == AUDIT_FORCE ? AA_NET_OPT : 0),
 							 parseopts))
 				goto fail;