Merge parser: fix encoding of unix permissions for setopt and getopt

The permissions for AA_NET_OPT need to be bounded by mask so we can
make sure it matches when a policy specified only setopt or only
getopt. This was causing failures on the regression tests
unix_socket_pathname, unix_socket_abstract, unix_socket_unnamed and
unix_socket_autobind

Fixes: 44f3be091 ("parser: convert the stored audit from a bit mask to a bool")
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1079
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>

parser/af_unix.cc

@@ -413,7 +413,7 @@ int unix_rule::gen_policy_re(Profile &prof)
 			tmp << "..";
 			buf = tmp.str();
 			if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY,
-							 map_perms(AA_NET_OPT),
+							 map_perms(mask & AA_NET_OPT),
 							 map_perms(audit == AUDIT_FORCE ? AA_NET_OPT : 0),
 							 parseopts))
 				goto fail;

tests/regression/apparmor/prologue.inc

@@ -70,9 +70,14 @@ kernel_features()
 			# check if feature is in file
 			feature=$(basename "$features_dir/$f")
 			file=$(dirname "$features_dir/$f")
-			if [ -f $file ] && ! grep -q $feature $file; then
+			if [ -f $file ]; then
+				if ! grep -q $feature $file; then
+					echo "Required feature '$f' not available."
+					return 2;
+				fi
+			else
 				echo "Required feature '$f' not available."
-				return 2;
+				return 3;
 			fi
 		fi
 	done