From 4173f0a558851ee37739050e986ba102ddb523e8 Mon Sep 17 00:00:00 2001
From: Kees Cook <kees.cook@canonical.com>
Date: Wed, 11 Nov 2009 10:58:57 -0800
Subject: [PATCH] deal with socket types to ignore, handle backward compat for
 earlier AF_MAX value

---
 parser/Makefile      | 3 ++-
 parser/parser_misc.c | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/parser/Makefile b/parser/Makefile
index b41a9a6bf..542e92b7b 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -181,9 +181,10 @@ parser_version.h: Makefile
 	@echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
 	@mv -f .ver $@
 
+# These are the families that it doesn't make sense for apparmor to mediate.
 # We use PF_ here since that is what is required in bits/socket.h, but we will
 # rewrite these as AF_.
-FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN
+FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN PF_ISDN PF_PHONET
 
 __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
 
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index e0f82c0a3..325784831 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -246,6 +246,8 @@ static struct network_tuple network_mappings[] = {
  * hence the wrapping function.
  */
 size_t get_af_max() {
+	/* HACK: declare that version without "create" had a static AF_MAX */
+	if (!perms_create) return 36;
 #if AA_AF_MAX > AF_MAX
 	return AA_AF_MAX;
 #else