parser: change xattr encoding and allow append_rule to embedd permissions

The current encoding makes every xattr optional and uses this to propogate the permission from the tail to the individual rule match points. This however is wrong. Instead change the encoding so that an xattr (unless optional) is required to be matched before allowing moving onto the next xattr match. The permission is carried on the end on each rule portion file match, xattr 1, xattr 2, ... Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-31 22:35:35 +00:00 · 2019-09-06 02:08:57 -07:00
parent e13af5dc96
commit 444b8e3836
3 changed files with 9 additions and 5 deletions
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -559,7 +559,7 @@ static int process_profile_name_xmatch(Profile *prof)
 				convert_aaregex_to_pcre(xattr_value, 0,
 							glob_null, tbuf,
 							&len);
-				if (!rules->append_rule(tbuf.c_str(), true, dfaflags)) {
+				if (!rules->append_rule(tbuf.c_str(), true, true, dfaflags)) {
 					delete rules;
 					return FALSE;
 				}