From 662ad60cd72432ee2cdf8ff309d5ce2fe673040c Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 24 Feb 2012 04:17:19 -0800
Subject: [PATCH] Extend the information dumped by -D rule-exprs to include
 permissions

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
---
 parser/libapparmor_re/aare_rules.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index d03b4b6f2..13f2e5e83 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -98,6 +98,7 @@ extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
 {
 	Node *tree = NULL, *accept;
 	int exact_match;
+	uint32_t allow = perms;
 
 	assert(perms != 0);
 
@@ -220,7 +221,11 @@ extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
 		}
 		cerr << "  ->  ";
 		tree->dump(cerr);
-		cerr << "\n\n";
+		if (deny)
+			cerr << " deny";
+		cerr << " (" << hex << allow <<"/" << audit << dec << ")";
+		accept->dump(cerr);
+ 		cerr << "\n\n";
 	}
 
 	if (rules->root)