From 9d5b86bc9d9f1fb31e1633145b1506975af0039c Mon Sep 17 00:00:00 2001 From: John Johansen Date: Tue, 3 Dec 2024 23:10:23 -0800 Subject: [PATCH] parser: fix priority for file rules. File rules could drop priority info when rule matched a rule that was the same except for having different priority. For now fix this by treating them as a different rule. The priority was also be dropped when add_prefix was used to add the priority during the parse resulting in file rules always getting a default priority of 0. Signed-off-by: John Johansen --- parser/parser_merge.c | 3 +++ parser/parser_misc.c | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/parser/parser_merge.c b/parser/parser_merge.c index 523933cab..972bb9a47 100644 --- a/parser/parser_merge.c +++ b/parser/parser_merge.c @@ -54,6 +54,9 @@ static int file_comp(const void *c1, const void *c2) if ((*e1)->audit != (*e2)->audit) return (*e1)->audit < (*e2)->audit ? -1 : 1; + if ((*e1)->priority != (*e2)->priority) + return (*e2)->priority - (*e1)->priority; + return strcmp((*e1)->name, (*e2)->name); } diff --git a/parser/parser_misc.c b/parser/parser_misc.c index 31fa54c95..d418de395 100644 --- a/parser/parser_misc.c +++ b/parser/parser_misc.c @@ -1092,6 +1092,8 @@ void debug_cod_entries(struct cod_entry *list) debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_USER_SHIFT)); printf(":"); debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_OTHER_SHIFT)); + + printf(" priority=%d ", item->priority); if (item->name) printf("\tName:\t(%s)\n", item->name); else @@ -1135,6 +1137,8 @@ bool entry_add_prefix(struct cod_entry *entry, const prefixes &p, const char *&e else if (p.owner == 2) entry->perms &= (AA_OTHER_PERMS | AA_SHARED_PERMS); + entry->priority = p.priority; + /* implied audit modifier */ if (p.audit == AUDIT_FORCE && (entry->rule_mode != RULE_DENY)) entry->audit = AUDIT_FORCE;