From 2db41acd1b27961f324b02a6df7082a1d2f2be4e Mon Sep 17 00:00:00 2001
From: Georgia Garcia <georgia.garcia@canonical.com>
Date: Wed, 6 Mar 2024 10:33:54 -0300
Subject: [PATCH] parser: fix generic perms in network rules

The permission for network rules when the inet mediation was not
available, or for when the family was not af_inet or af_inet6 was
being generated as one that would allow anything. Make them specific
using perms.

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
---
 parser/network.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/parser/network.cc b/parser/network.cc
index 07e6371b2..147629eec 100644
--- a/parser/network.cc
+++ b/parser/network.cc
@@ -614,8 +614,8 @@ bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mas
 
 	if (!features_supports_inet || (family != AF_INET && family != AF_INET6)) {
 		buf = buffer.str();
-		if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(AA_VALID_NET_PERMS),
-						 dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
+		if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(perms),
+						 dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
 						 parseopts))
 			return false;
 		return true;