parser: rename rules.h perms_t to perm32_t

There are two distinct declarations of perms_t.
  rule.h: typedef uint32_t perms_t
  hfa.h: class perms_t

these definitions clash when the front end and backend share more info.
To avoid this rename rule.h to perm32_t, and move the definition into
perms.h and use it in struct aa_perms.

Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/af_unix.cc

@@ -33,7 +33,7 @@
 /* See unix(7) for autobind address definition */
 #define autobind_address_pattern "\\x00[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]";
 
-int parse_unix_perms(const char *str_perms, perms_t *perms, int fail)
+int parse_unix_perms(const char *str_perms, perm32_t *perms, int fail)
 {
 	return parse_X_perms("unix", AA_VALID_NET_PERMS, str_perms, perms, fail);
 }
@@ -113,7 +113,7 @@ unix_rule::unix_rule(unsigned int type_p, audit_t audit_p, rule_mode_t rule_mode
 	downgrade = false;
 }
 
-unix_rule::unix_rule(perms_t perms_p, struct cond_entry *conds,
+unix_rule::unix_rule(perm32_t perms_p, struct cond_entry *conds,
 		     struct cond_entry *peer_conds):
 	af_rule(AF_UNIX), addr(NULL), peer_addr(NULL)
 {
@@ -191,7 +191,7 @@ static void writeu16(std::ostringstream &o, int v)
 #define CMD_OPT		4
 
 void unix_rule::downgrade_rule(Profile &prof) {
-	perms_t mask = (perms_t) -1;
+	perm32_t mask = (perm32_t) -1;
 
 	if (!prof.net.allow && !prof.net.alloc_net_table())
 		yyerror(_("Memory allocation error."));
@@ -318,7 +318,7 @@ int unix_rule::gen_policy_re(Profile &prof)
 	std::ostringstream buffer;
 	std::string buf;
 
-	perms_t mask = perms;
+	perm32_t mask = perms;
 
 	/* always generate a downgraded rule. This doesn't change generated
 	 * policy size and allows the binary policy to be loaded against

parser/af_unix.h

@@ -24,7 +24,7 @@
 #include "profile.h"
 #include "af_rule.h"
 
-int parse_unix_perms(const char *str_mode, perms_t *perms, int fail);
+int parse_unix_perms(const char *str_mode, perm32_t *perms, int fail);
 
 class unix_rule: public af_rule {
 	void write_to_prot(std::ostringstream &buffer);
@@ -39,7 +39,7 @@ public:
 	bool downgrade = true;
 
 	unix_rule(unsigned int type_p, audit_t audit_p, rule_mode_t rule_mode_p);
-	unix_rule(perms_t perms, struct cond_entry *conds,
+	unix_rule(perm32_t perms, struct cond_entry *conds,
 		  struct cond_entry *peer_conds);
 	virtual ~unix_rule()
 	{

parser/dbus.cc

@@ -30,7 +30,7 @@
 #include "dbus.h"
 
 
-int parse_dbus_perms(const char *str_perms, perms_t *perms, int fail)
+int parse_dbus_perms(const char *str_perms, perm32_t *perms, int fail)
 {
 	return parse_X_perms("DBus", AA_VALID_DBUS_PERMS, str_perms, perms, fail);
 }
@@ -66,7 +66,7 @@ void dbus_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-dbus_rule::dbus_rule(perms_t perms_p, struct cond_entry *conds,
+dbus_rule::dbus_rule(perm32_t perms_p, struct cond_entry *conds,
 		     struct cond_entry *peer_conds):
 	perms_rule_t(AA_CLASS_DBUS), bus(NULL), name(NULL), peer_label(NULL), path(NULL), interface(NULL), member(NULL)
 {

parser/dbus.h

@@ -23,7 +23,7 @@
 #include "rule.h"
 #include "profile.h"
 
-extern int parse_dbus_perms(const char *str_mode, perms_t *mode, int fail);
+extern int parse_dbus_perms(const char *str_mode, perm32_t *mode, int fail);
 
 class dbus_rule: public perms_rule_t {
 	void move_conditionals(struct cond_entry *conds);
@@ -40,7 +40,7 @@ public:
 	char *interface;
 	char *member;
 
-	dbus_rule(perms_t perms_p, struct cond_entry *conds,
+	dbus_rule(perm32_t perms_p, struct cond_entry *conds,
 		  struct cond_entry *peer_conds);
 	virtual ~dbus_rule() {
 		free(bus);

parser/io_uring.cc

@@ -47,7 +47,7 @@ void io_uring_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-io_uring_rule::io_uring_rule(perms_t perms_p, struct cond_entry *conds, struct cond_entry *ring_conds):
+io_uring_rule::io_uring_rule(perm32_t perms_p, struct cond_entry *conds, struct cond_entry *ring_conds):
 	perms_rule_t(AA_CLASS_IO_URING), label(NULL)
 {
 	if (perms_p) {

parser/io_uring.h

@@ -31,7 +31,7 @@ class io_uring_rule: public perms_rule_t {
 public:
 	char *label;
 
-	io_uring_rule(perms_t perms, struct cond_entry *conds, struct cond_entry *ring_conds);
+	io_uring_rule(perm32_t perms, struct cond_entry *conds, struct cond_entry *ring_conds);
 	virtual ~io_uring_rule()
 	{
 		free(label);

parser/mount.cc

@@ -478,7 +478,7 @@ static void process_one_option(struct cond_entry *&opts, unsigned int &flags,
 
 mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
 		   struct cond_entry *dst_conds unused, char *mnt_point_p,
-		   perms_t perms_p):
+		   perm32_t perms_p):
 	perms_rule_t(AA_CLASS_MOUNT),
 	mnt_point(mnt_point_p), device(device_p), trans(NULL), opts(NULL),
 	flagsv(0), opt_flagsv(0)
@@ -784,7 +784,7 @@ int mnt_rule::gen_policy_remount(Profile &prof, int &count,
 
 	vec[3] = flagsbuf;
 
-	perms_t tmpperms, tmpaudit;
+	perm32_t tmpperms, tmpaudit;
 	if (opts) {
 		tmpperms = AA_MATCH_CONT;
 		tmpaudit = 0;
@@ -993,7 +993,7 @@ int mnt_rule::gen_policy_new_mount(Profile &prof, int &count,
 		goto fail;
 	vec[3] = flagsbuf;
 
-	perms_t tmpperms, tmpaudit;
+	perm32_t tmpperms, tmpaudit;
 	if (opts) {
 		tmpperms = AA_MATCH_CONT;
 		tmpaudit = 0;
@@ -1141,7 +1141,7 @@ fail:
 void mnt_rule::post_parse_profile(Profile &prof)
 {
 	if (trans) {
-		perms_t perms = 0;
+		perm32_t perms = 0;
 		int n = add_entry_to_x_table(&prof, trans);
 		if (!n) {
 			PERROR("Profile %s has too many specified profile transitions.\n", prof.name);

parser/mount.h

@@ -152,7 +152,7 @@ public:
 
 	mnt_rule(struct cond_entry *src_conds, char *device_p,
 		   struct cond_entry *dst_conds unused, char *mnt_point_p,
-		   perms_t perms_p);
+		   perm32_t perms_p);
 	virtual ~mnt_rule()
 	{
 		free_value_list(opts);

parser/mqueue.cc

@@ -25,7 +25,7 @@
 #include <iostream>
 #include <sstream>
 
-int parse_mqueue_perms(const char *str_perms, perms_t *perms, int fail)
+int parse_mqueue_perms(const char *str_perms, perm32_t *perms, int fail)
 {
 	return parse_X_perms("mqueue", AA_VALID_MQUEUE_PERMS, str_perms, perms, fail);
 }
@@ -86,7 +86,7 @@ void mqueue_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-mqueue_rule::mqueue_rule(perms_t perms_p, struct cond_entry *conds, char *qname_p):
+mqueue_rule::mqueue_rule(perm32_t perms_p, struct cond_entry *conds, char *qname_p):
 	// mqueue uses multiple classes, arbitrary choice to represent group
 	// withing the AST
 	perms_rule_t(AA_CLASS_POSIX_MQUEUE),

parser/mqueue.h

@@ -84,7 +84,7 @@ static inline uint32_t map_mqueue_perms(uint32_t mask)
 		((mask & (AA_MQUEUE_GETATTR | AA_MQUEUE_SETATTR)) << (AA_OTHER_SHIFT - 8));
 }
 
-int parse_mqueue_perms(const char *str_perms, perms_t *perms, int fail);
+int parse_mqueue_perms(const char *str_perms, perm32_t *perms, int fail);
 
 class mqueue_rule: public perms_rule_t {
 	void move_conditionals(struct cond_entry *conds);
@@ -93,7 +93,7 @@ public:
 	char *qname;
 	char *label;
 
-	mqueue_rule(perms_t perms, struct cond_entry *conds, char *qname = NULL);
+	mqueue_rule(perm32_t perms, struct cond_entry *conds, char *qname = NULL);
 	virtual ~mqueue_rule()
 	{
 		free(qname);

parser/network.cc

@@ -29,7 +29,7 @@
 
 #define ALL_TYPES 0x43e
 
-int parse_net_perms(const char *str_mode, perms_t *mode, int fail)
+int parse_net_perms(const char *str_mode, perm32_t *mode, int fail)
 {
 	return parse_X_perms("net", AA_VALID_NET_PERMS, str_mode, mode, fail);
 }
@@ -401,7 +401,7 @@ void network_rule::set_netperm(unsigned int family, unsigned int type, unsigned
 	network_perms[family].second |= protocol;
 }
 
-network_rule::network_rule(perms_t perms_p, struct cond_entry *conds,
+network_rule::network_rule(perm32_t perms_p, struct cond_entry *conds,
 			   struct cond_entry *peer_conds):
 	dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
 {
@@ -441,7 +441,7 @@ network_rule::network_rule(perms_t perms_p, struct cond_entry *conds,
 	}
 }
 
-network_rule::network_rule(perms_t perms_p, const char *family, const char *type,
+network_rule::network_rule(perm32_t perms_p, const char *family, const char *type,
 			   const char *protocol, struct cond_entry *conds,
 			   struct cond_entry *peer_conds):
 	dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
@@ -494,7 +494,7 @@ network_rule::network_rule(perms_t perms_p, const char *family, const char *type
 	}
 }
 
-network_rule::network_rule(perms_t perms_p, unsigned int family, unsigned int type):
+network_rule::network_rule(perm32_t perms_p, unsigned int family, unsigned int type):
 	dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
 {
 	network_map[family].push_back({ family, type, 0xFFFFFFFF });
@@ -653,7 +653,7 @@ std::list<std::ostringstream> copy_streams_list(std::list<std::ostringstream> &s
 bool network_rule::gen_ip_conds(Profile &prof, std::list<std::ostringstream> &streams, ip_conds &entry, bool is_peer, bool is_cmd)
 {
 	std::string buf;
-	perms_t cond_perms;
+	perm32_t cond_perms;
 	std::list<std::ostringstream> ip_streams;
 
 	for (auto &oss : streams) {

parser/network.h

@@ -107,8 +107,9 @@ static inline uint32_t map_perms(uint32_t mask)
 		((mask & (AA_NET_SETOPT | AA_NET_GETOPT)) >> 5); /* 5 + (AA_OTHER_SHIFT - 24) */
 };
 
-int parse_net_perms(const char *str_mode, perms_t *perms, int fail);
+
 size_t get_af_max();
+int parse_net_perms(const char *str_mode, perm32_t *perms, int fail);
 int net_find_type_val(const char *type);
 const char *net_find_type_name(int type);
 const char *net_find_af_name(unsigned int af);
@@ -158,12 +159,12 @@ public:
 	 * static elements to maintain compatibility with
 	 * AA_CLASS_NET */
 	network_rule(): dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL) { }
-	network_rule(perms_t perms_p, struct cond_entry *conds,
+	network_rule(perm32_t perms_p, struct cond_entry *conds,
 		     struct cond_entry *peer_conds);
-	network_rule(perms_t perms_p, const char *family, const char *type,
+	network_rule(perm32_t perms_p, const char *family, const char *type,
 		     const char *protocol, struct cond_entry *conds,
 		     struct cond_entry *peer_conds);
-	network_rule(perms_t perms_p, unsigned int family, unsigned int type);
+	network_rule(perm32_t perms_p, unsigned int family, unsigned int type);
 	virtual ~network_rule()
 	{
 		peer.free_conds();

parser/parser.h

@@ -122,7 +122,7 @@ struct cod_entry {
 	char *nt_name;
 	Profile *prof;		 	/* Special profile defined
 					 * just for this executable */
-	perms_t perms;			/* perms is 'or' of AA_* bits */
+	perm32_t perms;			/* perms is 'or' of AA_* bits */
 	audit_t audit;
 	rule_mode_t rule_mode;
 
@@ -450,12 +450,12 @@ extern char *processunquoted(const char *string, int len);
 extern int get_keyword_token(const char *keyword);
 extern int get_rlimit(const char *name);
 extern char *process_var(const char *var);
-extern perms_t parse_perms(const char *permstr);
-extern int parse_X_perms(const char *X, int valid, const char *str_perms, perms_t *perms, int fail);
+extern perm32_t parse_perms(const char *permstr);
+extern int parse_X_perms(const char *X, int valid, const char *str_perms, perm32_t *perms, int fail);
 bool label_contains_ns(const char *label);
 bool parse_label(bool *_stack, char **_ns, char **_name,
 		 const char *label, bool yyerr);
-extern struct cod_entry *new_entry(char *id, perms_t perms, char *link_id);
+extern struct cod_entry *new_entry(char *id, perm32_t perms, char *link_id);
 
 /* returns -1 if value != true or false, otherwise 0 == false, 1 == true */
 extern int str_to_boolean(const char* str);

parser/parser_misc.c

@@ -566,12 +566,12 @@ void warn_uppercase(void)
 	}
 }
 
-static perms_t parse_sub_perms(const char *str_perms, const char *perms_desc unused)
+static perm32_t parse_sub_perms(const char *str_perms, const char *perms_desc unused)
 {
 
 #define IS_DIFF_QUAL(perms, q) (((perms) & AA_MAY_EXEC) && (((perms) & AA_EXEC_TYPE) != ((q) & AA_EXEC_TYPE)))
 
-	perms_t perms = 0;
+	perm32_t perms = 0;
 	const char *p;
 
 	PDEBUG("Parsing perms: %s\n", str_perms);
@@ -584,7 +584,7 @@ static perms_t parse_sub_perms(const char *str_perms, const char *perms_desc unu
 		char thisc = *p;
 		char next = *(p + 1);
 		char lower;
-		perms_t tperms = 0;
+		perm32_t tperms = 0;
 
 reeval:
 		switch (thisc) {
@@ -742,9 +742,9 @@ reeval:
 	return perms;
 }
 
-perms_t parse_perms(const char *str_perms)
+perm32_t parse_perms(const char *str_perms)
 {
-	perms_t tmp, perms = 0;
+	perm32_t tmp, perms = 0;
 	tmp = parse_sub_perms(str_perms, "");
 	perms = SHIFT_PERMS(tmp, AA_USER_SHIFT);
 	perms |= SHIFT_PERMS(tmp, AA_OTHER_SHIFT);
@@ -753,9 +753,9 @@ perms_t parse_perms(const char *str_perms)
 	return perms;
 }
 
-static int parse_X_sub_perms(const char *X, const char *str_perms, perms_t *result, int fail, const char *perms_desc unused)
+static int parse_X_sub_perms(const char *X, const char *str_perms, perm32_t *result, int fail, const char *perms_desc unused)
 {
-	perms_t perms = 0;
+	perm32_t perms = 0;
 	const char *p;
 
 	PDEBUG("Parsing %s perms: %s\n", X, str_perms);
@@ -813,7 +813,7 @@ reeval:
 	return 1;
 }
 
-int parse_X_perms(const char *X, int valid, const char *str_perms, perms_t *perms, int fail)
+int parse_X_perms(const char *X, int valid, const char *str_perms, perm32_t *perms, int fail)
 {
 	*perms = 0;
 	if (!parse_X_sub_perms(X, str_perms, perms, fail, ""))
@@ -976,7 +976,7 @@ alloc_fail:
 	return false;
 }
 
-struct cod_entry *new_entry(char *id, perms_t perms, char *link_id)
+struct cod_entry *new_entry(char *id, perm32_t perms, char *link_id)
 {
 	struct cod_entry *entry = NULL;
 

parser/parser_regex.c

@@ -584,7 +584,7 @@ build:
 
 static int warn_change_profile = 1;
 
-static bool is_change_profile_perms(perms_t perms)
+static bool is_change_profile_perms(perm32_t perms)
 {
 	/**
 	 * A change_profile entry will have the AA_CHANGE_PROFILE bit set.

parser/parser_yacc.y

@@ -63,10 +63,10 @@
 
 int parser_token = 0;
 
-struct cod_entry *do_file_rule(char *id, perms_t perms, char *link_id, char *nt);
+struct cod_entry *do_file_rule(char *id, perm32_t perms, char *link_id, char *nt);
 mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
 		      struct cond_entry *dst_conds, char *dst,
-		      perms_t perms);
+		      perm32_t perms);
 mnt_rule *do_pivot_rule(struct cond_entry *old, char *root,
 			char *transition);
 static void abi_features(char *filename, bool search);
@@ -212,7 +212,7 @@ static void abi_features(char *filename, bool search);
 	prefix_rule_t *prefix_entry;
 
 	flagvals flags;
-	perms_t fperms;
+	perm32_t fperms;
 	uint64_t cap;
 	unsigned int allowed_protocol;
 	char *set_var;
@@ -1562,7 +1562,7 @@ file_perms: TOK_MODE
 change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK_END_OF_RULE
 	{
 		struct cod_entry *entry;
-		perms_t perms = AA_CHANGE_PROFILE;
+		perm32_t perms = AA_CHANGE_PROFILE;
 		int exec_mode = $2;
 		char *exec = $3;
 		char *target = $4;
@@ -1670,7 +1670,7 @@ void yyerror(const char *msg, ...)
 	exit(1);
 }
 
-struct cod_entry *do_file_rule(char *id, perms_t perms, char *link_id, char *nt)
+struct cod_entry *do_file_rule(char *id, perm32_t perms, char *link_id, char *nt)
 {
 		struct cod_entry *entry;
 		PDEBUG("Matched: tok_id (%s) tok_perms (0x%x)\n", id, perms);
@@ -1711,7 +1711,7 @@ int verify_mnt_conds(struct cond_entry *conds, int src)
 
 mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
 		      struct cond_entry *dst_conds, char *dst,
-		      perms_t perms)
+		      perm32_t perms)
 {
 	if (verify_mnt_conds(src_conds, MNT_SRC_OPT) != 0)
 		yyerror(_("bad mount rule"));

parser/perms.h

@@ -19,6 +19,7 @@
 #define __AA_PERM_H
 
 #include <stdint.h>
+#include <sys/apparmor.h>
 
 /* same as in immunix.h - make it so they can both be included or used alone */
 #ifndef AA_MAY_EXEC
@@ -42,11 +43,15 @@
 
 #define AA_MAY_CHMOD		0x1000		/* pair */
 #define AA_MAY_CHOWN		0x2000		/* pair */
+#endif
 #define AA_MAY_CHGRP		0x4000		/* pair */
+#ifndef AA_MAY_CREATE
 #define AA_MAY_LOCK		0x8000		/* LINK_SUBSET overlaid */
 
 #define AA_EXEC_MMAP		0x00010000
+#endif
 #define AA_MAY_MPROT		0x00020000	/* extend conditions */
+#ifndef AA_MAY_CREATE
 #define AA_MAY_LINK		0x00040000	/* pair */
 #endif
 #define AA_MAY_SNAPSHOT		0x00080000	/* pair */
@@ -80,20 +85,22 @@
 #define AA_X_INHERIT		0x40000000
 #define AA_X_UNCONFINED		0x80000000
 
+typedef uint32_t perm32_t;
+
 struct aa_perms {
-	uint32_t allow;
-	uint32_t deny;	/* explicit deny, or conflict if allow also set */
+	perm32_t allow;
+	perm32_t deny;	/* explicit deny, or conflict if allow also set */
 
-	uint32_t subtree;	/* allow perm on full subtree only when allow is set */
-	uint32_t cond;	/* set only when ~allow and ~deny */
+	perm32_t subtree;	/* allow perm on full subtree only when allow is set */
+	perm32_t cond;	/* set only when ~allow and ~deny */
 
-	uint32_t kill;	/* set only when ~allow | deny */
-	uint32_t complain;	/* accumulates only used when ~allow & ~deny */
-	uint32_t prompt;	/* accumulates only used when ~allow & ~deny */
+	perm32_t kill;	/* set only when ~allow | deny */
+	perm32_t complain;	/* accumulates only used when ~allow & ~deny */
+	perm32_t prompt;	/* accumulates only used when ~allow & ~deny */
 
-	uint32_t audit;	/* set only when allow is set */
-	uint32_t quiet;	/* set only when ~allow | deny */
-	uint32_t hide;	/* set only when  ~allow | deny */
+	perm32_t audit;	/* set only when allow is set */
+	perm32_t quiet;	/* set only when ~allow | deny */
+	perm32_t hide;	/* set only when  ~allow | deny */
 
 
 	uint32_t xindex;

parser/profile.cc

@@ -269,11 +269,11 @@ static bool add_proc_access(Profile *prof, const char *rule)
 void post_process_file_entries(Profile *prof)
 {
 	struct cod_entry *entry;
-	perms_t cp_perms = 0;
+	perm32_t cp_perms = 0;
 
 	list_for_each(prof->entries, entry) {
 		if (entry->nt_name) {
-			perms_t perms = 0;
+			perm32_t perms = 0;
 			int n = add_named_transition(prof, entry);
 			if (!n) {
 				PERROR("Profile %s has too many specified profile transitions.\n", prof->name);

parser/ptrace.cc

@@ -24,7 +24,7 @@
 #include <string>
 #include <sstream>
 
-int parse_ptrace_perms(const char *str_perms, perms_t *perms, int fail)
+int parse_ptrace_perms(const char *str_perms, perm32_t *perms, int fail)
 {
 	return parse_X_perms("ptrace", AA_VALID_PTRACE_PERMS, str_perms, perms, fail);
 }
@@ -47,7 +47,7 @@ void ptrace_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-ptrace_rule::ptrace_rule(perms_t perms_p, struct cond_entry *conds):
+ptrace_rule::ptrace_rule(perm32_t perms_p, struct cond_entry *conds):
 	perms_rule_t(AA_CLASS_PTRACE), peer_label(NULL)
 {
 	if (perms_p) {

parser/ptrace.h

@@ -27,14 +27,14 @@
 #define AA_VALID_PTRACE_PERMS (AA_MAY_READ | AA_MAY_TRACE | AA_MAY_READBY | \
 			       AA_MAY_TRACEDBY)
 
-int parse_ptrace_perms(const char *str_perms, perms_t *perms, int fail);
+int parse_ptrace_perms(const char *str_perms, perm32_t *perms, int fail);
 
 class ptrace_rule: public perms_rule_t {
 	void move_conditionals(struct cond_entry *conds);
 public:
 	char *peer_label;
 
-	ptrace_rule(perms_t perms, struct cond_entry *conds);
+	ptrace_rule(perm32_t perms, struct cond_entry *conds);
 	virtual ~ptrace_rule()
 	{
 		free(peer_label);

parser/rule.h

@@ -22,6 +22,7 @@
 #include <list>
 #include <ostream>
 
+#include "perms.h"
 #include "policydb.h"
 
 using namespace std;
@@ -151,7 +152,6 @@ std::ostream &operator<<(std::ostream &os, rule_t &rule);
 typedef std::list<rule_t *> RuleList;
 
 /* Not classes so they can be used in the bison front end */
-typedef uint32_t perms_t;
 typedef enum { AUDIT_UNSPECIFIED, AUDIT_FORCE, AUDIT_QUIET } audit_t;
 typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY, RULE_PROMPT } rule_mode_t;
 
@@ -407,7 +407,7 @@ public:
 		return os;
 	}
 
-	perms_t perms, saved;
+	perm32_t perms, saved;
 };
 
 // alternate perms rule class that only does dedup instead of perms merging
@@ -432,7 +432,7 @@ public:
 		return os;
 	}
 
-	perms_t perms;
+	perm32_t perms;
 };
 
 

parser/signal.cc

@@ -116,7 +116,7 @@ static const char *const sig_names[MAXMAPPED_SIG + 1] = {
 };
 
 
-int parse_signal_perms(const char *str_perms, perms_t *perms, int fail)
+int parse_signal_perms(const char *str_perms, perm32_t *perms, int fail)
 {
 	return parse_X_perms("signal", AA_VALID_SIGNAL_PERMS, str_perms, perms, fail);
 }
@@ -173,7 +173,7 @@ void signal_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-signal_rule::signal_rule(perms_t perms_p, struct cond_entry *conds):
+signal_rule::signal_rule(perm32_t perms_p, struct cond_entry *conds):
 	perms_rule_t(AA_CLASS_SIGNAL), signals(), peer_label(NULL)
 {
 	if (perms_p) {

parser/signal.h

@@ -32,7 +32,7 @@
 typedef set<int> Signals;
 
 int find_signal_mapping(const char *sig);
-int parse_signal_perms(const char *str_perms, perms_t *perms, int fail);
+int parse_signal_perms(const char *str_perms, perm32_t *perms, int fail);
 
 class signal_rule: public perms_rule_t {
 	void extract_sigs(struct value_list **list);
@@ -41,7 +41,7 @@ public:
 	Signals signals;
 	char *peer_label;
 
-	signal_rule(perms_t perms, struct cond_entry *conds);
+	signal_rule(perm32_t perms, struct cond_entry *conds);
 	virtual ~signal_rule() {
 		signals.clear();
 		free(peer_label);

parser/userns.cc

@@ -40,7 +40,7 @@ void userns_rule::move_conditionals(struct cond_entry *conds)
 	}
 }
 
-userns_rule::userns_rule(perms_t perms_p, struct cond_entry *conds):
+userns_rule::userns_rule(perm32_t perms_p, struct cond_entry *conds):
 	perms_rule_t(AA_CLASS_NS)
 {
 	if (perms_p) {

parser/userns.h

@@ -26,7 +26,7 @@
 class userns_rule: public perms_rule_t {
 	void move_conditionals(struct cond_entry *conds);
 public:
-	userns_rule(perms_t perms, struct cond_entry *conds);
+	userns_rule(perm32_t perms, struct cond_entry *conds);
 	virtual ~userns_rule()
 	{
 	};