From 398102afa84fa4b0b3ac9a7fde09aa12d10b6d42 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 16 Nov 2007 09:36:42 +0000
Subject: [PATCH] old style link compatability

---
 parser/immunix.h      | 11 +++++++++++
 parser/parser_regex.c | 22 ++++++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/parser/immunix.h b/parser/immunix.h
index e9d178fe0..ffb35232f 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -80,11 +80,22 @@
 #define AA_GROUP_EXEC_TYPE		(AA_EXEC_TYPE << AA_GROUP_SHIFT)
 #define AA_OTHER_EXEC_TYPE		(AA_EXEC_TYPE << AA_OTHER_SHIFT)
 
+#define AA_LINK_BITS			((AA_MAY_LINK << AA_USER_SHIFT) | \
+					 (AA_MAY_LINK << AA_GROUP_SHIFT) | \
+					 (AA_MAY_LINK << AA_OTHER_SHIFT))
+
 #define SHIFT_MODE(MODE, SHIFT)		((((MODE) & AA_BASE_PERMS) << (SHIFT))\
 					 | ((MODE) & ~AA_FILE_PERMS))
 #define SHIFT_TO_BASE(MODE, SHIFT)	((((MODE) & AA_FILE_PERMS) >> (SHIFT))\
 					 | ((MODE) & ~AA_FILE_PERMS))
 
+
+#define AA_LINK_SUBSET_TEST		(AA_MAY_LINK << 1)
+#define LINK_SUBSET_BITS	((AA_LINK_SUBSET_TEST << AA_USER_SHIFT) | \
+				 (AA_LINK_SUBSET_TEST << AA_GROUP_SHIFT) | \
+				 (AA_LINK_SUBSET_TEST << AA_OTHER_SHIFT))
+#define LINK_TO_LINK_SUBSET(X)		(((X) << 1) & AA_LINK_SUBSET_TEST)
+
 #define AA_HAT_SIZE	975	/* Maximum size of a subdomain
 					 * ident (hat) */
 #define AA_IP_TCP			0x0001
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index fd08868fd..2013ec27b 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -482,7 +482,6 @@ static int process_pcre_entry(struct cod_entry *entry)
 static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 {
 	char tbuf[PATH_MAX + 3];	/* +3 for ^, $ and \0 */
-	int ret = TRUE;
 	pattern_t ptype;
 
 	if (!entry) 		/* shouldn't happen */
@@ -508,8 +507,23 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 		entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;
 
 	if (!aare_add_rule(dfarules, tbuf, entry->mode))
-		ret = FALSE;
-
+		return FALSE;
+	if (entry->mode & (AA_LINK_BITS)) {
+		/* add the pair rule */
+		char lbuf[PATH_MAX + 8];
+		int perms = AA_LINK_BITS & entry->mode;
+		perms |= LINK_TO_LINK_SUBSET(perms);
+		sprintf(lbuf, "%s///**", entry->name);
+		ptype = convert_aaregex_to_pcre(lbuf, 0, tbuf, PATH_MAX + 8);
+		if (ptype == ePatternInvalid)
+			return FALSE;
+		if (!aare_add_rule(dfarules, tbuf, perms))
+			return FALSE;
+/*		if (!aare_add_vec_rule(dfarules, perms,
+				       tbuf, "/**", NULL))
+			return FALSE;
+*/
+	}
 	if (entry->mode & AA_CHANGE_PROFILE) {
 		char lbuf[2*PATH_MAX + 8];
 		if (entry->namespace)
@@ -522,7 +536,7 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 		if (!aare_add_rule(dfarules, tbuf, AA_CHANGE_PROFILE))
 			return FALSE;
 	}
-	return ret;
+	return TRUE;
 }
 
 int post_process_entries(struct codomain *cod)