From 4e80416a4f4efc345ef89da8b509ddda25414492 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 9 Nov 2010 11:24:51 -0800
Subject: [PATCH] Do permission accumulation in dfa minimization.  This is
 necessary if accept states with different permissions are to ever share a
 partition.

---
 parser/libapparmor_re/regexp.y | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/parser/libapparmor_re/regexp.y b/parser/libapparmor_re/regexp.y
index c5fd73090..a0357f259 100644
--- a/parser/libapparmor_re/regexp.y
+++ b/parser/libapparmor_re/regexp.y
@@ -1826,10 +1826,13 @@ void DFA::minimize(dfaflags_t flags)
 
 //if ((*p)->size() > 1)
 //cerr << rep->label << ": ";
-		/* clear the state label for all non representative states */
+		/* clear the state label for all non representative states,
+		 * and accumulate permissions */
 		for (Partition::iterator i = ++(*p)->begin(); i != (*p)->end(); i++) {
 //cerr << " " << (*i)->label;
 			(*i)->label = -1;
+			rep->accept |= (*i)->accept;
+			rep->audit |= (*i)->audit;
 		}
 //if ((*p)->size() > 1)
 //cerr << "\n";