parser: fix priority for file rules.

File rules could drop priority info when rule matched a rule
that was the same except for having different priority. For now
fix this by treating them as a different rule.

The priority was also be dropped when add_prefix was used to
add the priority during the parse resulting in file rules always
getting a default priority of 0.

Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/parser_merge.c

@@ -54,6 +54,9 @@ static int file_comp(const void *c1, const void *c2)
 	if ((*e1)->audit != (*e2)->audit)
 		return (*e1)->audit < (*e2)->audit ? -1 : 1;
 
+	if ((*e1)->priority != (*e2)->priority)
+		return (*e2)->priority - (*e1)->priority;
+
 	return strcmp((*e1)->name, (*e2)->name);
 }
 

parser/parser_misc.c

@@ -1092,6 +1092,8 @@ void debug_cod_entries(struct cod_entry *list)
 		debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_USER_SHIFT));
 		printf(":");
 		debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_OTHER_SHIFT));
+
+		printf(" priority=%d ", item->priority);
 		if (item->name)
 			printf("\tName:\t(%s)\n", item->name);
 		else
@@ -1135,6 +1137,8 @@ bool entry_add_prefix(struct cod_entry *entry, const prefixes &p, const char *&e
 	else if (p.owner == 2)
 		entry->perms &= (AA_OTHER_PERMS | AA_SHARED_PERMS);
 
+	entry->priority = p.priority;
+
 	/* implied audit modifier */
 	if (p.audit == AUDIT_FORCE && (entry->rule_mode != RULE_DENY))
 		entry->audit = AUDIT_FORCE;