Fix the x intersection consistency test

The in x intersection consistency test for minimization was failing because
it was screening off the AA_MAY_EXEC permission before passing the exec
information to the consistency test fn.  This resulted in the consistency
test fn not testing the consistency because it treated the permission set
as not having x permissions.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

parser/immunix.h

@@ -96,6 +96,9 @@
 
 #define ALL_AA_EXEC_TYPE		(AA_USER_EXEC_TYPE | AA_OTHER_EXEC_TYPE)
 
+#define ALL_USER_EXEC			(AA_USER_EXEC | AA_USER_EXEC_TYPE)
+#define ALL_OTHER_EXEC			(AA_OTHER_EXEC | AA_OTHER_EXEC_TYPE)
+
 #define AA_LINK_BITS			((AA_MAY_LINK << AA_USER_SHIFT) | \
 					 (AA_MAY_LINK << AA_OTHER_SHIFT))
 

parser/libapparmor_re/hfa.h

@@ -50,8 +50,8 @@ public:
 	{
 		deny |= rhs.deny;
 
-		if (!is_merged_x_consistent(allow & AA_USER_EXEC_TYPE,
-					    rhs.allow & AA_USER_EXEC_TYPE)) {
+		if (!is_merged_x_consistent(allow & ALL_USER_EXEC,
+					    rhs.allow & ALL_USER_EXEC)) {
 			if ((exact & AA_USER_EXEC_TYPE) &&
 			    !(rhs.exact & AA_USER_EXEC_TYPE)) {
 				/* do nothing */
@@ -64,8 +64,8 @@ public:
 		} else
 			allow |= rhs.allow & AA_USER_EXEC_TYPE;
 
-		if (!is_merged_x_consistent(allow & AA_OTHER_EXEC_TYPE,
-					    rhs.allow & AA_OTHER_EXEC_TYPE)) {
+		if (!is_merged_x_consistent(allow & ALL_OTHER_EXEC,
+					    rhs.allow & ALL_OTHER_EXEC)) {
 			if ((exact & AA_OTHER_EXEC_TYPE) &&
 			    !(rhs.exact & AA_OTHER_EXEC_TYPE)) {
 				/* do nothing */

parser/tst/simple_tests/xtrans/x-conflict.sd

@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION test for conflict resolution in minimization phase of dfa gen
+#=EXRESULT FAIL
+#=TODO
+#
+/usr/bin/foo {
+  /b* px,
+  /* Pixr,
+  /a* Cx -> foo,
+}
+