From ff267dc1fcf69308ca36ea41cec6cfaa7bf07f32 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 2 Aug 2014 12:47:39 +0200
Subject: [PATCH] From: Jeff Mahoney <jeffm@suse.com> Subject: perl-apparmor:
 Fix bare 'network' keyword handling References: bnc#889650

The 'network' bare keyword was being printed as "audit network all" due to
two different bugs:

1) {audit}{all} was always being set to 1, regardless of whether the audit
   keyword was used
2) {rule} eq 'all' is the wrong test - it should be {rule}{all}

With these fixed, 'network' is properly handled.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

Acked-by: Steve Beattie <steve@nxnw.org>
---
 utils/Immunix/AppArmor.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/Immunix/AppArmor.pm b/utils/Immunix/AppArmor.pm
index a4e22b21d..1a6f3dbe0 100755
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -5353,7 +5353,7 @@ sub parse_profile_data($$$) {
 		$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
             } else {
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{all} = 1;
-                $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = 1;
+                $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = $audit;
             }
         } elsif (/^\s*(tcp_connect|tcp_accept|udp_send|udp_receive)/) {
 # just ignore and drop old style network
@@ -5708,7 +5708,7 @@ sub writenet_rules ($$$) {
     # dump out the netdomain entries...
     if (exists $profile_data->{$allow}{netdomain}) {
         if ( $profile_data->{$allow}{netdomain}{rule} &&
-             $profile_data->{$allow}{netdomain}{rule} eq 'all') {
+             $profile_data->{$allow}{netdomain}{rule}{all}) {
 	    $audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{all};
             push @data, "${pre}${audit}network,";
         } else {