[apparmor] [PATCH 09/11] Fix permissions attached to the bare file keyword

[John Johansen]

  file,

was not given the correct permissions.  It was only being given the owner
set of permissions.  This would result in rejects when trying look at
files owned by other users

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_yacc.y |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 0442016..86bf293 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -964,11 +964,13 @@ frule:	file_mode opt_subset_flag id_or_var opt_named_transition TOK_END_OF_RULE
 file_rule: TOK_FILE TOK_END_OF_RULE
 	{
 		char *path = strdup("/**");
+		int perms = ((AA_BASE_PERMS & ~AA_EXEC_TYPE) |
+			     (AA_EXEC_INHERIT | AA_MAY_EXEC));
+		/* duplicate to other permission set */
+		perms |= perms << AA_OTHER_SHIFT;
 		if (!path)
 			yyerror(_("Memory allocation error."));
-		$$ = do_file_rule(NULL, path, ((AA_BASE_PERMS & ~AA_EXEC_TYPE) |
-					       (AA_EXEC_INHERIT | AA_MAY_EXEC)),
-				  NULL, NULL);
+		$$ = do_file_rule(NULL, path, perms, NULL, NULL);
 	}
 	| opt_file file_rule_tail { $$ = $2; }
 
-- 
1.7.9