From c9a43a14697fa955f31e495a8b03a523975ad285 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 1 May 2012 15:40:31 +0300
Subject: [PATCH 2/2] audit: apply protected_paths.d masks to individual files

---
 src/audit.c |   21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/audit.c b/src/audit.c
index 071ff4d..03f977b 100644
--- a/src/audit.c
+++ b/src/audit.c
@@ -14,6 +14,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <dirent.h>
+#include <fnmatch.h>
 #include <sys/stat.h>
 #include "apk_applet.h"
 #include "apk_database.h"
@@ -199,14 +200,28 @@ recurse_check:
 		atctx->pathlen--;
 	} else {
 		struct apk_db_file *dbf;
+		struct apk_protected_path_array *ppaths = dbd->protected_paths;
+		int i, protected = dbd->protected, symlinks_only = dbd->symlinks_only;
+
+		/* inherit file's protection mask */
+		for (i = 0; i < ppaths->num; i++) {
+			struct apk_protected_path *ppath = &ppaths->item[i];
+			char *slash = strchr(ppath->relative_pattern, '/');
+			if (slash == NULL) {
+				if (fnmatch(ppath->relative_pattern, name, FNM_PATHNAME) != 0)
+					continue;
+				protected = ppath->protected;
+				symlinks_only = ppath->symlinks_only;
+			}
+		}
 
 		if (actx->mode == MODE_BACKUP) {
-			if (!dbd->protected)
+			if (!protected)
 				goto done;
-			if (dbd->symlinks_only && !S_ISLNK(fi.mode))
+			if (symlinks_only && !S_ISLNK(fi.mode))
 				goto done;
 		} else {
-			if (dbd->protected)
+			if (protected)
 				goto done;
 		}
 
-- 
1.7.10