From a0183d9e0c2980b375bcad6003e368c6d606ce36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B4=94=E4=B8=80=E9=B8=A3?= <cuiyiming@iie.ac.cn>
Date: Wed, 7 Aug 2019 09:41:49 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BD=93bypass=E5=91=BD=E4=B8=AD=E5=A4=9A?=
 =?UTF-8?q?=E6=9D=A1=E9=85=8D=E7=BD=AE=E6=97=B6,=E8=BF=94=E5=9B=9Epolicy?=
 =?UTF-8?q?=5Fid=E6=9C=80=E5=A4=A7=E7=9A=84=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 entry/src/kni_maat.cpp | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/entry/src/kni_maat.cpp b/entry/src/kni_maat.cpp
index ccd957c..e20de0f 100644
--- a/entry/src/kni_maat.cpp
+++ b/entry/src/kni_maat.cpp
@@ -185,24 +185,36 @@ error_out:
 
 static int index_of_enforce_policy(struct Maat_rule_t* result, size_t size)
 {
-	size_t i=0;
-	int biggest_policy_id=0, ret_intercept_idx=0;
-	for(i=0; i<size; i++)
+	size_t i = 0;
+	int biggest_intercept_policy_id = -1, ret_intercept_idx;
+	int biggest_bypass_policy_id = -1, ret_bypass_idx;
+	for(i = 0; i < size; i++)
 	{
-		if((unsigned char)result[i].action==KNI_ACTION_BYPASS)
+		if((unsigned char)result[i].action == KNI_ACTION_BYPASS)
 		{
-			return i;
+			if(result[i].config_id > biggest_bypass_policy_id)
+			{
+				biggest_bypass_policy_id = result[i].config_id;
+				ret_bypass_idx = i;
+			}
 		}
 		else
 		{
-			if(result[i].config_id>biggest_policy_id)
+			if(result[i].config_id > biggest_intercept_policy_id)
 			{
-				biggest_policy_id=result[i].config_id;
-				ret_intercept_idx=i;
+				biggest_intercept_policy_id = result[i].config_id;
+				ret_intercept_idx = i;
 			}
 		}
 	}
-	return ret_intercept_idx;
+	if(biggest_bypass_policy_id != -1)
+	{
+		return ret_bypass_idx;
+	}
+	else
+	{
+		return ret_intercept_idx;
+	}
 }
 
 enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len,