equals with multiple wildcards unexpected behavior

[bh-tneukom]

Hey!

From the documentation for equals

The device attribute set must contain exactly the same set of values for the rule to match.

I would expect the rule allow with-interface equals { 03:*:* 03:*:* 03:*:* } to not match a device with interfaces { 02:02:00 0a:00:00 03:00:00 } but it does. Looking at

usbguard/src/Library/public/usbguard/Rule.hpp

Lines 622 to 657 in 90f0b50

	/**
	* @brief Every item in the source set must match one item in the
	* target set and the sets have to have the same number of items.
	*
	* @param source_set Source set.
	* @param target_set Target set.
	* @return True if every item in the \p source_set matches one item in
	* the \p target_set and sets have the same number of items,
	* false otherwise.
	*/
	bool setSolveEquals(const std::vector<ValueType>& source_set, const std::vector<ValueType>& target_set) const
	{
	USBGUARD_LOG(Trace);
	if (source_set.size() != target_set.size()) {
	return false;
	}
	else {
	for (auto const& source_item : source_set) {
	bool match = false;
	for (auto const& target_item : target_set) {
	if (Predicates::isSubsetOf(source_item, target_item)) {
	match = true;
	break;
	}
	}
	if (!match) {
	return false;
	}
	}
	return true;
	}
	}

it checks if every item in the source (the rule) matches an item in the target (the device). Each item in the rule matches the last device. And the length of source and target is the same, so the rule applies.

Maybe the documentation could be clarified or alternatively one could check which item in target match which item in source and then check if there is a perfect matching between them.

Thanks!
Tobias