forked from pool/libsepol
Marcus Meissner
ef7a7fd7b7
- skip roles which are out of scope when expanding attributes - needed for building selinux-policy OBS-URL: https://build.opensuse.org/request/show/139269 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=31
43 lines
1.2 KiB
Diff
43 lines
1.2 KiB
Diff
From: Harry Ciao <qingtao.cao@windriver.com>
|
|
To: <selinux@tycho.nsa.gov>
|
|
Subject: [v1 PATCH 1/1] role_fix_callback skips out-of-scope roles during
|
|
expansion.
|
|
Date: Sat, 25 Feb 2012 09:40:08 +0800
|
|
Message-ID: <1330134008-3259-1-git-send-email-qingtao.cao@windriver.com>
|
|
X-Mailer: git-send-email 1.7.0.4
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain
|
|
Sender: owner-selinux@tycho.nsa.gov
|
|
Precedence: bulk
|
|
X-Mailing-List: selinux-tycho.nsa.gov
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
If a role identifier is out of scope it would be skipped over during
|
|
expansion, accordingly, be it a role attribute, it should be skipped
|
|
over as well when role_fix_callback tries to propagate its capability
|
|
to all its sub-roles.
|
|
|
|
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
|
|
---
|
|
libsepol/src/expand.c | 5 +++++
|
|
1 files changed, 5 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
|
|
index 493e478..befb720 100644
|
|
--- libsepol/src/expand.c
|
|
+++ libsepol/src/expand.c
|
|
@@ -688,6 +688,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
|
|
return 0;
|
|
}
|
|
|
|
+ if (!is_id_enabled(id, state->base, SYM_ROLES)) {
|
|
+ /* identifier's scope is not enabled */
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
if (role->flavor != ROLE_ATTRIB)
|
|
return 0;
|
|
|
|
--
|
|
1.7.0.4
|