|
 |
71cd55 |
From d4d0955c67f5b928ef134ee7e7e23a9c40a266ea Mon Sep 17 00:00:00 2001
|
|
|
71cd55 |
From: James Carter <jwcart2@gmail.com>
|
|
|
71cd55 |
Date: Tue, 16 Mar 2021 14:30:02 -0400
|
|
|
71cd55 |
Subject: [PATCH] libsepol: Write "NO_IDENTIFIER" for empty constraint
|
|
|
71cd55 |
expression
|
|
|
71cd55 |
|
|
|
71cd55 |
If a role attribute with no roles associated with it is used in a
|
|
|
71cd55 |
constraint expression, then the role bitmap will be empty. This is
|
|
|
71cd55 |
not a problem for the kernel, but does cause problems when
|
|
|
71cd55 |
converting a kernel policy to policy.conf.
|
|
|
71cd55 |
|
|
|
71cd55 |
When creating a policy.conf from a kernel policy, if an empty bitmap
|
|
|
71cd55 |
is encountered, use the string "NO_IDENTIFIER". An error will occur
|
|
|
71cd55 |
if an attempt is made to compile the resulting policy, but this is
|
|
|
71cd55 |
better than exiting with an error without creating a policy.conf.
|
|
|
71cd55 |
|
|
|
71cd55 |
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
|
71cd55 |
---
|
|
|
71cd55 |
libsepol/src/kernel_to_conf.c | 2 +-
|
|
|
71cd55 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
71cd55 |
|
|
|
71cd55 |
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
|
|
|
71cd55 |
index ea58a026501f..cd5a517abb59 100644
|
|
|
71cd55 |
--- a/libsepol/src/kernel_to_conf.c
|
|
|
71cd55 |
+++ b/libsepol/src/kernel_to_conf.c
|
|
|
71cd55 |
@@ -186,7 +186,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
|
|
|
71cd55 |
names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1);
|
|
|
71cd55 |
}
|
|
|
71cd55 |
if (!names) {
|
|
|
71cd55 |
- goto exit;
|
|
|
71cd55 |
+ names = strdup("NO_IDENTIFIER");
|
|
|
71cd55 |
}
|
|
|
71cd55 |
new_val = create_str("%s %s %s", 3, attr1, op, names);
|
|
|
71cd55 |
free(names);
|
|
|
71cd55 |
--
|
|
|
71cd55 |
2.32.0
|
|
|
71cd55 |
|