* [PATCH 1/1] libsepol/cil: fix aliasactual resolution errors
@ 2017-05-30 16:32 Steve Lawrence
2017-05-31 16:56 ` jwcart2
0 siblings, 1 reply; 2+ messages in thread
From: Steve Lawrence @ 2017-05-30 16:32 UTC (permalink / raw)
To: SELinux List
- Set rc to SEPOL_ERR if the alias part of an aliasactual statement
does not resolve to the correct alias flavor (e.g. typealias, senalias, catalias)
- Add an error check if the actual part of an aliasactual statement
does not resolve to the correct actual flavor (type, sens, cat)
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
---
libsepol/cil/src/cil_resolve_ast.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index a671068..5c26530 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -521,6 +521,7 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
}
if (NODE(alias_datum)->flavor != alias_flavor) {
cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
+ rc = SEPOL_ERR;
goto exit;
}
@@ -529,6 +530,12 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
goto exit;
}
+ if (NODE(actual_datum)->flavor != flavor) {
+ cil_log(CIL_ERR, "%s is a %s, but aliases a %s\n", alias_datum->name, cil_node_to_string(NODE(alias_datum)), cil_node_to_string(NODE(actual_datum)));
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
alias = (struct cil_alias *)alias_datum;
if (alias->actual != NULL) {
--
2.9.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] libsepol/cil: fix aliasactual resolution errors
2017-05-30 16:32 [PATCH 1/1] libsepol/cil: fix aliasactual resolution errors Steve Lawrence
@ 2017-05-31 16:56 ` jwcart2
0 siblings, 0 replies; 2+ messages in thread
From: jwcart2 @ 2017-05-31 16:56 UTC (permalink / raw)
To: Steve Lawrence, SELinux List
On 05/30/2017 12:32 PM, Steve Lawrence wrote:
> - Set rc to SEPOL_ERR if the alias part of an aliasactual statement
> does not resolve to the correct alias flavor (e.g. typealias, senalias, catalias)
> - Add an error check if the actual part of an aliasactual statement
> does not resolve to the correct actual flavor (type, sens, cat)
>
> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Applied.
Thanks,
Jim
> ---
> libsepol/cil/src/cil_resolve_ast.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> index a671068..5c26530 100644
> --- a/libsepol/cil/src/cil_resolve_ast.c
> +++ b/libsepol/cil/src/cil_resolve_ast.c
> @@ -521,6 +521,7 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
> }
> if (NODE(alias_datum)->flavor != alias_flavor) {
> cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
> + rc = SEPOL_ERR;
> goto exit;
> }
>
> @@ -529,6 +530,12 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
> goto exit;
> }
>
> + if (NODE(actual_datum)->flavor != flavor) {
> + cil_log(CIL_ERR, "%s is a %s, but aliases a %s\n", alias_datum->name, cil_node_to_string(NODE(alias_datum)), cil_node_to_string(NODE(actual_datum)));
> + rc = SEPOL_ERR;
> + goto exit;
> + }
> +
> alias = (struct cil_alias *)alias_datum;
>
> if (alias->actual != NULL) {
>
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-05-31 16:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-30 16:32 [PATCH 1/1] libsepol/cil: fix aliasactual resolution errors Steve Lawrence
2017-05-31 16:56 ` jwcart2
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.