-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk45ui8ACgkQrlYvE4MpobO/vwCgh+NXZfvbQgveBqIIUp0v9eF0 6m0Anjj87wQMhMzK3tqEms/jJtkMjxBh =qHA9 -----END PGP SIGNATURE-----
>From 4b1933ba3efdec2dcaa0cc482592532b611264f0 Mon Sep 17 00:00:00 2001 From: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> Date: Tue, 2 Aug 2011 18:03:53 +0800 Subject: [PATCH 080/155] libsepol: Only call role_fix_callback for base.p_roles during expansion. expand_role_attributes() would merge the sub role attribute's roles ebitmap into that of the parent, then clear it off from the parent's roles ebitmap. This supports the assertion in role_fix_callback() that any role attribute's roles ebitmap contains just regular roles. expand_role_attribute() works on base.p_roles table but not any block/decl's p_roles table, so the above assertion in role_fix_callback could fail when it is called for block/decl and some role attribute is added into another. Since the effect of get_local_role() would have been complemented by the populate_roleattributes() at the end of the link phase, there is no needs(and wrong) to call role_fix_callback() for block/decl in the expand phase. Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> --- libsepol/src/expand.c | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 58fb988..06f11f4 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -2835,9 +2835,6 @@ int expand_module(sepol_handle_t * handle, if (hashtab_map (decl->p_roles.table, role_copy_callback, &state)) goto cleanup; - if (hashtab_map - (decl->p_roles.table, role_fix_callback, &state)) - goto cleanup; /* copy users */ if (hashtab_map -- 1.7.6
Attachment:
0080-libsepol-Only-call-role_fix_callback-for-base.p_role.patch.sig
Description: PGP signature
