When running the CIL compiler, only the first initial SID was added to each entry of the binary file. This patch adds a counter to increment the SID count when writing out the file. This patch may not be the best way to achieve this, so I recommend that the CIL team review.
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
---
src/cil_binary.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/cil_binary.c b/src/cil_binary.c
index ffe4f56..061a706 100644
--- a/src/cil_binary.c
+++ b/src/cil_binary.c
@@ -42,6 +42,8 @@
#include "cil_mem.h"
#include "cil_tree.h"
+static int sid_counter = 1;
+
struct cil_args_binary {
const struct cil_db *db;
policydb_t *pdb;
@@ -1930,7 +1932,7 @@ int cil_sid_to_policydb(policydb_t *pdb, struct cil_tree_node *node)
new_sepol_sidcon->next = pdb->ocontexts[OCON_ISID];
pdb->ocontexts[OCON_ISID] = new_sepol_sidcon;
- new_sepol_sidcon->sid[0] = pdb->ocontexts[OCON_ISID]->sid[0] + 1;
+ new_sepol_sidcon->sid[0] = pdb->ocontexts[OCON_ISID]->sid[0] + sid_counter++;
new_sepol_sidcon->u.name = cil_strdup(cil_sid->datum.name);
sepol_context = &new_sepol_sidcon->context[0];
--
1.7.6.1
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
