On Sat Feb 25 01:40:08 2012, Harry Ciao wrote:
If a role identifier is out of scope it would be skipped over during
expansion, accordingly, be it a role attribute, it should be skipped
over as well when role_fix_callback tries to propagate its capability
to all its sub-roles.
Acked-by: Martin Orr <martin@xxxxxxxxxxxxxx>
This fixes my assertion failure with role attributes required by
optional blocks in the base module.
Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx>
---
libsepol/src/expand.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 493e478..befb720 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -688,6 +688,11 @@ static int role_fix_callback(hashtab_key_t key,
hashtab_datum_t datum,
return 0;
}
+ if (!is_id_enabled(id, state->base, SYM_ROLES)) {
+ /* identifier's scope is not enabled */
+ return 0;
+ }
+
if (role->flavor != ROLE_ATTRIB)
return 0;
--
1.7.0.4
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
