If the level contains a category that is not associated with a sensitivity,
the code correctly detects the condition, but does not return an error.
Signed-off-by: Chris PeBenito <cpebenito@xxxxxxxxxx>
---
libsepol/src/expand.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 467f7a7..3193ef5 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -914,10 +914,11 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
}
for (i = cat->low - 1; i < cat->high; i++) {
if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
- ERR(h, "Category %s can not be associate with "
+ ERR(h, "Category %s can not be associated with "
"level %s",
p->p_cat_val_to_name[i],
p->p_sens_val_to_name[l->sens - 1]);
+ return -1;
}
if (ebitmap_set_bit(&l->cat, i, 1)) {
ERR(h, "Out of memory!");
--
2.3.0
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
