On 02/22/2015 10:12 AM, Chris PeBenito wrote:
> If the level contains a category that is not associated with a sensitivity,
> the code correctly detects the condition, but does not return an error.
>
> Signed-off-by: Chris PeBenito <cpebenito@xxxxxxxxxx>
Acked-by: Steve Lawrence <slawrence@xxxxxxxxxx>
Thanks!
> ---
> libsepol/src/expand.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 467f7a7..3193ef5 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -914,10 +914,11 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
> }
> for (i = cat->low - 1; i < cat->high; i++) {
> if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
> - ERR(h, "Category %s can not be associate with "
> + ERR(h, "Category %s can not be associated with "
> "level %s",
> p->p_cat_val_to_name[i],
> p->p_sens_val_to_name[l->sens - 1]);
> + return -1;
> }
> if (ebitmap_set_bit(&l->cat, i, 1)) {
> ERR(h, "Out of memory!");
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
