Joshua Brindle wrote:
Class and perms should come from the policy being used for analysis, not the system policy so use sepol_ interfaces
Hrm, this solved my original problem which was that I was getting the wrong answer back from audit2why (classes in my policy that weren't in the system policy can back with BADTCLASS instead of a more appropriate answer) but now I have a segfault so I'll try to track that down.
Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561 --- libselinux/src/audit2why.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index 12745b3..abe1701 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args if (rc< 0) RETURN(BADTCON) - tclass = string_to_security_class(tclassstr); - if (!tclass) + rc = sepol_string_to_security_class(tclassstr,&tclass); + if (rc< 0) RETURN(BADTCLASS) /* Convert the permission list to an AV. */ @@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args permstr = PyString_AsString( strObj ); #endif - perm = string_to_av_perm(tclass, permstr); - if (!perm) + rc = sepol_string_to_av_perm(tclass, permstr,&perm); + if (rc< 0) RETURN(BADPERM) av |= perm;
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
