From: dcashman <dcashman@xxxxxxxxxxx>
Avoid a "No roles associated with user" error produced by
cil_userrole_to_policy() when a userrole mapping is present in CIL policy.
Signed-off-by: Daniel Cashman <dcashman@xxxxxxxxxxx>
---
libsepol/cil/src/cil_policy.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index 382129b..324becc 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1155,7 +1155,12 @@ int __cil_gen_policy_node_helper(struct cil_tree_node *node, uint32_t *finished,
} else {
switch (node->flavor) {
case CIL_USER:
- cil_multimap_insert(users, node->data, NULL, CIL_USERROLE, CIL_NONE);
+ cil_multimap_insert(users, node->data, NULL, CIL_USER, CIL_NONE);
+ break;
+ case CIL_USERROLE: {
+ struct cil_userrole *userrole = node->data;
+ cil_multimap_insert(users, userrole->user, userrole->role, CIL_USER, CIL_ROLE);
+ }
break;
case CIL_CATALIAS: {
struct cil_alias *alias = node->data;
--
2.8.0.rc3.226.g39d4020
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
