From: dcashman <dcashman@xxxxxxxxxxx>
cil_gen_policy() prints a sensitivityorder{}; output statement when
generating its policy.conf file from CIL policy. This omits the
sensitivity declarations, however, and should instead be represented as
a sid declaration block followed by a dominance statement.
Signed-off-by: Daniel Cashman <dcashman@xxxxxxxxxxx>
---
libsepol/cil/src/cil_policy.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index d8ef151..78b135e 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1301,11 +1301,14 @@ int cil_gen_policy(struct cil_db *db)
}
if (db->sensitivityorder->head != NULL) {
- fprintf(file_arr[SENS], "sensitivityorder { ");
+ cil_list_for_each(item, db->sensitivityorder) {
+ fprintf(file_arr[SENS], "sensitivity %s;\n", ((struct cil_sens*)item->data)->datum.name);
+ }
+ fprintf(file_arr[SENS], "dominance { ");
cil_list_for_each(item, db->sensitivityorder) {
fprintf(file_arr[SENS], "%s ", ((struct cil_sens*)item->data)->datum.name);
}
- fprintf(file_arr[SENS], "};\n");
+ fprintf(file_arr[SENS], "}\n");
}
extra_args.users = users;
--
2.8.0.rc3.226.g39d4020
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
