On 09/08/2016 01:30 PM, Daniel Cashman wrote: > From: dcashman <dcashman@xxxxxxxxxxx> > > cil_gen_policy() appears to exist to generate a policy.conf corresponding to the > original SELinux HLL from a cil_db struct. All of libsepol/cil/src/cil_policy.c > appears to exist to support this functionality. This patchset provides some > fixes for issues encountered when trying to go from android's policy.conf to a > CIL representation (via checkpolicy) and then back to the HLL representation via > cil_gen_policy(). > > dcashman (5): > libsepol: cil: Add userrole mapping to cil_gen_policy(). > libsepol: cil: Remove duplicate sid policy declaration. > libsepol: cil: Replace sensitivityorder statement. > libsepol: cil: Fix CIL_OP data assignment. > libsepol: cil: Add cil_constraint_expr_to_policy() > > libsepol/cil/src/cil_policy.c | 235 ++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 224 insertions(+), 11 deletions(-) > I suspect that the "proper" fix here is to just remove all of libsepol/cil/src/cil_policy.c, so I can put that patch together too if desired. The patches in this patchset do not address all of the bugs I encountered trying to go from HLL -> CIL -> HLL. Since I was using this as a temporary work-around, I decided to move on and submit these, in case rescuing cil_gen_policy() is desired; the additional changes needed were becoming more invasive (similar to the 5th patch in this set) and less bug-fix-like. Thank You, Dan _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
