On Wed, Nov 16, 2016 at 12:57 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 11/16/2016 03:37 PM, William Roberts wrote: >> On Wed, Nov 16, 2016 at 11:50 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>> On 11/16/2016 02:32 PM, William Roberts wrote: >>>> sediff reports no delta between policies built on master and these 2 patches. >>> >>> Not possible. checkpolicy segfaults with these patches. >>> Probably didn't rebuild it after rebuilding libsepol. >>> Anyway, you can just use cmp to compare the policies here; they should >>> be byte-for-byte identical. >> >> Crazy, I only tested these on Android. > > Again, not possible. checkpolicy calls expand_module() with NULL > handle, and therefore segfaults with this change. You could not have > been invoking a checkpolicy built with this change and had it work > (also, even aside from that, you would have ended up failing later > because you weren't mapping the DONTAUDIT values). > Hmm I'm using a test script the always builds everything, it didn't segfault, but I did get different policy hashes, which is why I ran sediff. Either way it doesn't matter, the patch was wrong. v2 (currently unsent): 59b2538cf2789ba8f7496644ff8fef5c bullhead.policy.old 93548cfc4de715432d2118353ed1d56a marlin.policy.old 59b2538cf2789ba8f7496644ff8fef5c bullhead.policy.new 93548cfc4de715432d2118353ed1d56a marlin.policy.new That looks better. <snip> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
