On 11/18/2016 04:58 PM, Nick Kralevich wrote: > process_line called compat_validate, but never actually looked at the > return value. When an invalid entry is found, a warning is printed, but > since the upper layers of the code don't see the error, validation > appears to succeed. > > Steps to reproduce on Android: > > 1) Edit system/sepolicy/private/file_contexts and create an entry with > an invalid label. > 2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to > check if file_contexts is valid. > > Expected: Compile failure. > Actual: Compile succeeds with warnings. Thanks, applied. > > Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb > --- > libselinux/src/label_file.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h > index 00c0a5c..4ac64d5 100644 > --- a/libselinux/src/label_file.h > +++ b/libselinux/src/label_file.h > @@ -467,7 +467,7 @@ static inline int process_line(struct selabel_handle *rec, > spec_hasMetaChars(&spec_arr[nspec]); > > if (strcmp(context, "<<none>>") && rec->validating) > - compat_validate(rec, &spec_arr[nspec].lr, path, lineno); > + return compat_validate(rec, &spec_arr[nspec].lr, path, lineno); > > return 0; > } > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
