When Android combines multiple .cil files from system.img and vendor.img
it's possible to have conflicting expandattribute statements, e.g.
expandattribute hal_audio true;
expandattribute hal_audio false;
This change deals with scenario be resolving the value of the
corresponding expandattribute to false. The rationale behind this
override is that true is used for reduce run-time lookups, while
false is used for tests which must pass.
---
libsepol/cil/src/cil_resolve_ast.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index d1a5ed87..5c66f663 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -271,7 +271,6 @@ exit:
int cil_type_used(struct cil_symtab_datum *datum, int used)
{
- int rc = SEPOL_ERR;
struct cil_typeattribute *attr = NULL;
if (FLAVOR(datum) == CIL_TYPEATTRIBUTE) {
@@ -279,16 +278,13 @@ int cil_type_used(struct cil_symtab_datum *datum, int used)
attr->used |= used;
if ((attr->used & CIL_ATTR_EXPAND_TRUE) &&
(attr->used & CIL_ATTR_EXPAND_FALSE)) {
- cil_log(CIL_ERR, "Conflicting use of expandtypeattribute. "
- "Expandtypeattribute may be set to true or false "
- "but not both. \n");
- goto exit;
+ cil_log(CIL_WARN, "Conflicting use of expandtypeattribute. "
+ "Expandtypeattribute was set to both true or false for %s. "
+ "Resolving to false. \n", attr->datum.name);
+ attr->used ^= CIL_ATTR_EXPAND_TRUE;
}
}
-
return SEPOL_OK;
-exit:
- return rc;
}
int cil_resolve_permissionx(struct cil_tree_node *current, struct cil_permissionx *permx, void *extra_args)
--
2.16.2.804.g6dcf76e118-goog
