On Thu, Mar 19, 2020 at 1:50 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Mar 19, 2020 at 6:54 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Currently a constraint `t1 == t2` gets converted to the invalid cil syntax `(mlsconstrain (class_name (perm_name)) (eq t1 ))` and fails to be loaded into the kernel.
> >
> > Fixes: 893851c0a146ef392b8d77de737d52245345129e ("policycoreutils: add a HLL compiler to convert policy packages (.pp) to CIL")
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Applied.
Thanks,
Jim
> > ---
> > Added Signed-off-by
> >
> > libsepol/src/module_to_cil.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 6fe7d336..a87bc15e 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -1745,7 +1745,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
> > case CEXPR_ROLE: attr1 = "r1"; attr2 = "r2"; break;
> > case CEXPR_ROLE | CEXPR_TARGET: attr1 = "r2"; attr2 = ""; break;
> > case CEXPR_ROLE | CEXPR_XTARGET: attr1 = "r3"; attr2 = ""; break;
> > - case CEXPR_TYPE: attr1 = "t1"; attr2 = ""; break;
> > + case CEXPR_TYPE: attr1 = "t1"; attr2 = "t2"; break;
> > case CEXPR_TYPE | CEXPR_TARGET: attr1 = "t2"; attr2 = ""; break;
> > case CEXPR_TYPE | CEXPR_XTARGET: attr1 = "t3"; attr2 = ""; break;
> > case CEXPR_L1L2: attr1 = "l1"; attr2 = "l2"; break;
> > --
> > 2.26.0.rc2
> >
