Hello, The below code can crash secilc reliably by using `all` as a classmap set identifier. This was tested against secilc / libsepol 3.0 from debian and a quick build from git. For some reason I haven't been able to build secilc and libsepol with debug symbols to track down the cause of the issue myself. - bauen1 (sensitivity s0) (sensitivityorder (s0)) (level low (s0)) (level high (s0)) (levelrange lowhigh (low high)) (class file (getattr read)) (classorder (file)) (user test_u) (userrange test_u lowhigh) (userlevel test_u high) (role test_r) (userrole test_u test_r) (type kernel_t) (roletype test_r kernel_t) (sid kernel) (sidorder (kernel)) (context kernel_context (test_u test_r kernel_t lowhigh)) (sidcontext kernel kernel_context) (allow kernel_t kernel_t (file (read))) ; Test case that works (classmap testmap1 (test)) (classmapping testmap1 test (file (read))) (allow kernel_t kernel_t (testmap1 (test))) ; Test that breaks secilc / libsepol (classmap testmap2 (all)) (classmapping testmap2 all (file (read))) (allow kernel_t kernel_t (testmap2 (all)))
