On Tue, Sep 15, 2020 at 2:49 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > When classmaps used in a neverallow were being expanded during CIL > neverallow checking, an empty classmapping in the list of > classmappings for a classmap would cause the classmap expansion to > stop and the rest of the classmapping of the classmap to be ignored. > This would mean that not all of the classes and permissions associated > with the classmap would be used to check for a neverallow violation. > > Do not end the expansion of a classmap when one classmapping is empty. > > Reported-by: Jonathan Hettwer <j2468h@xxxxxxxxx> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
