On Tue, Sep 15, 2020 at 4:45 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Tue, Sep 15, 2020 at 2:49 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > When classmaps used in a neverallow were being expanded during CIL > > neverallow checking, an empty classmapping in the list of > > classmappings for a classmap would cause the classmap expansion to > > stop and the rest of the classmapping of the classmap to be ignored. > > This would mean that not all of the classes and permissions associated > > with the classmap would be used to check for a neverallow violation. > > > > Do not end the expansion of a classmap when one classmapping is empty. > > > > Reported-by: Jonathan Hettwer <j2468h@xxxxxxxxx> > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> Applied.