James Carter <jwcart2@xxxxxxxxx> writes: > On Tue, Feb 23, 2021 at 8:13 AM Christian Göttsche > <cgzones@xxxxxxxxxxxxxx> wrote: >> >> CIL permits not assigning a context to a SID, e.g. to an unused initial >> SID, e.g. 'any_socket'. >> >> When using the example policy from the SELinux Notebook, >> https://github.com/SELinuxProject/selinux-notebook/blob/main/src/notebook-examples/cil-policy/cil-policy.cil, >> secilc logs: >> >> No context assigned to SID any_socket, omitting from policy at cil-policy.cil:166 >> >> But secil2conf segfaults when writing the policy.conf: >> >> ../cil/src/cil_policy.c:274:2: runtime error: member access within null pointer of type 'struct cil_context' >> >> Only print the sid context statement if a context was actually assigned. >> The sid declaration is still included via cil_sid_decls_to_policy(). >> >> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > Oops, I should have noticed that. I was too focused on the segfault. > > Acked-by: James Carter <jwcart2@xxxxxxxxx> Merged, thanks! >> --- >> v2: >> Drop the statement completely in cil_sid_contexts_to_policy(), >> cause cil_sid_decls_to_policy() will have printed the context less >> declaration already. >> >> libsepol/cil/src/cil_policy.c | 8 +++++--- >> 1 file changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c >> index 74edb345..91e767b7 100644 >> --- a/libsepol/cil/src/cil_policy.c >> +++ b/libsepol/cil/src/cil_policy.c >> @@ -1660,9 +1660,11 @@ static void cil_sid_contexts_to_policy(FILE *out, struct cil_list *sids, int mls >> >> cil_list_for_each(i1, sids) { >> sid = i1->data; >> - fprintf(out, "sid %s ", sid->datum.fqn); >> - cil_context_to_policy(out, sid->context, mls); >> - fprintf(out,"\n"); >> + if (sid->context) { >> + fprintf(out, "sid %s ", sid->datum.fqn); >> + cil_context_to_policy(out, sid->context, mls); >> + fprintf(out,"\n"); >> + } >> } >> } >> >> -- >> 2.30.1 >>
