On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> When generating CIL policy from kernel or module policy quote paths,
> which are allowed to contain spaces, in the statements `genfscon` and
> `devicetreecon`.
>
> Reported by LuK1337 while building policy for Android via IRC.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/src/kernel_to_cil.c | 4 ++--
> libsepol/src/module_to_cil.c | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index 989aacde..30a27bf5 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
> goto exit;
> }
>
> - rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> + rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
> fstype, name, ctx);
> free(ctx);
> if (rc != 0) {
> @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
> goto exit;
> }
>
> - sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> + sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
>
> free(ctx);
> }
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index 496693f4..19c7c65c 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
>
> for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
> for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> - cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> + cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
> context_to_cil(pdb, &ocon->context[0]);
> cil_printf(")\n");
> }
> --
> 2.32.0
>
