Re: [PATCH] libsepol: quote paths in CIL conversion

James Carter <jwcart2@xxxxxxxxx> · Mon, 14 Jun 2021 09:36:50 -0400

On Wed, Jun 9, 2021 at 1:40 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Tue, Jun 8, 2021 at 3:46 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > When generating CIL policy from kernel or module policy quote paths,
> > which are allowed to contain spaces, in the statements `genfscon` and
> > `devicetreecon`.
> >
> > Reported by LuK1337 while building policy for Android via IRC.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/src/kernel_to_cil.c | 4 ++--
> >  libsepol/src/module_to_cil.c | 2 +-
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index 989aacde..30a27bf5 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
> >                                 goto exit;
> >                         }
> >
> > -                       rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
> > +                       rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
> >                                                  fstype, name, ctx);
> >                         free(ctx);
> >                         if (rc != 0) {
> > @@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
> >                         goto exit;
> >                 }
> >
> > -               sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
> > +               sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
> >
> >                 free(ctx);
> >         }
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 496693f4..19c7c65c 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
> >
> >         for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
> >                 for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
> > -                       cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
> > +                       cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
> >                         context_to_cil(pdb, &ocon->context[0]);
> >                         cil_printf(")\n");
> >                 }
> > --
> > 2.32.0
> >