On Mon, Jun 14, 2021 at 5:05 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > The syntax array that cil_gen_defaultrange() called __cil_verify_syntax() > with was wrong. It had the range (which should be low, high, or low-high) > as optional when it is not. > > Use the correct syntax array to check the syntax of the defaultrange rule. > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > --- > libsepol/cil/src/cil_build_ast.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > index 71f14e20..a5f617d8 100644 > --- a/libsepol/cil/src/cil_build_ast.c > +++ b/libsepol/cil/src/cil_build_ast.c > @@ -5862,7 +5862,7 @@ int cil_gen_defaultrange(struct cil_tree_node *parse_current, struct cil_tree_no > CIL_SYN_STRING, > CIL_SYN_STRING | CIL_SYN_LIST, > CIL_SYN_STRING, > - CIL_SYN_STRING | CIL_SYN_END, > + CIL_SYN_STRING, > CIL_SYN_END > }; > int syntax_len = sizeof(syntax)/sizeof(*syntax); > -- > 2.26.3 Hello, This patch will break selinux-testsuite with: /usr/sbin/semodule -i test_policy/test_policy.pp test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil test_add_levels.cil test_glblub.cil Invalid syntax Bad defaultrange declaration at /var/lib/selinux/targeted/tmp/modules/400/test_glblub/cil:1 Failed to build AST /usr/sbin/semodule: Failed! ... because it currently uses, in https://github.com/SELinuxProject/selinux-testsuite/blob/0b78a9d433e8c4f956d18dc0db901f0a1a58c003/policy/test_glblub.cil : (defaultrange db_table glblub) If I understand the commit message correctly, a range (low, high or low-high) has to be added to this statement. I am not familiar with glbulb and do not know how the testsuite should be modified. Could the policy used by the testsuite be fixed before applying this patch? Cheers, Nicolas (PS : I was quite busy last month but now I have some time again to catch up with SELinux patches :) )
