[PATCH 01/16 v2] libsepol: Return an error if check_assertion() returns an error.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Instead of calling report_assertion_failures() and treating an
error like it was a neverallow violation, just return an error.

Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
 libsepol/src/assertion.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
index dd2749a0..ba4a204f 100644
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@@ -538,6 +538,10 @@ int check_assertions(sepol_handle_t * handle, policydb_t * p,
 		if (!(a->specified & (AVRULE_NEVERALLOW | AVRULE_XPERMS_NEVERALLOW)))
 			continue;
 		rc = check_assertion(p, a);
+		if (rc < 0) {
+			ERR(handle, "Error occurred while checking neverallows");
+			return -1;
+		}
 		if (rc) {
 			rc = report_assertion_failures(handle, p, a);
 			if (rc < 0) {
-- 
2.31.1




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux