The functions constraint_expr_to_str() prepare a string representation for validatetrans and mlsvalidatetrans rules. To decide what keyword to use the type of expression is consulted. Currently the extra target type (CEXPR_XTARGET) is considered to be an MLS statement while its not, e.g.: validatetrans CLASS1 t3 == ATTR1; Actually check for MLS expression types only. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/kernel_to_cil.c | 2 +- libsepol/src/kernel_to_conf.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index e9cd89c2..7e279e3f 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -172,7 +172,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr goto exit; } - if (curr->attr >= CEXPR_XTARGET) { + if (curr->attr >= CEXPR_L1L2) { *use_mls = 1; } diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index c48a7114..4c93cc10 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -169,7 +169,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr goto exit; } - if (curr->attr >= CEXPR_XTARGET) { + if (curr->attr >= CEXPR_L1L2) { *use_mls = 1; } -- 2.40.1