libsepol: fix pp module to cil nodecon statement
Policy modules do not have the concept of named IP addresses like CIL does. So when converting nodecode statements from pp policy modules to CIL, we need to wrap the IP address and mask parameters in parentheses so that the CIL compiler does not try to resolve them as named addresses, but instead treats them as anonymous. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
This commit is contained in:
parent
05abcb1d13
commit
1ef665cb92
|
@ -2721,7 +2721,7 @@ static int ocontext_selinux_node_to_cil(struct policydb *pdb, struct ocontext *n
|
|||
goto exit;
|
||||
}
|
||||
|
||||
cil_printf("(nodecon %s %s ", addr, mask);
|
||||
cil_printf("(nodecon (%s) (%s) ", addr, mask);
|
||||
|
||||
context_to_cil(pdb, &node->context[0]);
|
||||
|
||||
|
@ -2753,7 +2753,7 @@ static int ocontext_selinux_node6_to_cil(struct policydb *pdb, struct ocontext *
|
|||
goto exit;
|
||||
}
|
||||
|
||||
cil_printf("(nodecon %s %s ", addr, mask);
|
||||
cil_printf("(nodecon (%s) (%s) ", addr, mask);
|
||||
|
||||
context_to_cil(pdb, &node->context[0]);
|
||||
|
||||
|
|
Loading…
Reference in New Issue