RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol: role_fix_callback skips out-of-scope roles during expansion. 

If a role identifier is out of scope it would be skipped over during
expansion, accordingly, be it a role attribute, it should be skipped
over as well when role_fix_callback tries to propagate its capability
to all its sub-roles.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Harry Ciao 2012-02-25 09:40:08 +08:00 committed by Eric Paris
parent 46ce32a6ee
commit 2ef297d4c8
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libsepol/src/expand.c
View File

@ -723,6 +723,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
return 0;
}
if (!is_id_enabled(id, state->base, SYM_ROLES)) {
/* identifier's scope is not enabled */
return 0;
}
if (role->flavor != ROLE_ATTRIB)
return 0;