libsepol: role_fix_callback skips out-of-scope roles during expansion.
If a role identifier is out of scope it would be skipped over during expansion, accordingly, be it a role attribute, it should be skipped over as well when role_fix_callback tries to propagate its capability to all its sub-roles. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
46ce32a6ee
commit
2ef297d4c8
|
@ -723,6 +723,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!is_id_enabled(id, state->base, SYM_ROLES)) {
|
||||||
|
/* identifier's scope is not enabled */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (role->flavor != ROLE_ATTRIB)
|
if (role->flavor != ROLE_ATTRIB)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue