libsepol/cil: restore error on context rule conflicts

Commit bc26ddc59c ("libsepol/cil: Limit the amount of reporting for
context rule conflicts") reworked the processing of context rule
conflicts to limit the number of written conflicting statements to
increase readability of the printed error message.  It forgot to set the
return value, signaling a context conflict, in the case the logging
level is higher than warning (e.g. in semodule(8), which defaults to
error).

Reported-by: Milos Malik <mmalik@redhat.com> [1]
Fixes: bc26ddc59c ("libsepol/cil: Limit the amount of reporting for context rule conflicts")

[1]: https://lore.kernel.org/selinux/87y1u1rkoo.fsf@redhat.com/

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2022-10-12 16:27:51 +02:00 committed by James Carter
parent fa5b0504d8
commit 3f11c7d19c
1 changed files with 1 additions and 1 deletions

View File

@ -2290,6 +2290,7 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
} else {
removed++;
if (!db->multiple_decls || concompar(&sort->array[i], &sort->array[j]) != 0) {
rc = SEPOL_ERR;
conflicting++;
if (log_level >= CIL_WARN) {
struct cil_list_item li;
@ -2297,7 +2298,6 @@ static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)
li.flavor = flavor;
if (conflicting == 1) {
cil_log(CIL_WARN, "Found conflicting %s rules\n", flavor_str);
rc = SEPOL_ERR;
li.data = sort->array[i];
rc2 = cil_tree_walk(db->ast->root, __cil_post_report_conflict,
NULL, NULL, &li);