RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-21 20:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: Make return value clearer when reporting neverallowx errors

Browse Source 
The value returned from report_assertion_extended_permissions() is
the nubmer of errors, so call it that instead of ret.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2022-01-11 12:42:05 -05:00
parent 88c79c6865
commit 461067242a
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libsepol/src/assertion.c
View File

@ -148,8 +148,8 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
ebitmap_t *tattr = &p->type_attr_map[ttype];
ebitmap_node_t *snode, *tnode;
unsigned int i, j;
int rc = 1;
int ret = 0;
int rc;
int errors = 0;
memcpy(&tmp_key, k, sizeof(avtab_key_t));
tmp_key.specified = AVTAB_XPERMS_ALLOWED;
@ -178,15 +178,14 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
p->p_class_val_to_name[curperm->tclass - 1],
sepol_extended_perms_to_string(&error));
rc = 0;
ret++;
errors++;
}
}
}
}
/* failure on the regular permissions */
if (rc) {
if (!errors) {
ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of policy.conf) violated by\n"
"allow %s %s:%s {%s };",
avrule->source_line, avrule->source_filename, avrule->line,
@ -194,11 +193,11 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
p->p_type_val_to_name[ttype],
p->p_class_val_to_name[curperm->tclass - 1],
sepol_av_to_string(p, curperm->tclass, perms));
ret++;
errors++;
}
return ret;
return errors;
}
static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void *args)