From 46e157b470db724631598f00bf340ff066e219f8 Mon Sep 17 00:00:00 2001 From: James Carter Date: Thu, 28 Jul 2016 10:39:14 -0400 Subject: [PATCH] libsepol/cil: Warn instead of fail if permission is not resolve If a policy module package has been created with a policy that contains a permission and then is used on a system without that permission CIL will fail with an error when it cannot resolve the permission. This will prevent the installation on policy and the user will not know that the policy has not been installed. Signed-off-by: James Carter --- libsepol/cil/src/cil_resolve_ast.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 70e4462b..8348d57a 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -131,10 +131,10 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, } } if (rc != SEPOL_OK) { - cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data); - goto exit; + cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data); + } else { + cil_list_append(*perm_datums, CIL_DATUM, perm_datum); } - cil_list_append(*perm_datums, CIL_DATUM, perm_datum); } else { cil_list_append(*perm_datums, curr->flavor, curr->data); } @@ -3660,7 +3660,7 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished rc = SEPOL_OK; } - cil_tree_log(node, lvl, "Failed to resolve '%s' in %s statement", args->last_resolved_name, cil_node_to_string(node)); + cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node)); goto exit; }