From 73313a752859c7fda03d3bd091985606b592ff05 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Wed, 23 Nov 2016 23:06:43 +0100 Subject: [PATCH] libsepol: do not check decl->symtab[i].nprim Commit 02a7d77ef2bf ("libsepol: make parsing symbol table headers more robust") broke refpolicy build, because checkmodule generates avrule decl blocks with "decl->symtab[i].nprim = 0" for all possible i, even when decl->symtab[SYM_ROLES] and decl->symtab[SYM_TYPES] are not empty. More precisely, decl->symtab[i].nprim seems to be only updated in libsepol/src/link.c (in *_copy_callback() functions). Revert the buggy part of commit 02a7d77ef2bf to fix this regression. Signed-off-by: Nicolas Iooss --- libsepol/src/policydb.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index d1019e42..f9b2ec37 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -3510,10 +3510,6 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, return -1; nprim = le32_to_cpu(buf[0]); nel = le32_to_cpu(buf[1]); - if (nel && !nprim) { - ERR(fp->handle, "unexpected items in decl symbol table with no symbol"); - return -1; - } for (j = 0; j < nel; j++) { if (read_f[i] (p, decl->symtab[i].table, fp)) { return -1;