From e7694874c20efaf6670f6639b0383077015b8d0c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sun, 22 Feb 2015 10:12:23 -0500 Subject: [PATCH 1/2] libsepol: Fix error path in mls_semantic_level_expand(). If the level contains a category that is not associated with a sensitivity, the code correctly detects the condition, but does not return an error. Signed-off-by: Chris PeBenito Acked-by: Steve Lawrence --- libsepol/src/expand.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 467f7a71..3193ef55 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -914,10 +914,11 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l, } for (i = cat->low - 1; i < cat->high; i++) { if (!ebitmap_get_bit(&levdatum->level->cat, i)) { - ERR(h, "Category %s can not be associate with " + ERR(h, "Category %s can not be associated with " "level %s", p->p_cat_val_to_name[i], p->p_sens_val_to_name[l->sens - 1]); + return -1; } if (ebitmap_set_bit(&l->cat, i, 1)) { ERR(h, "Out of memory!"); From 68f356e21a5839052c81b4806b42090bb71205a2 Mon Sep 17 00:00:00 2001 From: Steve Lawrence Date: Mon, 23 Feb 2015 08:23:07 -0500 Subject: [PATCH 2/2] Update libsepol ChangeLog --- libsepol/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/libsepol/ChangeLog b/libsepol/ChangeLog index 33e42cd6..345ef355 100644 --- a/libsepol/ChangeLog +++ b/libsepol/ChangeLog @@ -1,3 +1,4 @@ + * Fix error path in mls_semantic_level_expand(), from Chris PeBenito. * Fix MacOS X build, from Stephen Smalley. * Enabling building CIL in Android, from Stephen Smalley. * Update to latest CIL, includes new name resolution and fixes ordering