RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-23 21:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: Enclose identifier lists in constraint expressions

Browse Source 
When writing a policy.conf from a kernel policy, if there are
multiple users, roles, or types, then the list needs to be enclosed
by "{" and "}".

When writing a constraint expression, check to see if there are
multiple identifiers in the names string and enclose the list
with "{" and "}" if there are.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-03-16 14:42:36 -04:00
parent d4d0955c67
commit dbe890ab9f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libsepol/src/kernel_to_conf.c
View File

@ -188,7 +188,11 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
if (!names) {
names = strdup("NO_IDENTIFIER");
}
new_val = create_str("%s %s %s", 3, attr1, op, names);
if (strchr(names, ' ')) {
new_val = create_str("%s %s { %s }", 3, attr1, op, names);
} else {
new_val = create_str("%s %s %s", 3, attr1, op, names);
}
free(names);
}
} else {