Author: Daniel J Walsh

Email: dwalsh@redhat.com Subject: Only call gen_requires once. Date: Thu, 11 Sep 2008 09:35:54 -0400 Currently audit2allow/sepolgen will create two identical gen_requires block if you have allow rules and a role statement. This patch fixes this problem. Signed-off-by: Joshua Brindle <method@manicmethod.com>
2008-09-07 18:42:35 -04:00 · 2008-09-07 18:42:35 -04:00 · f210ced209
parent 95e4b5c3cc
commit f210ced209
1 changed files with 4 additions and 8 deletions
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@ -134,6 +134,10 @@ class PolicyGenerator:
            m.refpolicy = False

    def get_module(self):
+        # Generate the requires
+        if self.gen_requires:
+            gen_requires(self.module)
+
        """Return the generated module"""
        return self.module

@ -163,18 +167,10 @@ class PolicyGenerator:
        # Generate the raw allow rules from the filtered list
        self.__add_allow_rules(raw_allow)

-        # Generate the requires
-        if self.gen_requires:
-            gen_requires(self.module)
-
    def add_role_types(self, role_type_set):
        for role_type in role_type_set:
            self.module.children.append(role_type)

-        # Generate the requires
-        if self.gen_requires:
-            gen_requires(self.module)
-
 def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
    """Explain why a policy statement was generated.