James Carter 18f8747b28 libsepol/cil: Handle operations in a class mapping when verifying ... When checking for circular class permission declarations and a class mapping is encountered, the class permissions for each map permission must be checked. An assumption was made that there were no operators in the class permissions. An operator in the class permissions would cause a segfault. Example causing segault: (classmap cm1 (mp1)) (classmapping cm1 mp1 (CLASS (PERM))) (classpermission cp1) (classpermissionset cp1 (cm1 (all))) For map class permissions, check each item in the permission list to see if it is an operator. If it is not, then verify the class permissions associated with the map permission. If it is an operator and the operator is "all", then create a list of all permissions for that map class and verify the class permissions associated with each map permission. If it is a different operator, then it can be skipped. This bug was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com>		2021-09-22 10:01:19 +02:00
..
include/cil	libsepol/cil: Provide option to allow qualified names in declarations	2021-07-03 16:00:26 +02:00
src	libsepol/cil: Handle operations in a class mapping when verifying	2021-09-22 10:01:19 +02:00
test
.gitignore