mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-18 20:24:32 +00:00
908898846a
Unlike queue_remove(), queue_head() does not modify the queue, but
rather, returns a pointer to an element within the queue. Freeing the
memory associated with a value returned from that function corrupts
subsequent users of the queue, who may try to reference this
now-deallocated memory.
This causes the following policy generation errors on Android:
FAILED:
out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy_nvr.cil
/bin/bash -c "out/host/linux-x86/bin/checkpolicy -M -C -c 30 -o
out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy_nvr.cil
out/target/product/bullhead/obj/ETC/plat_sepolicy.cil_intermediates/plat_policy.conf"
system/sepolicy/public/app.te:241:ERROR 'only ioctl extended permissions
are supported' at token ';' on line 6784:
#line 241
} };
checkpolicy: error(s) encountered while parsing configuration
because the value of "id" in:
id = queue_remove(id_queue);
if (strcmp(id,"ioctl") == 0) {
...
} else {
yyerror("only ioctl extended permissions are supported");
...
}
is now garbage.
This is a partial revert of the following commit:
|
||
---|---|---|
.. | ||
test | ||
.gitignore | ||
checkmodule.8 | ||
checkmodule.c | ||
checkpolicy.8 | ||
checkpolicy.c | ||
checkpolicy.h | ||
COPYING | ||
Makefile | ||
module_compiler.c | ||
module_compiler.h | ||
parse_util.c | ||
parse_util.h | ||
policy_define.c | ||
policy_define.h | ||
policy_parse.y | ||
policy_scan.l | ||
queue.c | ||
queue.h | ||
VERSION |