mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-15 10:34:50 +00:00
2eefb20d8f
Nicholas Iooss discovered that using an unknown permission with a map class will cause a segfault. CIL will only give a warning when it fails to resolve an unknown permission to support the use of policy module packages that use permissions that don't exit on the current system. When resolving the unknown map class permission an empty list is used to represent the unknown permission. When it is evaluated later the list is assumed to be a permission and a segfault occurs. There is no reason to allow unknown class map permissions because the class maps and permissions are defined by the policy. Exit with an error when failing to resolve a class map permission. Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| include/cil | ||
| src | ||
| test | ||
| .gitignore | ||