selinux/libsepol
Harry Ciao dbc9a61819 libsepol: Only call role_fix_callback for base.p_roles during expansion.
expand_role_attributes() would merge the sub role attribute's roles
ebitmap into that of the parent, then clear it off from the parent's
roles ebitmap. This supports the assertion in role_fix_callback() that
any role attribute's roles ebitmap contains just regular roles.

expand_role_attribute() works on base.p_roles table but not any
block/decl's p_roles table, so the above assertion in role_fix_callback
could fail when it is called for block/decl and some role attribute is
added into another.

Since the effect of get_local_role() would have been complemented by
the populate_roleattributes() at the end of the link phase, there is
no needs(and wrong) to call role_fix_callback() for block/decl in the
expand phase.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-08-03 18:02:38 -04:00
..
include Add role attribute support when expanding role_set_t. 2011-07-25 10:09:43 -04:00
man initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
src libsepol: Only call role_fix_callback for base.p_roles during expansion. 2011-08-03 18:02:38 -04:00
tests reactivate attribute mapping unit test 2010-03-24 13:55:23 -04:00
utils initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
.gitignore Add subdirectory .gitignore files. 2009-10-20 21:25:55 -04:00
ChangeLog Minor version bump for updates as of 2011-08-01 2011-08-01 13:49:21 -04:00
COPYING initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
VERSION Minor version bump for updates as of 2011-08-01 2011-08-01 13:49:21 -04:00