tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libsepol/cil: Warn instead of fail if permission is not resolve

Browse source 
If a policy module package has been created with a policy that contains
a permission and then is used on a system without that permission CIL
will fail with an error when it cannot resolve the permission.

This will prevent the installation on policy and the user will not
know that the policy has not been installed.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
James Carter 2016-07-28 10:39:14 -04:00 committed by Stephen Smalley
parent d5396d8312
commit 46e157b470
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libsepol/cil/src/cil_resolve_ast.c
View file

@ -131,10 +131,10 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab,
}
}
if (rc != SEPOL_OK) {
cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data);
goto exit;
}
cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data);
} else {
cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
}
} else {
cil_list_append(*perm_datums, curr->flavor, curr->data);
}
@ -3660,7 +3660,7 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
rc = SEPOL_OK;
}
cil_tree_log(node, lvl, "Failed to resolve '%s' in %s statement", args->last_resolved_name, cil_node_to_string(node));
cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
goto exit;
}