From 86bad3dbf981b7d645d41e4c93649dcf782b1a6f Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Wed, 23 Nov 2016 23:06:42 +0100
Subject: [PATCH] libsepol: do not modify p->p_roles.nprim in role_set_expand

There is no reason to modify the number of roles defined in a policy
when no role is being inserted.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/expand.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 32df6f8b..7244e01f 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2424,7 +2424,7 @@ int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * out, policydb_t
 	ebitmap_init(r);
 
 	if (x->flags & ROLE_STAR) {
-		for (i = 0; i < p->p_roles.nprim++; i++)
+		for (i = 0; i < p->p_roles.nprim; i++)
 			if (ebitmap_set_bit(r, i, 1))
 				return -1;
 		return 0;