tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

label_file.h: actually use the results of compat_validate

Browse source 
process_line called compat_validate, but never actually looked at the
return value. When an invalid entry is found, a warning is printed, but
since the upper layers of the code don't see the error, validation
appears to succeed.

Steps to reproduce on Android:

1) Edit system/sepolicy/private/file_contexts and create an entry with
an invalid label.
2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to
check if file_contexts is valid.

Expected: Compile failure.
Actual: Compile succeeds with warnings.

Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Nick Kralevich 2016-11-18 13:58:01 -08:00 committed by Stephen Smalley
parent 49bfee8562
commit 8f9057c2ea
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libselinux/src/label_file.h
View file

@ -467,7 +467,7 @@ static inline int process_line(struct selabel_handle *rec,
spec_hasMetaChars(&spec_arr[nspec]);
if (strcmp(context, "<<none>>") && rec->validating)
compat_validate(rec, &spec_arr[nspec].lr, path, lineno);
return compat_validate(rec, &spec_arr[nspec].lr, path, lineno);
return 0;
}