From 8f9057c2ea851b9caca23020f4cb99c84fed1d50 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 18 Nov 2016 13:58:01 -0800 Subject: [PATCH] label_file.h: actually use the results of compat_validate process_line called compat_validate, but never actually looked at the return value. When an invalid entry is found, a warning is printed, but since the upper layers of the code don't see the error, validation appears to succeed. Steps to reproduce on Android: 1) Edit system/sepolicy/private/file_contexts and create an entry with an invalid label. 2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to check if file_contexts is valid. Expected: Compile failure. Actual: Compile succeeds with warnings. Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb Signed-off-by: Stephen Smalley --- libselinux/src/label_file.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h index 00c0a5c1..4ac64d59 100644 --- a/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h @@ -467,7 +467,7 @@ static inline int process_line(struct selabel_handle *rec, spec_hasMetaChars(&spec_arr[nspec]); if (strcmp(context, "<>") && rec->validating) - compat_validate(rec, &spec_arr[nspec].lr, path, lineno); + return compat_validate(rec, &spec_arr[nspec].lr, path, lineno); return 0; }