No description
8f9057c2ea
process_line called compat_validate, but never actually looked at the return value. When an invalid entry is found, a warning is printed, but since the upper layers of the code don't see the error, validation appears to succeed. Steps to reproduce on Android: 1) Edit system/sepolicy/private/file_contexts and create an entry with an invalid label. 2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to check if file_contexts is valid. Expected: Compile failure. Actual: Compile succeeds with warnings. Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| checkpolicy | ||
| dbus | ||
| gui | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| mcstrans | ||
| policycoreutils | ||
| python | ||
| restorecond | ||
| sandbox | ||
| scripts | ||
| secilc | ||
| semodule-utils | ||
| .gitignore | ||
| CleanSpec.mk | ||
| Makefile | ||
| README | ||
Please submit all bug reports and patches to selinux@tycho.nsa.gov. Subscribe via selinux-join@tycho.nsa.gov. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel xmlto redhat-rpm-config To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces.