| Message ID | 20210316203943.47733-1-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] libsepol: Write "NO_IDENTIFIER" for empty constraint expression | expand |
On Tue, Mar 16, 2021 at 9:40 PM James Carter <jwcart2@gmail.com> wrote: > > If a role attribute with no roles associated with it is used in a > constraint expression, then the role bitmap will be empty. This is > not a problem for the kernel, but does cause problems when > converting a kernel policy to policy.conf. > > When creating a policy.conf from a kernel policy, if an empty bitmap > is encountered, use the string "NO_IDENTIFIER". An error will occur > if an attempt is made to compile the resulting policy, but this is > better than exiting with an error without creating a policy.conf. > > Signed-off-by: James Carter <jwcart2@gmail.com> For these 2 patches: Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> > --- > libsepol/src/kernel_to_conf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c > index a22f196d..263f9639 100644 > --- a/libsepol/src/kernel_to_conf.c > +++ b/libsepol/src/kernel_to_conf.c > @@ -186,7 +186,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr > names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1); > } > if (!names) { > - goto exit; > + names = strdup("NO_IDENTIFIER"); > } > new_val = create_str("%s %s %s", 3, attr1, op, names); > free(names); > -- > 2.26.2 >
On Wed, Mar 17, 2021 at 5:29 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > On Tue, Mar 16, 2021 at 9:40 PM James Carter <jwcart2@gmail.com> wrote: > > > > If a role attribute with no roles associated with it is used in a > > constraint expression, then the role bitmap will be empty. This is > > not a problem for the kernel, but does cause problems when > > converting a kernel policy to policy.conf. > > > > When creating a policy.conf from a kernel policy, if an empty bitmap > > is encountered, use the string "NO_IDENTIFIER". An error will occur > > if an attempt is made to compile the resulting policy, but this is > > better than exiting with an error without creating a policy.conf. > > > > Signed-off-by: James Carter <jwcart2@gmail.com> > > For these 2 patches: > Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> > These 2 patches have been merged. Thanks, Jim > > --- > > libsepol/src/kernel_to_conf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c > > index a22f196d..263f9639 100644 > > --- a/libsepol/src/kernel_to_conf.c > > +++ b/libsepol/src/kernel_to_conf.c > > @@ -186,7 +186,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr > > names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1); > > } > > if (!names) { > > - goto exit; > > + names = strdup("NO_IDENTIFIER"); > > } > > new_val = create_str("%s %s %s", 3, attr1, op, names); > > free(names); > > -- > > 2.26.2 > > >
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index a22f196d..263f9639 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -186,7 +186,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr names = ebitmap_to_str(&curr->names, pdb->p_role_val_to_name, 1); } if (!names) { - goto exit; + names = strdup("NO_IDENTIFIER"); } new_val = create_str("%s %s %s", 3, attr1, op, names); free(names);
If a role attribute with no roles associated with it is used in a constraint expression, then the role bitmap will be empty. This is not a problem for the kernel, but does cause problems when converting a kernel policy to policy.conf. When creating a policy.conf from a kernel policy, if an empty bitmap is encountered, use the string "NO_IDENTIFIER". An error will occur if an attempt is made to compile the resulting policy, but this is better than exiting with an error without creating a policy.conf. Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/src/kernel_to_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)