| Message ID | 20200513144329.181671-1-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | secilc: Fix policy optimization test | expand |
On Wed, May 13, 2020 at 10:46 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was > reverted and attributes with one type are not expanded anymore. > > Fixes: > ./secilc test/policy.cil > ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil > checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null > diff test/opt-expected.cil opt-actual.cil > 11a12 > > (typeattribute at01) > 21a23 > > (typeattributeset at01 (tp01)) > 25c27,28 > < (allow tp01 self (cl01 (p01a p01b p11a p11b))) > --- > > (allow tp01 at01 (cl01 (p11b))) > > (allow tp01 self (cl01 (p01a p01b p11a))) > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > secilc/test/opt-expected.cil | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil > index 73ac9045f23e..14033f9be4dd 100644 > --- a/secilc/test/opt-expected.cil > +++ b/secilc/test/opt-expected.cil > @@ -9,6 +9,7 @@ > (category c01) > (categoryorder (c01)) > (sensitivitycategory s01 (c01)) > +(typeattribute at01) > (typeattribute at02) > (boolean b01 false) > (type tp01) > @@ -19,10 +20,12 @@ > (type tpr3) > (type tpr4) > (type tpr5) > +(typeattributeset at01 (tp01)) > (typeattributeset at02 (tp01 tp02)) > (allow at02 tpr1 (cl01 (p01a p01b p11a))) > (allow at02 tpr3 (cl01 (p01a p01b p11a))) > -(allow tp01 self (cl01 (p01a p01b p11a p11b))) > +(allow tp01 at01 (cl01 (p11b))) > +(allow tp01 self (cl01 (p01a p01b p11a))) > (allow tp01 tpr1 (cl01 (p11b))) > (dontaudit at02 tpr2 (cl01 (p01a p01b p11a))) > (dontaudit at02 tpr4 (cl01 (p01a p01b p11a))) > -- > 2.26.2 >
On Wed, May 13, 2020 at 01:37:13PM -0400, James Carter wrote: > On Wed, May 13, 2020 at 10:46 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > > > Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was > > reverted and attributes with one type are not expanded anymore. > > > > Fixes: > > ./secilc test/policy.cil > > ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil > > checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null > > diff test/opt-expected.cil opt-actual.cil > > 11a12 > > > (typeattribute at01) > > 21a23 > > > (typeattributeset at01 (tp01)) > > 25c27,28 > > < (allow tp01 self (cl01 (p01a p01b p11a p11b))) > > --- > > > (allow tp01 at01 (cl01 (p11b))) > > > (allow tp01 self (cl01 (p01a p01b p11a))) > > > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > > Acked-by: James Carter <jwcart2@gmail.com> Applied. > > --- > > secilc/test/opt-expected.cil | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil > > index 73ac9045f23e..14033f9be4dd 100644 > > --- a/secilc/test/opt-expected.cil > > +++ b/secilc/test/opt-expected.cil > > @@ -9,6 +9,7 @@ > > (category c01) > > (categoryorder (c01)) > > (sensitivitycategory s01 (c01)) > > +(typeattribute at01) > > (typeattribute at02) > > (boolean b01 false) > > (type tp01) > > @@ -19,10 +20,12 @@ > > (type tpr3) > > (type tpr4) > > (type tpr5) > > +(typeattributeset at01 (tp01)) > > (typeattributeset at02 (tp01 tp02)) > > (allow at02 tpr1 (cl01 (p01a p01b p11a))) > > (allow at02 tpr3 (cl01 (p01a p01b p11a))) > > -(allow tp01 self (cl01 (p01a p01b p11a p11b))) > > +(allow tp01 at01 (cl01 (p11b))) > > +(allow tp01 self (cl01 (p01a p01b p11a))) > > (allow tp01 tpr1 (cl01 (p11b))) > > (dontaudit at02 tpr2 (cl01 (p01a p01b p11a))) > > (dontaudit at02 tpr4 (cl01 (p01a p01b p11a))) > > -- > > 2.26.2 > > >
diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil index 73ac9045f23e..14033f9be4dd 100644 --- a/secilc/test/opt-expected.cil +++ b/secilc/test/opt-expected.cil @@ -9,6 +9,7 @@ (category c01) (categoryorder (c01)) (sensitivitycategory s01 (c01)) +(typeattribute at01) (typeattribute at02) (boolean b01 false) (type tp01) @@ -19,10 +20,12 @@ (type tpr3) (type tpr4) (type tpr5) +(typeattributeset at01 (tp01)) (typeattributeset at02 (tp01 tp02)) (allow at02 tpr1 (cl01 (p01a p01b p11a))) (allow at02 tpr3 (cl01 (p01a p01b p11a))) -(allow tp01 self (cl01 (p01a p01b p11a p11b))) +(allow tp01 at01 (cl01 (p11b))) +(allow tp01 self (cl01 (p01a p01b p11a))) (allow tp01 tpr1 (cl01 (p11b))) (dontaudit at02 tpr2 (cl01 (p01a p01b p11a))) (dontaudit at02 tpr4 (cl01 (p01a p01b p11a)))
Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was reverted and attributes with one type are not expanded anymore. Fixes: ./secilc test/policy.cil ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null diff test/opt-expected.cil opt-actual.cil 11a12 > (typeattribute at01) 21a23 > (typeattributeset at01 (tp01)) 25c27,28 < (allow tp01 self (cl01 (p01a p01b p11a p11b))) --- > (allow tp01 at01 (cl01 (p11b))) > (allow tp01 self (cl01 (p01a p01b p11a))) Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- secilc/test/opt-expected.cil | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)