| Message ID | 20231101163830.177769-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 4670a63081c3 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/3] libsepol: validate default type of transition is not an attribute | expand |
On Wed, Nov 1, 2023 at 12:39 PM Christian Göttsche <cgzones@googlemail.com> wrote: > > The default type of a type transition must be a regular type, not an > attribute. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libsepol/src/policydb_validate.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c > index 892a0ffd..d214bf09 100644 > --- a/libsepol/src/policydb_validate.c > +++ b/libsepol/src/policydb_validate.c > @@ -1105,7 +1105,7 @@ static int validate_filename_trans(hashtab_key_t k, hashtab_datum_t d, void *arg > for (; ftd; ftd = ftd->next) { > if (validate_ebitmap(&ftd->stypes, &flavors[SYM_TYPES])) > goto bad; > - if (validate_value(ftd->otype, &flavors[SYM_TYPES])) > + if (validate_simpletype(ftd->otype, &flavors[SYM_TYPES])) You are missing an argument. validate_simpletype() takes three arguments. The 2nd one should be the policydb. Making the policydb available here is going to take a bit of work. Jim > goto bad; > } > > -- > 2.42.0 >
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 892a0ffd..d214bf09 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1105,7 +1105,7 @@ static int validate_filename_trans(hashtab_key_t k, hashtab_datum_t d, void *arg for (; ftd; ftd = ftd->next) { if (validate_ebitmap(&ftd->stypes, &flavors[SYM_TYPES])) goto bad; - if (validate_value(ftd->otype, &flavors[SYM_TYPES])) + if (validate_simpletype(ftd->otype, &flavors[SYM_TYPES])) goto bad; }
The default type of a type transition must be a regular type, not an attribute. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/src/policydb_validate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)