@@ -1196,7 +1196,7 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a
struct type_set *ts;
for (avrule = avrule_list; avrule != NULL; avrule = avrule->next) {
- if ((avrule->specified & (AVRULE_NEVERALLOW|AVRULE_XPERMS_NEVERALLOW)) &&
+ if ((avrule->specified & (AVRULE_ALLOWED|AVRULE_XPERMS_ALLOWED|AVRULE_NEVERALLOW|AVRULE_XPERMS_NEVERALLOW)) &&
avrule->source_filename) {
cil_println(0, ";;* lmx %lu %s\n",avrule->source_line, avrule->source_filename);
}
@@ -1264,7 +1264,7 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a
names_destroy(&snames, &num_snames);
names_destroy(&tnames, &num_tnames);
- if ((avrule->specified & (AVRULE_NEVERALLOW|AVRULE_XPERMS_NEVERALLOW)) &&
+ if ((avrule->specified & (AVRULE_ALLOWED|AVRULE_XPERMS_ALLOWED|AVRULE_NEVERALLOW|AVRULE_XPERMS_NEVERALLOW)) &&
avrule->source_filename) {
cil_println(0, ";;* lme\n");
}
Currently, only line markers for neverallow rules are printed. This makes people difficult to debug a neverallow failure with cil files generated by checkpolicy. This change additionally prints line markers for allow and allowxperm statements to make debugging easier. Signed-off-by: Inseob Kim <inseob@google.com> --- libsepol/src/module_to_cil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)