From patchwork Fri May 22 14:55:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 11565831 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 01D1D13B4 for ; Fri, 22 May 2020 14:56:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DE8782088E for ; Fri, 22 May 2020 14:56:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jfq02NHq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730188AbgEVO4A (ORCPT ); Fri, 22 May 2020 10:56:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730819AbgEVOzk (ORCPT ); Fri, 22 May 2020 10:55:40 -0400 Received: from mail-qv1-xf44.google.com (mail-qv1-xf44.google.com [IPv6:2607:f8b0:4864:20::f44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2EF5C061A0E for ; Fri, 22 May 2020 07:55:39 -0700 (PDT) Received: by mail-qv1-xf44.google.com with SMTP id ee19so4816983qvb.11 for ; Fri, 22 May 2020 07:55:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Je8YlBjF9cr1RF/qV83akxJO6Usdt34yKaROltc5/4g=; b=jfq02NHq7H06YUqvtMoeFBPZZwYibOWWQ0JdEpyPvEChM0wr0Dyb3dIbJhPRgll7KE Ko6+MAhPNGT3UaN2NBGtNMuE3X1diZ7TpkIkIBxobky2TQSpcb0+iZDUDVAzNSsACLou xUDEuonWerAGJtRlmYQzqnC7/qoF6Zp23pDELe9frpvG3S2QRhUYJ4GOUMyidH3gXd6J NOjI+qx9xqQmFi4knEjWen0j27HqekrOQKN0BlJV9rbwo5NMsgf9NfWPq0CF+sPJX3Iy 3laBkjxmkp6dTFczCqMFtzDq6SH6MV9Vn6LJNWuokVycaioEafI3yv++qpDGbNBgENek CKZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Je8YlBjF9cr1RF/qV83akxJO6Usdt34yKaROltc5/4g=; b=a/AxZRPdXHmKir3+viEddnABKYD4NYgK6imsXy7p+BU5kHa/lbrIM/Kw/W5W56E3mP k3IJg1V5lufgBIILCwJNK9pBgpvHfMvQF8dm6B56m0v6WHQgrSm4PQKatKEtkk9ZPXC3 BsZlxoxDqKFZW7IceSL2SsiptPEEY5V2TAvYoIN5T54Z3cW9J3lOWN3H7EoGAXw1vkza b0WEck8+LBguyUyG9WKDPH7sP9kX5O01szntJMeZPfTwV1TNYYCm0VNOfn4+tqhMjpX7 BagE04fo3sHW7ntqueuN1OJTQllQzWWSP7ZXWT4q3Ij+v2jPNhhkmzv/D7uW6nurjljc 5/7g== X-Gm-Message-State: AOAM532K0lBX+/iUay95kx3PU2ksqBdXc98tVg/nRQ/OIt8XCDmh/gc2 w+Yo1wnIYnpMUYZ4uJMZrJspPnI4/yI= X-Google-Smtp-Source: ABdhPJw/fpl3Z565WioE1GOq3RGm2oHlGSp+r4Z6jpIchDgRL+7uq6z51WoO4r35gTp1Opx9cZENqA== X-Received: by 2002:ad4:4cc9:: with SMTP id i9mr4225851qvz.126.1590159338952; Fri, 22 May 2020 07:55:38 -0700 (PDT) Received: from localhost.localdomain (pool-71-166-99-106.bltmmd.east.verizon.net. [71.166.99.106]) by smtp.gmail.com with ESMTPSA id 9sm7776479qko.29.2020.05.22.07.55.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 May 2020 07:55:38 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH v2 1/3] libsepol: Write CIL default MLS rules on separate lines Date: Fri, 22 May 2020 10:55:11 -0400 Message-Id: <20200522145513.194440-1-jwcart2@gmail.com> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When converting a non-MLS kernel binary policy to CIL, write the CIL default MLS rules (since CIL requires at least one sensitivity, and sensitivityorder statements) on separate lines. This improves the readability of the resulting CIL policy. Signed-off-by: James Carter --- v2: No changes libsepol/src/kernel_to_cil.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index ede78a20..cca77251 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -777,9 +777,9 @@ exit: static void write_default_mls_level(FILE *out) { - sepol_printf(out, "(sensitivity s0)"); - sepol_printf(out, "(sensitivityorder (s0))"); - sepol_printf(out, "(level %s (s0))", DEFAULT_LEVEL); + sepol_printf(out, "(sensitivity s0)\n"); + sepol_printf(out, "(sensitivityorder (s0))\n"); + sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL); } static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args) From patchwork Fri May 22 14:55:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 11565829 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D687514B7 for ; Fri, 22 May 2020 14:55:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BE10C206C3 for ; Fri, 22 May 2020 14:55:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="sZbaUC3Y" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731170AbgEVOz4 (ORCPT ); Fri, 22 May 2020 10:55:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731370AbgEVOzr (ORCPT ); Fri, 22 May 2020 10:55:47 -0400 Received: from mail-qk1-x744.google.com (mail-qk1-x744.google.com [IPv6:2607:f8b0:4864:20::744]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 583FFC061A0E for ; Fri, 22 May 2020 07:55:47 -0700 (PDT) Received: by mail-qk1-x744.google.com with SMTP id i5so10882040qkl.12 for ; Fri, 22 May 2020 07:55:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MNLW+SpC8F1AjfW9/5EzZDT0ejjsZJs1zdPAZDXuqJQ=; b=sZbaUC3YjBufafwG1kQot7ChBcr3wdVSTc5khKBNbtMkFt3DE3qPG9u2Xj9ekik+ne 4N9EpQSWTnzIbNJI9xrX1F91WkWJUY4NyIl3i0LeYdI9C9jBK1IsF+q+8DolLPpt6aIC VUEnQkHVECoNyuS/7Gmx+cgSUiACxhgB4XoJAVhtYjp0TT4K9kMmbKMOBpYd9aHetPht qD6BSWt06CLimURI4f3s+NsA9BZFr8uxkuvszEmal1R5hd/y4USzNE5GotwkBAiUbs08 i/5rtpp/ghYdt4/qjP927yOwaJk3PtQbRgX/eqXli+ezAzrpAFtRd5bhhTisROjvaBrO wv5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MNLW+SpC8F1AjfW9/5EzZDT0ejjsZJs1zdPAZDXuqJQ=; b=P0daWokBXo3+6AR8+N0nBxF0SdRzAnH+mc3n3JOhbY53g2yqA3CSZf4vnlP9pkVQkp WXJoG6GR5eJZlHyKTzJookHRSMu5GZXbNt3AvQaPUlsBZQILFnI+YJnRpMHMluQp2+/p 5ICFGde7j1PzmHRBeeVzQtUYQF/JRboyFiKlCRPYcJIXyO34szhZMBWLRznM578oz3+w NYzYZ3Pqjctsmfd5xCQtYaAa4hNgOgsnMKTU7jw1Cv1C1A1ehMqIKta817zP+uAh0NhY XWJTfJOUKpTaVFTnvC7B1fQo59pjdT1n6htszQ9KoRKKqUktVn/CLLEldItx6T9jiZ+3 IxFw== X-Gm-Message-State: AOAM53320/Hz8q2AaUyo0T53Q2NcacLo0myED74MFHABGkDRB4dQz9YO Xwa4MtXjsP4mjWHJwKJ/UbMsSOCFYUU= X-Google-Smtp-Source: ABdhPJwltWhrIqqguB4+Xi3Ya+9YpNiBHROis6iJnc/0YCKRe+ETL4v5J/vBXvYaCSctnubDzSXG1g== X-Received: by 2002:a05:620a:a93:: with SMTP id v19mr15297318qkg.416.1590159346330; Fri, 22 May 2020 07:55:46 -0700 (PDT) Received: from localhost.localdomain (pool-71-166-99-106.bltmmd.east.verizon.net. [71.166.99.106]) by smtp.gmail.com with ESMTPSA id 9sm7776479qko.29.2020.05.22.07.55.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 May 2020 07:55:46 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH v2 2/3] libsepol: Improve writing CIL sensitivity rules Date: Fri, 22 May 2020 10:55:12 -0400 Message-Id: <20200522145513.194440-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200522145513.194440-1-jwcart2@gmail.com> References: <20200522145513.194440-1-jwcart2@gmail.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Improves writing of CIL sensitivity rules when converting MLS kernel policy to CIL. No changes to functionality, but eliminate useless checks for sensitivity aliases when using the p_sens_val_to_name array, find the actual number of aliases before allocating memory, and skip the sensitivity alias rules if there are no aliases. Signed-off-by: James Carter --- v2: Add "__attribute__((unused))" to unused parameters as suggested by Nicolas Iooss libsepol/src/kernel_to_cil.c | 59 ++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index cca77251..b84da3e5 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -782,6 +782,17 @@ static void write_default_mls_level(FILE *out) sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL); } +static int map_count_sensitivity_aliases(__attribute__((unused)) char *key, void *data, void *args) +{ + level_datum_t *sens = data; + unsigned *count = args; + + if (sens->isalias) + (*count)++; + + return SEPOL_OK; +} + static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args) { level_datum_t *sens = data; @@ -799,26 +810,13 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb) { level_datum_t *level; char *prev, *name, *actual; - struct strs *strs; - unsigned i, num; + struct strs *strs = NULL; + unsigned i, num = 0; int rc = 0; - rc = strs_init(&strs, pdb->p_levels.nprim); - if (rc != 0) { - goto exit; - } - /* sensitivities */ for (i=0; i < pdb->p_levels.nprim; i++) { name = pdb->p_sens_val_to_name[i]; - if (!name) continue; - level = hashtab_search(pdb->p_levels.table, name); - if (!level) { - rc = -1; - goto exit; - } - if (level->isalias) continue; - sepol_printf(out, "(sensitivity %s)\n", name); } @@ -827,14 +825,6 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb) prev = NULL; for (i=0; i < pdb->p_levels.nprim; i++) { name = pdb->p_sens_val_to_name[i]; - if (!name) continue; - level = hashtab_search(pdb->p_levels.table, name); - if (!level) { - rc = -1; - goto exit; - } - if (level->isalias) continue; - if (prev) { sepol_printf(out, "%s ", prev); } @@ -845,6 +835,22 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb) } sepol_printf(out, "))\n"); + rc = hashtab_map(pdb->p_levels.table, map_count_sensitivity_aliases, &num); + if (rc != 0) { + goto exit; + } + + if (num == 0) { + /* No aliases, so skip sensitivity alias rules */ + rc = 0; + goto exit; + } + + rc = strs_init(&strs, num); + if (rc != 0) { + goto exit; + } + rc = hashtab_map(pdb->p_levels.table, map_sensitivity_aliases_to_strs, strs); if (rc != 0) { goto exit; @@ -852,16 +858,9 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb) strs_sort(strs); - num = strs_num_items(strs); - /* sensitivity aliases */ for (i=0; i < num; i++) { name = strs_read_at_index(strs, i); - level = hashtab_search(pdb->p_levels.table, name); - if (!level) { - rc = -1; - goto exit; - } sepol_printf(out, "(sensitivityalias %s)\n", name); } From patchwork Fri May 22 14:55:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 11565827 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 357D613B4 for ; Fri, 22 May 2020 14:55:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D431207BC for ; Fri, 22 May 2020 14:55:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K07mGI58" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730528AbgEVOzy (ORCPT ); Fri, 22 May 2020 10:55:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57902 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731376AbgEVOzx (ORCPT ); Fri, 22 May 2020 10:55:53 -0400 Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15435C061A0E for ; Fri, 22 May 2020 07:55:53 -0700 (PDT) Received: by mail-qk1-x742.google.com with SMTP id n11so5473024qkn.8 for ; Fri, 22 May 2020 07:55:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IK7yvVYrYBCnqwQZV3pANWDC3Repl+X0w5xkoElFxNw=; b=K07mGI58OsqsAQ2T1MOVS3Cq78fEfrure1aNp2TzCDKlbUKSAmVlnPAoU+0W1yjDfn aO3lKUQPVdgBWq224DSECX3HrF+3wFc9xct4BEg7Sky7ZH0bwCVK81C1s3N2zgPoLKgn 0v1YFR7vzJyJPvsvzu6KD1xllOjWIGq+wWDk3Bs+uLg6bV6WAr6PMtf0vWESRUYBqGnU skWyrly7uCdUgoyd1mc8PSpyRbR4aGaobwDtO6PmXWrfCruCfRf9Gw9mCuywkp4zdbOg Fwykr7Ikp87N33oKJ3r6PpCaeHWb0P9Gpx1ZWPy+/TJhfh9HFj3/XqCQ3DvKJ/bqqliB +84g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IK7yvVYrYBCnqwQZV3pANWDC3Repl+X0w5xkoElFxNw=; b=WeGHCJVYqBOi95bH1kk4cZFDe+STiKoZpA25SW3Boj2YjDBa4BnEwWjC3nhJ45bZo7 uYB29AeFtI65uLgyKJCIibgs7boz1von+vgr46ahB9u6te1JCnm6cribfVxO65tE7qHr mcBiH6zUlD0DSe3J4X+smvFiEiJ8HPbLXCZxVc5d6BIPT6Ienw17NCCYM2U/Krr2GYJy NLu+2nTKi+S0vZit7hTFR03Rq2XLCTlEcXLAXVecsDQ8o7RjW1aS1Hz0wSCo9ZIMGA1L RVhdfAvhPQYt7U6OiwWeWToAVn2XGae+T4bfnny6oqr0ulxVZChqtzH8adgLmqTzoV7j DaNg== X-Gm-Message-State: AOAM531E8JU7qMnFK4p4AvipRonviqGOZLaTdQ/PF0OeyTHv4L38N7+C GSy/TlaX75ks/5CKjD9wj9Ic4iCjiqI= X-Google-Smtp-Source: ABdhPJyUaGopA+dF+00b2h76oN+emKARB8PxVvMUEEEDoWX3GFY0F/QrL8Cow/YcfHSelS+68myuJA== X-Received: by 2002:a37:2711:: with SMTP id n17mr15402699qkn.430.1590159352105; Fri, 22 May 2020 07:55:52 -0700 (PDT) Received: from localhost.localdomain (pool-71-166-99-106.bltmmd.east.verizon.net. [71.166.99.106]) by smtp.gmail.com with ESMTPSA id 9sm7776479qko.29.2020.05.22.07.55.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 May 2020 07:55:51 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH v2 3/3] libsepol: Improve writing CIL category rules Date: Fri, 22 May 2020 10:55:13 -0400 Message-Id: <20200522145513.194440-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200522145513.194440-1-jwcart2@gmail.com> References: <20200522145513.194440-1-jwcart2@gmail.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Improves writing of CIL category rules when converting MLS kernel policy to CIL. No changes to functionality, but eliminate useless checks for category aliases when using the p_cat_val_to_name array, find the actual number of aliases before allocating memory, and skip the category alias rules if there are no aliases. Signed-off-by: James Carter Acked-by: Stephen Smalley --- v2: Add "__attribute__((unused))" to unused parameters as suggested by Nicolas Iooss libsepol/src/kernel_to_cil.c | 59 ++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index b84da3e5..36c6c682 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -886,6 +886,17 @@ exit: return rc; } +static int map_count_category_aliases(__attribute__((unused)) char *key, void *data, void *args) +{ + cat_datum_t *cat = data; + unsigned *count = args; + + if (cat->isalias) + (*count)++; + + return SEPOL_OK; +} + static int map_category_aliases_to_strs(char *key, void *data, void *args) { cat_datum_t *cat = data; @@ -903,26 +914,13 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb) { cat_datum_t *cat; char *prev, *name, *actual; - struct strs *strs; - unsigned i, num; + struct strs *strs = NULL; + unsigned i, num = 0; int rc = 0; - rc = strs_init(&strs, pdb->p_levels.nprim); - if (rc != 0) { - goto exit; - } - /* categories */ for (i=0; i < pdb->p_cats.nprim; i++) { name = pdb->p_cat_val_to_name[i]; - if (!name) continue; - cat = hashtab_search(pdb->p_cats.table, name); - if (!cat) { - rc = -1; - goto exit; - } - if (cat->isalias) continue; - sepol_printf(out, "(category %s)\n", name); } @@ -931,14 +929,6 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb) prev = NULL; for (i=0; i < pdb->p_cats.nprim; i++) { name = pdb->p_cat_val_to_name[i]; - if (!name) continue; - cat = hashtab_search(pdb->p_cats.table, name); - if (!cat) { - rc = -1; - goto exit; - } - if (cat->isalias) continue; - if (prev) { sepol_printf(out, "%s ", prev); } @@ -949,6 +939,22 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb) } sepol_printf(out, "))\n"); + rc = hashtab_map(pdb->p_cats.table, map_count_category_aliases, &num); + if (rc != 0) { + goto exit; + } + + if (num == 0) { + /* No aliases, so skip category alias rules */ + rc = 0; + goto exit; + } + + rc = strs_init(&strs, num); + if (rc != 0) { + goto exit; + } + rc = hashtab_map(pdb->p_cats.table, map_category_aliases_to_strs, strs); if (rc != 0) { goto exit; @@ -956,16 +962,9 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb) strs_sort(strs); - num = strs_num_items(strs); - /* category aliases */ for (i=0; i < num; i++) { name = strs_read_at_index(strs, i); - cat = hashtab_search(pdb->p_cats.table, name); - if (!cat) { - rc = -1; - goto exit; - } sepol_printf(out, "(categoryalias %s)\n", name); }