39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
|
From dbe890ab9f74c9514a0f8839591eb3c4c70a6e03 Mon Sep 17 00:00:00 2001
|
||
|
From: James Carter <jwcart2@gmail.com>
|
||
|
Date: Tue, 16 Mar 2021 14:42:36 -0400
|
||
|
Subject: [PATCH] libsepol: Enclose identifier lists in constraint expressions
|
||
|
|
||
|
When writing a policy.conf from a kernel policy, if there are
|
||
|
multiple users, roles, or types, then the list needs to be enclosed
|
||
|
by "{" and "}".
|
||
|
|
||
|
When writing a constraint expression, check to see if there are
|
||
|
multiple identifiers in the names string and enclose the list
|
||
|
with "{" and "}" if there are.
|
||
|
|
||
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
||
|
---
|
||
|
libsepol/src/kernel_to_conf.c | 6 +++++-
|
||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
|
||
|
index cd5a517abb59..5db47fe4f567 100644
|
||
|
--- a/libsepol/src/kernel_to_conf.c
|
||
|
+++ b/libsepol/src/kernel_to_conf.c
|
||
|
@@ -188,7 +188,11 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
|
||
|
if (!names) {
|
||
|
names = strdup("NO_IDENTIFIER");
|
||
|
}
|
||
|
- new_val = create_str("%s %s %s", 3, attr1, op, names);
|
||
|
+ if (strchr(names, ' ')) {
|
||
|
+ new_val = create_str("%s %s { %s }", 3, attr1, op, names);
|
||
|
+ } else {
|
||
|
+ new_val = create_str("%s %s %s", 3, attr1, op, names);
|
||
|
+ }
|
||
|
free(names);
|
||
|
}
|
||
|
} else {
|
||
|
--
|
||
|
2.32.0
|
||
|
|