From: dcashman <dcash...@android.com>
cil_gen_policy() prints a sensitivityorder{}; output statement when
generating its policy.conf file from CIL policy. This omits the
sensitivity declarations, however, and should instead be represented as
a sid declaration block followed by a dominance statement.
Signed-off-by: Daniel Cashman <dcash...@android.com>
---
libsepol/cil/src/cil_policy.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index d8ef151..78b135e 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1301,11 +1301,14 @@ int cil_gen_policy(struct cil_db *db)
}
if (db->sensitivityorder->head != NULL) {
- fprintf(file_arr[SENS], "sensitivityorder { ");
+ cil_list_for_each(item, db->sensitivityorder) {
+ fprintf(file_arr[SENS], "sensitivity %s;\n", ((struct
cil_sens*)item->data)->datum.name);
+ }
+ fprintf(file_arr[SENS], "dominance { ");
cil_list_for_each(item, db->sensitivityorder) {
fprintf(file_arr[SENS], "%s ", ((struct
cil_sens*)item->data)->datum.name);
}
- fprintf(file_arr[SENS], "};\n");
+ fprintf(file_arr[SENS], "}\n");
}
extra_args.users = users;
--
2.8.0.rc3.226.g39d4020
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
