Re: [PATCH] libsepol: In module_to_cil create one attribute for each unique set

On Tue, Mar 28, 2017 at 7:28 PM, James Carter wrote: > CIL does not allow type or role sets in certain rules (such as allow > rules). It does, however, allow sets in typeattributeset and > roleattributeset statements. Because of this, when module_to_cil > translates a

[PATCH] libsepol: In module_to_cil create one attribute for each unique set

CIL does not allow type or role sets in certain rules (such as allow rules). It does, however, allow sets in typeattributeset and roleattributeset statements. Because of this, when module_to_cil translates a policy into CIL, it creates a new attribute for each set that it encounters. But often the