topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2025-03-01 07:55:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsepol/cil: Don't add constraint if there are no permissions

Browse Source 
Since CIL allows permission expressions, it is possible for the
expression to evaluate to no permissions. If this is the case,
then don't add the constraint.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2022-02-09 16:39:47 -05:00
parent 0d84ebcbc4
commit 1f15c62896
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libsepol/cil/src/cil_binary.c
View File

@ -2823,6 +2823,12 @@ int cil_constrain_to_policydb_helper(policydb_t *pdb, const struct cil_db *db, s
goto exit;
}
if (sepol_constrain->permissions == 0) {
/* No permissions, so don't insert rule. */
free(sepol_constrain);
return SEPOL_OK;
}
rc = __cil_constrain_expr_to_sepol_expr(pdb, db, expr, &sepol_expr);
if (rc != SEPOL_OK) {
goto exit;