253be67d09f14def74b6f22666accd087e68e00a - platform/external/selinux

commit	253be67d09f14def74b6f22666accd087e68e00a	[log] [tgz]
author	James Carter <[email protected]>	Thu Oct 11 08:35:48 2018 -0400
committer	William Roberts <[email protected]>	Mon Oct 15 13:39:15 2018 -0400
tree	d07e59fc52be5dfb1b15733e2a86349aa3a3a115
parent	a64649ba7b8a2ff4d563cef2832c0ea903c38f51 [diff]

libsepol: Check that initial sid indexes are within the valid range

When writing CIL from a policy module or when writing CIL or policy.conf
from a kernel binary policy, check that the initial sid index is within
the valid range of the selinux_sid_to_str[] array (or xen_sid_to_str[]
array for a XEN policy). If it is not, then create a unique name
("UNKNOWN"+index) for the initial sid.

Signed-off-by: James Carter <[email protected]>

libsepol/src/kernel_to_cil.c[diff]
libsepol/src/kernel_to_common.h[diff]
libsepol/src/kernel_to_conf.c[diff]
libsepol/src/module_to_cil.c[diff]

4 files changed

tree: d07e59fc52be5dfb1b15733e2a86349aa3a3a115

checkpolicy/
dbus/
gui/
libselinux/
libsemanage/
libsepol/
mcstrans/
policycoreutils/
python/
restorecond/
sandbox/
scripts/
secilc/
semodule-utils/
.gitignore
.travis.yml
CleanSpec.mk
Makefile
README