From patchwork Thu Sep 8 20:30:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Cashman X-Patchwork-Id: 9322025 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 872FA60752 for ; Thu, 8 Sep 2016 20:34:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6EF1429971 for ; Thu, 8 Sep 2016 20:34:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 63C6C299DC; Thu, 8 Sep 2016 20:34:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DAD7029971 for ; Thu, 8 Sep 2016 20:34:14 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,302,1470700800"; d="scan'208";a="17391866" IronPort-PHdr: =?us-ascii?q?9a23=3Ag3nRMRY8Hv2Ca3iPuDmemsT/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZpcu9bnLW6fgltlLVR4KTs6sC0LuP9f66EjVcsN7B6ClEK80UEUddyI?= =?us-ascii?q?0/pE8JOIa9E0r1LfrnPWQRPf9pcxtbxUy9KlVfA83kZlff8TWY5D8WHQjjZ0Iu?= =?us-ascii?q?frymUrDbg8n/7e2u4ZqbO1wO32vkJ+0oZ0zq/E2R7pBQ2to6bP5pi1PgmThhQ6?= =?us-ascii?q?xu32RmJFaezV7Xx/yb29pdyRlWoO8r7MVaUK/3LOwSRL1cCyk6YShuvJW4/STZ?= =?us-ascii?q?SUOzwldUEiBPylsbSzTCuQr3Wpb3rzvSqvt22C7cO9b/C78zR2eM9aBuHTPhji?= =?us-ascii?q?YKM3YS+XrXj8V2xPZXqxu6pxl2xabdZo2PM/tyOKjaeIVJFiJ6Qs9NWnkZUcuH?= =?us-ascii?q?ZIwVAr9EZL5V?= X-IPAS-Result: =?us-ascii?q?A2GYBACzytFX/wHyM5BdGwEBAQMBAQEXAQEEAQGDDgEBAQE?= =?us-ascii?q?BHoFTuj4jh2NMAQEBAQEBAQECAQJbJ4IyBAMTBQU5EFUCDV8CAQMBAg8VEwYBA?= =?us-ascii?q?QwgCwECAwkBARcIIQgIAwEtAwEFAQsRDgsFGAQBiCijR4EyPjKKVoUuAQEFh1g?= =?us-ascii?q?BCx0IEIQVggEKiF4CEQFohRABjySKPo9CiU8lhWdIjkIxgRFUgl+CFVCFNQ8XY?= =?us-ascii?q?YEnAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 08 Sep 2016 20:34:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u88KYAdI002051; Thu, 8 Sep 2016 16:34:10 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u88KVJ1o096603 for ; Thu, 8 Sep 2016 16:31:19 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u88KVIGw001789 for ; Thu, 8 Sep 2016 16:31:19 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CtAwDkydFXhjLcVdFdHAEBBAEBgy0BAQEBAYFxtjaEEoYcAoFeTAECAQEBAQECEwEBAQgLCwkZhRECAQMSFRkBATcBDyAxNAEFARwZIogoo0WBMj4yilaFLgEBBYdYAQEBAQEBBAIBHAgQhBWCAQqIXnyBfguDB48lij6PQolPhgxIjkIxgRGDMx6Bdxw0hTWCLgEBAQ X-IPAS-Result: A1CtAwDkydFXhjLcVdFdHAEBBAEBgy0BAQEBAYFxtjaEEoYcAoFeTAECAQEBAQECEwEBAQgLCwkZhRECAQMSFRkBATcBDyAxNAEFARwZIogoo0WBMj4yilaFLgEBBYdYAQEBAQEBBAIBHAgQhBWCAQqIXnyBfguDB48lij6PQolPhgxIjkIxgRGDMx6Bdxw0hTWCLgEBAQ X-IronPort-AV: E=Sophos;i="5.30,302,1470715200"; d="scan'208";a="5693974" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 08 Sep 2016 16:31:19 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AoInR7xHoz+9CEDsZQqlXHZ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75oc6wAkXT6L1XgUPTWs2DsrQf2rOQ7fqrADBRqdbZ6TZZIcQKD0dEwe?= =?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?= =?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7P+k5dUnn5UWJ749N0NMkcv5wgjLy4VJwM9?= =?us-ascii?q?xMwm1pIV/B1z3d3eyXuKBZziJLpvg6/NRBW6ipN44xTLhfESh0ezttvJ6j5lH/?= =?us-ascii?q?Sl6U638dVHgGugZZCAjCqhfhV9H+tTWpmPB63Xy2NMv3QLR8cj2576JiTle8hC?= =?us-ascii?q?wOLD48+Wf/g8p8lqVarFSqoBkpkN2cW52cKPcrJvCVRtgdX2cUBss=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0E9AwBhydFXhjLcVdFdHAEBBAEBFwEBB?= =?us-ascii?q?AEBgw4BAQEBAYFxtjaEEoYcAoFeTAEBAQEBAQEBAgECEAEBAQgLCwkZL4IyGAw?= =?us-ascii?q?5EFUCDV8CAQMSFRkBATcBDyAxNAEFARwZIogoo0GBMj4yilaFLgEBBYdYAQEBA?= =?us-ascii?q?QEBBAIBHAgQhBWCAQqIXnyFEI8lij6PQolPhgxIjkIxgRGDMx6Bdxw0hTWCLgE?= =?us-ascii?q?BAQ?= X-IPAS-Result: =?us-ascii?q?A0E9AwBhydFXhjLcVdFdHAEBBAEBFwEBBAEBgw4BAQEBAYF?= =?us-ascii?q?xtjaEEoYcAoFeTAEBAQEBAQEBAgECEAEBAQgLCwkZL4IyGAw5EFUCDV8CAQMSF?= =?us-ascii?q?RkBATcBDyAxNAEFARwZIogoo0GBMj4yilaFLgEBBYdYAQEBAQEBBAIBHAgQhBW?= =?us-ascii?q?CAQqIXnyFEI8lij6PQolPhgxIjkIxgRGDMx6Bdxw0hTWCLgEBAQ?= X-IronPort-AV: E=Sophos;i="5.30,302,1470700800"; d="scan'208";a="19103274" Received: from mail-pa0-f50.google.com ([209.85.220.50]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 08 Sep 2016 20:31:17 +0000 Received: by mail-pa0-f50.google.com with SMTP id id6so20579666pad.3 for ; Thu, 08 Sep 2016 13:31:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20120917; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=C5oVrlNOmmmrJsAxkWrQLhTL2vKKQd9QyS9K0uV9vpI=; b=UtT8m/oxtuBmlJxg4UJxpNYvKJtTTZsmzBx5B3+sqq4/HmD49xTcfpMSJ6hoWafbQv DuPRHp4yftH3h0PyhP72wbAy/ygbW1D3XPPbBrXkuw8vSHQ8Ra6MZtTk3JhpBi/JTgNV Ir7ZuZw6/JPFnnjHS1NGM21bGZPSvQIdjy3ZZut+FPDIwD6e43pr3QouvMBGnpQ4g/eP almGP3tz3f44XfF8FZF4EFyacGWpdrq7xr/wulu/diUvGVbz1K7kvzxzxgv3vZ4rQLZ0 4B1j2vB0F5NxelpKZj/oW2oE73PZFxVYeAD6RlrffNVSQNoperpKRk38LAWp1Lq8y7vR 7isg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=C5oVrlNOmmmrJsAxkWrQLhTL2vKKQd9QyS9K0uV9vpI=; b=CbC/aRcbT2nsas/r/hAdu8QvGRFwvdOAclY4XLY7gVAB9W0owVa7lVP/2nZhMVS65K xOILBvNRcvIXQkuWmoHtoP/31clzRV/hyQxWdGI/B7LtUQzu9ZskLioYKP6j6a4jyItm L4/DmhIhMaA5xJHchBvtHr2EFj1jdFlF4cFbWKMP6B31MTWSKqz6yMpx0DvIeaqIS4oR ATLPUm8znPBcYhbmGsOz06BzBVQGy0aifFTLhWO5V0gVYw7MELRpsO/cZlWhQ7P+9Tqi ZwwZP9OPUNgPnHzLn+zaY2cN+7tnTjOOhREwZBvHQL43R/BT7UlNpnlovv+0T3FGvz8K 0RSA== X-Gm-Message-State: AE9vXwO8pFQHjPYC1yAZ0XwhXeZS28vR+WaEYM8Ri2dq/1o3c9j06sqBiE/9CuP6/pB9qg== X-Received: by 10.67.30.195 with SMTP id kg3mr2761508pad.143.1473366676460; Thu, 08 Sep 2016 13:31:16 -0700 (PDT) Received: from dcashman.mtv.corp.google.com ([172.22.115.19]) by smtp.gmail.com with ESMTPSA id 3sm42199731pai.48.2016.09.08.13.31.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 08 Sep 2016 13:31:15 -0700 (PDT) From: Daniel Cashman To: selinux@tycho.nsa.gov Subject: [PATCH 1/5] libsepol: cil: Add userrole mapping to cil_gen_policy(). Date: Thu, 8 Sep 2016 13:30:48 -0700 Message-Id: <1473366652-23929-2-git-send-email-dcashman@android.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1473366652-23929-1-git-send-email-dcashman@android.com> References: <1473366652-23929-1-git-send-email-dcashman@android.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: sds@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: dcashman Avoid a "No roles associated with user" error produced by cil_userrole_to_policy() when a userrole mapping is present in CIL policy. Signed-off-by: Daniel Cashman --- libsepol/cil/src/cil_policy.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 382129b..324becc 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1155,7 +1155,12 @@ int __cil_gen_policy_node_helper(struct cil_tree_node *node, uint32_t *finished, } else { switch (node->flavor) { case CIL_USER: - cil_multimap_insert(users, node->data, NULL, CIL_USERROLE, CIL_NONE); + cil_multimap_insert(users, node->data, NULL, CIL_USER, CIL_NONE); + break; + case CIL_USERROLE: { + struct cil_userrole *userrole = node->data; + cil_multimap_insert(users, userrole->user, userrole->role, CIL_USER, CIL_ROLE); + } break; case CIL_CATALIAS: { struct cil_alias *alias = node->data;