[4/4] libsepol: include prefix for module policy versions

Commit Message

Christian Göttsche May 6, 2024, 5:31 p.m. UTC

From: Christian Göttsche <cgzones@googlemail.com>

If writing a policy fails due to a limitation by the requested policy
version include a prefix if the version refers to a module policy.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/write.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Patch

diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 2fcc1701..f8cd9e1d 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -1103,8 +1103,10 @@  static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
 		buf[1] = cpu_to_le32(cladatum->default_role);
 		if (!glblub_version && default_range == DEFAULT_GLBLUB) {
 			WARN(fp->handle,
-			     "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
-			     p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
+			     "class %s default_range set to GLBLUB but %spolicy version is %d (%d required), discarding",
+			     p->p_class_val_to_name[cladatum->s.value - 1],
+			     p->policy_type == POLICY_KERN ? "" : "module ",
+			     p->policyvers,
 			     p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
 			default_range = 0;
 		}
@@ -2219,7 +2221,8 @@  int policydb_write(policydb_t * p, struct policy_file *fp)
 		    p->policy_type == POLICY_BASE) ||
 		    (p->policyvers < MOD_POLICYDB_VERSION_MLS &&
 		    p->policy_type == POLICY_MOD)) {
-			ERR(fp->handle, "policy version %d cannot support MLS",
+			ERR(fp->handle, "%spolicy version %d cannot support MLS",
+			    p->policy_type == POLICY_KERN ? "" : "module ",
 			    p->policyvers);
 			return POLICYDB_ERROR;
 		}