-
Richard Haines authored
commit 34d9c258dac686f4baa2e7f0d6f25f7e7ca5aac6 upstream. Please find another libselinux patch. I've tested quite extensively with the compute_av and string functions with and without mapping and seems okay. The patch covers: When selinux_set_mapping(3) is used to set the class and permissions allowed by an object manager, then an invalid class and/or permissions are selected (e.g. using security_class_to_string), then mapping.c in libselinux forces an assert. This patch removes the asserts and allows the functions to return a class/perm of 0 (unknown) with errno set to EINVAL. A minor patch to set EINVAL in security_av_perm_to_string_compat is also included. All the functions to convert perms & classes to strings and back should now return the correct errno with or without mapping enabled. Change-Id: I3dcf1e9a820b8ed9ed7f424cdfc783b5f15365cc Signed-off-by:
Eric Paris <eparis@redhat.com> Acked-by:
Dan Walsh <dwalsh@redhat.com>
574290e4
