Skip to content

Commit

Permalink
validate not self rules
Browse files Browse the repository at this point in the history 
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
@cgzones
cgzones committed Aug 30, 2022
1 parent 528399a commit c5a77e5
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions libsepol/src/policydb_validate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -918,6 +918,15 @@ static int validate_avrules(sepol_handle_t *handle, const avrule_t *avrule, int
case 0:
case RULE_SELF:
break;
case RULE_NOTSELF:
switch(avrule->specified) {
case AVRULE_NEVERALLOW:
case AVRULE_XPERMS_NEVERALLOW:
break;
default:
goto bad;
}
break;
default:
goto bad;
}
Expand Down

0 comments on commit c5a77e5

Please sign in to comment.