libsepol: quote paths in CIL conversion

When generating CIL policy from kernel or module policy quote paths, which are allowed to contain spaces, in the statements `genfscon` and `devicetreecon`. Reported by LuK1337 while building policy for Android via IRC. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
sailfishos-mirror · Jun 14, 2021 · 644c5bb · 644c5bb
1 parent ea02e0a
commit 644c5bb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
@@ -2654,7 +2654,7 @@ static int write_genfscon_rules_to_cil(FILE *out, struct policydb *pdb)
 				goto exit;
 			}
 
-			rc = strs_create_and_add(strs, "(genfscon %s %s %s)", 3,
+			rc = strs_create_and_add(strs, "(genfscon %s \"%s\" %s)", 3,
 						 fstype, name, ctx);
 			free(ctx);
 			if (rc != 0) {
@@ -3115,7 +3115,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb)
 			goto exit;
 		}
 
-		sepol_printf(out, "(devicetreecon %s %s)\n", name, ctx);
+		sepol_printf(out, "(devicetreecon \"%s\" %s)\n", name, ctx);
 
 		free(ctx);
 	}

diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
@@ -2963,7 +2963,7 @@ static int genfscon_to_cil(struct policydb *pdb)
 
 	for (genfs = pdb->genfs; genfs != NULL; genfs = genfs->next) {
 		for (ocon = genfs->head; ocon != NULL; ocon = ocon->next) {
-			cil_printf("(genfscon %s %s ", genfs->fstype, ocon->u.name);
+			cil_printf("(genfscon %s \"%s\" ", genfs->fstype, ocon->u.name);
 			context_to_cil(pdb, &ocon->context[0]);
 			cil_printf(")\n");
 		}