libsepol: drop broken warning on duplicate filename transitions

As per the issue below, libsepol segfaults on loading old kernel policies that contain duplicate filename transition rules. The segfault is due to the fact that the val_to_name arrays have not yet been populated at this point in the policydb_read() processing. Since this warning apparently never worked since it was first introduced, drop it and just silently discard the duplicate like the kernel does. I was not able to produce a policy with such duplicates using the current policy toolchain, either via CIL or via binary modules with manual semodule_link/expand. Fixes: SELinuxProject/selinux#239 Fixes: 8fdb225 ("libsepol,checkpolicy: convert rangetrans and filenametrans to hashtabs") Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
sailfishos-mirror · May 15, 2020 · d27aa22 · d27aa22
1 parent 331a109
commit d27aa22
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
@@ -2655,15 +2655,8 @@ int filename_trans_read(policydb_t *p, struct policy_file *fp)
 			 * Some old policies were wrongly generated with
 			 * duplicate filename transition rules.  For backward
 			 * compatibility, do not reject such policies, just
-			 * issue a warning and ignore the duplicate.
+			 * ignore the duplicate.
 			 */
-			WARN(fp->handle,
-			     "Duplicate name-based type_transition %s %s:%s \"%s\":  %s, ignoring",
-			     p->p_type_val_to_name[ft->stype - 1],
-			     p->p_type_val_to_name[ft->ttype - 1],
-			     p->p_class_val_to_name[ft->tclass - 1],
-			     ft->name,
-			     p->p_type_val_to_name[otype->otype - 1]);
 			free(ft);
 			free(name);
 			free(otype);