Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
libsepol: Write CIL default MLS rules on separate lines
When converting a non-MLS kernel binary policy to CIL, write the CIL
default MLS rules (since CIL requires at least one sensitivity,
and sensitivityorder statements) on separate lines.

This improves the readability of the resulting CIL policy.

Signed-off-by: James Carter <jwcart2@gmail.com>
  • Loading branch information
jwcart2 authored and stephensmalley committed May 29, 2020
1 parent d531a85 commit d379ee7
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions libsepol/src/kernel_to_cil.c
Expand Up @@ -777,9 +777,9 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)

static void write_default_mls_level(FILE *out)
{
sepol_printf(out, "(sensitivity s0)");
sepol_printf(out, "(sensitivityorder (s0))");
sepol_printf(out, "(level %s (s0))", DEFAULT_LEVEL);
sepol_printf(out, "(sensitivity s0)\n");
sepol_printf(out, "(sensitivityorder (s0))\n");
sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL);
}

static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args)
Expand Down

0 comments on commit d379ee7

Please sign in to comment.