mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
2207e0b264
The is_merged_x_consistend macro was incorrect in that is tested for USER_EXEC_TYPE to determine if there was an x transition. This fails for unconfined execs so an unconfined exec would not correctly conflict with another exec type. The dfa match flag table for xtransitions was not large enough and not indexed properly for pux, and cux transitions. The index calculation did not take into account the pux flag so that pux and px aliased to the same location and cux and cx aliased to the same location. This would result in the first rule being processed defining what the transition type was for all following rules of the type following. So if a px transition was processed first all pux, transitions in the profile would be treated pux. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com> Add auto generation of xtransition conflict tests All the combiniation of xtransition conflics where not well represented in the regression test suite. Instead of relying on multiple static test files, automatically generate all possible conflicts. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com>
1 line
41 B
Text
1 line
41 B
Text
parser/tst/simple_tests/generated_x/*.sd
|