Do not warn about empty typesets in neverallows
Empty typeset is not an issue in neverallow rules. The reason is that it's completly normal for scontext or tcontext of neverallow rules to evaluate to an empty type set. For example, there are neverallow rules whose purpose is to test that all types with particular powers are associated with a particular attribute: neverallow { untrusted_app_all -untrusted_app -untrusted_app_25 } domain:process fork; Test: sepolicy-analyze neverallow -w -n \ 'neverallow {} {}:binder call;' produces empty output instead of "Warning! Empty type set" Bug: 37357742 Change-Id: Id61b4fe22fafaf0522d8769dd4e23dfde6cd9f45
This commit is contained in:
parent
53b2c80949
commit
c60d3ea164
@ -173,9 +173,6 @@ static int read_typeset(policydb_t *policydb, char **ptr, char *end,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (warn && ebitmap_length(&typeset->types) == 0 && !(*flags))
|
|
||||||
fprintf(stderr, "Warning! Empty type set\n");
|
|
||||||
|
|
||||||
*ptr = p;
|
*ptr = p;
|
||||||
return 0;
|
return 0;
|
||||||
err:
|
err:
|
||||||
|
Loading…
Reference in New Issue
Block a user