checkseapp: Detect duplicate keys in seapp_contexts entries.
Presently it ignores duplicate keys in seapp_contexts entries, e.g.
if you were to specify:
user=system seinfo=platform user=bluetooth domain=system_app type=system_app_data_file
checkseapp would ignore the duplicate and libselinux would end up using
the last value defined for the key in each line.
Change-Id: I18cadb0c1bf5a907e6fc6513df65aafed91d76fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 90fa0a4..c487331 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -524,6 +524,10 @@
rule_map *new_map = NULL;
kvp *k = NULL;
key_map *r = NULL, *x = NULL;
+ bool seen[KVP_NUM_OF_RULES];
+
+ for (i = 0; i < KVP_NUM_OF_RULES; i++)
+ seen[i] = false;
new_map = calloc(1, (num_of_keys * sizeof(key_map)) + sizeof(rule_map));
if (!new_map)
@@ -549,6 +553,12 @@
continue;
}
+ if (seen[j]) {
+ log_error("Duplicated key: %s\n", k->key);
+ goto err;
+ }
+ seen[j] = true;
+
memcpy(r, x, sizeof(key_map));
/* Assign rule map value to one from file */
@@ -612,7 +622,7 @@
free_kvp(k);
}
}
- exit(EXIT_FAILURE);
+ return NULL;
}
/**
@@ -936,6 +946,8 @@
} /*End token parsing */
rule_map *r = rule_map_new(keys, token_cnt, lineno);
+ if (!r)
+ goto err;
rule_add(r);
} /* End file parsing */