libsepol/cil: Improve processing of context rules
Improve the processing of netifcon, genfscon, ibpkeycon, ibendportcon,
portcon, nodecon, fsuse, filecon, iomemcon, ioportcon, pcidevicecon,
and devicetreecon rules.
If the multiple-decls option is not used then report errors if duplicate
context rules are found. If it is used then remove duplicate context rules
and report errors when two rules are identical except for the context.
This also changes the ordering of portcon and filecon rules. The protocol
of portcon rules will be compared if the port numbers are the same and the
path strings of filecon rules will be compared if the number of meta
characters, the stem length, string length and file types are the same.
Based on an initial patch by Pierre-Hugues Husson (phh@phh.me)
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
(cherry picked from commit 4ba19b541d066d9b0aa104deefc093f468d3d8a2)
Bug: 72878750
Test: build and boot taimen-userdebug to verify the compiler changes
during build time.
Test: build and boot aosp_sailfish-userdebug to verify the compiler
changes during boot.
Change-Id: Id9e6feee3b3a6cbbf628085633af8ca343861c08
1 file changed
