checkpolicy: fix double free on name-based type transitions
checkpolicy was directly assigning type sets rather than using
type_set_cpy() and therefore creating pointer aliases to the
same type set from multiple filename-based type transition rules
if they specified multiple classes. This would then yield a double
free when destroying the rules afterward and a segmentation fault.
Fix it to use type_set_cpy().
Reported-by: William C Roberts <william.c.roberts@intel.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed