diff --git a/parser/parser.h b/parser/parser.h index 7cf012a8f..13eb50e3f 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -298,6 +298,7 @@ extern int net_af_max_override; extern int kernel_load; extern int kernel_supports_network; extern int kernel_supports_policydb; +extern int kernel_supports_diff_encode; extern int kernel_supports_mount; extern int kernel_supports_dbus; extern int conf_verbose; diff --git a/parser/parser_common.c b/parser/parser_common.c index 0fe5b18b1..f1e57608f 100644 --- a/parser/parser_common.c +++ b/parser/parser_common.c @@ -70,13 +70,14 @@ int kernel_supports_network = 0; /* kernel supports network rules */ int kernel_supports_policydb = 0; /* kernel supports new policydb */ int kernel_supports_mount = 0; /* kernel supports mount rules */ int kernel_supports_dbus = 0; /* kernel supports dbus rules */ +int kernel_supports_diff_encode = 0; /* kernel supports diff_encode */ int conf_verbose = 0; int conf_quiet = 0; int names_only = 0; int current_lineno = 1; int option = OPTION_ADD; -dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE ); +dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE); char *subdomainbase = NULL; const char *progname = __FILE__; diff --git a/parser/parser_main.c b/parser/parser_main.c index 7ab425ef9..f06a143da 100644 --- a/parser/parser_main.c +++ b/parser/parser_main.c @@ -306,6 +306,7 @@ static int handle_flag_table(optflag_table_t *table, const char *optarg, return 1; } } + return 0; } @@ -847,6 +848,11 @@ static void set_supported_features(void) { kernel_supports_mount = 1; if (strstr(features_string, "dbus")) kernel_supports_dbus = 1; + if (strstr(features_string, "diff_encode")) + kernel_supports_diff_encode = 1; + else if (dfaflags & DFA_CONTROL_DIFF_ENCODE) + /* clear diff_encode because it is not supported */ + dfaflags &= ~DFA_CONTROL_DIFF_ENCODE; } int process_binary(int option, const char *profilename)