From 534fb0711d95615a77af23ffe643e8b720a527e6 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 13 Feb 2015 14:06:08 -0500
Subject: [PATCH] checkseapp:  Detect duplicate keys in seapp_contexts entries.

Presently it ignores duplicate keys in seapp_contexts entries, e.g.
if you were to specify:

user=system seinfo=platform user=bluetooth domain=system_app type=system_app_data_file

checkseapp would ignore the duplicate and libselinux would end up using
the last value defined for the key in each line.

Change-Id: I18cadb0c1bf5a907e6fc6513df65aafed91d76fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 tools/check_seapp.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 90fa0a499..c48733192 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -524,6 +524,10 @@ static rule_map *rule_map_new(kvp keys[], size_t num_of_keys, int lineno) {
 	rule_map *new_map = NULL;
 	kvp *k = NULL;
 	key_map *r = NULL, *x = NULL;
+	bool seen[KVP_NUM_OF_RULES];
+
+	for (i = 0; i < KVP_NUM_OF_RULES; i++)
+		seen[i] = false;
 
 	new_map = calloc(1, (num_of_keys * sizeof(key_map)) + sizeof(rule_map));
 	if (!new_map)
@@ -549,6 +553,12 @@ static rule_map *rule_map_new(kvp keys[], size_t num_of_keys, int lineno) {
 				continue;
 			}
 
+			if (seen[j]) {
+					log_error("Duplicated key: %s\n", k->key);
+					goto err;
+			}
+			seen[j] = true;
+
 			memcpy(r, x, sizeof(key_map));
 
 			/* Assign rule map value to one from file */
@@ -612,7 +622,7 @@ err:
 			free_kvp(k);
 		}
 	}
-	exit(EXIT_FAILURE);
+	return NULL;
 }
 
 /**
@@ -936,6 +946,8 @@ static void parse() {
 		} /*End token parsing */
 
 		rule_map *r = rule_map_new(keys, token_cnt, lineno);
+		if (!r)
+			goto err;
 		rule_add(r);
 
 	} /* End file parsing */
-- 
GitLab