W-002 false negatives when not in source mode

Check W-002 should alert you to the mention of a type that isn't required in this module. It checks to make sure that the thing it's alerting about is actually a really declared policy object first:

selint/src/te_checks.c

Lines 535 to 538 in 17347c4

    
           } else { 
        
           	//Not a known name 
        
           	continue; 
        
           }

In source mode, this works fine. But if you're just checking a single module to build against the installed policy using development headers and mention a type without including it, selint misses this, because it doesn't recognize the existing type.

Seen when running selint against this policy: https://github.com/pss-john/se-missing-type

$ ~/selint/src/selint -e W-002 *
Note: Skipping gateway.sh which is not a policy file
Note: Skipping gateway_selinux.spec which is not a policy file
Note: Check E-007 is not performed because no permission macro has been parsed.
gateway.te:           3: (S): Require block used in te file (use an interface call instead) (S-001)
gateway.te:          42: (C): Permissions in av rule not ordered (read before getattr) (C-005)
gateway.te:          44: (C): Permissions in av rule not ordered (transition before siginh) (C-005)
gateway.if:         149: (W): Expression for conditional block uses unknown identifier deny_ptrace (W-012)