rpms / libsepol

Clone
Source Code
GIT

Blame SOURCES/0035-libsepol-cil-Sync-checks-for-invalid-rules-in-macros.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   71cd553b4cdb58c5fe665f29bd2fec086e187a63
  2.   SOURCES
  3.   0035-libsepol-cil-Sync-checks-for-invalid-rules-in-macros.patch
Blob History Raw
71cd55 
From f38b7ea300e83d4b14d817c35f4ff24071e4990e Mon Sep 17 00:00:00 2001
71cd55 
From: James Carter <jwcart2@gmail.com>
71cd55 
Date: Tue, 30 Mar 2021 13:39:19 -0400
71cd55 
Subject: [PATCH] libsepol/cil: Sync checks for invalid rules in macros
71cd55
71cd55 
When resolving the AST, tunable and in-statements are not considered
71cd55 
to be invalid in macros. This is inconsistent with the checks when
71cd55 
building the AST.
71cd55
71cd55 
Add checks to make tunable and in-statments invalid in macros when
71cd55 
resolving the AST.
71cd55
71cd55 
Signed-off-by: James Carter <jwcart2@gmail.com>
71cd55 
---
71cd55 
 libsepol/cil/src/cil_resolve_ast.c | 4 +++-
71cd55 
 1 file changed, 3 insertions(+), 1 deletion(-)
71cd55
71cd55 
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
71cd55 
index efff0f2ec49d..7229a3b4e990 100644
71cd55 
--- a/libsepol/cil/src/cil_resolve_ast.c
71cd55 
+++ b/libsepol/cil/src/cil_resolve_ast.c
71cd55 
@@ -3796,7 +3796,9 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
71cd55 
 	}
71cd55
71cd55 
 	if (macro != NULL) {
71cd55 
-		if (node->flavor == CIL_BLOCK ||
71cd55 
+		if (node->flavor == CIL_TUNABLE ||
71cd55 
+			node->flavor == CIL_IN ||
71cd55 
+			node->flavor == CIL_BLOCK ||
71cd55 
 		    node->flavor == CIL_BLOCKINHERIT ||
71cd55 
 		    node->flavor == CIL_BLOCKABSTRACT ||
71cd55 
 		    node->flavor == CIL_MACRO) {
71cd55 
--
71cd55 
2.32.0
71cd55

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation