|
 |
71cd55 |
From 2d2c76fc613ba338476a3a1741c2a3af5e04d154 Mon Sep 17 00:00:00 2001
|
|
|
71cd55 |
From: James Carter <jwcart2@gmail.com>
|
|
|
71cd55 |
Date: Mon, 26 Apr 2021 15:22:05 -0400
|
|
|
71cd55 |
Subject: [PATCH] libsepol/cil: Properly reset an anonymous classperm set
|
|
|
71cd55 |
|
|
|
71cd55 |
In struct cil_classperms_set, the "set" field is a pointer to a
|
|
|
71cd55 |
struct cil_classpermission. Normally the classpermission is created
|
|
|
71cd55 |
in a classpermissionset rule with a name declared in a
|
|
|
71cd55 |
classpermission rule and stored in a symbol table. Commit c49a8ea0
|
|
|
71cd55 |
("libsepol/cil: cil_reset_classperms_set() should not reset
|
|
|
71cd55 |
classpermission") fixed the resetting of classperms sets by setting
|
|
|
71cd55 |
the "set" field to NULL rather than resetting the classpermission
|
|
|
71cd55 |
that it pointed to.
|
|
|
71cd55 |
|
|
|
71cd55 |
But this fix mixed the special case where an anonymous classperm
|
|
|
71cd55 |
set is passed as an argument to a call. In this case the
|
|
|
71cd55 |
classpermission is not named and not stored in a symtab, it is
|
|
|
71cd55 |
created just for the classperms set and its classperms list needs
|
|
|
71cd55 |
to be reset.
|
|
|
71cd55 |
|
|
|
71cd55 |
Reset the classperms list if the classperms set is anonymous (which
|
|
|
71cd55 |
is when the datum name is NULL).
|
|
|
71cd55 |
|
|
|
71cd55 |
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
|
71cd55 |
---
|
|
|
71cd55 |
libsepol/cil/src/cil_reset_ast.c | 6 +++++-
|
|
|
71cd55 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
71cd55 |
|
|
|
71cd55 |
diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
|
|
|
71cd55 |
index 76405aba6194..d24d4f8159a3 100644
|
|
|
71cd55 |
--- a/libsepol/cil/src/cil_reset_ast.c
|
|
|
71cd55 |
+++ b/libsepol/cil/src/cil_reset_ast.c
|
|
|
71cd55 |
@@ -60,10 +60,14 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
|
|
|
71cd55 |
|
|
|
71cd55 |
static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
- if (cp_set == NULL) {
|
|
|
71cd55 |
+ if (cp_set == NULL || cp_set->set == NULL) {
|
|
|
71cd55 |
return;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
+ if (cp_set->set->datum.name == NULL) {
|
|
|
71cd55 |
+ cil_reset_classperms_list(cp_set->set->classperms);
|
|
|
71cd55 |
+ }
|
|
|
71cd55 |
+
|
|
|
71cd55 |
cp_set->set = NULL;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
--
|
|
|
71cd55 |
2.32.0
|
|
|
71cd55 |
|