From 2d2c76fc613ba338476a3a1741c2a3af5e04d154 Mon Sep 17 00:00:00 2001 From: James Carter Date: Mon, 26 Apr 2021 15:22:05 -0400 Subject: [PATCH] libsepol/cil: Properly reset an anonymous classperm set In struct cil_classperms_set, the "set" field is a pointer to a struct cil_classpermission. Normally the classpermission is created in a classpermissionset rule with a name declared in a classpermission rule and stored in a symbol table. Commit c49a8ea0 ("libsepol/cil: cil_reset_classperms_set() should not reset classpermission") fixed the resetting of classperms sets by setting the "set" field to NULL rather than resetting the classpermission that it pointed to. But this fix mixed the special case where an anonymous classperm set is passed as an argument to a call. In this case the classpermission is not named and not stored in a symtab, it is created just for the classperms set and its classperms list needs to be reset. Reset the classperms list if the classperms set is anonymous (which is when the datum name is NULL). Signed-off-by: James Carter --- libsepol/cil/src/cil_reset_ast.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index 76405aba6194..d24d4f8159a3 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -60,10 +60,14 @@ static void cil_reset_classpermission(struct cil_classpermission *cp) static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) { - if (cp_set == NULL) { + if (cp_set == NULL || cp_set->set == NULL) { return; } + if (cp_set->set->datum.name == NULL) { + cil_reset_classperms_list(cp_set->set->classperms); + } + cp_set->set = NULL; } -- 2.32.0