From 2651989d3b94dd15459fbef4384f114b24850665 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 30 Jun 2022 19:03:01 +0200
Subject: [PATCH] libsepol: do not modify policy during write
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain

Do not modify the in memory default_range value of a class datum while
writing a policy.

While on it fix indentation.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/write.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 48ed21ea683a..a9fdf93a8ee1 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -1097,16 +1097,18 @@ static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
 	     p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
 	    (p->policy_type == POLICY_BASE &&
 	     p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
+		char default_range = cladatum->default_range;
+
 		buf[0] = cpu_to_le32(cladatum->default_user);
 		buf[1] = cpu_to_le32(cladatum->default_role);
-		if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) {
+		if (!glblub_version && default_range == DEFAULT_GLBLUB) {
 			WARN(fp->handle,
-                             "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
-                             p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
-                             p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
-                        cladatum->default_range = 0;
-                }
-		buf[2] = cpu_to_le32(cladatum->default_range);
+			     "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
+			     p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
+			     p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
+			default_range = 0;
+		}
+		buf[2] = cpu_to_le32(default_range);
 		items = put_entry(buf, sizeof(uint32_t), 3, fp);
 		if (items != 3)
 			return POLICYDB_ERROR;
-- 
2.38.1