c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From f38b7ea300e83d4b14d817c35f4ff24071e4990e Mon Sep 17 00:00:00 2001
|
|
From: James Carter <jwcart2@gmail.com>
|
|
Date: Tue, 30 Mar 2021 13:39:19 -0400
|
|
Subject: [PATCH] libsepol/cil: Sync checks for invalid rules in macros
|
|
|
|
When resolving the AST, tunable and in-statements are not considered
|
|
to be invalid in macros. This is inconsistent with the checks when
|
|
building the AST.
|
|
|
|
Add checks to make tunable and in-statments invalid in macros when
|
|
resolving the AST.
|
|
|
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_resolve_ast.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
|
index efff0f2ec49d..7229a3b4e990 100644
|
|
--- a/libsepol/cil/src/cil_resolve_ast.c
|
|
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
|
@@ -3796,7 +3796,9 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
|
|
}
|
|
|
|
if (macro != NULL) {
|
|
- if (node->flavor == CIL_BLOCK ||
|
|
+ if (node->flavor == CIL_TUNABLE ||
|
|
+ node->flavor == CIL_IN ||
|
|
+ node->flavor == CIL_BLOCK ||
|
|
node->flavor == CIL_BLOCKINHERIT ||
|
|
node->flavor == CIL_BLOCKABSTRACT ||
|
|
node->flavor == CIL_MACRO) {
|
|
--
|
|
2.32.0
|
|
|