c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
36 lines
1.3 KiB
Diff
36 lines
1.3 KiB
Diff
From ea34dbf041f0c75f2b0261ddf6fa014121d69a1a Mon Sep 17 00:00:00 2001
|
|
From: James Carter <jwcart2@gmail.com>
|
|
Date: Tue, 30 Mar 2021 13:39:20 -0400
|
|
Subject: [PATCH] libsepol/cil: Do not allow tunable declarations in
|
|
in-statements
|
|
|
|
Since tunableifs are resolved before in-statements, do not allow
|
|
tuanble declarations in in-statements.
|
|
|
|
Since in-statements are the first flavor of statement that causes
|
|
part of the AST to be copied to another part, there is no need to
|
|
check the in-statements when resolving the AST.
|
|
|
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_build_ast.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
|
|
index 8825485855f6..3f83c228fec1 100644
|
|
--- a/libsepol/cil/src/cil_build_ast.c
|
|
+++ b/libsepol/cil/src/cil_build_ast.c
|
|
@@ -6102,7 +6102,8 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f
|
|
}
|
|
|
|
if (in != NULL) {
|
|
- if (parse_current->data == CIL_KEY_IN) {
|
|
+ if (parse_current->data == CIL_KEY_TUNABLE ||
|
|
+ parse_current->data == CIL_KEY_IN) {
|
|
rc = SEPOL_ERR;
|
|
cil_tree_log(parse_current, CIL_ERR, "Found in-statement");
|
|
cil_log(CIL_ERR, "in-statements cannot be defined within in-statements\n");
|
|
--
|
|
2.32.0
|
|
|