libsepol/0042-libsepol-cil-Properly-reset-an-anonymous-classperm-s.patch

From 2d2c76fc613ba338476a3a1741c2a3af5e04d154 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Mon, 26 Apr 2021 15:22:05 -0400
Subject: [PATCH] libsepol/cil: Properly reset an anonymous classperm set

In struct cil_classperms_set, the "set" field is a pointer to a
struct cil_classpermission. Normally the classpermission is created
in a classpermissionset rule with a name declared in a
classpermission rule and stored in a symbol table. Commit c49a8ea0
("libsepol/cil: cil_reset_classperms_set() should not reset
classpermission") fixed the resetting of classperms sets by setting
the "set" field to NULL rather than resetting the classpermission
that it pointed to.

But this fix mixed the special case where an anonymous classperm
set is passed as an argument to a call. In this case the
classpermission is not named and not stored in a symtab, it is
created just for the classperms set and its classperms list needs
to be reset.

Reset the classperms list if the classperms set is anonymous (which
is when the datum name is NULL).

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 76405aba6194..d24d4f8159a3 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -60,10 +60,14 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
 
 static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
 {
-	if (cp_set == NULL) {
+	if (cp_set == NULL || cp_set->set == NULL) {
 		return;
 	}
 
+	if (cp_set->set->datum.name == NULL) {
+		cil_reset_classperms_list(cp_set->set->classperms);
+	}
+
 	cp_set->set = NULL;
 }
 
-- 
2.32.0