c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From d8b90f8ad1bc9dbff09312e628b48ac439ef4ef0 Mon Sep 17 00:00:00 2001
|
|
From: James Carter <jwcart2@gmail.com>
|
|
Date: Thu, 13 May 2021 13:23:57 -0400
|
|
Subject: [PATCH] libsepol/cil: Resolve anonymous levels only once
|
|
|
|
Anonymous levels can be passed as call arguments and they can
|
|
appear in anonymous levelranges as well.
|
|
|
|
Anonymous call arguments are resolved when they are used in a rule.
|
|
If more than one rule uses the anonymous level, then a memory leak
|
|
will occur when a new list for the category datum expression is
|
|
created without destroying the old one.
|
|
|
|
When resolving a level, check if the sensitivity datum has already
|
|
been resolved. If it has, then the categories have been as well.
|
|
|
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_resolve_ast.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
|
index c504e60b7c58..77ffe0ffd22b 100644
|
|
--- a/libsepol/cil/src/cil_resolve_ast.c
|
|
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
|
@@ -1700,6 +1700,10 @@ int cil_resolve_level(struct cil_tree_node *current, struct cil_level *level, vo
|
|
struct cil_symtab_datum *sens_datum = NULL;
|
|
int rc = SEPOL_ERR;
|
|
|
|
+ if (level->sens) {
|
|
+ return SEPOL_OK;
|
|
+ }
|
|
+
|
|
rc = cil_resolve_name(current, (char*)level->sens_str, CIL_SYM_SENS, extra_args, &sens_datum);
|
|
if (rc != SEPOL_OK) {
|
|
cil_log(CIL_ERR, "Failed to find sensitivity\n");
|
|
--
|
|
2.32.0
|
|
|