libsepol/cil: Create new keep field for type attribute sets

Daniel Cashman <dcashman@android.com> discovered the following:
When using cil_db multiple_decls, the different cil_attribute nodes
all point to the same underlying cil_attribute struct.  This leads
to problems, though, when modifying the used value in the struct.
__cil_post_db_attr() changes the value of the field to based on
the output of cil_typeattribute_used(), for use later in
cil_typeattribute_to_policydb and cil_typeattribute_to_bitmap, but
due to the multiple declarations, cil_typeattribute_used() could be
called again by a second node.  In this second call, the value used
is the modifed value of CIL_TRUE or CIL_FALSE, not the flags actually
needed. This could result in the field being reset again, to an
incorrect CIL_FALSE value.

Add the field "keep" to struct cil_typeattributeset, set its value
using cil_typeattribute_used(), and use it when determining whether
the attribute is to be kept or if it should be expanded.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

libsepol/cil/src/cil.c

@@ -2064,6 +2064,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr)
 	(*attr)->expr_list = NULL;
 	(*attr)->types = NULL;
 	(*attr)->used = CIL_FALSE;
+	(*attr)->keep = CIL_FALSE;
 }
 
 void cil_typeattributeset_init(struct cil_typeattributeset **attrset)

libsepol/cil/src/cil_binary.c

@@ -567,7 +567,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil
 	char *key = NULL;
 	type_datum_t *sepol_attr = NULL;
 
-	if (!cil_attr->used) {
+	if (!cil_attr->keep) {
 		return SEPOL_OK;		
 	}
 
@@ -632,7 +632,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct
 	ebitmap_node_t *tnode;
 	unsigned int i;
 
-	if (!cil_attr->used) {
+	if (!cil_attr->keep) {
 		return SEPOL_OK;
 	}
 
@@ -1442,7 +1442,7 @@ static int __cil_should_expand_attribute( const struct cil_db *db, struct cil_sy
 
 	attr = (struct cil_typeattribute *)datum;
 
-	return !attr->used || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
+	return !attr->keep || (ebitmap_cardinality(attr->types) < db->attrs_expand_size);
 }
 
 int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_avrule *cil_avrule, cond_node_t *cond_node, enum cil_flavor cond_flavor)
@@ -2525,7 +2525,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
 			if (rc != SEPOL_OK) {
 				if (FLAVOR(item->data) == CIL_TYPEATTRIBUTE) {
 					struct cil_typeattribute *attr = item->data;
-					if (!attr->used) {
+					if (!attr->keep) {
 						rc = 0;
 					}
 				}

libsepol/cil/src/cil_internal.h

@@ -531,6 +531,7 @@ struct cil_typeattribute {
 	struct cil_list *expr_list;
 	ebitmap_t *types;
 	int used;	// whether or not this attribute was used in a binary policy rule
+	int keep;
 };
 
 struct cil_typeattributeset {

libsepol/cil/src/cil_policy.c

@@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru
 		type = i1->data;
 		cil_list_for_each(i2, attributes) {
 			attribute = i2->data;
-			if (!attribute->used)
+			if (!attribute->keep)
 				continue;
 			if (ebitmap_get_bit(attribute->types, type->value)) {
 				if (first) {

libsepol/cil/src/cil_post.c

@@ -1369,7 +1369,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis
 			rc = __evaluate_type_expression(attr, db);
 			if (rc != SEPOL_OK) goto exit;
 		}
-		attr->used = cil_typeattribute_used(attr, db);
+		attr->keep = cil_typeattribute_used(attr, db);
 		break;
 	}
 	case CIL_ROLEATTRIBUTE: {

libsepol/cil/src/cil_reset_ast.c

@@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr)
 		attr->expr_list = NULL;
 	}
 	attr->used = CIL_FALSE;
+	attr->keep = CIL_FALSE;
 }
 
 static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)