libsepol/cil: Only reset AST if optional has a declaration

When disabling optionals, the AST needs to be reset only if one of the optional blocks being disabled contains a declaration. Call the function cil_tree_subtree_has_decl() for each optional block being disabled and only reset the AST if one of them has a declaration in it. Signed-off-by: James Carter <jwcart2@gmail.com>
2025-04-11 04:01:46 +00:00 · 2021-06-24 15:58:15 -04:00 · 2021-06-24 15:58:15 -04:00 · 4ff514a33e
commit 4ff514a33e
parent 20271849d5
1 changed files with 33 additions and 23 deletions
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@ -4230,12 +4230,21 @@ int cil_resolve_ast(struct cil_db *db, struct cil_tree_node *current)
 		if (changed) {
 			struct cil_list_item *item;
 			if (pass > CIL_PASS_CALL1) {
-				/* Need to re-resolve because an optional was disabled that contained
-				 * one or more declarations. We only need to reset to the call1 pass
-				 * because things done in the preceding passes aren't allowed in
-				 * optionals, and thus can't be disabled.
-				 * Note: set pass to CIL_PASS_CALL1 because the pass++ will increment
-				 * it to CIL_PASS_CALL2
+				int has_decls = CIL_FALSE;
+
+				cil_list_for_each(item, extra_args.to_destroy) {
+					has_decls = cil_tree_subtree_has_decl(item->data);
+					if (has_decls) {
+						break;
+					}
+				}
+
+				if (has_decls) {
+					/* Need to re-resolve because an optional was disabled that
+					 * contained one or more declarations.
+					 * Everything that needs to be reset comes after the
+					 * CIL_PASS_CALL2 pass. We set pass to CIL_PASS_CALL1 because
+					 * the pass++ will increment it to CIL_PASS_CALL2
 					 */
 					cil_log(CIL_INFO, "Resetting declarations\n");

@ -4259,6 +4268,7 @@ int cil_resolve_ast(struct cil_db *db, struct cil_tree_node *current)
 						goto exit;
 					}
 				}
+			}
 			cil_list_for_each(item, extra_args.to_destroy) {
 				cil_tree_children_destroy(item->data);
 			}