From 7492632a6b6a1081d0c057a2ecfc193be9989515 Mon Sep 17 00:00:00 2001 From: James Carter Date: Fri, 1 Nov 2024 13:41:02 -0400 Subject: [PATCH] libsepol/cil: Optionally allow duplicate role declarations Allow duplicate role declarations (along with duplicate type and type attribute declarations and context rules) if the multiple_decls field in the CIL db has been set. This field can be set by a call to cil_set_multiple_decls(). Signed-off-by: James Carter --- libsepol/cil/src/cil_build_ast.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 19fbb04e..80e9c679 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en switch (f_new) { case CIL_TYPE: case CIL_TYPEATTRIBUTE: + case CIL_ROLE: if (db->multiple_decls) { return CIL_TRUE; } @@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE); if (rc != SEPOL_OK) { - goto exit; + if (rc == SEPOL_EEXIST) { + cil_destroy_role(role); + role = NULL; + } else { + goto exit; + } } return SEPOL_OK;