RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Optionally allow duplicate role declarations 

Allow duplicate role declarations (along with duplicate type and
type attribute declarations and context rules) if the multiple_decls
field in the CIL db has been set. This field can be set by a call to
cil_set_multiple_decls().

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2024-11-01 13:41:02 -04:00
parent 271eb4fe44
commit 7492632a6b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libsepol/cil/src/cil_build_ast.c
View File

@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en
switch (f_new) {
case CIL_TYPE:
case CIL_TYPEATTRIBUTE:
case CIL_ROLE:
if (db->multiple_decls) {
return CIL_TRUE;
}
@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct
rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE);
if (rc != SEPOL_OK) {
goto exit;
if (rc == SEPOL_EEXIST) {
cil_destroy_role(role);
role = NULL;
} else {
goto exit;
}
}
return SEPOL_OK;