RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Do not allow tunable declarations in in-statements 

Since tunableifs are resolved before in-statements, do not allow
tuanble declarations in in-statements.

Since in-statements are the first flavor of statement that causes
part of the AST to be copied to another part, there is no need to
check the in-statements when resolving the AST.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-03-30 13:39:20 -04:00
parent f38b7ea300
commit ea34dbf041
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libsepol/cil/src/cil_build_ast.c
View File

@ -6102,7 +6102,8 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f
}
if (in != NULL) {
if (parse_current->data == CIL_KEY_IN) {
if (parse_current->data == CIL_KEY_TUNABLE ||
parse_current->data == CIL_KEY_IN) {
rc = SEPOL_ERR;
cil_tree_log(parse_current, CIL_ERR, "Found in-statement");
cil_log(CIL_ERR, "in-statements cannot be defined within in-statements\n");