Re: [PATCH] libsepol/cil: Check if name is a macro parameter first

Ondrej Mosnacek <omosnace@xxxxxxxxxx> · Wed, 11 Mar 2020 12:43:16 +0100

On Mon, Mar 9, 2020 at 1:03 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Wed, Mar 4, 2020 at 10:28 PM James Carter <jwcart2@xxxxxxxxx> wrote:
> > Type transition file names are stored in a symbol table. Before the
> > name is added, the symbol table is searched to see if the name had
> > already been inserted. If it has, then the already existing datum is
> > returned. If it has not, then the name is added if either the
> > typetransition rule does not occur in a macro or the name is not one
> > of the macro parameters.
> >
> > Checking for a previous insertion before checking if the name is a
> > macro parameter can cause a macro parameter to be treated as the
> > actual name if a previous type transition file name is the same as
> > the parameter.
> >
> > Now check the name to see if it a macro paramter before checking for
> > its existence in the symbol table.
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> >  libsepol/cil/src/cil_resolve_ast.c | 16 ++++++++--------
> >  1 file changed, 8 insertions(+), 8 deletions(-)
> >
> > diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> > index 87575860..daf873be 100644
> > --- a/libsepol/cil/src/cil_resolve_ast.c
> > +++ b/libsepol/cil/src/cil_resolve_ast.c
> > @@ -76,14 +76,6 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
> >         enum cil_sym_index sym_index;
> >         struct cil_symtab_datum *datum = NULL;
> >
> > -       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> > -       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> > -
> > -       cil_symtab_get_datum(symtab, key, &datum);
> > -       if (datum != NULL) {
> > -               return (struct cil_name *)datum;
> > -       }
> > -
> >         if (parent->flavor == CIL_CALL) {
> >                 struct cil_call *call = parent->data;
> >                 macro = call->macro;
> > @@ -99,6 +91,14 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
> >                 }
> >         }
> >
> > +       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> > +       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> > +
> > +       cil_symtab_get_datum(symtab, key, &datum);
> > +       if (datum != NULL) {
> > +               return (struct cil_name *)datum;
> > +       }
> > +
> >         cil_name_init(&name);
> >         cil_symtab_insert(symtab, key, (struct cil_symtab_datum *)name, ast_node);
> >         cil_list_append(db->names, CIL_NAME, name);
> > --
> > 2.17.1
> >
>
> Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>

Applied, thanks.

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.