Since tunableifs are resolved before in-statements, do not allow
tuanble declarations in in-statements.
Since in-statements are the first flavor of statement that causes
part of the AST to be copied to another part, there is no need to
check the in-statements when resolving the AST.
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_build_ast.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 1fef25d4..df7bb950 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -6130,7 +6130,8 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f
}
if (in != NULL) {
- if (parse_current->data == CIL_KEY_IN) {
+ if (parse_current->data == CIL_KEY_TUNABLE ||
+ parse_current->data == CIL_KEY_IN) {
rc = SEPOL_ERR;
cil_tree_log(parse_current, CIL_ERR, "Found in-statement");
cil_log(CIL_ERR, "in-statements cannot be defined within in-statements\n");
--
2.26.3
