On Tue, Apr 27, 2021 at 10:43 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> In struct cil_classperms_set, the "set" field is a pointer to a
> struct cil_classpermission. Normally the classpermission is created
> in a classpermissionset rule with a name declared in a
> classpermission rule and stored in a symbol table. Commit c49a8ea0
> ("libsepol/cil: cil_reset_classperms_set() should not reset
> classpermission") fixed the resetting of classperms sets by setting
> the "set" field to NULL rather than resetting the classpermission
> that it pointed to.
>
> But this fix mixed the special case where an anonymous classperm
> set is passed as an argument to a call. In this case the
> classpermission is not named and not stored in a symtab, it is
> created just for the classperms set and its classperms list needs
> to be reset.
>
> Reset the classperms list if the classperms set is anonymous (which
> is when the datum name is NULL).
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Thanks!
Nicolas
> ---
> libsepol/cil/src/cil_reset_ast.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
> index 76405aba..d24d4f81 100644
> --- a/libsepol/cil/src/cil_reset_ast.c
> +++ b/libsepol/cil/src/cil_reset_ast.c
> @@ -60,10 +60,14 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
>
> static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
> {
> - if (cp_set == NULL) {
> + if (cp_set == NULL || cp_set->set == NULL) {
> return;
> }
>
> + if (cp_set->set->datum.name == NULL) {
> + cil_reset_classperms_list(cp_set->set->classperms);
> + }
> +
> cp_set->set = NULL;
> }
>
> --
> 2.26.3
>
