If a block is marked as abstract, then it will be skipped during
every pass after blockabstracts are resolved (only tunables,
in-befores, and blockinherits are before blockabstracts), so mark
all of its sub-blocks as abstract to reflect their actual status.
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_resolve_ast.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index e97a9f46..0288b7dc 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -2379,6 +2379,19 @@ exit:
return rc;
}
+static void cil_mark_subtree_abstract(struct cil_tree_node *node)
+{
+ struct cil_block *block = node->data;
+
+ block->is_abstract = CIL_TRUE;
+
+ for (node = node->cl_head; node; node = node->next) {
+ if (node->flavor == CIL_BLOCK) {
+ cil_mark_subtree_abstract(node);
+ }
+ }
+}
+
int cil_resolve_blockabstract(struct cil_tree_node *current, void *extra_args)
{
struct cil_blockabstract *abstract = current->data;
@@ -2398,7 +2411,7 @@ int cil_resolve_blockabstract(struct cil_tree_node *current, void *extra_args)
goto exit;
}
- ((struct cil_block*)block_datum)->is_abstract = CIL_TRUE;
+ cil_mark_subtree_abstract(block_node);
return SEPOL_OK;
--
2.31.1
