Do not copy any blockabstract statements when copying a block to
resolve a blockinherit statement. Inheriting a block from what was
just inherited does not work, so there is no reason to create an
abstract block.
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_copy_ast.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 2fad972c..a4ead9db 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -1725,6 +1725,12 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, uint32_t *finished, void
copy_func = &cil_copy_block;
break;
case CIL_BLOCKABSTRACT:
+ if (args->orig_dest->flavor == CIL_BLOCKINHERIT) {
+ /* When inheriting a block, don't copy any blockabstract
+ * statements. Inheriting a block from a block that was
+ * just inherited never worked. */
+ return SEPOL_OK;
+ }
copy_func = &cil_copy_blockabstract;
break;
case CIL_BLOCKINHERIT:
--
2.31.1
