FYI, I plan on merging this series at the end of the week. If anyone
has any objections, please let me know.
Jim
On Wed, Jan 5, 2022 at 4:16 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> Do not copy any blockabstract statements when copying a block to
> resolve a blockinherit statement. Inheriting a block from what was
> just inherited does not work, so there is no reason to create an
> abstract block.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/cil/src/cil_copy_ast.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
> index 2fad972c..a4ead9db 100644
> --- a/libsepol/cil/src/cil_copy_ast.c
> +++ b/libsepol/cil/src/cil_copy_ast.c
> @@ -1725,6 +1725,12 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, uint32_t *finished, void
> copy_func = &cil_copy_block;
> break;
> case CIL_BLOCKABSTRACT:
> + if (args->orig_dest->flavor == CIL_BLOCKINHERIT) {
> + /* When inheriting a block, don't copy any blockabstract
> + * statements. Inheriting a block from a block that was
> + * just inherited never worked. */
> + return SEPOL_OK;
> + }
> copy_func = &cil_copy_blockabstract;
> break;
> case CIL_BLOCKINHERIT:
> --
> 2.31.1
>
