On Thu, Jul 6, 2023 at 12:34 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Free the role identifier in case the role has been already defined
> beforehand, since in that case the identifier is not stored via
> declare_symbol().
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
The right answer here is to just remove role dominance from
checkpolicy. I've sent a patch to the list.
Thanks,
Jim
> ---
> Triggered by the checkpolicy round-trip patch in the GitHub CI.
> ---
> checkpolicy/policy_define.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index cef8f3c4..e10c92ff 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -3045,7 +3045,11 @@ role_datum_t *define_role_dom(role_datum_t * r)
> yyerror("Out of memory!");
> goto cleanup;
> }
> + } else {
> + free(role_id);
> + role_id = NULL;
> }
> +
> if (r) {
> ebitmap_t types;
> ebitmap_init(&types);
> --
> 2.40.1
>
