The function cil_gen_alias() is used to declare type, sensitivity,
and category aliases and the function cil_gen_aliasactual() is used
to assign an alias to the actual declared name.
Commit e55621c03 ("libsepol/cil: Add notself and other support to CIL")
added "notself" and "other" as reserved words. Previously, a check
was made in cil_gen_aliasactual() to ensure that the "self" reserved
word was not used. With the notself patch this function was upgraded
to call cil_verify_name() to verify that the other reserved words
were not used as well. This change prevents the use of dotted names
to refer to alias or actual names that are declared in blocks.
The check for a reserved word being used is not needed because that
check will be done for both the alias and the actual name when they
are declared.
Remove the call to cil_verify_name() and allow dotted names in
aliasactual rules.
Reported-by: Dominick Grift <dominick.grift@xxxxxxxxxxx>
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_build_ast.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 56dac891..6884f12c 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -3174,16 +3174,6 @@ int cil_gen_aliasactual(struct cil_db *db, struct cil_tree_node *parse_current,
goto exit;
}
- rc = cil_verify_name(db, parse_current->next->data, flavor);
- if (rc != SEPOL_OK) {
- goto exit;
- }
-
- rc = cil_verify_name(db, parse_current->next->next->data, flavor);
- if (rc != SEPOL_OK) {
- goto exit;
- }
-
cil_aliasactual_init(&aliasactual);
aliasactual->alias_str = parse_current->next->data;
--
2.46.0
