On Mon, Nov 4, 2024 at 9:25 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> Allow duplicate role declarations (along with duplicate type and
> type attribute declarations and context rules) if the multiple_decls
> field in the CIL db has been set. This field can be set by a call to
> cil_set_multiple_decls().
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
I plan on merging these three patches soon.
Jim
> ---
> libsepol/cil/src/cil_build_ast.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> index 19fbb04e..80e9c679 100644
> --- a/libsepol/cil/src/cil_build_ast.c
> +++ b/libsepol/cil/src/cil_build_ast.c
> @@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en
> switch (f_new) {
> case CIL_TYPE:
> case CIL_TYPEATTRIBUTE:
> + case CIL_ROLE:
> if (db->multiple_decls) {
> return CIL_TRUE;
> }
> @@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct
>
> rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE);
> if (rc != SEPOL_OK) {
> - goto exit;
> + if (rc == SEPOL_EEXIST) {
> + cil_destroy_role(role);
> + role = NULL;
> + } else {
> + goto exit;
> + }
> }
>
> return SEPOL_OK;
> --
> 2.47.0
>
