| Message ID | 20210330173920.281531-9-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Update checks for invalid rules in blocks | expand |
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index efff0f2e..7229a3b4 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -3796,7 +3796,9 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished } if (macro != NULL) { - if (node->flavor == CIL_BLOCK || + if (node->flavor == CIL_TUNABLE || + node->flavor == CIL_IN || + node->flavor == CIL_BLOCK || node->flavor == CIL_BLOCKINHERIT || node->flavor == CIL_BLOCKABSTRACT || node->flavor == CIL_MACRO) {
When resolving the AST, tunable and in-statements are not considered to be invalid in macros. This is inconsistent with the checks when building the AST. Add checks to make tunable and in-statments invalid in macros when resolving the AST. Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil_resolve_ast.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)