| Message ID | 20241104142500.20055-1-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 7492632a6b6a |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/3] libsepol/cil: Optionally allow duplicate role declarations | expand |
On Mon, Nov 4, 2024 at 9:25 AM James Carter <jwcart2@gmail.com> wrote: > > Allow duplicate role declarations (along with duplicate type and > type attribute declarations and context rules) if the multiple_decls > field in the CIL db has been set. This field can be set by a call to > cil_set_multiple_decls(). > > Signed-off-by: James Carter <jwcart2@gmail.com> I plan on merging these three patches soon. Jim > --- > libsepol/cil/src/cil_build_ast.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > index 19fbb04e..80e9c679 100644 > --- a/libsepol/cil/src/cil_build_ast.c > +++ b/libsepol/cil/src/cil_build_ast.c > @@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en > switch (f_new) { > case CIL_TYPE: > case CIL_TYPEATTRIBUTE: > + case CIL_ROLE: > if (db->multiple_decls) { > return CIL_TRUE; > } > @@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct > > rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE); > if (rc != SEPOL_OK) { > - goto exit; > + if (rc == SEPOL_EEXIST) { > + cil_destroy_role(role); > + role = NULL; > + } else { > + goto exit; > + } > } > > return SEPOL_OK; > -- > 2.47.0 >
On Fri, Nov 15, 2024 at 8:59 AM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Nov 4, 2024 at 9:25 AM James Carter <jwcart2@gmail.com> wrote: > > > > Allow duplicate role declarations (along with duplicate type and > > type attribute declarations and context rules) if the multiple_decls > > field in the CIL db has been set. This field can be set by a call to > > cil_set_multiple_decls(). > > > > Signed-off-by: James Carter <jwcart2@gmail.com> > > I plan on merging these three patches soon. > Jim > These three patches have been merged. Jim > > --- > > libsepol/cil/src/cil_build_ast.c | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > > index 19fbb04e..80e9c679 100644 > > --- a/libsepol/cil/src/cil_build_ast.c > > +++ b/libsepol/cil/src/cil_build_ast.c > > @@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en > > switch (f_new) { > > case CIL_TYPE: > > case CIL_TYPEATTRIBUTE: > > + case CIL_ROLE: > > if (db->multiple_decls) { > > return CIL_TRUE; > > } > > @@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct > > > > rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE); > > if (rc != SEPOL_OK) { > > - goto exit; > > + if (rc == SEPOL_EEXIST) { > > + cil_destroy_role(role); > > + role = NULL; > > + } else { > > + goto exit; > > + } > > } > > > > return SEPOL_OK; > > -- > > 2.47.0 > >
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 19fbb04e..80e9c679 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -137,6 +137,7 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en switch (f_new) { case CIL_TYPE: case CIL_TYPEATTRIBUTE: + case CIL_ROLE: if (db->multiple_decls) { return CIL_TRUE; } @@ -1744,7 +1745,12 @@ int cil_gen_role(struct cil_db *db, struct cil_tree_node *parse_current, struct rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)role, (hashtab_key_t)key, CIL_SYM_ROLES, CIL_ROLE); if (rc != SEPOL_OK) { - goto exit; + if (rc == SEPOL_EEXIST) { + cil_destroy_role(role); + role = NULL; + } else { + goto exit; + } } return SEPOL_OK;
Allow duplicate role declarations (along with duplicate type and type attribute declarations and context rules) if the multiple_decls field in the CIL db has been set. This field can be set by a call to cil_set_multiple_decls(). Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil_build_ast.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)