libsepol/cil: Properly reset an anonymous classperm set

In struct cil_classperms_set, the "set" field is a pointer to a struct cil_classpermission. Normally the classpermission is created in a classpermissionset rule with a name declared in a classpermission rule and stored in a symbol table. Commit c49a8ea ("libsepol/cil: cil_reset_classperms_set() should not reset classpermission") fixed the resetting of classperms sets by setting the "set" field to NULL rather than resetting the classpermission that it pointed to. But this fix mixed the special case where an anonymous classperm set is passed as an argument to a call. In this case the classpermission is not named and not stored in a symtab, it is created just for the classperms set and its classperms list needs to be reset. Reset the classperms list if the classperms set is anonymous (which is when the datum name is NULL). Signed-off-by: James Carter <jwcart2@gmail.com>
sailfishos-mirror · May 4, 2021 · 2d2c76f · 2d2c76f
1 parent 0744fa4
commit 2d2c76f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
@@ -60,10 +60,14 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
 
 static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
 {
-	if (cp_set == NULL) {
+	if (cp_set == NULL || cp_set->set == NULL) {
 		return;
 	}
 
+	if (cp_set->set->datum.name == NULL) {
+		cil_reset_classperms_list(cp_set->set->classperms);
+	}
+
 	cp_set->set = NULL;
 }