Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
libsepol/cil: Resolve anonymous class permission sets only once
Anonymous class permission sets can be passed as call arguments. Anonymous call arguments are resolved when they are used in a rule. [This is because all the information might not be present (like common permissions being added to a class) when the call itself is resolved.] If there is more than one rule using an anonymous class permission set, then a memory leak will occur when a new list for the permission datum expression is created without destroying the old one. When resolving the class and permissions, check if the class has already been resolved. If it has, then the permissions have been as well. This bug was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com>
- Loading branch information