libsepol/cil: do not output full blockinherit statements in secil2tre…

…e -A resolve When running secil2tree -A resolve secilc/test/policy.cil, the output contains: (block test_ba (blockinherit ba) (roletype test_ba.r test_ba.t) (blockabstract z.ba) ) ; <-- This parenthesis is wrong (role test_ba.r) (type test_ba.t) ) The parentheses are not well balanced, because blockinherit has child nodes even though this was not expected. Modify the CIL policy writer in order to only produce a comment when a blockinherit was resolved. The new output is: (block test_ba ( ; blockinherit ba (roletype test_ba.r test_ba.t) (blockabstract z.ba) ) (role test_ba.r) (type test_ba.t) ) Signed-off-by: Nicolas Iooss <[email protected]>
fishilico · Sep 25, 2021 · bf239e5 · bf239e5
1 parent 48e8a27
commit bf239e5
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/libsepol/cil/src/cil_write_ast.c b/libsepol/cil/src/cil_write_ast.c
@@ -579,7 +579,11 @@ void cil_write_ast_node(FILE *out, struct cil_tree_node *node)
 	}
 	case CIL_BLOCKINHERIT: {
 		struct cil_blockinherit *inherit = node->data;
-		fprintf(out, "(blockinherit %s)\n", datum_or_str(DATUM(inherit->block), inherit->block_str));
+		if (!node->cl_head) {
+			fprintf(out, "(blockinherit %s)\n", datum_or_str(DATUM(inherit->block), inherit->block_str));
+		} else {
+			fprintf(out, "( ; blockinherit %s\n", datum_or_str(DATUM(inherit->block), inherit->block_str));
+		}
 		break;
 	}
 	case CIL_IN: {