• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 #include "cil_internal.h"
3 #include "cil_log.h"
4 #include "cil_list.h"
5 #include "cil_reset_ast.h"
6 #include "cil_symtab.h"
7 
8 static inline void cil_reset_classperms_list(struct cil_list *cp_list);
9 static inline void cil_reset_level(struct cil_level *level);
10 static inline void cil_reset_levelrange(struct cil_levelrange *levelrange);
11 static inline void cil_reset_context(struct cil_context *context);
12 
13 
__class_reset_perm_values(hashtab_key_t k,hashtab_datum_t d,void * args)14 static int __class_reset_perm_values(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
15 {
16 	struct cil_perm *perm = (struct cil_perm *)d;
17 
18 	perm->value -= *((int *)args);
19 
20 	return SEPOL_OK;
21 }
22 
cil_reset_class(struct cil_class * class)23 static void cil_reset_class(struct cil_class *class)
24 {
25 	if (class->common != NULL) {
26 		/* Must assume that the common has been destroyed */
27 		int num_common_perms = class->num_perms - class->perms.nprim;
28 		cil_symtab_map(&class->perms, __class_reset_perm_values, &num_common_perms);
29 		/* during a re-resolve, we need to reset the common, so a classcommon
30 		 * statement isn't seen as a duplicate */
31 		class->num_perms = class->perms.nprim;
32 		class->common = NULL; /* Must make this NULL or there will be an error when re-resolving */
33 	}
34 	class->ordered = CIL_FALSE;
35 }
36 
cil_reset_perm(struct cil_perm * perm)37 static void cil_reset_perm(struct cil_perm *perm)
38 {
39 	cil_list_destroy(&perm->classperms, CIL_FALSE);
40 }
41 
cil_reset_classperms(struct cil_classperms * cp)42 static inline void cil_reset_classperms(struct cil_classperms *cp)
43 {
44 	if (cp == NULL) {
45 		return;
46 	}
47 
48 	cp->class = NULL;
49 	cil_list_destroy(&cp->perms, CIL_FALSE);
50 }
51 
cil_reset_classpermission(struct cil_classpermission * cp)52 static void cil_reset_classpermission(struct cil_classpermission *cp)
53 {
54 	if (cp == NULL) {
55 		return;
56 	}
57 
58 	cil_list_destroy(&cp->classperms, CIL_FALSE);
59 }
60 
cil_reset_classperms_set(struct cil_classperms_set * cp_set)61 static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
62 {
63 	if (cp_set == NULL || cp_set->set == NULL) {
64 		return;
65 	}
66 
67 	if (cp_set->set->datum.name == NULL) {
68 		cil_reset_classperms_list(cp_set->set->classperms);
69 	}
70 
71 	cp_set->set = NULL;
72 }
73 
cil_reset_classperms_list(struct cil_list * cp_list)74 static inline void cil_reset_classperms_list(struct cil_list *cp_list)
75 {
76 	struct cil_list_item *curr;
77 
78 	if (cp_list == NULL) {
79 		return;
80 	}
81 
82 	cil_list_for_each(curr, cp_list) {
83 		if (curr->flavor == CIL_CLASSPERMS) { /* KERNEL or MAP */
84 			cil_reset_classperms(curr->data);
85 		} else if (curr->flavor == CIL_CLASSPERMS_SET) { /* SET */
86 			cil_reset_classperms_set(curr->data);
87 		}
88 	}
89 }
90 
cil_reset_classpermissionset(struct cil_classpermissionset * cps)91 static void cil_reset_classpermissionset(struct cil_classpermissionset *cps)
92 {
93 	cil_reset_classperms_list(cps->classperms);
94 }
95 
cil_reset_classmapping(struct cil_classmapping * cm)96 static void cil_reset_classmapping(struct cil_classmapping *cm)
97 {
98 	cil_reset_classperms_list(cm->classperms);
99 }
100 
cil_reset_alias(struct cil_alias * alias)101 static void cil_reset_alias(struct cil_alias *alias)
102 {
103 	/* reset actual to NULL during a re-resolve */
104 	alias->actual = NULL;
105 }
106 
cil_reset_user(struct cil_user * user)107 static void cil_reset_user(struct cil_user *user)
108 {
109 	/* reset the bounds to NULL during a re-resolve */
110 	user->bounds = NULL;
111 	user->dftlevel = NULL;
112 	user->range = NULL;
113 }
114 
cil_reset_userattr(struct cil_userattribute * attr)115 static void cil_reset_userattr(struct cil_userattribute *attr)
116 {
117 	struct cil_list_item *expr = NULL;
118 	struct cil_list_item *next = NULL;
119 
120 	/* during a re-resolve, we need to reset the lists of expression stacks associated with this attribute from a userattribute statement */
121 	if (attr->expr_list != NULL) {
122 		/* we don't want to destroy the expression stacks (cil_list) inside
123 		 * this list cil_list_destroy destroys sublists, so we need to do it
124 		 * manually */
125 		expr = attr->expr_list->head;
126 		while (expr != NULL) {
127 			next = expr->next;
128 			cil_list_item_destroy(&expr, CIL_FALSE);
129 			expr = next;
130 		}
131 		free(attr->expr_list);
132 		attr->expr_list = NULL;
133 	}
134 }
135 
cil_reset_userattributeset(struct cil_userattributeset * uas)136 static void cil_reset_userattributeset(struct cil_userattributeset *uas)
137 {
138 	cil_list_destroy(&uas->datum_expr, CIL_FALSE);
139 }
140 
cil_reset_selinuxuser(struct cil_selinuxuser * selinuxuser)141 static void cil_reset_selinuxuser(struct cil_selinuxuser *selinuxuser)
142 {
143 	selinuxuser->user = NULL;
144 	if (selinuxuser->range_str == NULL) {
145 		cil_reset_levelrange(selinuxuser->range);
146 	} else {
147 		selinuxuser->range = NULL;
148 	}
149 }
150 
cil_reset_role(struct cil_role * role)151 static void cil_reset_role(struct cil_role *role)
152 {
153 	/* reset the bounds to NULL during a re-resolve */
154 	role->bounds = NULL;
155 }
156 
cil_reset_roleattr(struct cil_roleattribute * attr)157 static void cil_reset_roleattr(struct cil_roleattribute *attr)
158 {
159 	/* during a re-resolve, we need to reset the lists of expression stacks  associated with this attribute from a attributeroles statement */
160 	if (attr->expr_list != NULL) {
161 		/* we don't want to destroy the expression stacks (cil_list) inside
162 		 * this list cil_list_destroy destroys sublists, so we need to do it
163 		 * manually */
164 		struct cil_list_item *expr = attr->expr_list->head;
165 		while (expr != NULL) {
166 			struct cil_list_item *next = expr->next;
167 			cil_list_item_destroy(&expr, CIL_FALSE);
168 			expr = next;
169 		}
170 		free(attr->expr_list);
171 		attr->expr_list = NULL;
172 	}
173 }
174 
cil_reset_roleattributeset(struct cil_roleattributeset * ras)175 static void cil_reset_roleattributeset(struct cil_roleattributeset *ras)
176 {
177 	cil_list_destroy(&ras->datum_expr, CIL_FALSE);
178 }
179 
cil_reset_type(struct cil_type * type)180 static void cil_reset_type(struct cil_type *type)
181 {
182 	/* reset the bounds to NULL during a re-resolve */
183 	type->bounds = NULL;
184 }
185 
cil_reset_typeattr(struct cil_typeattribute * attr)186 static void cil_reset_typeattr(struct cil_typeattribute *attr)
187 {
188 	/* during a re-resolve, we need to reset the lists of expression stacks  associated with this attribute from a attributetypes statement */
189 	if (attr->expr_list != NULL) {
190 		/* we don't want to destroy the expression stacks (cil_list) inside
191 		 * this list cil_list_destroy destroys sublists, so we need to do it
192 		 * manually */
193 		struct cil_list_item *expr = attr->expr_list->head;
194 		while (expr != NULL) {
195 			struct cil_list_item *next = expr->next;
196 			cil_list_item_destroy(&expr, CIL_FALSE);
197 			expr = next;
198 		}
199 		free(attr->expr_list);
200 		attr->expr_list = NULL;
201 	}
202 	attr->used = CIL_FALSE;
203 	attr->keep = CIL_FALSE;
204 }
205 
cil_reset_typeattributeset(struct cil_typeattributeset * tas)206 static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
207 {
208 	cil_list_destroy(&tas->datum_expr, CIL_FALSE);
209 }
210 
cil_reset_expandtypeattribute(struct cil_expandtypeattribute * expandattr)211 static void cil_reset_expandtypeattribute(struct cil_expandtypeattribute *expandattr)
212 {
213 	cil_list_destroy(&expandattr->attr_datums, CIL_FALSE);
214 }
215 
cil_reset_avrule(struct cil_avrule * rule)216 static void cil_reset_avrule(struct cil_avrule *rule)
217 {
218 	cil_reset_classperms_list(rule->perms.classperms);
219 }
220 
cil_reset_rangetransition(struct cil_rangetransition * rangetrans)221 static void cil_reset_rangetransition(struct cil_rangetransition *rangetrans)
222 {
223 	if (rangetrans->range_str == NULL) {
224 		cil_reset_levelrange(rangetrans->range);
225 	} else {
226 		rangetrans->range = NULL;
227 	}
228 }
229 
cil_reset_sens(struct cil_sens * sens)230 static void cil_reset_sens(struct cil_sens *sens)
231 {
232 	/* during a re-resolve, we need to reset the categories associated with
233 	 * this sensitivity from a (sensitivitycategory) statement */
234 	cil_list_destroy(&sens->cats_list, CIL_FALSE);
235 	sens->ordered = CIL_FALSE;
236 }
237 
cil_reset_cat(struct cil_cat * cat)238 static void cil_reset_cat(struct cil_cat *cat)
239 {
240 	cat->ordered = CIL_FALSE;
241 }
242 
cil_reset_cats(struct cil_cats * cats)243 static inline void cil_reset_cats(struct cil_cats *cats)
244 {
245 	if (cats != NULL) {
246 		cats->evaluated = CIL_FALSE;
247 		cil_list_destroy(&cats->datum_expr, CIL_FALSE);
248 	}
249 }
250 
251 
cil_reset_senscat(struct cil_senscat * senscat)252 static void cil_reset_senscat(struct cil_senscat *senscat)
253 {
254 	cil_reset_cats(senscat->cats);
255 }
256 
cil_reset_catset(struct cil_catset * catset)257 static void cil_reset_catset(struct cil_catset *catset)
258 {
259 	cil_reset_cats(catset->cats);
260 }
261 
cil_reset_level(struct cil_level * level)262 static inline void cil_reset_level(struct cil_level *level)
263 {
264 	level->sens = NULL;
265 	cil_reset_cats(level->cats);
266 }
267 
cil_reset_levelrange(struct cil_levelrange * levelrange)268 static inline void cil_reset_levelrange(struct cil_levelrange *levelrange)
269 {
270 	if (levelrange->low_str == NULL) {
271 		cil_reset_level(levelrange->low);
272 	} else {
273 		levelrange->low = NULL;
274 	}
275 
276 	if (levelrange->high_str == NULL) {
277 		cil_reset_level(levelrange->high);
278 	} else {
279 		levelrange->high = NULL;
280 	}
281 }
282 
cil_reset_userlevel(struct cil_userlevel * userlevel)283 static inline void cil_reset_userlevel(struct cil_userlevel *userlevel)
284 {
285 	if (userlevel->level_str == NULL) {
286 		cil_reset_level(userlevel->level);
287 	} else {
288 		userlevel->level = NULL;
289 	}
290 }
291 
cil_reset_userrange(struct cil_userrange * userrange)292 static inline void cil_reset_userrange(struct cil_userrange *userrange)
293 {
294 	if (userrange->range_str == NULL) {
295 		cil_reset_levelrange(userrange->range);
296 	} else {
297 		userrange->range = NULL;
298 	}
299 }
300 
cil_reset_context(struct cil_context * context)301 static inline void cil_reset_context(struct cil_context *context)
302 {
303 	if (!context) {
304 		return;
305 	}
306 	if (context->range_str == NULL) {
307 		cil_reset_levelrange(context->range);
308 	} else {
309 		context->range = NULL;
310 	}
311 }
312 
cil_reset_sidcontext(struct cil_sidcontext * sidcontext)313 static void cil_reset_sidcontext(struct cil_sidcontext *sidcontext)
314 {
315 	if (sidcontext->context_str == NULL) {
316 		cil_reset_context(sidcontext->context);
317 	} else {
318 		sidcontext->context = NULL;
319 	}
320 }
321 
cil_reset_filecon(struct cil_filecon * filecon)322 static void cil_reset_filecon(struct cil_filecon *filecon)
323 {
324 	if (filecon->context_str == NULL) {
325 		cil_reset_context(filecon->context);
326 	} else {
327 		filecon->context = NULL;
328 	}
329 }
330 
cil_reset_ibpkeycon(struct cil_ibpkeycon * ibpkeycon)331 static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon)
332 {
333 	if (ibpkeycon->context_str == NULL) {
334 		cil_reset_context(ibpkeycon->context);
335 	} else {
336 		ibpkeycon->context = NULL;
337 	}
338 }
339 
cil_reset_portcon(struct cil_portcon * portcon)340 static void cil_reset_portcon(struct cil_portcon *portcon)
341 {
342 	if (portcon->context_str == NULL) {
343 		cil_reset_context(portcon->context);
344 	} else {
345 		portcon->context = NULL;
346 	}
347 }
348 
cil_reset_nodecon(struct cil_nodecon * nodecon)349 static void cil_reset_nodecon(struct cil_nodecon *nodecon)
350 {
351 	if (nodecon->context_str == NULL) {
352 		cil_reset_context(nodecon->context);
353 	} else {
354 		nodecon->context = NULL;
355 	}
356 }
357 
cil_reset_genfscon(struct cil_genfscon * genfscon)358 static void cil_reset_genfscon(struct cil_genfscon *genfscon)
359 {
360 	if (genfscon->context_str == NULL) {
361 		cil_reset_context(genfscon->context);
362 	} else {
363 		genfscon->context = NULL;
364 	}
365 }
366 
cil_reset_netifcon(struct cil_netifcon * netifcon)367 static void cil_reset_netifcon(struct cil_netifcon *netifcon)
368 {
369 	if (netifcon->if_context_str == NULL) {
370 		cil_reset_context(netifcon->if_context);
371 	} else {
372 		netifcon->if_context = NULL;
373 	}
374 
375 	if (netifcon->packet_context_str == NULL) {
376 		cil_reset_context(netifcon->packet_context);
377 	} else {
378 		netifcon->packet_context = NULL;
379 	}
380 }
381 
cil_reset_ibendportcon(struct cil_ibendportcon * ibendportcon)382 static void cil_reset_ibendportcon(struct cil_ibendportcon *ibendportcon)
383 {
384 	if (ibendportcon->context_str == NULL) {
385 		cil_reset_context(ibendportcon->context);
386 	} else {
387 		ibendportcon->context = NULL;
388 	}
389 }
390 
cil_reset_pirqcon(struct cil_pirqcon * pirqcon)391 static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon)
392 {
393 	if (pirqcon->context_str == NULL) {
394 		cil_reset_context(pirqcon->context);
395 	} else {
396 		pirqcon->context = NULL;
397 	}
398 }
399 
cil_reset_iomemcon(struct cil_iomemcon * iomemcon)400 static void cil_reset_iomemcon(struct cil_iomemcon *iomemcon)
401 {
402 	if (iomemcon->context_str == NULL) {
403 		cil_reset_context(iomemcon->context);
404 	} else {
405 		iomemcon->context = NULL;
406 	}
407 }
408 
cil_reset_ioportcon(struct cil_ioportcon * ioportcon)409 static void cil_reset_ioportcon(struct cil_ioportcon *ioportcon)
410 {
411 	if (ioportcon->context_str == NULL) {
412 		cil_reset_context(ioportcon->context);
413 	} else {
414 		ioportcon->context = NULL;
415 	}
416 }
417 
cil_reset_pcidevicecon(struct cil_pcidevicecon * pcidevicecon)418 static void cil_reset_pcidevicecon(struct cil_pcidevicecon *pcidevicecon)
419 {
420 	if (pcidevicecon->context_str == NULL) {
421 		cil_reset_context(pcidevicecon->context);
422 	} else {
423 		pcidevicecon->context = NULL;
424 	}
425 }
426 
cil_reset_devicetreecon(struct cil_devicetreecon * devicetreecon)427 static void cil_reset_devicetreecon(struct cil_devicetreecon *devicetreecon)
428 {
429 	if (devicetreecon->context_str == NULL) {
430 		cil_reset_context(devicetreecon->context);
431 	} else {
432 		devicetreecon->context = NULL;
433 	}
434 }
435 
cil_reset_fsuse(struct cil_fsuse * fsuse)436 static void cil_reset_fsuse(struct cil_fsuse *fsuse)
437 {
438 	if (fsuse->context_str == NULL) {
439 		cil_reset_context(fsuse->context);
440 	} else {
441 		fsuse->context = NULL;
442 	}
443 }
444 
cil_reset_sid(struct cil_sid * sid)445 static void cil_reset_sid(struct cil_sid *sid)
446 {
447 	/* reset the context to NULL during a re-resolve */
448 	sid->context = NULL;
449 	sid->ordered = CIL_FALSE;
450 }
451 
cil_reset_constrain(struct cil_constrain * con)452 static void cil_reset_constrain(struct cil_constrain *con)
453 {
454 	cil_reset_classperms_list(con->classperms);
455 	cil_list_destroy(&con->datum_expr, CIL_FALSE);
456 }
457 
cil_reset_validatetrans(struct cil_validatetrans * vt)458 static void cil_reset_validatetrans(struct cil_validatetrans *vt)
459 {
460 	cil_list_destroy(&vt->datum_expr, CIL_FALSE);
461 }
462 
cil_reset_default(struct cil_default * def)463 static void cil_reset_default(struct cil_default *def)
464 {
465 	cil_list_destroy(&def->class_datums, CIL_FALSE);
466 }
467 
cil_reset_defaultrange(struct cil_defaultrange * def)468 static void cil_reset_defaultrange(struct cil_defaultrange *def)
469 {
470 	cil_list_destroy(&def->class_datums, CIL_FALSE);
471 }
472 
cil_reset_booleanif(struct cil_booleanif * bif)473 static void cil_reset_booleanif(struct cil_booleanif *bif)
474 {
475 	cil_list_destroy(&bif->datum_expr, CIL_FALSE);
476 }
477 
__cil_reset_node(struct cil_tree_node * node,uint32_t * finished,void * extra_args)478 static int __cil_reset_node(struct cil_tree_node *node,  __attribute__((unused)) uint32_t *finished, __attribute__((unused)) void *extra_args)
479 {
480 	switch (node->flavor) {
481 	case CIL_CLASS:
482 		cil_reset_class(node->data);
483 		break;
484 	case CIL_PERM:
485 	case CIL_MAP_PERM:
486 		cil_reset_perm(node->data);
487 		break;
488 	case CIL_CLASSPERMISSION:
489 		cil_reset_classpermission(node->data);
490 		break;
491 	case CIL_CLASSPERMISSIONSET:
492 		cil_reset_classpermissionset(node->data);
493 		break;
494 	case CIL_CLASSMAPPING:
495 		cil_reset_classmapping(node->data);
496 		break;
497 	case CIL_TYPEALIAS:
498 	case CIL_SENSALIAS:
499 	case CIL_CATALIAS:
500 		cil_reset_alias(node->data);
501 		break;
502 	case CIL_USERRANGE:
503 		cil_reset_userrange(node->data);
504 		break;
505 	case CIL_USERLEVEL:
506 		cil_reset_userlevel(node->data);
507 		break;
508 	case CIL_USER:
509 		cil_reset_user(node->data);
510 		break;
511 	case CIL_USERATTRIBUTE:
512 		cil_reset_userattr(node->data);
513 		break;
514 	case CIL_USERATTRIBUTESET:
515 		cil_reset_userattributeset(node->data);
516 		break;
517 	case CIL_SELINUXUSERDEFAULT:
518 	case CIL_SELINUXUSER:
519 		cil_reset_selinuxuser(node->data);
520 		break;
521 	case CIL_ROLE:
522 		cil_reset_role(node->data);
523 		break;
524 	case CIL_ROLEATTRIBUTE:
525 		cil_reset_roleattr(node->data);
526 		break;
527 	case CIL_ROLEATTRIBUTESET:
528 		cil_reset_roleattributeset(node->data);
529 		break;
530 	case CIL_TYPE:
531 		cil_reset_type(node->data);
532 		break;
533 	case CIL_TYPEATTRIBUTE:
534 		cil_reset_typeattr(node->data);
535 		break;
536 	case CIL_TYPEATTRIBUTESET:
537 		cil_reset_typeattributeset(node->data);
538 		break;
539 	case CIL_EXPANDTYPEATTRIBUTE:
540 		cil_reset_expandtypeattribute(node->data);
541 		break;
542 	case CIL_RANGETRANSITION:
543 		cil_reset_rangetransition(node->data);
544 		break;
545 	case CIL_AVRULE:
546 		cil_reset_avrule(node->data);
547 		break;
548 	case CIL_SENS:
549 		cil_reset_sens(node->data);
550 		break;
551 	case CIL_CAT:
552 		cil_reset_cat(node->data);
553 		break;
554 	case CIL_SENSCAT:
555 		cil_reset_senscat(node->data);
556 		break;
557 	case CIL_CATSET:
558 		cil_reset_catset(node->data);
559 		break;
560 	case CIL_LEVEL:
561 		cil_reset_level(node->data);
562 		break;
563 	case CIL_LEVELRANGE:
564 		cil_reset_levelrange(node->data);
565 		break;
566 	case CIL_CONTEXT:
567 		cil_reset_context(node->data);
568 		break;
569 	case CIL_SIDCONTEXT:
570 		cil_reset_sidcontext(node->data);
571 		break;
572 	case CIL_FILECON:
573 		cil_reset_filecon(node->data);
574 		break;
575 	case CIL_IBPKEYCON:
576 		cil_reset_ibpkeycon(node->data);
577 		break;
578 	case CIL_IBENDPORTCON:
579 		cil_reset_ibendportcon(node->data);
580 		break;
581 	case CIL_PORTCON:
582 		cil_reset_portcon(node->data);
583 		break;
584 	case CIL_NODECON:
585 		cil_reset_nodecon(node->data);
586 		break;
587 	case CIL_GENFSCON:
588 		cil_reset_genfscon(node->data);
589 		break;
590 	case CIL_NETIFCON:
591 		cil_reset_netifcon(node->data);
592 		break;
593 	case CIL_PIRQCON:
594 		cil_reset_pirqcon(node->data);
595 		break;
596 	case CIL_IOMEMCON:
597 		cil_reset_iomemcon(node->data);
598 		break;
599 	case CIL_IOPORTCON:
600 		cil_reset_ioportcon(node->data);
601 		break;
602 	case CIL_PCIDEVICECON:
603 		cil_reset_pcidevicecon(node->data);
604 		break;
605 	case CIL_DEVICETREECON:
606 		cil_reset_devicetreecon(node->data);
607 		break;
608 	case CIL_FSUSE:
609 		cil_reset_fsuse(node->data);
610 		break;
611 	case CIL_SID:
612 		cil_reset_sid(node->data);
613 		break;
614 	case CIL_CONSTRAIN:
615 	case CIL_MLSCONSTRAIN:
616 		cil_reset_constrain(node->data);
617 		break;
618 	case CIL_VALIDATETRANS:
619 	case CIL_MLSVALIDATETRANS:
620 		cil_reset_validatetrans(node->data);
621 		break;
622 	case CIL_DEFAULTUSER:
623 	case CIL_DEFAULTROLE:
624 	case CIL_DEFAULTTYPE:
625 		cil_reset_default(node->data);
626 		break;
627 	case CIL_DEFAULTRANGE:
628 		cil_reset_defaultrange(node->data);
629 		break;
630 	case CIL_BOOLEANIF:
631 		cil_reset_booleanif(node->data);
632 		break;
633 	case CIL_TUNABLEIF:
634 	case CIL_CALL:
635 		break; /* Not effected by optional block disabling */
636 	case CIL_MACRO:
637 	case CIL_SIDORDER:
638 	case CIL_CLASSORDER:
639 	case CIL_CATORDER:
640 	case CIL_SENSITIVITYORDER:
641 		break; /* Nothing to reset */
642 	default:
643 		break;
644 	}
645 
646 	return SEPOL_OK;
647 }
648 
cil_reset_ast(struct cil_tree_node * current)649 int cil_reset_ast(struct cil_tree_node *current)
650 {
651 	int rc = SEPOL_ERR;
652 
653 	rc = cil_tree_walk(current, __cil_reset_node, NULL, NULL, NULL);
654 	if (rc != SEPOL_OK) {
655 		cil_log(CIL_ERR, "Failed to reset AST\n");
656 		return SEPOL_ERR;
657 	}
658 
659 	return SEPOL_OK;
660 }
661