Store classlist bindings as classlists

This doesn't test usage, because I'm not sure these are actually usable anywhere. I think we probably will need to enhance AVRules to support lists of classes, but that's a separate/future problem.
dburgener · Mar 27, 2023 · 5972777 · 5972777
1 parent 8040579
commit 5972777
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/data/policies/let.cas b/data/policies/let.cas
@@ -22,3 +22,6 @@ domain foo {
 	allow(this, bar, file, nested_binding);
 	allow(foo, baz, file, write);
 }
+
+let class_list = [ file dir ];
+let cl2 = [ lnk_file class_list ];
diff --git a/src/context.rs b/src/context.rs
@@ -249,6 +249,8 @@ impl<'a> Context<'a> {
                 let arg_typeinstance = TypeInstance::new(&arg, variant, Some(file), &*self);
                 if variant.is_perm(type_map) {
                     BindableObject::PermList(v.iter().map(|s| s.to_string()).collect())
+                } else if variant.is_class(type_map) {
+                    BindableObject::ClassList(v.iter().map(|s| s.to_string()).collect())
                 } else {
                     BindableObject::TypeList(arg_typeinstance)
                 }