From 59727773343cb98e1cd687c606cd54ef2d615c8d Mon Sep 17 00:00:00 2001
From: Daniel Burgener <Daniel.Burgener@microsoft.com>
Date: Tue, 21 Mar 2023 14:30:37 -0400
Subject: [PATCH] Store classlist bindings as classlists

This doesn't test usage, because I'm not sure these are actually usable
anywhere.  I think we probably will need to enhance AVRules to support
lists of classes, but that's a separate/future problem.
---
 data/policies/let.cas | 3 +++
 src/context.rs        | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/data/policies/let.cas b/data/policies/let.cas
index ea265224..424d2ff5 100644
--- a/data/policies/let.cas
+++ b/data/policies/let.cas
@@ -22,3 +22,6 @@ domain foo {
 	allow(this, bar, file, nested_binding);
 	allow(foo, baz, file, write);
 }
+
+let class_list = [ file dir ];
+let cl2 = [ lnk_file class_list ];
diff --git a/src/context.rs b/src/context.rs
index bfbd19a6..e5d688ca 100644
--- a/src/context.rs
+++ b/src/context.rs
@@ -249,6 +249,8 @@ impl<'a> Context<'a> {
                 let arg_typeinstance = TypeInstance::new(&arg, variant, Some(file), &*self);
                 if variant.is_perm(type_map) {
                     BindableObject::PermList(v.iter().map(|s| s.to_string()).collect())
+                } else if variant.is_class(type_map) {
+                    BindableObject::ClassList(v.iter().map(|s| s.to_string()).collect())
                 } else {
                     BindableObject::TypeList(arg_typeinstance)
                 }