From 78b0dbf7ffdd3f7945667d24631f69024efa64bb Mon Sep 17 00:00:00 2001
From: Daniel Burgener <Daniel.Burgener@microsoft.com>
Date: Wed, 12 Apr 2023 09:31:10 -0400
Subject: [PATCH] Reorder statements to work around libcascade bug

Let bindings and module definitions should not be order dependent.  Due
to a current libcascade bug that is expected to be carried into 0.1,
they are order dependent.  Reorder to make current libcascade happy, and
revert this after the bug is fixed.

https://github.com/dburgener/cascade/issues/167
---
 policy/kernel/device_api.cas   |  2 +-
 policy/kernel/file_low_api.cas | 12 +++++++-----
 policy/system/selinuxutil.cas  | 16 ++++++++--------
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/policy/kernel/device_api.cas b/policy/kernel/device_api.cas
index 39a26c7..fa0dc9f 100644
--- a/policy/kernel/device_api.cas
+++ b/policy/kernel/device_api.cas
@@ -4,7 +4,7 @@
 // General object class sets
 //
 
-let devfile_class_set = [ blk_file chr_file ];
+// Moved to file_low_api.cas to work around libcascade bug
 
 
 //
diff --git a/policy/kernel/file_low_api.cas b/policy/kernel/file_low_api.cas
index 1c626a0..b442ffa 100644
--- a/policy/kernel/file_low_api.cas
+++ b/policy/kernel/file_low_api.cas
@@ -12,11 +12,7 @@ let files_loose_execmod = false;
 // General object class sets
 //
 
-// All directory and file classes
-let dir_file_class_set = [ dir file_class_set ];
-
-// All non-directory file classes.
-let file_class_set = [ devfile_class_set notdevfile_class_set ];
+let devfile_class_set = [ blk_file chr_file ];
 
 // Non-device file classes.
 let notdevfile_class_set = [ fifo_file file lnk_file sock_file ];
@@ -24,6 +20,12 @@ let notdevfile_class_set = [ fifo_file file lnk_file sock_file ];
 // Non-device file classes.
 let dir_notdevfile_class_set = [ dir notdevfile_class_set ];
 
+// All non-directory file classes.
+let file_class_set = [ devfile_class_set notdevfile_class_set ];
+
+// All directory and file classes
+let dir_file_class_set = [ dir file_class_set ];
+
 //
 // Low-level regular file API
 //
diff --git a/policy/system/selinuxutil.cas b/policy/system/selinuxutil.cas
index 0fa854c..fb2d364 100644
--- a/policy/system/selinuxutil.cas
+++ b/policy/system/selinuxutil.cas
@@ -509,6 +509,14 @@ module selinuxutil_base {
     resource selinux_policy_t;
 }
 
+module semanage {
+    domain semanage_t;
+}
+
+module setfiles {
+    domain setfiles_t;
+}
+
 module selinuxutil {
     module checkpolicy;
     module selinuxutil_base;
@@ -519,11 +527,3 @@ module selinuxutil {
     module semanage;
     module setfiles;
 }
-
-module semanage {
-    domain semanage;
-}
-
-module setfiles {
-    domain setfiles_t;
-}