From 055af00f08487322f40bfdc88aca4999a6c0e79f Mon Sep 17 00:00:00 2001
From: Daniel Burgener <Daniel.Burgener@microsoft.com>
Date: Wed, 7 Jun 2023 14:56:34 -0400
Subject: [PATCH] Fix "this" arg when deferring

If the "this" arg is an argument name, we don't want to resolve symbols
(which would resolve it to the argument type).  We want to save the
original name, which will get rewritten across deferral propagation
---
 data/expected_cil/arg_call.cil | 10 +++++-----
 data/expected_cil/derive.cil   | 16 ++++++++--------
 src/functions.rs               | 12 ++++++++++--
 src/lib.rs                     |  8 ++++----
 4 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/data/expected_cil/arg_call.cil b/data/expected_cil/arg_call.cil
index 56e1e0c8..6f521c26 100644
--- a/data/expected_cil/arg_call.cil
+++ b/data/expected_cil/arg_call.cil
@@ -176,17 +176,17 @@
 (macro bar2-read ((type this) (type source)) (allow source this (lnk_file (read))))
 (macro bar3-read ((type this) (type source)) (allow source this (chr_file (read))))
 (macro baz-call_source_read ((type this) (type source) (type arg)) 
-;Pushed to callers: (source-read foo arg)
+;Pushed to callers: (source-read source arg)
 )
-(macro dom3-call_in_function ((type this) (type something)) (call bar3-read (foo this)) (call baz-call_source_read (baz bar3 this)))
+(macro dom3-call_in_function ((type this) (type something)) (call bar3-read (bar3 this)) (call baz-call_source_read (baz bar3 this)))
 (macro dom4-foo-read ((type this) (type source)) (allow source this (file (read))))
 (macro foo-read ((type this) (type source)) (allow source this (file (read))))
-(call bar1-read (foo dom1))
-(call bar2-read (foo dom2))
+(call bar1-read (bar1 dom1))
+(call bar2-read (bar2 dom2))
 (call baz-call_source_read (baz bar1 dom1))
 (call baz-call_source_read (baz bar2 dom2))
 (call baz-call_source_read (baz dom4-foo dom4))
-(call dom4-foo-read (foo dom4))
+(call dom4-foo-read (dom4-foo dom4))
 (sid kernel)
 (sidcontext kernel (system_u system_r kernel_sid ((s0) (s0))))
 (sid security)
diff --git a/data/expected_cil/derive.cil b/data/expected_cil/derive.cil
index 09662e4a..f74a02cb 100644
--- a/data/expected_cil/derive.cil
+++ b/data/expected_cil/derive.cil
@@ -302,13 +302,13 @@
 (macro bar-some_associated_call ((type this) (type source)) (allow source this (dir (add_name))))
 (macro bar-write ((type this) (type source)) (allow source this (dir (write))))
 (macro c-call_arg ((type this) (type to_call_read) (type source)) 
-;Pushed to callers: (to_call_read-read a source)
+;Pushed to callers: (to_call_read-read to_call_read source)
 )
 (macro custom_define-read ((type this) (type source)) (allow source this (lnk_file (read))))
 (macro custom_define-some_associated_call ((type this) (type source)) (allow source this (dir (add_name))) (allow source this (file (link))))
 (macro custom_define-write ((type this) (type source)) (allow source this (dir (write))))
 (macro d-call_arg ((type this) (type to_call_write) (type source)) 
-;Pushed to callers: (to_call_write-write a source)
+;Pushed to callers: (to_call_write-write to_call_write source)
 )
 (macro defaults-read ((type this) (type source)) (allow source this (dir (read))) (allow source this (file (read))))
 (macro defaults-some_associated_call ((type this) (type source)) (allow source this (dir (add_name))) (allow source this (file (link))))
@@ -330,9 +330,9 @@
 (macro derive_this_3-some_associated_call ((type this) (type source)) (allow source this (file (link))))
 (macro derive_this_3-use_this ((type this) (type source)) (call derive_this_3-my_func (derive_this_3 source)) (allow source this (file (read))))
 (macro e-call_arg ((type this) (type to_call_read_to_call_write) (type source)) 
-;Pushed to callers: (to_call_read_to_call_write-read a source)
+;Pushed to callers: (to_call_read_to_call_write-read to_call_read_to_call_write source)
  
-;Pushed to callers: (to_call_read_to_call_write-write a source)
+;Pushed to callers: (to_call_read_to_call_write-write to_call_read_to_call_write source)
 )
 (macro enumerate_parents-read ((type this) (type source)) (allow source this (dir (read))) (allow source this (file (read))))
 (macro enumerate_parents-some_associated_call ((type this) (type source)) (allow source this (dir (add_name))) (allow source this (file (link))))
@@ -368,10 +368,10 @@
 (macro union_all_parents-read ((type this) (type source)) (allow source this (dir (read))) (allow source this (file (read))))
 (call aliased_child-read (an_alias some_domain))
 (call associates-to_associate-some_associated_call (associates-to_associate associates))
-(call b1-read (a f))
-(call b1-write (a f))
-(call b2-read (a f))
-(call b2-write (a f))
+(call b1-read (b1 f))
+(call b1-write (b1 f))
+(call b2-read (b2 f))
+(call b2-write (b2 f))
 (call custom_define-read (custom_define some_domain))
 (call derive_from_foo-read (derive_from_foo some_domain))
 (call derive_this_3-use_this (derive_this_3 call_derive_this))
diff --git a/src/functions.rs b/src/functions.rs
index 78527369..43772c9e 100644
--- a/src/functions.rs
+++ b/src/functions.rs
@@ -2926,7 +2926,7 @@ impl ValidatedCall {
         // Note that we need to have validated the function exists first.  The above lookup is
         // being done against the argument type, which may be a parent function.
         if let Some(orig_name) = call.cast_name.as_ref().or(call.class_name.as_ref()) {
-            // 'this' is technically an argument, but it locally resolvable
+            // 'this' is technically an argument, but is locally resolvable
             if orig_name.as_ref() != "this" && context.symbol_is_arg(orig_name.as_ref()) {
                 defer = Some((&call.name, orig_name));
             }
@@ -2934,10 +2934,18 @@ impl ValidatedCall {
 
         let args = match (&call.class_name, function_info.class) {
             (Some(class_name), FunctionClass::Type(_)) => {
-                vec![CilArg::Name(
+                // If we are deferring, we don't resolve the arg, which would resolve to the type
+                // of the argument.  We want to keep the symbol name for updating across the
+                // deferral propagation
+                let this_arg_name = if defer.is_some() {
+                    Some(class_name)
+                } else {
                     context
                         .symbol_in_context(class_name.as_ref(), types)
                         .map(|ti| &ti.name)
+                };
+                vec![CilArg::Name(
+                    this_arg_name
                         .unwrap_or(&CascadeString::from(
                             context.convert_arg_this(class_name.as_ref()),
                         ))
diff --git a/src/lib.rs b/src/lib.rs
index 1ec9f2e8..c7113720 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1044,10 +1044,10 @@ mod tests {
         valid_policy_test(
             "arg_call.cas",
             &[
-            "(macro dom3-call_in_function ((type this) (type something)) (call bar3-read (foo this)) (call baz-call_source_read (baz bar3 this)))",
-            "(call bar1-read (foo dom1))",
-            "(call bar2-read (foo dom2))",
-            ";Pushed to callers: (source-read foo arg)"
+            "(macro dom3-call_in_function ((type this) (type something)) (call bar3-read (bar3 this)) (call baz-call_source_read (baz bar3 this)))",
+            "(call bar1-read (bar1 dom1))",
+            "(call bar2-read (bar2 dom2))",
+            ";Pushed to callers: (source-read source arg)"
             ],
             &[
             "call source-read",