Fix issues with nest association conflicting with regular association

data/error_policies/virtual_function_association.cas

@@ -4,7 +4,13 @@ virtual resource tmp {
 }
 
 @associate([tmp])
-virtual domain foo {}
+virtual domain foo {
+	extend tmp {
+		fn read(domain source) {
+			allow(source, this, file, read);
+		}
+	}
+}
 
 domain bar inherits foo {
 

data/expected_cil/associate.cil

@@ -132,11 +132,20 @@
 (typeattribute resource)
 (typeattribute bin)
 (typeattributeset resource (bin))
+(typeattribute dom_with_mix)
+(typeattributeset domain (dom_with_mix))
+(type dom_with_mix-mix)
+(roletype object_r dom_with_mix-mix)
+(typeattributeset resource (dom_with_mix-mix))
+(typeattribute dom_with_mix_2)
+(typeattributeset domain (dom_with_mix_2))
 (typeattribute foo)
 (typeattributeset domain (foo))
 (type kernel_sid)
 (roletype system_r kernel_sid)
 (typeattributeset domain (kernel_sid))
+(typeattribute mix)
+(typeattributeset resource (mix))
 (typeattribute nest_parent)
 (typeattributeset domain (nest_parent))
 (typeattribute nest_parent-nest_resource)
@@ -170,6 +179,14 @@
 (typeattribute diamond2)
 (typeattributeset foo (diamond2))
 (typeattributeset domain (diamond2))
+(typeattribute dom_with_mix_2-mix)
+(typeattributeset mix (dom_with_mix_2-mix))
+(typeattributeset resource (dom_with_mix_2-mix))
+(type dom_with_mix_3)
+(roletype system_r dom_with_mix_3)
+(typeattributeset dom_with_mix (dom_with_mix_3))
+(typeattributeset dom_with_mix_2 (dom_with_mix_3))
+(typeattributeset domain (dom_with_mix_3))
 (typeattribute foo-tmp)
 (typeattributeset tmp (foo-tmp))
 (typeattributeset resource (foo-tmp))
@@ -223,6 +240,10 @@
 (typeattributeset diamond1 (diamond3))
 (typeattributeset diamond2 (diamond3))
 (typeattributeset domain (diamond3))
+(type dom_with_mix_3-mix)
+(roletype object_r dom_with_mix_3-mix)
+(typeattributeset dom_with_mix_2-mix (dom_with_mix_3-mix))
+(typeattributeset resource (dom_with_mix_3-mix))
 (type baz-tmp)
 (roletype object_r baz-tmp)
 (typeattributeset bar-tmp (baz-tmp))

data/expected_cil/nested_alias.cil

@@ -164,8 +164,9 @@
 (typeattributeset resource (bar-tmp))
 (typealias zap)
 (typealiasactual zap bar-tmp)
-(macro bar-tmp-read ((type this) (type source)))
+(macro bar-tmp-read ((type this) (type source)) (allow source this (file (read))))
 (macro zap-read ((type this) (type source)) (call bar-tmp-read (this source)))
+(macro foo-tmp-read ((type this) (type source)) (allow source this (file (read))))
 (allow abc bob (file (read)))
 (allow abc zap (file (read)))
 (allow bar bob (file (read)))

data/policies/associate.cas

@@ -116,3 +116,15 @@ virtual domain diamond2 inherits foo {}
 
 // Gets two copies of associated resources via multiple inheritance, but they should collapse to one
 domain diamond3 inherits diamond1, diamond2 {}
+
+
+virtual resource mix {}
+
+virtual domain dom_with_mix {
+	resource mix {}
+}
+
+@associate([mix])
+virtual domain dom_with_mix_2 {}
+
+domain dom_with_mix_3 inherits dom_with_mix, dom_with_mix_2 {}

data/policies/nested_alias.cas

@@ -4,7 +4,13 @@ virtual resource tmp {
 }
 
 @associate([tmp])
-virtual domain foo {}
+virtual domain foo {
+	extend tmp {
+		fn read(domain source) {
+			allow(source, this, file, read);
+		}
+	}
+}
 
 domain bar inherits foo {
     allow(this, bob, file, [read]);
@@ -20,4 +26,4 @@ domain abc {
 
     @alias(bob)
     extend xyz {}
-}
+}